From zeus at pinsight.com Fri Sep 1 00:11:55 1995 From: zeus at pinsight.com (J. Kent Hastings) Date: Fri, 1 Sep 95 00:11:55 PDT Subject: Karl Hess meeting - L.A. area Message-ID: <199509010711.AAA09927@utopia.pinsight.com> -- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] -- -----BEGIN PGP SIGNED MESSAGE----- "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." -- Aristotle, and a Goldwater speechwriter, but not Karl Hess. Politically Barry's Boy, Karl was often credited with Goldwater's most famous line, but he denied it when interviewed. Karl did write books: Dear America, Community Technology, and Capitalism For Kids. --- T H E K A R L H E S S C L U B --- now in its second year of almost monthly dinners, presents The Perestroika Deception: The Phony "Collapse" of Communism September's speaker is William (Bill) McIlhany, who will speak on Conspiracy Theory of the Soviet collapse, and may answer some questions about the Chemical Bank Takeover of Chase Manhattan, if we ask real nice. The Karl Hess Club will meet Monday, September 18 at the Marie Callendar Restaurant in Marina Del Rey 4356 Lincoln Boulevard (at the 90 Fwy). The program is free of charge, but if you care to dine, $13.00 covers everything including tax and tip, with the exception of alcoholic beverages. Cocktails at 7pm, Dinner at 7:30pm, Speaker at 8:30pm. Dinner: $13.00 includes all you can eat buffet with Marie's Pot Roast. Vegetable, Salad Bar, Potato, Cornbread, Apple, Lemon and Pumpkin Pies plus (Soft) beverages included. Order alcoholic beverages on your own, cash & carry. No reservations are necessary, but for more information, you are welcome to contact Mike Everling at (213) 225-3405. In order to get to the restaurant, take the Marina (90) Freeway West until it ends at Lincoln Boulevard. Turn right at Lincoln and right again into the parking lot of the restaurant- it's just at the corner. Inside the restaurant, go upstairs to the meeting room. The program for October 16 is still in development. The venue will again be Marie Callendar in MDR, with the tentatively scheduled speaker to be Dr. John Hospers. Want to make sure you are on the Karl Hess Club mailing list? Leave a message at (310) 289-4126, e-mail at agorist003 at aol.com, or write The Agorist Institute, 291 S. La Cienega Blvd., #749, Beverly Hills, CA 90211. Browse our Web page -- http://www.pinsight.com/~zeus/agorist/ For tax deduction, make donations payable to The Agorist Institute. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEYh6zTxxI221vktAQFYDwP/chaMpCMb8kxpg2oo/AOi+ybiZFe5KQCY dJa8LKskqz6usBCuClhWfhvsyfwt5LOg3v9B8yRLiQR8kjHuUWNjkxY8WwsRUi3C NKGW33EeplPEg2Rpv/pxWYqNICfYQa6j9xAUVPSPZbJD9HrWM+sJ7uJGuLMY0p48 4u/vppPSyHU= =bvnM -----END PGP SIGNATURE----- From gjeffers at socketis.net Fri Sep 1 00:14:48 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Fri, 1 Sep 95 00:14:48 PDT Subject: FUHRMAN key escrow Message-ID: <199509011002.FAA28046@mail.socketis.net> FUHRMAN key escrow Fuhrman seems to be a Godsend to us. He is helping to destroy the public's perceived legitimacy of state authority. If things keep moving the way they are, Fuhrman may join the names: John Crapper, Quisling, & Hooker. In which case, I propose the term, Fuhrman key escrow, to substitue for the term, mandatory state key escrow.  From gjeffers at socketis.net Fri Sep 1 00:17:18 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Fri, 1 Sep 95 00:17:18 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: <199509011005.FAA28054@mail.socketis.net> Phil Zimmermann/Amnesty International? I was wondering if the Zimmermann case would be a proper concern of Amnesty International. Phil is obviously a political dissident. His persecution is obviously political. If Phil got support from Amnesty Int'l, then his persecution could be a big embarrassment to the Federal gov't. He has a lot of supporters and taking up his cause could be a big promotional for Amnesty International. The Feds might feel forced to drop the matter early. Any ideas? Gary Jeffers  From rsalz at osf.org Fri Sep 1 04:09:58 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 1 Sep 95 04:09:58 PDT Subject: sums with BIG numbers Message-ID: <9509011109.AA15900@sulphur.osf.org> >Volume 4 should be in print shortly. All of Volume 4 or the first couple-hundred pages as a fascile? Or have those plans change? From sinclai at ecf.toronto.edu Fri Sep 1 04:39:57 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 1 Sep 95 04:39:57 PDT Subject: opinions on RSA Secure? In-Reply-To: Message-ID: <95Sep1.073743edt.1421@cannon.ecf.toronto.edu> > I am a user of SecureDrive, and strongly support it. There is *no* > interface required, once you log into the drive, *everything* operates > totally transparent to the user. I used to use it too. Sure, once you've got it set up and automated, it's transparent. But can you see J. Random User installing it? > Always keep in mind that when the gov't doesn't mind the software being > exported, they alrady know how to compromise it...Trust PGP, Hpack & > SecureDrive...you won't be disappointed. When last I looked, your government didn't allow the export of 80-bit cryptosystems. There is no argument that the 40-bit export version is breakable. From droelke at rdxsunhost.aud.alcatel.com Fri Sep 1 05:27:47 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 1 Sep 95 05:27:47 PDT Subject: SSL search attack Message-ID: <9509011225.AA20540@spirit.aud.alcatel.com> > > I see nothing wrong with the concept of being allocated an initial chunk > and having the scan software attempt to ACK it when 50% of it has been > searched. A successful ACK would allow the releasing of a new chunk (in > response) equal in size to the returned chunk. A failure of the Server to > accept the ACK would trigger a retry at set intervals (such as 75% and 100% > or 60/70/80/90/100%) until the Server responds. Thus the scanner is always > in possession of a Full Sized Chuck to scan (so long as the Server accepts > an ACK before the 100% done mark) and temporary failures will not stop the > process of a scanner as currently happens. > The only way this can work is if the server is told it is a 50%/75%/etc size ACK, and then latter the server is ACKed for the full 100%. Why? Because what happens if the client dies immediately after doing the ACK - maybe only 51% of that space has been searched, yet the server has already seen an ACK for it. IMO - a % ACK is to much complexity and extra work on the server, which is already having trouble keeping up. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From don at cs.byu.edu Fri Sep 1 06:00:13 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 1 Sep 95 06:00:13 PDT Subject: Web of Trust Message-ID: <199509011201.GAA01376@wero> -----BEGIN PGP SIGNED MESSAGE----- I am current sorting through the PGP keyserver keyfile to extract a limited web of trust. I believe that current servers would be best to limit their keys in a similar fashon. Since we can't all have what we want without coding it ourselves, I'm doing the next best crappy imitation. Anyways, I am trying to find keys that are actually relevant and inter-connected with signatures. Naturally, it won't be anywhere near complete or extensive, and will be a dog to update, but 5 meg keyfiles take a long time to search... I am requesting that all "active" cypherpunks/cyphergroupies please send me their key number, IF it's already on the keyservers. If it's recently put there, be sure to tell me or I will be annoyed. If it's not there at all, I'll be annoyed. Personally annoyed, not I-ran-some-scriptfile annoyed. If you searched any of the RC4 or SSL keyspace, for example, I'm interested. If you post messages occasionally, [conspiracypunks need not apply] I'm interested. If you generated a key because your neighbor taught you how, don't bother. If anyone wants the keynumbers/script/entirekeyfile I could put it on ftp or something. Naturally, I'll be forwarding all results to the NSA quantum crack-o-matic. Have a nice day. :) Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEb1A8La+QKZS485AQGMKwL/Qzf67QSnn3iLZ7gCumfPcC/KqSyYSM0s OknMHhGDLb74qSWBDRyM6pPdwIHOg+Pjpl53ruMSu9YhXQrjMHgZZUjFh6c7vhi2 c+j3BYQ87us0BRuoj9pu8/d89gG3vsv3 =3qRz -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From rkw at dataplex.net Fri Sep 1 06:13:28 1995 From: rkw at dataplex.net (Richard Wackerbarth) Date: Fri, 1 Sep 95 06:13:28 PDT Subject: SSL search attack Message-ID: At 7:25 AM 9/1/95, Daniel R. Oelke wrote: >> >> I see nothing wrong with the concept of being allocated an initial chunk >> and having the scan software attempt to ACK it when 50% of it has been >> searched. A successful ACK would allow the releasing of a new chunk (in >> response) equal in size to the returned chunk. A failure of the Server to >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always >> in possession of a Full Sized Chuck to scan (so long as the Server accepts >> an ACK before the 100% done mark) and temporary failures will not stop the >> process of a scanner as currently happens. >> > >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. You NEVER claim to have searched space until you have actually done so. >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. No. The claim is that the server has no problem keeping up with acks. Besides, if it does, we simply insert a layer of "managers" to buffer the top management from being "bothered" too often. You are making the "ACK" too complicated. Assuming that you are multi-threaded--- Simply run two "workers" on the same machine. If there are delays in getting keys assigned, the two will soon get out of phase and keep the cpu busy. ---- Richard Wackerbarth rkw at dataplex.net From droelke at rdxsunhost.aud.alcatel.com Fri Sep 1 06:27:10 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Fri, 1 Sep 95 06:27:10 PDT Subject: SSL search attack Message-ID: <9509011325.AA20856@spirit.aud.alcatel.com> > > At 7:25 AM 9/1/95, Daniel R. Oelke wrote: > >> > >> I see nothing wrong with the concept of being allocated an initial chunk > >> and having the scan software attempt to ACK it when 50% of it has been > >> searched. A successful ACK would allow the releasing of a new chunk (in > >> response) equal in size to the returned chunk. A failure of the Server to > >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% > >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always > >> in possession of a Full Sized Chuck to scan (so long as the Server accepts > >> an ACK before the 100% done mark) and temporary failures will not stop the > >> process of a scanner as currently happens. > >> > > > >The only way this can work is if the server is told it is a 50%/75%/etc > >size ACK, and then latter the server is ACKed for the full 100%. > > > >Why? Because what happens if the client dies immediately after doing > >the ACK - maybe only 51% of that space has been searched, yet > >the server has already seen an ACK for it. > > You NEVER claim to have searched space until you have actually done so. That is exactly what I was arguing against - but the first sentance of what I quoted was saying was ok. > Assuming that you are multi-threaded--- Simply run two "workers" on the > same machine. If there are delays in getting keys assigned, the two will > soon get out of phase and keep the cpu busy. > I kind of like that idea... Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From rrothenb at ic.sunysb.edu Fri Sep 1 07:12:13 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Fri, 1 Sep 95 07:12:13 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509011005.FAA28054@mail.socketis.net> Message-ID: <199509011410.KAA20234@libws1.ic.sunysb.edu> > > I was wondering if the Zimmermann case would be a proper concern of > Amnesty International. Phil is obviously a political dissident. His > persecution is obviously political. If Phil got support from Amnesty > Int'l, then his persecution could be a big embarrassment to the Federal > gov't. He has a lot of supporters and taking up his cause could be a > big promotional for Amnesty International. The Feds might feel forced > to drop the matter early. Any ideas? > I've heard that A.I. does not discuss political persecution as much in the countries that are doing it, since they do not want to offend the powers-that-be in that country, though they will note a case in another country. (In other words, if A.I. did note the PRZ case they'd only discuss it outside the United States.) This is just speculation though... From rrothenb at ic.sunysb.edu Fri Sep 1 07:12:28 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Fri, 1 Sep 95 07:12:28 PDT Subject: FUHRMAN key escrow In-Reply-To: <199509011002.FAA28046@mail.socketis.net> Message-ID: <199509011412.KAA20264@libws1.ic.sunysb.edu> > FUHRMAN key escrow > > Fuhrman seems to be a Godsend to us. He is helping to destroy the > public's perceived legitimacy of state authority. If things keep moving > the way they are, Fuhrman may join the names: John Crapper, Quisling, > & Hooker. In which case, I propose the term, Fuhrman key escrow, to > substitue for the term, mandatory state key escrow. I think that the revelations of police corruption in Philadelphia (where police have admitted to setting-up hundreds of people) may have more effect that Fuhrman... From asgaard at sos.sll.se Fri Sep 1 07:29:05 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 1 Sep 95 07:29:05 PDT Subject: FUHRMAN key escrow In-Reply-To: <199509011002.FAA28046@mail.socketis.net> Message-ID: Gary Jeffers wrote: > Fuhrman seems to be a Godsend to us. He is helping to destroy the > public's perceived legitimacy of state authority. If things keep moving > the way they are, Fuhrman may join the names: John Crapper, Quisling, > & Hooker. In which case, I propose the term, Fuhrman key escrow, to > substitue for the term, mandatory state key escrow. The issue is apparently also teaching the US public to use CODE: 'I don't give a f-wording s-word how many times this c-word-sucker said the n-word as long as the DNA-tests say that the other son-of-a-b-word did it.' Mats From warlord at MIT.EDU Fri Sep 1 07:52:59 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 1 Sep 95 07:52:59 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... In-Reply-To: Message-ID: <9509011452.AA15088@l-slide.MIT.EDU> > I do not think that PGP 2.x can easily (ie: Automatically) use one key for > Signing and another for Encrypting a Message (it does both at the same time > if you ask). If I "Clear Sign" a message and then Encrypt it, then I get > the result but I'm not sure if doing the decrypt on such a message will > automatically spot the signature and verify it (as would occur with a E+S > pass). Sure it can, and I know people who do. Here is what you do: 1) Generate two keys. First generate your encryption key, then generate your signature key. This way, your signature key will be placed first in your secret keyring, and it will be used by default. Alternatively, you could use two (slightly) different userIDs on the keys and put something in your config.txt 2) Extract the keys in reverse order into a single keyfile and then distribute that keyfile to people. This way, when it gets added to other people's keyrings, the encryption key will be placed first, and that will be used by default. 3) Proceed to use PGP normally. When you sign a message, it will find the signature key first and use that. When someone wants to encrypt to you, they will find the encryption key first. When verifying the signature or trying to decrypt the message, it uses the keyID to determine which key was used, so order does not matter. The only problem is that if someone re-orders their keyring then this will no longer work. E.g., if the keys are added in the wrong order. -derek From Piete.Brooks at cl.cam.ac.uk Fri Sep 1 08:50:47 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Fri, 1 Sep 95 08:50:47 PDT Subject: SSL search attack In-Reply-To: <9509011325.AA20856@spirit.aud.alcatel.com> Message-ID: <"swan.cl.cam.:275380:950901154847"@cl.cam.ac.uk> >>>> I see nothing wrong with the concept of being allocated an initial chunk >>>> and having the scan software attempt to ACK it when 50% of it has been >>>> searched. A successful ACK would allow the releasing of a new chunk (in >> You NEVER claim to have searched space until you have actually done so. > That is exactly what I was arguing against - but the first sentance of what > I quoted was saying was ok. No -- If you ask for 2 segments, then when you are 50% done, it is OK to ACK the *FIRST* segment. >> Assuming that you are multi-threaded--- Simply run two "workers" on the >> same machine. If there are delays in getting keys assigned, the two will >> soon get out of phase and keep the cpu busy. > I kind of like that idea... I thought of that, but: 1) for the same server load, it doubles the number of unACKed segments 2) if process A is lagging process B, then when process B finishes and is idle waiting for the server, process A will run faster and thus reduce the lag. This will make the processes drift into phase. I'm not convinced one way or the other. From lwp at mail.msen.com Fri Sep 1 09:15:52 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Fri, 1 Sep 95 09:15:52 PDT Subject: SSL search attack In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Robert A. Rosenberg wrote: > I see nothing wrong with the concept of being allocated an initial chunk > and having the scan software attempt to ACK it when 50% of it has been > searched. A successful ACK would allow the releasing of a new chunk (in > response) equal in size to the returned chunk. A failure of the Server to The ACK process and the allocation process are separate, and should remain so. They run on different servers, and they run as separate processes in the unix version of brloop. A little tweaking of brloop could allow pre-fetching of the next segment to search, without any effect on the ACK process. I dislike the idea of a client sending an ACK before it has searched the entire segment. :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From m5 at dev.tivoli.com Fri Sep 1 09:49:10 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Fri, 1 Sep 95 09:49:10 PDT Subject: SSL search attack In-Reply-To: <9509011325.AA20856@spirit.aud.alcatel.com> Message-ID: <9509011648.AA07795@alpha> > > > ACK ACK > > ACK > > > ACK > ACK I've just kinda been watching this debate for a while, so I may well have missed some of the more interesting details; if so, I apologize for my noise in advance. I work on a lot of commercial software under constraints of scalability much like the SSL "attack server" being discussed here. My instincts tell me that in this situation the whole process would be *much* simpler if the basic idea of keeping the central server (or the family of distributed servers in those models) completely "informed" by all the attacking clients were abandoned. Tim May's "random attack" idea was extremely attractive, I thought. However, I think that it'd be possible to take advantage of the fact that the keyspace itself is basically constant (until the keysize is increased in the protocol under attack, of course). I mean, 40 bits is 40 bits. Similarly, the capacity of most clients will be fairly consistent. (I have access (in theory, of course; don't mention this to my management) (hi todd) to a hundred or so CPU's here, and that doesn't really change too often.) Rather than apportion the search space out dynamically on each attack, why not simply allow attack clients to "subscribe" on a semi-permanent basis? All the server would have to do is make batches of ciphertext available for cracking. When a request comes in from a subscriber for a copy of some ciphertext, the server knows (or at least can legitimately suspect) that that subscriber's already-known keyspace will be searched. As far as getting acknowledgements of search completion, again the server can by inference assume that (based on the prior establishment of client capabilities) after a pre-determined period of time the key sub-space will have been searched. It might be appropriate for clients to send back NACK messages, in case for example somebody shuts down the client's network unexpectedly. Assuming this goes pretty smoothly one would hope that the number of failures would be considerably smaller than the number of successs. Again, ignore me if I'm blind to something obvious. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sjb at austin.ibm.com Fri Sep 1 09:57:15 1995 From: sjb at austin.ibm.com (Scott Brickner) Date: Fri, 1 Sep 95 09:57:15 PDT Subject: SSL search attack In-Reply-To: <9509011225.AA20540@spirit.aud.alcatel.com> Message-ID: <9509011655.AA11645@ozymandias.austin.ibm.com> Daniel R. Oelke writes >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. > >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. I agree. ACKing partial segments is a bad idea. But, when a client is given a block of segments, partial ACKing can let poorly connected clients communicate with the server via e-mail, and still stay busy. When the client completely finishes half of its segments, it ACKs them and asks for that many more segments. The fraction can be adjusted as mean communications latency to the server is measured. Ideally the new segments arrive just as the client finishes the second half of its original segments. This way the segments are allocated as late as possible, letting better connected clients have a better shot at them. From stewarts at ix.netcom.com Fri Sep 1 10:12:06 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 10:12:06 PDT Subject: opinions on RSA Secure? Message-ID: <199509011708.KAA11239@ix8.ix.netcom.com> >> The fact that the key is only 80 is *major* compromise. I would >> recommend that package to no-one. With only a 80 bit key you dont >> *need* trapdoors, granted they may be more "convenient" but the fact is >> the 80 key *can* [and certainly will] be broken... 80 is an interesting number. Clipper-sized :-) It's much less than 128, which seems to be popular for other software and works well with MD5-based random session key generators. It's also interestingly bigger than 64, which the Feds are trying to tell us is good enough for non-government work. Are RSA giving in to the Feds? Or are they trying to up the bid, at least allowing us something as good as Clipper if we can't get 128? Not my poker game. Let's look at some threat models. It's probably more than strong enough for any data you're willing to keep on a machine running MS-DOS, where serious attackers will go around it; it's about right for random "left your laptop in the airport" security, and for business use, if the police are going to confiscate your machine, they can probably subpoena the keys from somebody in your company anyway. Random hackers aren't going to be able to crack it, unlike 40-48 or maybe 56. It's big enough that the NSA probably can't break it right now, but in 10-20 years of computer speed growth they'll be able to if they want. It's probably fine for dealing with amounts less than $1-100M for maybe 10 years, and for misdemeanors and light felonies if you're not using the key escrow :-) And in 5 years, you'll be using a different operating system (even if it _is_ named "Windows"), so you'll need a new version, and you can re-encrypt your data when you move it to a decent-sized disk instead of that wimpy 9GB mechanical drive. Anybody who's got a 5-year-old dump of your system has probably stolen any secrets you care about long since anyway. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 1 10:12:16 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 10:12:16 PDT Subject: A problem with anonymity Message-ID: <199509011708.KAA11228@ix8.ix.netcom.com> Scott Brickner's example has fairly close analogies today. Corporations, cash, and assets with variable value are already useful. Alice is the dying parent who runs a business or has a good credit-rating. Bob is the irresponsible kid, Carol is the about-to-be unlucky creditor. Alice borrows lots of money from Carol, tells Bob that it's in the mattress / numbered Swiss Bank Account / collection of $$$$ artwork at home. Alice dies, and Bob absconds with the money (probate isn't needed for Swiss bank accounts or unrecorded stuff in mattresses) or sells the paintings to the highest bidder of Dave, Eve, and Freddie (with a bribe to all of them, and a kickback from Dave when he finally sells the painting for its real value.) (Or maybe it's not bribery and kickbacks, he's just a major shareholder in the Glorkspitz corporation, which is a major shareholder in their businesses.) Carol is stuck trying to get money out of The Alice Estate, which turns out to be surprisingly broke. If she lent the money to The Alice Company (which looks more creditworthy than Chronologically Challenged Widow Alice), Alice would have had to leave Bob the yellow-sticky with the store safe combination instead of leaving the cash in her mattress. Now, one reason we have probate courts is to try to stop this sort of fraud, making sure creditors get paid and heirs get their shares. Another reason, of course, is to make sure "Uncle" Sammy gets to inherit part of it, even though he's not a relative. (That's of course one of the reasons for having Swiss bank accounts you didn't remember to mention on your tax forms, fireproof mattresses, foreign corporations, and friends in the art dealer business :-) Does good anonymity make this easier? Sure. And if all the heirs are cooperative, they can conspire to rip off their parents' creditors, if they're dishonest, or at least to avoid taxes, if they're not tax-believers. Of course, if they're dishonest, they'll have plenty of opportunities without having anybody die, and that'll probably affect bankruptcy law and increase Federal self-justification for watching the money supply long before anonymous estate ripoffs become common. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From m5 at dev.tivoli.com Fri Sep 1 10:22:29 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Fri, 1 Sep 95 10:22:29 PDT Subject: SSL search attack In-Reply-To: <9509011648.AA07795@alpha> Message-ID: <9509011721.AA07870@alpha> Scott Brickner writes: > I think your assumption that available CPU is approximately constant > is incorrect. Different participants have different constraints... Hmm. I suppose that's probably true for some more than others. Again, hmm. > Also, the "subscription" process is somewhat discouraging to those > who participate for the prize. Ah. That looks like one of those little details that got by me. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rudy at bnr.ca Fri Sep 1 10:32:48 1995 From: rudy at bnr.ca (rudy (r.) rawlins) Date: Fri, 1 Sep 95 10:32:48 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: <"8983 Fri Sep 1 11:17:28 1995"@bnr.ca> In message "Phil Zimmermann/Amnesty International?", rrothenb at ic.sunysb.edu writes: > > > > I was wondering if the Zimmermann case would be a proper concern of > > Amnesty International. [snip] > > > I've heard that A.I. does not discuss political persecution as much in > the countries that are doing it, since they do not want to offend the > powers-that-be in that country, though they will note a case in another > country. (In other words, if A.I. did note the PRZ case they'd only > discuss it outside the United States.) > > This is just speculation though... > You're right on the speculation; A.I. has no such policy. As a matter of fact, they will meet face to face with government officials to seek the release of 'prisoners of conscious' - which is a possible category for Phil Z. Though Phil, despite what we may think, is not a prisoner, yet.. From tcmay at got.net Fri Sep 1 11:13:21 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 11:13:21 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: Before you folks jump on the "racist" Mark Fuhrman, think about the "surveillance state" issues. While it was not any government organization that taped Fuhrman's comments, there are some real issues involved in how deeply and how far back we want to "mine" comments made by people. Some real issues of privacy. The Mark Fuhrmans of the future may be interested in using technologies to protect their privacy, to give them "plausible deniability" should their recorded words come back to haunt them. Brief comments: * This post is primarily about the role of pseudonyms, not the OJ trial or the testimony/tapes involving Mark Fuhrman. * And the issue of "mining" of ancient records, especially as technology makes the recording of sounds, the taping of sights, and the archiving of electronic messages so much easier. * Those who think this is off-topic because it has nothing to do with coding in C are hereby invited to hit the "D" key, or whatever passes for it, right now. Caveat: I've watched entirely too much of the OJ trial on CNN, as I sit here at home and surf the Net every morning. It's easy to have the television on, and the OJ trial has had many interesting twists. When the stuff gets boring, I switch to music or perhaps to the financial network CNBC. So, I've see nearly everything being talked about here. Opinion on OJ: ***elided by Tim to head off debates about OJ's guilt or innoncence***. (I state this to show my prejudices, not to start an "OJ debate" on this list. Actually, I just elided (deleted) the opinion I had expressed, so as not to inflame anyone here.) What really bothers me, as it relates to the pro-privacy themes of this list, is the reaching back many years to comments made by a witness--Mark Fuhrman--to a screenplay writer. Because she kept audiotapes, going back 10 years, these comments may likely strongly influence the verdict in this "trial of the century." Anyone in favor of heading off the "surveillance society" should be alarmed at this development. As tape recorders and video cameras proliferate, comments may be compiled, taken out of context, and used as evidence. (Who amongst us has not said "nigger"? Does it count if I am asking why the rap group "Niggas with Attitude" chooses to label themselves as niggers? I figure that if blacks routinely call themselves niggers and call folks like me "honkies," then it's fair to call _them_ niggers. Not that I do this, but I don't see the term as so horrifying as to cause a killer like OJ to get off as this spectacle unfolds. Besides, it's become "permissable" for black leaders to refer to New York City as "Hymietown" in a way that would result in public stoning for a white to refer to a city as "Niggertown." The old double standard.) The point: Fuhrman should have used a pseudonym, should have taken steps to protect his identity. Of course, in 1985 this would have been harder. But have people given up the right to speak "for themselves" in private? If there is no solid evidence that Fuhrman actually committed any crimes, but only appeared to be puffing himself up, a la a Wambaugh wannabee, then why are his "racist" and "sexist" comments deemed so important as to have derailed the trial for the last couple of weeks? I have said an awful lot of inflammatory things at Cypherpunks meetings, at parties, in political discussions, and so forth. I don't claim that there should be a law against people bringing these issues up, or even a law against tape-recording various kinds of meetings. I just argue that we are devolving into a surveillanc To be sure, there are valid trial issues: -- Did he misspeak, misremember, or lie when he said he had "never" used the word "nigger" in the past 10 years? (I recall at the time, circa Feb-March, thinking to myself "Oh, sure!," when he said he had not used the word nigger in the past 10 years.) -- If this is perjury, how does it affect other evidence? (I'm not a lawyer, but I grok from the comments on CNN that this has to do with whether his testimony was supportive of other evidence, "cumulative," and related issues.) -- Does this possible misspeaking, misremembering, or lying have anything to do with whether he planted the bloody glove? -- etc. There are various valid issues. Spending a few weeks on these issues is another matter, though, IMHO. In my view, if I were the judge I'd have forced this issue to be resolved in hours, not weeks. Anyway, I am greatly disturbed by this "mining" of ancient comments, made to a screenwriter. Whether Fuhrman is a "racist" or not, this witch trial is a diversion from the real issues. And some real privacy issues are raised. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mr.xxx at ce.flashnet.it Fri Sep 1 12:00:27 1995 From: mr.xxx at ce.flashnet.it (Pasquale Piombino) Date: Fri, 1 Sep 95 12:00:27 PDT Subject: No Subject Message-ID: <199509011900.VAA01399@ns.ce.flashnet.it> Hi all, I am searching PGP software. Does anyone know where I can download it? Thanks for answers. -+-+------------------->->--------------------------------:-Q------------ � Pasquale Piombino | | Via Colombo, 35 Email: mr.xxx at ce.flashnet.it � � I-81100 CASERTA Phone - Fax: 0039 823 329152 | | ITALY � +-+-------------8-)---------------------:-))-----------------:-o--------- From stewarts at ix.netcom.com Fri Sep 1 12:15:26 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 12:15:26 PDT Subject: Some details on RSA Secure Message-ID: <199509011912.MAA29501@ix8.ix.netcom.com> At 08:48 AM 8/31/95 PST, "baldwin" wrote: >Here are my biased comments on RSA Secure. They are biased by >the fact that I an a techie who works for RSA Data Security. >Neatest Features: >- It is integrated with the File Manager on Windows and the > Finder on Mac System 7. It's an interesting approach - simpler than installing as a file system (I'm not using SecDrv because it needs a separate partition), but so far it seems relatively useable. On the other hand, since there are file types it refuses to encrypt, like DLLs, there are some things it can't protect (like DLLs with passwords embedded in them.) >- A settable list of files can be automatically decrypted (or > encrypted) on system startup (or shutdown). I've got mixed feelings about this - since my password has normally timed out by the time I shut down, it demands a password before shutting down, and if I had any large amount of data there, I assume it would take a while to reencrypt on my 386-box. (Laptops are generally slower than similar-age desktops, and you often want to shut them down quickly, even when they aren't shutting themselves down to save power.) I haven't tried powering it off during this process, but I assume that at best the files would be unencrypted and at worst there'd be one half-decrypted and sitting in limbo to be trashed the next time the system starts up? >Technical Features: >- The user's passphrase unlocks a master key that is used to unlock > the file encryption key for each file. Since the documentation mentions 512-bit and 1024-bit RSA keys, I'd guess that each file has a separate random RC4 key which is stored in the file header, encrypted with the user and escrow RSA keys plus the MD5 hash, plus the encrypted real filename? (The alternative would be that the userpref.!!! file contains an RC4 key encrypted with RSA, which is used to encrypt the file keys, but that would lead to much shorter headers, and cracking that master RC4 key would then allow cracking of all documents on the system, so I'm guessing that's not the approach used.) >Request for Improvements: 1) The "Emergency" menu item in the File Manager is annoying. Could it be combined with the RSA menu item, eliminated, or at least have the option of abbreviating the name? 2) Can keys and files be shared between multiple machines, i.e. the same user keys on a desktop and laptop, so that individual encrypted files can easily be moved back and forth? #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Fri Sep 1 12:15:40 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 1 Sep 95 12:15:40 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <199509011912.MAA29475@ix8.ix.netcom.com> >I do not think that PGP 2.x can easily (ie: Automatically) use one key for >Signing and another for Encrypting a Message (it does both at the same time >if you ask). If I "Clear Sign" a message and then Encrypt it, then I get >the result but I'm not sure if doing the decrypt on such a message will >automatically spot the signature and verify it (as would occur with a E+S >pass). PGP identifies the key for decryption and signature checking from the message. When you're signing a message or key, you can pick which of your keys to use with the -u option. The difficulty is getting people to use your encryption key instead of your signature key when encrypting stuff for you. Derek mentioned one approach (get people to load the encryption key first); unfortunately, you can't predict their behavior, and if you change encryption keys more often than signature keys, they'll load the newest encryption key last. Another approach is to identify them in the names - my key certification key says "KeyCert-only" in the text. For the problem that started this discussion, though, there's no good solution. Since the Bad Guys _can_ encrypt a message to you with your signature key, and send it to you by anonymous remailer, they can plant a reason to suspect that you may have evidence encrypted with that key. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From rkw at dataplex.net Fri Sep 1 12:47:20 1995 From: rkw at dataplex.net (Richard Wackerbarth) Date: Fri, 1 Sep 95 12:47:20 PDT Subject: SSL search attack Message-ID: I wrote >>> Assuming that you are multi-threaded--- Simply run two "workers" on the >>> same machine. If there are delays in getting keys assigned, the two will >>> soon get out of phase and keep the cpu busy. >> I kind of like that idea... > To which Piete Brooks replied: >I thought of that, but: >1) for the same server load, it doubles the number of unACKed segments >2) if process A is lagging process B, then when process B finishes and is idle > waiting for the server, process A will run faster and thus reduce the lag. > This will make the processes drift into phase. > I'm not convinced one way or the other. But you forgot that when process A finishes, process B will run faster and re-establish its lead. The real question is what is the parameter that we need to minimize? Assuming that the key is distributed in the keyspace with a uniform probability, then what we need to minimize is the expectation that two or more workers are searching the same keyspace. As long as we never reach the point that all of the keys have been distributed, it does not matter how many or in what method they are assigned. (The "fairness" WRT a prize being ignored) The assignments only become important as we exhaust the space and must prepare to make another pass. Note that we never got to that point on challenge 2. The assignment of the block containing the key was processed on its first pass and the key was found. In this regard, it is probably "best" to first attempt to identify those space assignments that have been lost. If we associate with each key, either explicitly, or by inference, an expected completion time, those segments which are most overdue are certainly good candidates for having been lost. Based on our previous try, and the assumption that we would not have extremely different resources available, the master allocator would not NEED to get reports back for the first say 12 hours. That is not to imply that reports should be delayed that long, but only that there is considerable opportunity to have a hierarcy of intermediate collectors that have plenty of time to adjust their allocation algorithms to match the ability of their workers. Later, more rapid response would be needed. When the required response becomes too small for the "little guys", they could be sloughed off on the next problem, leaving the "big boys" to clean up the last pieces. Of course, the "next" problem might be to resolve the same problem because the correct answer was incorrectly reported as not found. As I see it, except for perhaps the fastest of machines there is little reason to allocate to the workers more than one segment at a time. Their supervisor can quickly respond to requests for work and consolidate the results to be passed up the chain. The only reason that I can see to separate the acks from the assignments is to be able to have "memory-less" nodes. This is certainly unnecessary if there is a web of supervisor servers. I have a lot more thoughts that I will defer to the next missive. Gotta' run... ---- Richard Wackerbarth rkw at dataplex.net From pfarrell at netcom.com Fri Sep 1 13:28:27 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 1 Sep 95 13:28:27 PDT Subject: Key Escrow Workshop agenda & discussion paper 3 Message-ID: <59234.pfarrell@netcom.com> The following message segment: ------------------------------ From: Arlene Carlton Fri, 01 Sep 1995 15:30:46 -0400 Cc: carlton at micf.nist.gov Subject: Key Escrow Workshop agenda & discussion paper 3 September 1, 1995 Dear Participant: Thank you for agreeing to participate in the two-day meeting on software key escrow encryption. We are anxious to work with you and other industry representatives to facilitate development of exportable key escrow encryption in software products. I look forward to the workshop being an important step in that process. [snip] --------------------------------- Was sent to the following folks. I assume that this means that these people are participants. I see Dan W from CDT, Soble from EPIC and Whitfield Diffie, on our side, plus assorted folks with stakes such as tis.com and netscape.com And of course, DERD for the other side. Blank Unicorn had posted to c'punks that he was attending. Of course, while I know what he looks like, I have no idea which nym is his. Pat List of attendees/registered participants follows: 100436.3361 at compuserve.com, 73167.2027 at compuserve.com, 73534.3011 at compuserve.com, 75300.3232 at compuserve.com, 76225.2603 at compuserve.com, ablee at mitre.org, ads012 at email.corp.mot.com, ams at eit.com, amte09 at email.corp.mot.com, asteen at novell.com, baum at world.std.com, bekutz at aol.com, bflowe at mcimail.com, bill.poulos at oga.eds.com, bill.poulos at oga.eds.com, branstad at tis.com, bsaclu at aol.com, c.baggett at cablelabs.com, carol.donovan at network.com, ccrafton at gi.com, charlesabzug at acm.org, ckc at rfpo1.rfc.comm.harris.com, cmo at cohnmarks.com, coallen at us.oracle.com, cpadilla at attmail.com, cpadilla at attmail.com, csmith at steptoe.com, davery at grci.com, david_rose at ccm.fm.intel.com, ddodson at nist.gov, denning at cs.cosc.georgetown.edu, deyoung at rpcp.mit.edu, dinsmore at tis.com, djw at cdt.org, dkozlay at ire.com, dmiller at spa.org, Don_Sortor-ads012 at email.corp.mot.com, ebarker at nist.gov, ed at tecsec.com, emessmer at world.std.com, ezzy_dabbish-amte09 at email.corp.mot.com, flahavin at csmes.ncsl.nist.gov french at zeke.enet.dec.com, gomes at dockmaster.ncsc.mil, gordon at ipower.nsc.com, hoffman at seas.gwu.edu, housley at spyrus.com, hoydyshd at mcln.unisysgsg.com, i.goldsmith at nexor.co.uk, infocker at megaweb.com, jackk at microsoft.com, jag at jgvandyke.com, jaltman at milchev.com, jamanni at missi.ncsc.mil, james.hughes at network.com, jdrandall at vnet.ibm.com, jean_m_baronas at co.xerox.com, jeff.rulifson at Eng.Sun.COM, jeff at netscape.com, jerry at ods.com, jgheiner at aol.com, jimmy at ipower.nsc.com, jimn at calv1.cray.com, jkrauss at cpcug.org, john at ipower.nsc.com, john_pascatore at ivision.com, jroberts at cmp.com, js at cup.hp.com, jseiger at cdt.org, jwinston at ota.gov, jya at pipeline.com, jya at pipeline.com, kandy at micf.nist.gov, karen.randall at att.com, kawamoto at mitre.org, kaye at ix.netcom.com, kent_landfield at sterling.com, khrose at annap.infi.net, klensin at mci.net, lc2m at andrew.cmu.edu, lcarnahan at nist.gov, lhg at nrc.gov, lovornj at usva8.dyncorp.com, lshomo at hqops.hq.nasa.gov, lthrash at hqamc.army.mil, lydia.bell at tip.navsea.navy.mil, maitgmu at aol.com, martin.ferris at treas.sprint.com, mary_smolenski at ita.doc.gov, mbohannon at banyan.doc.gov, mccord at nosc.mil, melanie.carter-maguire at nt.com, mendelson at tis.com, mfa at compaq.com, michael.palgon at sciatl.com, mignon at atc.boeing.com, mikus at viacrypt.com, mjl at liii.com, mpapillo at snap.org, mpapillo at snap.org, mppulkk at mikropc.fi, mrainey at itic.nw.dc.us, murray2 at vnet.ibm.com, natstrat at dgs.dgsys.com, nazario at csmes.ncsl.nist.gov, paradise at wellsfargo.com, pfarrell at netcom.com, pjclark at ix.netcom.com, po7114 at email.mot.com, polk at csmes.ncsl.nist.gov, powar at visa.com, randy at mci.net, ravenis at novell.wd.cubic.com, rjg9324 at glaxo.com, rjoconnor at aol.com, rmedlock at mitre.org, roberth at bsa.org, rolfe.doc.gov at micf.nist.gov, rozzie at iris.com, rwessman at us.oracle.com, sbaker at steptoe.com, Schneck at mitre.org, Schneck at ncsl.nist.gov, sevans at csn.com, shabbir at panix.com, simona at sea.org, sking at mitre.org, sltm at msg.ti.com, snouffer at st1.ncsl.nist.gov, sobel at epic.org, squires at arpa.mil, stuart at bellcore.com, stw at atc.boeing.com, sullivan at interramp.com, tajalli at tis.com, tec.teclgl at micf.nist.gov, ted_gerbracht at ml.com, tfuhrman at ostp.eop.gov, thomas_clare at sterling.com, trivers at is.ge.com, trstsc at tevm2.nsc.com, ttobin at atl.ge.com, wafranklin at attmail.com, walker at tis.com, walt at osf.org, walters at snad.ncsl.nist.gov, wford at bnr.ca, whitehurst at vnet.ibm.com, whitfield.diffie at Eng.Sun.COM, whpayne at abq-ros.com, wmcglone at milchev.com, wright at dockmaster.ncsc.mil, Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From jeffb at sware.com Fri Sep 1 14:01:12 1995 From: jeffb at sware.com (Jeff Barber) Date: Fri, 1 Sep 95 14:01:12 PDT Subject: Fuhrman needed a digital pseudonym! In-Reply-To: Message-ID: <9509012100.AA07333@wombat.sware.com> Timothy C. May writes: I almost always agree with Tim. This time I have to differ -- I think his outrage at the course of the OJ trial has fogged his head. > * This post is primarily about the role of pseudonyms, not the OJ trial or > the testimony/tapes involving Mark Fuhrman. Well, it's hard to see that from reading the rest of it. > Before you folks jump on the "racist" Mark Fuhrman, think about the > "surveillance state" issues. While it was not any government organization > that taped Fuhrman's comments, there are some real issues involved in how > deeply and how far back we want to "mine" comments made by people. Some > real issues of privacy. I don't see any "surveillance state" issue. Fuhrman openly agreed to speak to the screenwriter. AFAIK, he had no reason to believe the screenwriter wouldn't tell anyone else. Nor should he have counted on that anyway. Any loss of credibility (or other penalty) he receives is entirely deserved, IMO. If he didn't want his words coming back to "haunt" him, he shouldn't have spoken them, in this setting at least, whether they were sincere or merely an attempt to puff himself up in her eyes. Speaking as a "consultant" (or whatever he imagined his relationship with the screenwriter to be) isn't the same as speaking in confidence to your best friend in a private setting anyway. > Anyone in favor of heading off the "surveillance society" should be alarmed > at this development. As tape recorders and video cameras proliferate, > comments may be compiled, taken out of context, and used as evidence. I am not alarmed in the least (by this development, anyway). There's no evidence that Fuhrman's comments are being taken out of context. Fuhrman freely entered into the arrangement wherein his comments were recorded. Let's face it, the most likely explanation here is that Fuhrman is a lying scumbag. The fact that Fuhrman may be a lying scumbag doesn't make OJ any less guilty. However, it does throw a lot of suspicion on Fuhrman's testimony. OJ's entire defense has been based on the claim that Fuhrman and other LAPD members lied and otherwise conspired in order to frame him. These tapes are clearly appropriate to that defense whether you believe the defense a valid one or not. > But have people given up the right to speak "for themselves" in private? If > there is no solid evidence that Fuhrman actually committed any crimes, but > only appeared to be puffing himself up, a la a Wambaugh wannabee, then why > are his "racist" and "sexist" comments deemed so important as to have > derailed the trial for the last couple of weeks? The fact that Fuhrman's comments are racist or sexist are not the point. What is important is that he lied in court about having made those statements. If he or the prosecution believes that a case can be made that Fuhrman was just puffing himself up, then they should try to convince the jury of that. > To be sure, there are valid trial issues: > > -- Did he misspeak, misremember, or lie when he said he had "never" used > the word "nigger" in the past 10 years? Yes, IMO, this is the important issue. Anyone who dispenses racial epithets with the ease he apparently displayed in the tapes is an idiot to have made such a claim whether the tapes were puffery or not. > -- If this is perjury, how does it affect other evidence? (I'm not a > lawyer, but I grok from the comments on CNN that this has to do with > whether his testimony was supportive of other evidence, "cumulative," and > related issues.) IANAL, but let me just say that if I were on the jury, I don't think I'd believe a single word he'd said during the trial. I think that I would probably still believe him to be guilty, anyway, but it's hard to be sure without having heard only what the jury has heard. > -- Does this possible misspeaking, misremembering, or lying have anything > to do with whether he planted the bloody glove? I don't know. I'm kinda amazed that Ito has said that other portions of his taped words won't be used, such as those parts where he describes manufacturing evidence against the accused. That seems to me to be clearly relevant, at least as relevant as his use of the n-word. > Anyway, I am greatly disturbed by this "mining" of ancient comments, made > to a screenwriter. Not me. A few weeks there was a thread concerning the use of information by private "reputation" bureaus. I can't find the thread in the archives but I seem to recall you defending the right of private entities to keep and distribute such information (my apologies if this was someone else). Anyway, to me, these tapes fall clearly in the same domain. This screenwriter isn't a government agency, the information was freely given, and the screenwriter has every right to offer it for whatever purpose she deems appropriate, for free or for money (barring any agreements to the contrary, of which I have heard nothing). -- Jeff From warlord at MIT.EDU Fri Sep 1 14:14:53 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 1 Sep 95 14:14:53 PDT Subject: Different Keys for Signing and Encrypting In-Reply-To: <199509011912.MAA29475@ix8.ix.netcom.com> Message-ID: <9509012114.AA00959@m37-332-6.MIT.EDU> > unfortunately, you can't predict their behavior, and if you change > encryption keys more often than signature keys, they'll load the > newest encryption key last. Actually, the most recently-added key will be the one that is used.. So updating your encryption key works fine, since the most recent encryption key will be on top, and hense used first. > For the problem that started this discussion, though, there's no good > solution. Since the Bad Guys _can_ encrypt a message to you with your > signature key, and send it to you by anonymous remailer, they can > plant a reason to suspect that you may have evidence encrypted with > that key. True.. To get around this problem you need the concept of a two-key certificate... However a rogue user could still use the signature key to encrypt, so I'm not sure that even this would help the problem. -derek From tcmay at got.net Fri Sep 1 14:21:55 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 14:21:55 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: At 9:00 PM 9/1/95, Jeff Barber wrote: >I don't see any "surveillance state" issue. Fuhrman openly agreed to >speak to the screenwriter. AFAIK, he had no reason to believe the >screenwriter wouldn't tell anyone else. Nor should he have counted on >that anyway. Any loss of credibility (or other penalty) he receives >is entirely deserved, IMO. By the way, McKinny did not volunteer the tapes, nor did she consent to having them taken from her and used by the Defense. Private property was taken by a court action (the North Carolina lower court ruled that the tapes were the property of McKinny and could not be taken, then an appeals court overruled this decision and ordered McKinny to produce the tapes). (It is not clear how Cochrane and his team learned of the tapes. Speculation is that McKinny's agent or lawyer was doing some freelance shopping-around of the script. McKinny has denied that she was trying to sell the tapes. Regardless, they are her property and should only come in to a court case when directly and centrally involved. This is closely related to the Church of Scientology issue, and is being debated on another mailing list I'm on, the Cyberia list.) This raises serious issues. She was a screenwriter, Fuhrman was helping her to generate a salable script. Neither was speaking for the LAPD. (Kind of like the disclaimers we see on the Net, which I suspect are becoming worthless.) >> Anyway, I am greatly disturbed by this "mining" of ancient comments, made >> to a screenwriter. > >Not me. A few weeks there was a thread concerning the use of >information by private "reputation" bureaus. I can't find the thread >in the archives but I seem to recall you defending the right of >private entities to keep and distribute such information (my apologies >if this was someone else). Anyway, to me, these tapes fall clearly in You're imputing to my comments about what will happen, and what cannot be stopped except by coercion, a conclusion which you think is at odds with my point here. Just because I think people (like me, you, Laura McKinny, etc.) have the "right" to compile records, make notes, make tapes of conversations, etc., does not mean I think that courts can order them given to the court. (This is an issue I have with "discovery" in general, where even peripheral witnesses can be compelled to turn over diaries, journals, letters, tapes, records, financial reports, etc.) >the same domain. This screenwriter isn't a government agency, the >information was freely given, and the screenwriter has every right to >offer it for whatever purpose she deems appropriate, for free or >for money (barring any agreements to the contrary, of which I have >heard nothing). Again, to make it clear, McKinney did not offer the material and fought in the North Carolina courts to have her property kept confidential. The court ordered her to turn it over. (And apparently members of the defense team leaked the most damaging, and out of context, parts, provoking Ito to announce a major investigation of this is to come, with severe sanctions for those who leaked it.) We need a justice system which will not be dragged into spending a full year on this matter, with every indication that a mistrial or hung jury will result. I look forward to a day in which an OJ would get a reasonable, month-long trial...and then, if found guilty, be given an execution date no longer than a month away. As it is, OJ will be guesting on the talk show circuit. He butchers two people--from the overwhelming mound of evidence I've seen--and essentially cuts the head off of his ex-wife, but will likely get off as this trial spins out of control and fragments in various ways. Don't misunderstand my motivations: I'm sort of happy this is all happening. It makes people even more suspicious of governments and lawyers, and it will accelerate the disintegration of the current system. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From terrell at sam.neosoft.com Fri Sep 1 15:09:28 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Fri, 1 Sep 95 15:09:28 PDT Subject: Fuhrman needed a digital pseudonym! Message-ID: <199509012218.RAA23055@sam.neosoft.com> > >From: tcmay at got.net (Timothy C. May) >Subject: Fuhrman needed a digital pseudonym! >Before you folks jump on the "racist" Mark Fuhrman, think about the >"surveillance state" issues. While it was not any government organization >that taped Fuhrman's comments, there are some real issues involved in how >deeply and how far back we want to "mine" comments made by people. Some >real issues of privacy. > >The Mark Fuhrmans of the future may be interested in using technologies to >protect their privacy, to give them "plausible deniability" should their >recorded words come back to haunt them. > ... >* And the issue of "mining" of ancient records, especially as technology >makes the recording of sounds, the taping of sights, and the archiving of >electronic messages so much easier. > ... >What really bothers me, as it relates to the pro-privacy themes of this >list, is the reaching back many years to comments made by a witness--Mark >Fuhrman--to a screenplay writer. Because she kept audiotapes, going back 10 >years, these comments may likely strongly influence the verdict in this >"trial of the century." > >Anyone in favor of heading off the "surveillance society" should be alarmed >at this development. As tape recorders and video cameras proliferate, >comments may be compiled, taken out of context, and used as evidence. ... > >--Tim May > If you've ever watched Not_at_all_Funny Home Videos or any of the American Urinal school of tabloid television, you soon start feeling that the real threat to privacy is not the guvmint, but all of the yoyos with their little cam corders running around pointing them at people. Security cameras in ATMS and at airline ticket counters do more to threaten you privacy than do FIBBIE wiretaps, and PGP won't protect you from them. (and usually neither will the courts). Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From starrd at iia2.org Fri Sep 1 15:13:26 1995 From: starrd at iia2.org (starrd) Date: Fri, 1 Sep 95 15:13:26 PDT Subject: Web of Trust In-Reply-To: <199509011201.GAA01376@wero> Message-ID: On Fri, 1 Sep 1995 don at cs.byu.edu wrote: > I am requesting that all "active" cypherpunks/cyphergroupies please send me > their key number, IF it's already on the keyservers. If it's recently put > there, be sure to tell me or I will be annoyed. If it's not there at all, > I'll be annoyed. Personally annoyed, not I-ran-some-scriptfile annoyed. If > you searched any of the RC4 or SSL keyspace, for example, I'm interested. > If you post messages occasionally, [conspiracypunks need not apply] I'm > interested. If you generated a key because your neighbor taught you how, > don't bother. Hi, Please feel free to ad my key to your keychain and/or keyserver. I am a cyberpunk in the most original sense. From the early '80s the days of 8BBS & 414's, etc. I am also in the book "CyberPunks" [now in your book store] see who signed my key, and you'll have a clue who I am. Enjoy the key! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From syrinx at c2.org Fri Sep 1 15:27:13 1995 From: syrinx at c2.org (Syrinx Anonymous Remailer) Date: Fri, 1 Sep 95 15:27:13 PDT Subject: CIA & Espionage Message-ID: <199509012222.PAA13146@infinity.c2.org> 'Tatu Ylonen' was reported to have written: > I do find it rather shocking that the most powerful country in the > world sets industrial espionage as the primary task of their > intelligence services. Well, I have a letter from a United States Senator which was received last year in response to my phone call in opposition to the Digital Telephone Act of 1994 (S. 2375). Here's the interesting part: "According to the director of the Federal Bureau of Investigations (FBI), Louis Freeh, the number one law enforcement, public safety, and national security issue facing us today is preserving the ability to conduct court approved wiretaps." In other words, retaining the ability to monitor citizen communications is their greatest concern. This should be more than shocking to anyone who cares about privacy. It appears as though the primary function of the FBI and the "intelligence services" are similarly directed. One significant distinction is that the FBI's stated mission is directed toward the "owners of the country" (to borrow a term from Perot). From mfroomki at umiami.ir.miami.edu Fri Sep 1 15:34:33 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 1 Sep 95 15:34:33 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509011410.KAA20234@libws1.ic.sunysb.edu> Message-ID: I think he would have to be charged first. Have I missed something? PS when does the statute of limitations run out? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot there. And humid. Coral Gables, FL 33124 USA | But I'm elsewhere.... See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From davidm at iconz.co.nz Fri Sep 1 15:46:04 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 1 Sep 95 15:46:04 PDT Subject: A problem with anonymity Message-ID: <199509012245.KAA27969@iconz.co.nz> -----BEGIN PGP SIGNED MESSAGE----- Tim May said in article : > At 11:32 PM 8/31/95, Scott Brickner wrote: .. > >he sells its assets to his own identity at a fraction of their worth, > >and defaults on the liabilities. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. > ideally, one never "trusts" an agent with a transaction greater than the > value of the reputation capital he will lose if he defaults. .. > Whether cryptographic protocols (cf. the "encrypted open books" proposal by > eric Hughes for one approach which may be useful) solve this problem is not > known at this time. But the non-crypto world has of course not solved this > problem, either. I've often thought that in a system of digital pseudonyms, where no-one need trade with a negative reputation (a reputation deficit?), something like Akerlof's Market for Lemons will arise, and _all_ pseudonyms will be treated as (reputationally) worthless. [Akerlof, if I remember my economics right (and I am confident that I will be corrected if I don't) analysed a market for used cars. There were two types of cars: good ones, and lemons. A purchaser couldn't tell the difference until she had bought the car. Since the expected value of a used car was less than the value of a good car, purchasers wouldn't pay the good car price. But that would mean owners of good cars wouldn't offer them for sale (in this market). So the only cars for sale would be lemons :-)] As Tim points out, this is a non-crypto problem as well, and devices such as bonds or (which are game-theoretically similar) expensive advertising or plush premises [if they spent an unrefundable $20million on the Rolling Stones, they're not likely to throw it all away by ripping you off for $100 ;-)] are used to convince potential customers of one's bona fides. How these transfer to the world of cyber-finance, I'm not sure, but I suspect it leaves a role for True Names in the management of credit risk: as escrow agents, middlemen, clearing houses etc. [Although, having said that, if the Akerlof analysis applies, you just *can't* grant (unsecured) credit to pseudonyms - the percentage of defaulters will be 100...] But these Names are True only in the sense that they are juridically persistent (that is, if they transact today, they can be sued tomorrow), and need not be traceable to any True People (Warm Bodies?) - anonymously held corporations, for example. If you can't rely on the unsecured promise of a digital pseudonym, and you can't accept reputation as 'security', how do you extend credit? Dm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEd+81lo3j8JHzalAQFo0AQAkohUuFg6QwRaY7X5LwF1YXCby1uCKQmI FfmQHmEa55oeht9Vc4DN1V+dIGjVWRIxS3ib/oRYsXY9HWo8pI3gMKhbnsBf3OzN jVuoUR8Tgx1HcX59uBjbpxKNHFw5U4gPN70zvbLJhbw1UHWr24tq5RJri22coCh7 1Dm016RMHns= =rl4c -----END PGP SIGNATURE----- From dawagner at phoenix.Princeton.EDU Fri Sep 1 16:10:20 1995 From: dawagner at phoenix.Princeton.EDU (David A. Wagner) Date: Fri, 1 Sep 95 16:10:20 PDT Subject: Cryptanalysis of S-1 In-Reply-To: Message-ID: <9509012308.AA17004@tucson.Princeton.EDU> Ted_Anderson at transarc.com writes: > Further we have a concrete design principle: the per-round sub-keys > should not repeat. Right. In fact, this design principle has been known for a long time: the earliest reference I know of is @inproceedings{subkeys-important, author = {Edna K. Grossman and Bryant Tuckerman}, title = {Analysis of a Weakened {Feistel}-like Cipher}, booktitle = {1978 International Conference on Communications}, pages = {46.3.1--46.3.5}, publisher = {Alger Press Limited}, year = {1978}, annote = {Feistel ciphers with identical subkeys in each round are very weak} } ------------------------------------------------------------------------------- David Wagner dawagner at princeton.edu From tcmay at got.net Fri Sep 1 16:51:13 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 16:51:13 PDT Subject: Surveillance a Growing Problem Message-ID: (I've changed the thread name from "Fuhrman...." to the topic being discussed here.) At 10:56 PM 9/1/95, Buford Terrell wrote: >If you've ever watched Not_at_all_Funny Home Videos or any of the >American Urinal school of tabloid television, you soon start feeling >that the real threat to privacy is not the guvmint, but all of >the yoyos with their little cam corders running around pointing them >at people. > >Security cameras in ATMS and at airline ticket counters do more >to threaten you privacy than do FIBBIE wiretaps, and PGP won't >protect you from them. (and usually neither will the courts). I absolutely agree with this, though this doesn't mean I'll stop worrying about the government's plans for key escrow (GAK), about limits on key lengths, or about other efforts to thwart strong security. But clearly the "technologies of surveillance," ranging from massively-cross-correlated mailing lists to smaller and cheaper and more ubiquitous video cameras, are very nearly an equal threat. (Lots of issues, from the nearly universal requests for Social Security Numbers, to the growing powers of courts to compel the disclosure of private documents, to, well, you folks all know the trends.) Folks like us should not be lobbying for limitations on what other private individuals or companies are doing, but should concentrate first, on technological alternatives (encryption, unlinkable credentials, digital money, that sort of thing) and second, on educating others that security and privacy is best self-arranged and is rarely accomplished by government assuming the role of protector. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Fri Sep 1 17:07:53 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 17:07:53 PDT Subject: A problem with anonymity Message-ID: At 10:45 AM 9/2/95, David Murray wrote: >I've often thought that in a system of digital pseudonyms, where no-one need >trade with a negative reputation (a reputation deficit?), something like >Akerlof's Market for Lemons will arise, and _all_ pseudonyms will be treated >as (reputationally) worthless. Doubtful, as we already have evidence that people are treating some digital pseudonyms as reputationally valuable. Examples abound. >[Akerlof, if I remember my economics right (and I am confident that I will >be corrected if I don't) analysed a market for used cars. There were two >types of cars: good ones, and lemons. A purchaser couldn't tell the difference >until she had bought the car. Since the expected value of a used car was less >than the value of a good car, purchasers wouldn't pay the good car price. >But that would mean owners of good cars wouldn't offer them for sale (in >this market). So the only cars for sale would be lemons :-)] I haven't encountered this example, but it clearly misses some important real-world issues. First, people buying used cars are strongly advised to take the car to an independent mechanic to be checked out (a kind of variant of the "cut-and-choose" protocol at work). This often reveals lemons. Second, people take test drives, look under the hood, kick the tires, etc. This also often reveals lemons. Third, the reputation of the used car dealer is, despite nearly a century of jokes to the contrary, often very important. The last two cars I've bought I bought used--albeit with low mileage on each--from car dealers. I took test drives and got a limited warranty in each case. The first car I drove for 12 years with essentially no problems, the second I've been driving for almost 3 years. Like a lot of simple game-theoretic models, the application to the real world is quite different. But I certainly agree that crypto will reignite interest in analyses of such game theory questions. Another way of viewing anonymity vs. non-anonymity is that knowing the True Name of a party with whom one trades is just _one element_ of a transaction. By no means is it essential. (Think of various trading situations where one has no idea of the True Name of the other parties: cash-and-carry transactions, flea markets, many international trade arrangements, etc. As we have discussed in past discussions of anarchy, the international trading regime is essentially an anarchy, in that no Higher Authority exists to resolve disputes in a top-down way...the so-called "Law Merchant" evolved to resolve disputes in such trading situations.) >As Tim points out, this is a non-crypto problem as well, and devices such as >bonds or (which are game-theoretically similar) expensive advertising or >plush premises [if they spent an unrefundable $20million on the Rolling >Stones, they're not likely to throw it all away by ripping you off for >$100 ;-)] are used to convince potential customers of one's bona fides. > >How these transfer to the world of cyber-finance, I'm not sure, but I suspect >it leaves a role for True Names in the management of credit risk: as escrow >agents, middlemen, clearing houses etc. [Although, having said that, if the >Akerlof analysis applies, you just *can't* grant (unsecured) credit to >pseudonyms - the percentage of defaulters will be 100...] But these Names are >True only in the sense that they are juridically persistent (that is, if >they transact today, they can be sued tomorrow), and need not be traceable >to any True People (Warm Bodies?) - anonymously held corporations, for >example. > >If you can't rely on the unsecured promise of a digital pseudonym, and you >can't accept reputation as 'security', how do you extend credit? I am willing to extend some amound of credit to PrOduct Cypher, Black Unicorn, etc., based on their past reputation and on the fact that I can show to others the transactions into which their pseudonyms entered and thus expose them if they default. Now _how much_ I'm willing to extend is of course a more complicated issue, but the principal is still there: a purely digital pseudonym, with no possibility of being tied to a True Name, can still be extended credit....I just said I would do so. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From adwestro at ouray.cudenver.edu Fri Sep 1 17:19:06 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Fri, 1 Sep 95 17:19:06 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: On Fri, 01 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? June '96. Zimmermann and Dubois appeared on a local talk radio show recently; a friend happened to catch the program, taped it, and played excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From monty.harder at famend.com Fri Sep 1 17:46:10 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Fri, 1 Sep 95 17:46:10 PDT Subject: A problem with anonymity Message-ID: <8B04409.00030003D4.uuout@famend.com> TC> This is one thing that _bonding_ is designed to partially ameliorate. One TC> posts a bond which is greater than the amount being carried, or at least is A variation of a bond is an escrow agent.... Overload Alert: I use "escrow" here in the more mundane sense of the folks who collect your real estate taxes and homeowners' insurance from you 1/12th at a time along with your mortgage payment, for instance. If the buyer has a =nonymous= agent to recieve the payment, which is only released to the seller upon proof(s) of performance (whether in lump sum or on a schedule of staged payments tied to specific milestones in a long-term project) then the buyer has someone to go after in the event of such shenannigans. TC> There are still scams and manouvers to thwart this reputation capital TC> scheme. The agent planning to "defect" (default, split, abscond, renege, TC> etc.) can try to pile up as many pending transactions as possible, TC> anticipating that the various transactees will be unaware of each other. And the escrow method dynamically scales to meet this threat, whereas the bond is static. Of course, the escrow agent will extract his pound of flesh, just as any other form of insurance. Such is the nature of life. * A Liberal puts your money where his mouth is. --- * Monster at FAmend.Com * From hayden at krypton.mankato.msus.edu Fri Sep 1 17:50:45 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 1 Sep 95 17:50:45 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? I'm assuming that the statute of limitations has run out on most of these things ( I don't know CA law, except to know it's weird :-) What I'm concerned about, and nobody seems to have picked up on it, is that one of the transcripts said that he and a partner beat up a bunch of perps after they tried to surrender and that one of them died(!!). That's murder in my book, and there is non statute of limitations on that, even in California... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMEeOOzokqlyVGmCFAQHB1gP/bGIG1BqSiM7Fmc1H4fEU3Osg/wwBz31T 5sjms6JX9Z5ekW/oL4I3QDnqrW5GiMfWHdJDRNhYU2cQx0+8V6V8muiah/GO/q+P 8v1Hg0nqYW0yBCROrD/S3kfjLViqCfHWo7S5/T9pjDnF3Dq8KT5tRrAKZrTQVfKL B9ZhTLqqwXk= =eFZv -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++>(+)$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From hayden at krypton.mankato.msus.edu Fri Sep 1 17:51:13 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 1 Sep 95 17:51:13 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 1 Sep 1995, Michael Froomkin wrote: > I think he would have to be charged first. Have I missed something? > PS when does the statute of limitations run out? ARGH! Shit. I got my threads confused, thought this about about furman and the OJ Circus. It's been a long week. Sorry folx. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMEeOcjokqlyVGmCFAQGz2QP+IVwINZmPIQ14Kx4GpMJqjLNTWZba87cc 3QhQxbDQMD5CCSbqGsMyQ899jm/lUxdglBmMvjGIz85uSyg9b5gIinyfKs3lZKFd ilICPOJ49r/C/wH2CaokuDCFtSOGLdOL2M7tpV+zNKiUtIk4vbm34T4COvnjy+g1 z3MZsDpSugY= =M7M5 -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++>(+)$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From hallam at w3.org Fri Sep 1 17:58:17 1995 From: hallam at w3.org (hallam at w3.org) Date: Fri, 1 Sep 95 17:58:17 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: <9509020057.AA17337@zorch.w3.org> I think that two Amnesty policies are being confused. Amnesty does protest on behalf of prisoners of concience in all countries. It also has a rule which means that a group making a protest should come from outside the country concerned, this is a sensible means of preventing Amnesty becomming a vehicle for partisan protests. They have similar rules for when they send observers etc. I don't think that Phil necessarily has to be arrested though. Amnesty might well wish to send someone to the trial to act as an observer. Phill From tcmay at got.net Fri Sep 1 18:13:57 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 18:13:57 PDT Subject: A problem with anonymity Message-ID: At 10:12 PM 9/1/95, MONTY HARDER wrote: >TC> This is one thing that _bonding_ is designed to partially ameliorate. One >TC> posts a bond which is greater than the amount being carried, or at least is > > A variation of a bond is an escrow agent.... > > Overload Alert: I use "escrow" here in the more mundane sense of > the folks who collect your real estate taxes and homeowners' > insurance from you 1/12th at a time along with your mortgage > payment, for instance. > > If the buyer has a =nonymous= agent to recieve the payment, which is >only released to the seller upon proof(s) of performance (whether in >lump sum or on a schedule of staged payments tied to specific milestones >in a long-term project) then the buyer has someone to go after in the >event of such shenannigans. Oh, I agree, of course. Except that the escrow agent need not be a "nonymous" agent, to use Monty's terminology here. The third party escrow agent can of course be a digital pseudonym. (As I keep saying, having the True Name--whatever that means these days--is only one facet, one factor of the overall equation. In some cases, very important, in other cases, less important.) The canonical--if morbid--example is the "Al's Murder Escrow" agent. Al holds the digital money (deposited anonymously, etc.) and doesn't pay the hitter until certain conditions are met. (Chaum has schemes to partly deal with this, but "money mixes" eliminate traceability, but may introduce other issues.) There are of course issues involving the escrow agent deciding not to pay, etc. But most escrow services, like banks, make more money by staying in business than by defrauding customers. (I mention banks because, when you look at it closely, today's banks can quite easily claim that a customer made a withdrawal when he didn't. That they don't says more about the nature of persistent businesses than about any government oversight or security features. This is a side point, but it bears keeping in mind that the real world of banks and businesses, etc., is not fully secure, either. And yet it mostly works pretty well. The reasons for this are interesting to consider.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From nobody at REPLAY.COM Fri Sep 1 18:30:25 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 1 Sep 95 18:30:25 PDT Subject: Key Escrow Workshop agenda & discussion paper 3 Message-ID: <199509020130.DAA17812@utopia.hacktic.nl> Key Escrow Workshop agenda & discussion paper 3 September 1, 1995 Dear Participant: Thank you for agreeing to participate in the two-day meeting on software key escrow encryption. We are anxious to work with you and other industry representatives to facilitate development of exportable key escrow encryption in software products. I look forward to the workshop being an important step in that process. I have attached a draft agenda for the two days. I propose that we spend the majority of our time discussing a set of export criteria. In order to move that discussion along, a draft set of criteria is attached. The criteria state, in general terms, the government's needs with respect to exportable software, consistent with its law enforcement and national security requirements. Since it is important that the final criteria be clear, straightforward, consistent, and implementable, Mike Nelson of the Office of Science and Technology Policy will spend a few minutes describing these criteria on the first morning of the meeting. After that, we would like to hear your perspectives on them and work with you to refine them. On the second day, we plan to discuss the export licensing process for such products, and begin exploring characteristics of acceptable key escrow agents. Again, thank you for your participation. I look forward to seeing you there. Sincerely, / s / Raymond G. Kammer Deputy Director Attachments -------------------------------------------------------- TENTATIVE AGENDA Key Escrow Issues Meeting September 6-7, 1995 National Institute of Standards and Technology Gaithersburg, Maryland Wednesday, September 6, 1995 9:00 Welcome, Agenda Overview, Logistics Ed Roback, NIST 9:10 Review of Meeting Goals Ray Kammer, NIST Deputy Director Session I -- Software Key Escrow Exportability Criteria 9:20 Briefing -- Discussion Draft of Software Key Escrow Export Criteria Michael Nelson, Office of Science and Technology Policy 10:00 Industry Perspectives on Exportability Criteria (Industry briefings/reactions 5-10 minutes max.) 10:45 Break 11:00 Industry Perspectives on Exportability Criteria, continued. 11:45 Discussion of Breakout Session Tasks At registration, you will be asked to sign up for a breakout session. Groups A1, A2: Criterion #2 Groups B1, B2: Criteria #3, 4, 9 Groups C1, C2: Criteria #5, 6 Groups D1, D2: Criteria #7, 8 Criterion #10 is the subject of Session II, and criterion #1 (64-bit) is straight-forward. Breakout room assignments will be announced at this time. 12:00 Lunch (on own, cafeteria available) 1:00 Breakout session #1 Groups will be asked to: 1) determine whether each criterion is clear and, if not, propose appropriate modifications; 2) identify issues (which may arise from the criteria assigned to the group) which need to be addressed, and by whom; and 3) develop technical ideas/approaches for achieving each criterion. 3:00 Break 3:15 Plenary -- Reports from Breakout Session #1 4:00 Breakout Session #2 Participants will be asked to select either a technical or criteria-focused group. Technical groups are asked to: 1) synthesize the proposed technical approaches (just presented in plenary) and identify/discuss the most promising approaches. Criteria focused groups are asked to: 1) look at all criteria and the comments/issues raised and propose ways to reconcile any differences; and 2) prioritize the issues that remain to be addressed, if any, for each criterion. 5:00 End of day Thursday, September 7, 1995 9:00 Plenary -- Reports from Breakout Session #2 9:45 Export Licensing Process Randy Williams, U.S. Dept. of Commerce Dan Cook, U.S. Dept. of State 10:15 Questions / Discussion 10:30 Break Session II -- Desirable Characteristics for Key Escrow Agents 10:45 Panel: Government Perspectives on Key Escrow Agent Issues Geoff Greiveldinger, U.S. Dept. of Justice Ray Kammer, NIST Penny Brummitt, NSA 11:30 Industry Perspectives on K.E. Agent Issues 12:30 Lunch (on own, cafeteria available) 1:30 Breakout Session #3 Each group is asked to identify proposed key criteria for desirable escrow agents. Same groups and room assignments as Breakout session #1. 2:45 Break 3:00 Plenary - Report of Breakout Sessions Session III -- Other Related Issues 3:30 Other Issues This is an opportunity for participants to raise related key escrow issues. 4:30 Follow-up Issues & Wrap-up 4:45 Adjourn Note: The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. _ _ _ 9/1/95 -------------------------------------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #3 Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption As discussed at the SPA/AEA meeting on August 17, 1995, the Administration is willing to allow the export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. On the same date, the September 6-7 key escrow issues meeting at NIST was also announced. The two principal topics at the meeting will be: discussion of issues of exportability of 64-bit software key escrow encryption and 2) desirable characteristics for key escrow agents. In order to help make most productive use of the limited time available at the upcoming meeting and to better focus deliberation, the following criteria are being distributed for discussion purposes. Since it is important that final criteria be clear, straightforward, consistent, and implementable, please review these draft criteria and be prepared to discuss how they may be refined and made more specific. Draft Export Criteria for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - - - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-mail: carlton at micf.nist.gov. 9/1/95 From tcmay at got.net Fri Sep 1 18:51:13 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 18:51:13 PDT Subject: Macintosh Users: "SpeedDoubler" Message-ID: For you Macintosh users, I thought I'd share with you my experiences with SpeedDoubler, a new utility that (effectively) doubles or even triples performance of many applications that still are heavily dependent on 68K code (as opposed to purely PowerPC code). My PowerMac 7100av is currently running at 80 MHz, with a 512K L2 cache, and 40 MB of physical RAM. (I can remember when 32K of "core" was a huge amount, and I can remember when Intel supplied 8 MB to CDC for their "Plato" system...at that time, one of the largest solid state memory installations ever.) SpeedDoubler, from Connectix, is a $60-70 (street) product that takes 68K code and makes various optimizations for the PPC. It's effectively the 68K emulator that Apple should have provided. (For you non-Mac users who are reading this, this technology of intercepting and translating code, is likely to be used to get higher performance out of code written ostensibly for one CPU but actually run on a later iteration of the processor. Such as the Pentium or P6 in running 16-bit code.) In Speedometer, I saw a 3.9x increase in "CPU"-related tasks (for 68K code), and a 2.4x increase in a SmalltalkAgents application which is only available at this time in 68K code form. Even the Finder runs faster, as various parts of it are still written in 68K code. So, as many programs are still in 68K code form, and not yet rewritten for the PPC, SpeedDoubler effectively gives you a machine that is almost twice as fast. There may be a few incompatibilities, and I would suggest you read comp.sys.mac.apps and other groups to verify that your critical apps are not having any problems. All I can say is that I'm very happy. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Fri Sep 1 19:12:02 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 19:12:02 PDT Subject: Phil Zimmermann/Amnesty International? Message-ID: At 12:50 AM 9/2/95, Robert A. Hayden wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Fri, 1 Sep 1995, Michael Froomkin wrote: > >> I think he would have to be charged first. Have I missed something? >> PS when does the statute of limitations run out? > >I'm assuming that the statute of limitations has run out on most of these >things ( I don't know CA law, except to know it's weird :-) >What I'm concerned about, and nobody seems to have picked up on it, is >that one of the transcripts said that he and a partner beat up a bunch of >perps after they tried to surrender and that one of them died(!!). >That's murder in my book, and there is non statute of limitations on >that, even in California... Zimmermann and which partner? If it was Charlie Merritt, then all I can say is that I'm surprised. Kelly Goen...now there's a possibility. --Tim May P.S. As the thread title--"Re: Phil Zimmermann/Amnesty International?"--suggests, Phil Z. is the subject being discussed. Gary Jeffers made the bizarre speculation that Amnesty International might want to consider Phil a "prisoner of conscience" or a "political prisoner," or somesuch. All Michael Froomkin and others of us were pointing out is that this would be rather difficult, given that Phil has not even been charged, let alone tried, let alone imprisoned. How Mark Furhman migrated into this thread is beyond me. But, then, he killed Ron and Nicole, planted the glove to frame the nigger he hated so much, and was also involved in the bombing of the WTC. That he helped Phil export PGP is thus not surprising. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From robo at c2.org Fri Sep 1 19:36:18 1995 From: robo at c2.org (ROBO Mixmaster Remailer) Date: Fri, 1 Sep 95 19:36:18 PDT Subject: Direct Socket to Remailer? Message-ID: <199509020225.TAA29123@infinity.c2.org> I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. The procedure, quite frankly, sounds rather complicated. Most of my mail that I don't want traced goes through the Mixmaster remailer network. I'm using Winsock-compatible software via a PPP connection. Is it possible, for example, to tell my mailer software to use the remailer itself, such as "remail.obscura.com" as the mail host, rather than "mail.myISP.com"? Will it work, at least for sending, without having an account at "obscura.com", or whatever remailer? Would that be less traceable than sending it through my ISP's mail host? From rsalz at osf.org Fri Sep 1 20:02:30 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 1 Sep 95 20:02:30 PDT Subject: IETF security report Message-ID: <9509020301.AA17722@sulphur.osf.org> >From saag-request at neptune.tis.com Fri Sep 1 19:09:55 1995 Received: from TIS.COM (neptune.tis.com [192.94.214.96]) by postman.osf.org (8.6.9/8.6.x) with SMTP id TAA08164 for ; Fri, 1 Sep 1995 19:09:54 -0400 Received: from neptune.tis.com by neptune.TIS.COM id aa06599; 1 Sep 95 16:20 EDT Received: from relay.tis.com by neptune.TIS.COM id aa06595; 1 Sep 95 16:18 EDT Received: from big-screw.mit.edu(18.72.0.176) by relay.tis.com via smap (g3.0.1) id xma004617; Fri, 1 Sep 95 16:07:54 -0400 Received: by big-screw id AA23873; Fri, 1 Sep 95 16:18:03 -0400 Date: Fri, 1 Sep 95 16:18:03 -0400 Message-Id: <9509012018.AA23873 at big-screw> >From: "Jeffrey I. Schiller" Sender: jis at mit.edu To: minutes at cnri.reston.va.us Subject: IETF Security Area Report (July 17-21, 1995: 33rd IETF meeting) Cc: secdir at TIS.COM, saag at TIS.COM Status: R -----BEGIN PGP SIGNED MESSAGE----- IETF Security Area Report Jeff Schiller and Jim Galvin jis at mit.edu galvin at tis.com July 17-21, 1995 The Security Area within the IETF is responsible for development of security oriented protocols, security review of RFCs, development of candidate policies, and review of operational security on the Internet. The Area Director is assisted by a Directorate, an advisory entity with no standards-setting powers. The members of the Security Directorate are as follows. Jeffrey I. Schiller Ran Atkinson Steve Bellovin Steve Crocker Barbara Fraser James M. Galvin Phil Karn Steve Kent John Linn Clifford Neuman Rob Shirey Ted Ts'o In addition to the Directorate the Security Area is assisted by the Security Area Advisory Group (SAAG). The SAAG is an open group that meets at least once during each IETF meeting as well as electronically via the saag at tis.com mailing list. Send a message to the address saag-request at tis.com to join the list. During the Security Area Advisory Group (SAAG) meeting, the activities of the Security Area, including the Directorate, are reported and discussed. In addition, the SAAG meeting provides an opportunity for open discussion of security issues. Included below is a summary from those working groups and birds of a feather sessions with security relevant activities to report and the Security Directorate meeting summary. In addition, the following topics were discussed during the SAAG meeting. o Documents Approved as Proposed Standards The IESG approved the advancement of five of the IPSEC documents to proposed standards. With the advancement of these documents the IPSEC working group will focus on issues related to key management. The IESG approved the advancement of the two MOSS documents to proposed standards. With the advancement of these documents the PEM working group has completed its charter and will be closed. o Domain Name System Security The last revision of the enhancements for the DNS to support security has been released. It will enter working group last call very soon; no issues are expected to be raised. At the end of the working group last call the document will be submitted to the IESG to be considered for publication as a Proposed Standard. An implementation of the specification is available to U.S. and Canadian sites and individuals via anonymous FTP (see ftp://ftp.tis.com/pub/DNSSEC/README for details). o Key Management It was noted that the Internet needs two kinds of key management: one for short-term keys and one for long-term keys. The expected usage of short-term keys would be on a per connection or per message basis. Long-term keys, on the other hand, would probably be used to exchanged short-term keys. The distribution and management of long-term keys requires the existence of a global infrastructure. There are two options for the global infrastructure today: Secure DNS or The Directory (X.500). It is also possible that something completely different will be needed and developed. Key management is expected to get increasing attention in the IETF. o Internet Security Architecture Steve Crocker gave an abbreviated version of his presentation to the IAB the previous evening. He posed a challenge to the community to improve the network security at IETF meetings. The specific proposal is to have IPSEC available with manual keying, which would be enough to make a difference when compared to the current configuration. This should be available for use in the IETF terminal room by both the terminals/workstations and laptops. In addition, we should install a demonstration firewall that is IPSEC friendly. The goal is to make it available at the next IETF meeting in Dallas (December 4-8, 1995). The activity of the following working groups and birds of a feather sessions was reported. o Secure Socket Layer (SSL) BOF A consensus developed for the need for a session layer security protocol. This was predicated on observing that IPSEC is below the transport layer and the session layer is above it, and that implementing security in the transport or network layer would require changes to operating systems. In contrast, session layer security could be implemented and added non-invasively to existing systems, thus making security services available to a broad range of application protocols. As a result, a working group called Session Layer Security will be proposed. The Secure Socket Layer specification will serve as the starting point for the new working group. o Internet Secure Payments Protocol (ISPP) BOF This BOF met two times with more than a dozen technology presentations. Fortunately, the various technologies are much more similar than they are different. The consensus was that the IETF should have one or more working groups in this area. Charters will be proposed and submitted to the area director for consideration. o Simple Key Management for IP (SKIP) BOF SKIP is Sun's proposal for key management on the Internet. It is a competitor to the Photouris specification being discussed in IPSEC. It is still undecided as to whether this specification should be discussed as part of the IPSEC working group or within its own working group. Although there appeared to be consensus to move the SKIP specification onto the standards track, the authors will need to discuss the process and relationship to IPSEC with the area director and the Chairs of the IPSEC working group before this can be done. [Note: Since the IETF meeting took place discussions between the various parties are proceeding. The likely outcome will be for the SKIP work to take place within the IPSEC working group.] o Authenticated Firewall Traversal (AFT) There are currently four implementations underway with interoperability testing expected to begin shortly. If the testing is successful three documents will be submitted to the IESG to be considered for publication as Proposed Standards before the next IETF meeting in Dallas. o Common Authentication Technology (CAT) The CAT working group discussed topics related to active documents, including GSS-V2 (to receive another set of specific revisions at the Internet-Draft level, and then to be recommended for advancement to Proposed Standards), IDUP (where revised interface specifications and a new mechanism specification were discussed, with standards advancement to be considered at the Dallas IETF), GSS-API Negotiation (new draft discussed), Kerberos mechanism and extensions (status and comments discussed, new drafts to follow), FTP Security (to be recommended for advancement to Proposed Standard after inclusion of clarifying revisions), and a presentation of a new mechanism based on FIPS PUB JJJ cryptography. Presentations on work in progress included GSS-API integration into World-Wide Web browsers and servers, loadable GSS-API multi-mechanism support, and discussion of the use of RFC-1731 as a generic framework for integration of security tokens into text-based applications. The group also discussed a range of candidate follow-on topic areas related to authorization, and identified a subset with apparent common value and feasibility for proposals and work by group members. o Web Transaction Security (WTS) There were three short presentations on related subjects and a review of the two documents being developed by the working group. With respect to the requirements specification, several new issues were raised at this meeting and most, but not all, were resolved. There was consensus to resolve the remaining issues on the list and then submit the document to the IESG to be considered for publication as an information RFC. Recent changes to the SHTTP document were reviewed and no objections were raised. An outstanding issue is coordinating SHTTP with MOSS, which is dependent on the harder (and outside our scope) problem of coordinating HTTP with MIME. We remain hopeful that we will reach consensus on a document to propose to advance to Proposed Standard by the next IETF meeting Dallas. o IP Security (IPSEC) The interoperability testing of the recently approved Proposed Standards was discussed. The majority of the meeting was devoted to discussing Internet key management and the two working documents on Photouris and ISAKMP. o Site Security Handbook (SSH) Two documents are expected to be available by the first week of November, which will allow for final revisions to be proposed during the next IETF meeting in Dallas followed by advancing the documents onto the standards track as quickly as possible. The Security Area Directorate met on Monday afternoon for a 2 hour meeting. In addition to all of the above, the following was noted. o Intellectual Property Rights (IPR) The purpose of the discussion was information exchange. Several protocols are pending in the IESG as a result of unresolved IPR issues and several protocols from the security area are about to be submitted to the IESG with unresolved IPR issues. It is uncertain exactly what the outcome will be of any specific case. o Key-ed MD5 Key-ed MD5 is being used in a variety of protocols for authentication. The IETF needs an applicability statement which includes advice on how often to change the secrets. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEdqFMUtR20Nv5BtAQELhwP/eTwVc+07AA19P0Q7KdfHxTAaNjnsPBRY 4bb2ekatHDaL5oVH2bbad1DECgOVU2Y0tKBXBNO3Pw1vQiMOV874ZeMIWNtcuxJE MUcd9PLXekRoIUGmUdQMdnVhGEhb4NWPAi6KXzkWRxLN0wZNG9tyjkb7qLCo0dLe +98gDe4dO1c= =2CtY -----END PGP SIGNATURE----- From hal9001 at panix.com Fri Sep 1 21:38:08 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:08 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: At 12:13 9/1/95, Bill Stewart wrote: >>I do not think that PGP 2.x can easily (ie: Automatically) use one key for >>Signing and another for Encrypting a Message (it does both at the same time >>if you ask). If I "Clear Sign" a message and then Encrypt it, then I get >>the result but I'm not sure if doing the decrypt on such a message will >>automatically spot the signature and verify it (as would occur with a E+S >>pass). > >PGP identifies the key for decryption and signature checking from the message. >When you're signing a message or key, you can pick which of your keys to >use with the -u option. OK - I'll rephrase my query/quandary. If I create a message by feeding in plain text and asking for an Encrypt and Sign is the FORMAT of the resulting file different from one there I Sign the Text and then (in a separate step/pass) Encrypt the Signed Message (IOW is E+S just a short cut for the two processes done in sequence using the same key for both operations)? If E+S is only a short-cut then doing the steps separately will give the result that PGP3 will get automatically with its Separate Function Keys Feature. >The difficulty is getting people to use your >encryption key instead of your signature key when encrypting stuff for you. >Derek mentioned one approach (get people to load the encryption key first); >unfortunately, you can't predict their behavior, and if you change encryption >keys more often than signature keys, they'll load the newest encryption key >last. >Another approach is to identify them in the names - my key certification key >says "KeyCert-only" in the text. > >For the problem that started this discussion, though, there's no good solution. >Since the Bad Guys _can_ encrypt a message to you with your signature key, >and send it to you by anonymous remailer, they can plant a reason to suspect >that you may have evidence encrypted with that key. This will all become (more) academic once PGP3 comes out and Sign-Only keys would not be usable for Encryption. From hal9001 at panix.com Fri Sep 1 21:38:32 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:32 PDT Subject: SSL search attack Message-ID: At 12:15 9/1/95, Lou Poppler wrote: >The ACK process and the allocation process are separate, and should >remain so. They run on different servers, and they run as separate >processes in the unix version of brloop. A little tweaking of brloop >could allow pre-fetching of the next segment to search, without any >effect on the ACK process. I dislike the idea of a client sending an ACK >before it has searched the entire segment. I was not suggesting that. I was just suggesting that the initial request be for twice the amount of segments as you want to process during your reporting interval and that except when you are getting ready to shut down, you have one allocation ready as a spare in case you can't immediately be given another allocation when you ACK one. Example: I will be running for 8 Hours and I will report back every 30 minutes. I get an Hours worth of segments (Chunk 1 +2) when I first connect. After 30 Minutes, I'm done with half of them. I then ACK that half (Chunk1) and request another 30 minutes worth of segments (for scanning at 1H-1.5H). If I do not get it, I'm still working on the 2nd Chunk. At 1H, I ACK Chunk2 and ask for Chunk4 (also I ACK Chunk 1 and/or request Chunk 3 if either failed the first time at .5H). This continues until 7.5 when I ACK and do not request a Chunk 17 (since I already have or I am requesting Chunk 16 for the 7.5H-8H period). From hal9001 at panix.com Fri Sep 1 21:38:36 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 1 Sep 95 21:38:36 PDT Subject: SSL search attack Message-ID: At 07:25 9/1/95, Daniel R. Oelke wrote: >> >> I see nothing wrong with the concept of being allocated an initial chunk >> and having the scan software attempt to ACK it when 50% of it has been >> searched. A successful ACK would allow the releasing of a new chunk (in >> response) equal in size to the returned chunk. A failure of the Server to >> accept the ACK would trigger a retry at set intervals (such as 75% and 100% >> or 60/70/80/90/100%) until the Server responds. Thus the scanner is always >> in possession of a Full Sized Chuck to scan (so long as the Server accepts >> an ACK before the 100% done mark) and temporary failures will not stop the >> process of a scanner as currently happens. >> > >The only way this can work is if the server is told it is a 50%/75%/etc >size ACK, and then latter the server is ACKed for the full 100%. > >Why? Because what happens if the client dies immediately after doing >the ACK - maybe only 51% of that space has been searched, yet >the server has already seen an ACK for it. I thought that the ACK gives starting location and number of segments. If I get 500 segments and ACK at the 50% point I am sending an ACK for the Starting Point and 250 Segments (the unprocessed part would then ACK Start+250 for 250 when done) Just as of I had only gotten 250 in the first place and was also given the next 250 Segment Chunk (ie: I was "Next Requester" after my original allocation of 250). >IMO - a % ACK is to much complexity and extra work on the server, >which is already having trouble keeping up. No - It is the same load if you allow the first request to be twice the size of the subsequent requests. If you ask people to request 30 minutes worth of segments, there is no difference in load (if the Server responds to each ACK when first attempted) if they start each run with a 1 hour chunk (ie: 2X Chunk) and check in every 30 min to ACK a Chunk (and to get the one to be worked on in a half an hour [and when you are 30 minutes away from your shut down time, just ACK and do not request another chunk]) and just getting a X sized chunk at your initial connection. In the 2X method, you still have a X sized Chunk to work on for the next 30 Minutes if the Server is ignoring your ACK attempt (and when that Chunk has been scanned you return both and get two more). This is hitting the Server once every 30 minutes and NOT pounding away at it until you get an ACK through (and more get more work) since you have no need for another chunk immediately (as you would with the X sized Chunk every 30 minutes method) and thus have no need to retry on a connect failure. From tcmay at got.net Fri Sep 1 21:44:22 1995 From: tcmay at got.net (Timothy C. May) Date: Fri, 1 Sep 95 21:44:22 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: I've been asked by two people in e-mail what the "Cyphernomicon" I referred to in a recent message is. It's been a while since I mentioned it, so I'll give some details. In late 1993 I foolishly committed to doing a "Cypherpunks FAQ," as several earlier attempts had gone nowhere. And since the most frequently asked question of all is always "Where's the FAQ?," followed closely by "How come there isn't a FAQ?," the need was there. (As it turns out, the people most in need of a FAQ seldom read FAQs, but this is another story.) I finished my first release, a megabyte-sized file done in MORE, a powerful outline processor (which enabled me to maintain notes, make cross-references, and generally manage such a huge writing project). I released it last year, and put it in my anonymous ftp account at ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom is often very crowded, though. I know of a couple of alternative places. A very nice job of HTMLizing it was done by Jonathan Rochkind, a Cypherpunk, and is located at the URL http://www.oberlin.edu/~brchkind/cyphernomicon/ Another URL, which is just one large file, is http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ The recent thread about the dangers of anonymity and the role of escrow agents as possible fixes is a good excuse to include one of my sub-sub-subsections, to also illustrate the structure and expected contents. Enjoy it. But, please, don't nag me with suggestions that I should do, or should have done, the thing in HTML, or using your favorite tool set. --Tim May Crypto Anarchy: Escrow Agents and Reputations 16.24.1. Escrow Agents as a way to deal with contract renegging - On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into hisaccount (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protcols in which trust, repeat business, etc., are factors. Or escrow agents. - Long before the "key escrow" of Clipper, true escrow was planned. Escrow as in escrow agents. Or bonding agents. - Alice and Bob want to conduct a transaction. Neither trusts the other; indeed, they are unknown to each other. In steps "Esther's Escrow Service." She is _also utraceable_, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in "burning" either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her "reputation capital," it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) - Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.) 16.24.2. Use of escrow services as a substute for government + as in underworld deals, international deals, etc. - "Machinery of Freedom" (Friedman), "The Enterprise of Law" (Benson) - "It is important to note in any case that the use of third- party escrow as a substitute for Government regulation was a feature of the Northern European semi-anarchies of Iceland and Ireland that have informed modern libertarian thought." [Duncan Frissell, 1994-08-30] 16.24.3. Several people have raised the issue of someone in an anonymous transaction simply taking the money and not performing the service (or the flip side). This is where _intermediaries_ come into the picture, just as in the real worl (bonds, escrow agents, etc.). 16.24.4. Alice and Bob wish to conduct an anonymous transaction; each is unknown to the other (no physical knowledge, no pseudonym reputation knowledge). These "mutually suspicious agents," in 1960s- and 70s-era computer science lingo, must arrange methods to conduct business while not trusting the other. 16.24.5. Various cryptographic protocols have been developed for such things as "bit commitment" (useful in playing poker over the phone, for example). I don't know of progress made at the granularity of anonymous transactions, though. (Though the cryptographic protocol building blocks at lower levels--such as bit commitment and blobs--will presumably be used eventually at higher levels, in markets.) 16.24.6. I believe there is evidence we can shorten the cycle by borrowing noncryptographic protocols (heresy to purists!) and adapting them. Reputations, for example. And escrow agents (a form of reputation, in that the "value" of a bonding entity or escrow agent lies in reputation capital). 16.24.7. if a single escrow agent is suspected of being untrustworthy (in a reputation capital sense), then can use _multiple_ escrows - with various protocols, caveat emptor - n-out-of-m voting schemes, where n escrow agents out of m are required to complete a transaction - hard to compromise them all, especially if they have no idea whether they are being "legitimately bribed" or merely pinged by a reputation-rating service - Hunch: the work of Chaum, Bos, and the Pfaltzmanns on DC- nets may be direcly applicable here...issues of collusion, sets of colluders, detection of collusion, etc. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From don at cs.byu.edu Fri Sep 1 21:58:01 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 1 Sep 95 21:58:01 PDT Subject: SSL attack Message-ID: <199509020358.VAA00340@wero> -----BEGIN PGP SIGNED MESSAGE----- From: "Robert A. Rosenberg" >I thought that the ACK gives starting location and number of segments. If I >get 500 segments and ACK at the 50% point I am sending an ACK for the >Starting Point and 250 Segments (the unprocessed part would then ACK With multiple heirchical servers, you don't have the same bottleneck problems. If you have a random mode that you can switch into, same deal (if you care to use it). There are a lot of people who want the anonymity and server-independance of random mode. There are people who don't want to add another 37% onto the processing time, given the unlikeliness of a D.O.S. attack on the server. I continue to support the idea of a two-pronged attack using both methods. Given that most of the server bottleneck was un-updated clients anyway, I think that the bottleneck-on-the-server problem is solved anyway, meaning there won't be any problems getting new keys - thus eliminating the need for a keyspace buffer queue. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMEfVssLa+QKZS485AQEV9QMAoue7RyySe1H0a7s6hBkjf7knaXesLY1h ZQg9rBZ9ZieJ5qWyBHL03Gn4XikSD8U6/MBbiyMvOnz+QTYRQcMxQioEu4YDcFdD etaful6wYhtXzd/MTn+VWjBf86poDeNK =Mp2o -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From todd at lgt.com Fri Sep 1 22:07:18 1995 From: todd at lgt.com (Todd Glassey, Chief Technologist, Looking Glass Technologies) Date: Fri, 1 Sep 95 22:07:18 PDT Subject: FSTC - Request for Info Message-ID: Hi all, I am now looking for pointers into this mystical coonsortium of financial wizards... Also do any of you know about online issues pertaining to new network adaptations of Unisys's proprietary banking protocols or the FEDLINE stuff? TIA Todd Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd at lgt.com From jcurran at bbnplanet.com Fri Sep 1 22:33:03 1995 From: jcurran at bbnplanet.com (John Curran) Date: Fri, 1 Sep 95 22:33:03 PDT Subject: FSTC - Request for Info Message-ID: At 1:05 AM 9/2/95, Todd Glassey, Chief Technologist, Looking Glass Technologies wrote: >Hi all, > I am now looking for pointers into this mystical coonsortium of financial >wizards... A good place to start is the FSTC WWW pages: http://www.llnl.gov/fstc /John From loki at obscura.com Fri Sep 1 23:33:08 1995 From: loki at obscura.com (Lance Cottrell) Date: Fri, 1 Sep 95 23:33:08 PDT Subject: Direct Socket to Remailer? Message-ID: At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote: >I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. >The procedure, quite frankly, sounds rather complicated. > >Most of my mail that I don't want traced goes through the Mixmaster >remailer network. I'm using Winsock-compatible software via a PPP >connection. Is it possible, for example, to tell my mailer software >to use the remailer itself, such as "remail.obscura.com" as the mail >host, rather than "mail.myISP.com"? Will it work, at least for >sending, without having an account at "obscura.com", or whatever >remailer? Would that be less traceable than sending it through my >ISP's mail host? I don't think it would provide much more security, but it might keep you ISP from logging the mail. If you are using mixmaster at remail.obscura.com as your remailer, you are welcome to use it as the mail host for that mail. It is a slow connection so please do not use is as your regular mail host. You should try the telnet port 25 trick. It is amazingly simple (but not secure). Just "telnet some.machine.com 25" and type help. It will guide you through it. It is quite informative. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From davidm at iconz.co.nz Fri Sep 1 23:40:55 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 1 Sep 95 23:40:55 PDT Subject: A problem with anonymity Message-ID: <199509020640.SAA23731@iconz.co.nz> -----BEGIN PGP SIGNED MESSAGE----- At 05:15 PM 9/1/95 -0700, you wrote: >At 10:45 AM 9/2/95, David Murray wrote: >>[Akerlof, if I remember my economics right (and I am confident that I will >>be corrected if I don't) analysed a market for used cars. ... >>... So the only cars for sale would be lemons :-)] > >I haven't encountered this example, but it clearly misses some important >real-world issues. ... >Like a lot of simple game-theoretic models, the application to the real >world is quite different. True. But it does make the point that, in a perhaps surprising way, the bad can drive out the good. [I certainly don't want to get into any kind of normative v. postive methodological debate.] The lesson is not that "You can never find a decent used car", but that, in a market with particular characterisics (particularly with regard to what information is available to whom), lemons drive out the good. This just means that owners of good used cars offer them for sale in a market where pre-purchase checks are possible, etc.. But this is to concentrate on the example, not on the substance... >But I certainly agree that crypto will reignite interest in analyses of >such game theory questions. Another way of viewing anonymity vs. >non-anonymity is that knowing the True Name of a party with whom one trades >is just _one element_ of a transaction. By no means is it essential. I guess I was using True Name somewhat unusually. I didn't mean "True Name= state approved unique identifier of a human being" so much as "True Name<> easily discardable/transferrable/sellable digital pseudonym". I certainly did not mean to imply that net.commerce is impossible, or that it would only take place on the basis of True Names, however defined. Rather I was commenting that one pervasive feature of non-net.commerce is the ability to track down someone that owes you something and sue them/beat it out of them. You can't do this to a digital pseudonym. As you rightly pointed out, you can't do this to someone who escapes to South America, or to the guy who runs the market stall that won't be there tomorrow. So you take a bond, or you take your chances. I still think that, because of the (perfect) ease with which net.rep's are transferrable/cash-in-able, the chances you take in the digital domain are so much higher as to be (almost?) qualatatively different. >>If you can't rely on the unsecured promise of a digital pseudonym, and you >>can't accept reputation as 'security', how do you extend credit? > >I am willing to extend some amound of credit to PrOduct Cypher, Black >Unicorn, etc., based on their past reputation and on the fact that I can >show to others the transactions into which their pseudonyms entered and >thus expose them if they default. Now _how much_ I'm willing to extend is >of course a more complicated issue, but the principal is still there: a >purely digital pseudonym, with no possibility of being tied to a True Name, >can still be extended credit....I just said I would do so. This would, of course, allow PrOduct Cypher (for example) to cash in on hir rep. [Hir - never thought I'd see myself use it: ughhhhhhh ]. But, unlike the unscrupulous stall owner, who would have to sell the gold watch before he decamped, PC could sell hir rep before the rip-off had been done. This would be a sort of division of labour - rep-builders and rep-exploiters. In cybersapce, you could never tell whether you were dealing with the rep builder (buying a good car) or a rep exploiter (buying a lemon). Yes the rep-exploitation would be a one-shot thing. Within seconds of the sting PC's name would be mud. [And, yes, you could probably tell whether it was one of those two you were dealing with - if it asked for credit, it wouldn't be 'corn or 'pher :-)] But it is the _possibility_ of the scam that would shape the market. By the way, my final question was not rhetorical. I _do_ think methods of extending credit to pseudonyms will be developed. I just think they will be based on (possibly new) types of security interest. An old type of security interest (perhaps the oldest) could be used right away - the pledge. If Bob Pseudonymous pledges $100 worth of digital certificates, I would be glad to lend him $100 (well, perhaps $80 - gotta secure the interest:-) Cryptography might develop other ways of protecting the interests of creditors, while preserving the anonymity of debtors. In fact, I'm certain it will. And I'm just as sure the law/mercantile practice will assist in the process. And like you, I believe it is not only possible, but preferable, that this is done without the interevention/'assistance' of the state. Cheers, Dm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEftjllo3j8JHzalAQE1OwP+IQTX2hUfJXI8Q7ojgFcKbnvxRLngSyDp rLm0wjZvMoiLwCqwhqn6F3ypTJBD0pS1ZT7ql+rnnEsYtQ75Xu0iJFbnnIY4whNh gB1plcImYms88Rt7VEuCjHZeAMHcV3tPZL9DHQVHZXMwqWKCeyBaImVaEosJTwZj IuZ4HHCi+GE= =V7vf -----END PGP SIGNATURE----- From dsc at swcp.com Sat Sep 2 02:15:27 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 02:15:27 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: >I finished my first release, a megabyte-sized file done in MORE, a powerful >outline processor (which enabled me to maintain notes, make >cross-references, and generally manage such a huge writing project). I >released it last year, and put it in my anonymous ftp account at >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom >is often very crowded, though. After several tries I was not able to get this. Has anyone made it available in an alternate location? Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From terrell at sam.neosoft.com Sat Sep 2 07:42:13 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Sat, 2 Sep 95 07:42:13 PDT Subject: A problem with anonymity Message-ID: <199509021451.JAA14144@sam.neosoft.com> > >Subject: Re: A problem with anonymity >From: monty.harder at famend.com (MONTY HARDER) > >TC> This is one thing that _bonding_ is designed to partially ameliorate. One >TC> posts a bond which is greater than the amount being carried, or at least is > > A variation of a bond is an escrow agent.... > > Overload Alert: I use "escrow" here in the more mundane sense of > the folks who collect your real estate taxes and homeowners' > insurance from you 1/12th at a time along with your mortgage > payment, for instance. > > If the buyer has a =nonymous= agent to recieve the payment, which is >only released to the seller upon proof(s) of performance (whether in >lump sum or on a schedule of staged payments tied to specific milestones >in a long-term project) then the buyer has someone to go after in the >event of such shenannigans. > >TC> There are still scams and manouvers to thwart this reputation capital >TC> scheme. The agent planning to "defect" (default, split, abscond, renege, >TC> etc.) can try to pile up as many pending transactions as possible, >TC> anticipating that the various transactees will be unaware of each other. > > And the escrow method dynamically scales to meet this threat, whereas >the bond is static. > > Of course, the escrow agent will extract his pound of flesh, just as >any other form of insurance. Such is the nature of life. > Actually, you guys are trying to repeat the whole history of the law merchant (today's commercial law). The basic problem was how can a buyer in one city acquire goods from a seller in another through agents acting at a distance when neither knows the other and neither is willing to risk loss on the transaction. The use of bankers, as either trusted or bonded third parties, acting as escrowees under the control of a letter of credit was the result. Buyer, B, deposits money with the bank, E, with insructions to release the money on proof of receipt of the goods. E gives B a receipt and a written promise to pay. B trades the promise to pay to Seller, S, in exchange for the goods. S, who either trusts E or has access to his bond, is willing to accept E's promise to pay, which he then negotiates. The result is that B and S have a secure transaction without trusting each other, and E gets rich. Notice, we don't care about the reputation or identity of either B or S, and a very few trusted or bonded Es can facilitate many many transacrions. Incidentially, you all are using the word "escrow" correctly. An escrow is an arrangement in which property is deposited with an escrowee to hold until the happening or failure of a contingency, at which time he delivers the property according to the escrow instructions. House sales, in which the seller deposits a deed and the buyer deposits the purchase price pending proof of title is only one kind of escrow. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Buford C. Terrell South Texas College of Law 1303 San Jacinto, Houston, TX 77002 (713)646-1857 terrell at sam.neosoft.com +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ From ethridge at Onramp.NET Sat Sep 2 07:59:29 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Sat, 2 Sep 95 07:59:29 PDT Subject: Macintosh Users: "SpeedDoubler" Message-ID: Tim May wrote: >For you Macintosh users, I thought I'd share with you my experiences with >SpeedDoubler, a new utility that (effectively) doubles or even triples >performance of many applications that still are heavily dependent on 68K >code (as opposed to purely PowerPC code). > > ... > >All I can say is that I'm very happy. > >--Tim May Just wanted to echo Tim's sentiments. I purchased SpeedDoubler yesterday (fifty-something dollars at Computer City) and the speed improvements i've seen on my PowerMac 7100/66 are impressive. It's definitely worth the money. allen From tcmay at got.net Sat Sep 2 09:39:05 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 09:39:05 PDT Subject: A problem with anonymity Message-ID: At 2:27 PM 9/2/95, Buford Terrell wrote: >Actually, you guys are trying to repeat the whole history of the >law merchant (today's commercial law). The basic problem was how >can a buyer in one city acquire goods from a seller in another >through agents acting at a distance when neither knows the other >and neither is willing to risk loss on the transaction. Which might be why I specifically cited this last night in an article in this thread: "(Think of various trading situations where one has no idea of the True Name of the other parties: cash-and-carry transactions, flea markets, many international trade arrangements, etc. As we have discussed in past discussions of anarchy, the international trading regime is essentially an anarchy, in that no Higher Authority exists to resolve disputes in a top-down way...the so-called "Law Merchant" evolved to resolve disputes in such trading situations.)" Benson's "The Enterprise of Law" is of course a libertariant outlook on these matters. (I should mention that Michael Froomkin says he doesn't think much of it, but I found it useful, especially as it confirmed my views on these matters! :-}) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Sat Sep 2 09:54:21 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 09:54:21 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: At 9:13 AM 9/2/95, Dar Scott wrote: >After several tries I was not able to get this. Has anyone made it >available in an alternate location? > >Dar >(list newbie) > >=========================================================== >Dar Scott Home phone: +1 505 299 9497 > >Dar Scott Consulting Voice: +1 505 299 5790 <--- >8637 Horacio Place NE Email: darscott at aol.com >Albuquerque, NM 87111 dsc at swcp.com > Fax: +1 505 898 6525 >http://www.swcp.com/~correspo/DSC/DarScott.html Help me out here, Dar... You list a Web site in your sig, so presumably you have the right tools to browse the Web. And I listed two Web sites that have the Cyphernomicon. What am I missing? Browsing the Web versions, especially the HTMLized version by Rochkind at http://www.oberlin.edu/~brchkind/cyphernomicon/ is a much better way to read it than by downloading the text version. Nevertheless, if someone wants to copy the CP-FAQ file to their ftp site, I have no real objections at this time. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jim at acm.org Sat Sep 2 10:37:25 1995 From: jim at acm.org (Jim Gillogly) Date: Sat, 2 Sep 95 10:37:25 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: <199509021737.KAA23763@mycroft.rand.org> Regarding the stature of limitations date on PRZ, > "Perry E. Metzger" writes: > The offense in question took place on or before > September 8, 1992, and the statute of limitations is, to my knowledge, > three years. Even if it were four years, it would have to be September > 8th of that year. Branko Lankester announced availability of PGP 2.0 > on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that > he exported PGP Version 1.0 to the team that developed PGP 2.0 > overseas, any export that Phil performed would have of necessity to > have taken place before then. PGP 1.0 was available in at least Finland and Australia by 28 Aug 91, according to an ftp list John Gilmore posted on that date. However, the first available date is presumably not as important as the most recent offense, and I haven't seen which specific allegations the gov't is investigating. Jim Gillogly 11 Halimath S.R. 1995, 17:35 From tcmay at got.net Sat Sep 2 11:01:19 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 11:01:19 PDT Subject: Cypherpunks Santa Cruz -- Great Party! Message-ID: I want to update the general list on how well our "Cypherpunks Santa Cruz" party/meeting went last Saturday. Apologies to those who get this twice, as I just sent it out to the folks on the mailing list of interested folks I keep. (Not all of them are readers of this list, so....) It was a great success, from all indications, and we'll be doing it on a regular basis. "Meet locally, communicate globally." --Tim >Date: Sat, 2 Sep 1995 11:03:33 -0700 >X-Sender: tcmay at mail.got.net >Mime-Version: 1.0 >To: (Recipient list suppressed) >From: tcmay at got.net (Timothy C. May) >Subject: Cypherpunks Santa Cruz -- Great Party! > > >This is a report on the Cypherpunks Santa Cruz party/meeting held last >Saturday at my house. For those of you on this list (52 at last count, >obviously not all locals) who missed it, it was considered by many who >commented to me to be a great success. > >Some highlights: > >- I counted 23 attendees, from as far away as Oregon (Greg Broiles) and San >Luis Obispo (Jeff Simmons), and with a bunch of folks from Marin and the >Greater Bay Area. > >- We got rolling around 5, when the first cars started filling up my >parking area. Things kept going 'til 5 in the morning (!), when the last >stragglers departed and those staying the night found their futons and >crashed. > >- Not too much was formally done. We had a round of introductions (and I >provided name tags, which were purely voluntary, in that anyone could >volunteer not to wear them and hence not be remembered by others...most >wore them). Later, after the barbecue, Bob Fleming and Cherie Kushner >described their work on micropower, ultrawideband radio "localizers." While >not strictly "crypto" related, there are overlapping themes (privacy, >surveillance, and even some of the math overlaps). > >- Mostly it was a chance for our local community of folks interested in >these issues to mingle and make contact. I expect we may have a larger >focus than just "crypto" (although Cypherpunks have always had a larger >focus than just cryptography, of course). Especially as there are folks >doing some neat stuff on the Web out here in Santa Cruz. > >- Two folks from my local ISP attended (Jay and Marc), and they have some >thoughts on possibly hosting the Cypherpunks archive site on their system, >and other ideas. They stayed until nearly 5 a.m., talking with us about >networking, Web pages, etc. > >(Santa Cruz has long been a hotbed of computer activity, especially of the >more independent sort. So the good turnout from local folks could be very >promising for Cypherpunks themes. Interestingly, Linus Torvaldis (sp?), of >Linux fame, had just been in town a couple of days before.) > >I want to avoid opening the meeting up too broadly, to, for example "anyone >interested in computers," as this would produce unpredictable turnouts and >lots of folks who want to learn to use Windows, or need help in dBase, etc. >Better to keep an ostensible focus on "Cypherpunks" themes, with forays >into related areas. > >Some people commented to me that they hope the meetings/parties are >monthly, but I suspect every other month may be more reasonable...after >all, a monthly meeting would mean another one only 3 weeks from today, and >I can't see this happening. > >Anyway, I expect to announce another one for sometime in October. I also >may be having a "PenSFA" party at my place in early November (11/11 is >being considered), and may merge the two. It's a good opportunity for >mingling. > >Another attendee offered the possibility of having a Cypherpunks Santa Cruz >meeting/party at her house, so some rotation to other venues may start to >happen. I think the notion of having these things at private houses is >better than trying to get space at a local company, for example. Parties in >houses are more intimate, less formal, and don't require the "corporate >approvals" that are sometimes needed. Besides, I'm offering my house and >have no contacts at local companies. > >I expect to be able to host a lot of these things, and if some others >volunteer as well, we'll be set. (I expect attendance will not equal the 23 >at this "first" meeting, for obvious reasons. This means meetings/parties >could even be held in apartments or condos. But I'm not suggesting this, >only noting it.) > >So, thanks for coming! > >--Tim May > ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From adwestro at ouray.cudenver.edu Sat Sep 2 11:18:31 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Sat, 2 Sep 95 11:18:31 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 02 Sep 1995, "Perry E. Metzger" wrote: > Alan Westrope writes: > > Michael Froomkin wrote: > > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > > recently; a friend happened to catch the program, taped it, and played > > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. > That's not possible. The offense in question took place on or before > September 8, 1992, and the statute of limitations is, to my knowledge, > three years. Even if it were four years, it would have to be September > 8th of that year. Branko Lankester announced availability of PGP 2.0 > on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that > he exported PGP Version 1.0 to the team that developed PGP 2.0 > overseas, any export that Phil performed would have of necessity to > have taken place before then. Point taken. Dubois was referring specifically to the current California grand jury investigation in association with U.S. Customs. He said that this grand jury has until June '96 to issue an indictment or...uhhh...get off the pot. I suppose Phil could be charged by some other entity with ITAR/DTR violations relating to the "export" of PGP, and I'm not sure what would be the date of this putative violation: the date Phil gave the program to others, allegedly "knowing" that doing so would result in its export; or the date PGP actually appeared at overseas sites. I suspect I'm not the only one confused by this, considering the convoluted, baroque and outdated laws involved. Mebbe somebody oughta ask Sternlight...:-) Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEieZVRRFMq4NZY5AQF8aAP+MoWcVxn5tVTJ2+SM5HTGFEQqwVnOae2L cNUaiq2gnogX3lNBV4Deou9WOauzde13FO9SRlHsqHw8D9YnQI14JburLwn4HCnf GdKs48DWzrG7HR4n1u2cmhqdm3TI7/ylyBbK2DhlUS98JOO0Q0m9+E6uSUcy+NNM Mq8y7jSD8f8= =K8td -----END PGP SIGNATURE----- From dsc at swcp.com Sat Sep 2 11:44:16 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 11:44:16 PDT Subject: No Subject Message-ID: Timothy May wrote concerning Cyphernomicon, >You list a Web site in your sig, so presumably you have the right tools to >browse the Web. And I listed two Web sites that have the Cyphernomicon. > >What am I missing? Thanks for the advice. Here are the two missing pieces. The first is financial, but might be really psychological. I buy PPP service locally and it is hard for me to casually browse with the meter runing in the corner of the screen even at less than a penny a minute. (And any document that mentions David Friedman probably needs study and that takes more time.) The second is that even at the wee hours of the morning I kept getting refusals from www.oberlin.edu and I couldn't get past the table of contents. I had hoped to collect these as I browse 'em to avoid delays (14.4), hicups and online time in later reading. (I didn't even try the large html--I suspect my browsers will gag on it.) The third of the two reasons is some vague notion of taking it to lunch or of anotating the file or the hard copy. In case it wasn't clear--I couldn't get a peep out of netcom. My plan is to try oberlin again and if that bogs down, try getting the copy at the location mentioned by Lou Poppler--or any other location mentioned this weekend. Or respond to advice on the best times to try netcom. I appologize for the implicit assumption in my question about alternate sites that people had your permission to copy the file to their ftp sites and am pleased that you explicitly gave that blessing in your recent mail. Thanks, Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From jsimmons at goblin.punk.net Sat Sep 2 12:13:39 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Sat, 2 Sep 95 12:13:39 PDT Subject: Cyphernomicon for ftp Message-ID: <199509021911.MAA15754@goblin.punk.net> I remember the trouble I had finding a text copy of the Cyphernomicon ... So until someone posts it on a site with higher bandwidth, it's available at: ftp.goblin.punk.net/pub/docs/cypherpunk.faq.gz or cypherfq.zip We're talking 400K+ over a 28.8 modem, so don't expect much in the way of speed ... -- Jeff Simmons jsimmons at goblin.punk.net From hfinney at shell.portal.com Sat Sep 2 13:20:42 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 13:20:42 PDT Subject: Crypto '95 report Message-ID: <199509022019.NAA21443@jobe.shell.portal.com> This was the first year I attended a Crypto conference (although for the last two years I have "crashed" the evening rump session, where less formal 5-10 minute presentations are given). A number of list members were present and it was good to meet a lot of new people. I was a bit disappointed that few of the technical sessions were in areas that I am interested in or that seem to have bearing on CP issues. I have read many of the Crypto proceedings and this year the pickings seemed to be unusually slim. Richard Schroeppel gave a very clear presentation on an implementation of elliptic curve cryptography for a diffie-hellman-like key exchange. This is a two-dimensional variation from the regular integers that are used in most of the number theory based crypto, and has some advantages. This new implementation is actually faster than regular DH for apparently the same security level. It looks like elliptic curve crypto is on the threshold of coming into widespread use. I believe the patent situation is one of the main reasons. There were several papers on secret sharing, something we have discussed here as an alternative to escrow for handling lost keys. Amir Herzberg et al had a method for "resharing" a shared secret periodically and securely, so that if an adversary was stealthily sneaking in and learning shares occasionally, he would be put back to square one when the secret resharing phase occured. Only the trustees are involved, not the original secret holder, and the secret does not have to be reconstructed during the resharing. Bruce Dodson presented some results on using the Number Field Sieve factoring algorithm. Their implementation looks to be the fastest available now, considerably better than the Quadratic Sieve that was used for RSA-129. I belive they estimated 1000 MIPS years would have been enough for NFS to do RSA-129 compared to the 6000 MIPS years for QS. They are now going to try another challenge number, RSA-130. (RSA has challenge numbers every 10 digits in size (or maybe it was 5): RSA-140, RSA-150, etc.) There was one paper on electronic cash, by Okamoto. His technology is distinguished by allowing divisibility - you can take a $10 and divide it into 2 $5's without going back to the bank. However he has always had a problem that your various pieces of cash are linkable, although not traceable to the user who withdrew them. His new method uses smaller amounts of data. I was encouraged to see some progress on the linkability issue: for the first time (that I have seen) he admits it as a problem; he now has it so that theoretically the linkability is only within a single divided piece of cash (so that if you didn't divide you wouldn't have linkability). Actually the overheads are too large for this to by quite true, but it is a step in the right direction. He also included elimination of linkability as a future goal. Unfortunately his oral presentation was extremely shallow, mostly describing what electronic cash was. There was also a paper on "fingerprinting", the encoding of hidden information into a document so that if the doc is leaked it can be traced to the leaker. The talk wasn't very clear but I was able to glean enough that I now believe that this is possible whereas I didn't before. I was discouraged to see a whole session on key escrow. One presenter described key escrow as a whole new area of cryptography, analogous to the discovery of public key crypto when all that was known previously was conventional key. Now there are three areas. The academic crypto community seems to be greeting key escrow enthusiastically as a new technical challenge. The rump session had some good stuff, I thought. Matt Blaze et al had a paper on "Master Key" cryptosystems, a variation on escrow where the government can read all the messages using a certain cryptosystem. They pointed out the similarity to the trap door concept used in public key cryptography and concluded that an efficient master key system would be an efficient public key system. If you believe that the latter can't exist then it follows that the master key versions can't exist either. Bruce Schneier gave a talk summarizing the sketchy information known about Skipjack (the cipher in Clipper), including some FOIA'd docs. These included some comments from design reviews by Mycotronix on earlier versions, which included references to F and G boxes or tables. This is the first I had heard of this and helps explain why people thought S-1 was Skipjack or a hoax, since it had F and G tables. (I hadn't felt that the number of rounds and key/block sizes were sufficient coincidence to preclude independent invention.) A new crypto library was announced from AT&T. It is written in C and has a bignum lib (arbitrary size) and the usual crypto suspects, although I think not RSA presuambly due to patent issues. On a reasonably modern PC it could do an RSA 1024 bit signature in 900 milliseconds. Email to lacy at research.att.com with subject CRYPTOLIB to be informed on when it will be released and how to get it. Dhem and Quisquiter described CASCADE, a smart card system with voice recognition for ID rather than the PIN usually used. http://www.dice.ucl.ac.be/~dhem/cascade/. This talk was hard to understand due to the language differences. Eric Hughes, co-founder of the cypherpunks, announced the formation of Cypherpunk Laboratories, a California non-profit corporation. It is intended to be a common resource for people motivated by freely available strong cryptography tools. Among other things it will offer scholarships and prizes to students who create relevant work and papers, consider establishing an online journal focusing on implementations of crypto, and work on software development. One project Eric mentioned was to create a replacement for PGP. Ron Rivest proposed probabilisitic key escrow, which he described as "translucent" crypto. The idea is that with every message you send there is a Law Enforcement Access Field, but there is only some probability p that it is readable, and you can't tell if it will be readable or not. This way you don't lose as much privacy but criminals can't take the risk that maybe they'll be unlucky and this particular message will be readable. Shamir had an interesting paper on preventing "flooding" attacks. A server may check for signatures on incoming messages to reject bogus ones (only certain sigs are valid) but just doing a signature check may take too long if it is really being flooded. Shamir came up with a kind of signature which can be quickly probabilistically checked, based on a variation on the Rabin cryptosystem. You can do almost all the work using single precision and it should be very fast. I will write this up if anyone is interested. Our own Wei Dai, at 19 the youngest author, has spent his summer vacation developing with Josh Benaloh at Microsoft an improved modular reduction algorithm, which unfortunately will be patented (or at least they will try). BTW a number of people from Microsoft were in attendance at Crypto, including other list members. Obviously this crypto stuff is considered very important at MS. One of the more interesting talks I thought was from cypherpunk Doug Barnes, on "identity agnostic" electronic cash. This is basically an idea for creating a Magic-Money-type electronic cash server without violating Chaum's cash patent. What you do is to run the server and publish a spec it will follow. All the server does is do an RSA signature on the raw data it receives and decrement the user's account accordingly. The user has a choice of doing blinding or not on the signature. Chaum's patent covers the blinding, so if the user wants to do that he should be sure to license the patent or live somewhere it doesn't apply (or ignore it if he figures he's too small potatoes for them to care about). But the server isn't responsible for checking all this. It just does RSA sigs, which is prior art as far as Chaum's patent goes. Users can blind or not, it doesn't care. It is "identity agnostic" as Doug says. The implication is that with an RSA license you could run this kind of bank (online cash) and ignore Chaum's patents, while a horde of end users violate the patents but take safety in numbers and get anonymity. Lawyers like to go after big targets but the servers aren't violating anything. The other things I enjoyed in the conference were the non technical talks by Bob Morris (senior), retired NSA, and later Adi Shamir. Morris said, with what I thought was peculiar emphasis, "never underestimate the amount of time, money, and effort your opponent will put into breaking your encryption." He was supposedly speaking in the context of the German (and Allied) mistakes during WWII, but I got the impression he was talking about today, and in fact warning of NSA efforts to spy on people. He went on to describe the many ways mikes and antennas can be planted or used - he looks at a telephone and sees a microphone, and the hand cord is an antenna. All in all a rather chilling talk from someone who obviously can't say as much as he would like to. Shamir had some interesting anecdotes about the invention of RSA. He emphasized what amateurs the three of them were, claiming this was probably an advantage. Some of the other talks I enjoyed without following all the details were the cryptanalysis ones. A lot of systems were broken or weaknesses found. Most were not ones I was familiar with but it just emphasizes how hard it is to really come up with something strong. All those bozos on sci.crypt with their "break this" challenges would benefit from seeing some of these results. All in all there were several interesting results even if the percentage seemed smaller than usual. Hal Finney From mfroomki at umiami.ir.miami.edu Sat Sep 2 14:07:04 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sat, 2 Sep 95 14:07:04 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: <199509021658.MAA29224@frankenstein.piermont.com> Message-ID: On Sat, 2 Sep 1995, Perry E. Metzger cleverly sought to get legal advice from me by writing:: > > Michael, you are one of our local lawyers. Could you please confirm > the length of the statute of limitations? > harumphf. (1) I'm not "local" -- as I plan to argue in my cameo at the next Sun User's Group confernece "cyberspace is not a jurisdiction" [apologies if you meant local == USA]; (2) as it happens, I'm nowhere near my law books at the moment, being telnetted from abut 1800 miles (I'd guess) away....so I'm unable to oblige right now. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From mixmaster at obscura.com Sat Sep 2 14:38:32 1995 From: mixmaster at obscura.com (Mixmaster) Date: Sat, 2 Sep 95 14:38:32 PDT Subject: Nautilus 1.0 under OS/2 Warp? Message-ID: <199509022131.OAA04066@obscura.com> Has anyone run the Nautilus 1.0 secure telecom software in a DOS box under OS/2? When I've tried it, it starts up, audio saying "welcome to Nautilus" comes out of my speakers, and I'm prompted for a passphrase. The problem comes when it tries to connect to the modem. It comes back and says "Remote failed to connect" followed by "Resetting modem...". Then the software exits. It never even takes the phone line off the hook. Other DOS comm software works just fine in a DOS box, so why not Nautilus? From anon-remailer at utopia.hacktic.nl Sat Sep 2 14:45:23 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Sat, 2 Sep 95 14:45:23 PDT Subject: anyone know what this "top secret" code does?Re: anyone know what this "top secret" code does? In-Reply-To: <40odtn$1md@teal.csn.net> Message-ID: <199509022145.XAA02299@utopia.hacktic.nl> hallam at zorch.w3.org (Phillip M. Hallam-Baker) wrote: > The code looks more than a casual hoax. Its not Skipjack, but that > does not mean its not NSA originated. Its probable that many of the > people who designed skipjack don't know its skipjack. If you read > the code carefully it is obvious why its not skipjack, an S2 > algorithm is referenced explicitly. [...] > Regardless about whether or not it is skipjack it challenges one of > the basic assumptions of many cipher designers, namely that the > amount of diffussion should be maximized at each round. I am now > very much less than convinced that this is in fact an issue. The S1 > design with its narrow diffussion provides very strong guarantees > that one round cannot undo the work of the previous one. > S1 must therefore be considered to be a significant contribution to > the cryptographic community. It has challenged a fundamental tenet of > faith which has so far been accepted without argument. It is thus > paradigmatic in that it may lead to a new method of cipher design. Does anyone remember the scenario someone suggested awhile back that hypothesized a scheme by the NSA or other TLAs to encourage the use of WEAK crypto? It involved spreading a lot of F.U.D. about PGP and other strong crypto methods, followed by the discovery/leak of a supposedly "strong" crypto algorithm to replace it. This may not be it. It may just be a trial balloon to gauge the reaction of the crypto community to an anonymous, "gift from heaven" crypto algorithm. But at least be aware of what COULD happen. One tactic that might be tried is an intentional "leak", followed by a flurry of legal actions designed to make it look like the "leak" was going to cause some real damage to their cryptanalysis efforts, due to it being "unbreakable", or whatever. Of course, anything "leaked" would be crippled in some undetectable manner so as to provide a back door... From rrothenb at ic.sunysb.edu Sat Sep 2 15:45:05 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sat, 2 Sep 95 15:45:05 PDT Subject: VoicePGP Query Message-ID: <199509022244.SAA24545@csws5.ic.sunysb.edu> Due to some acct. problems I lost most of the mail snet to me betw. May and September. I saw a post in a newsgroup about VoicePGP betas being available, though only for Mac and WIn'95... is this true? And if so, will there be a Win 3.11 or OS/2 or DOS version out eventually? I don't intend to get Win '95 for as long as I can avoid it (and this is NOT the start of an OS flame war...) Also, what's the status of PGP 3.0? Thanks, Rob From terrell at sam.neosoft.com Sat Sep 2 15:51:31 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Sat, 2 Sep 95 15:51:31 PDT Subject: MIT distributing PGPfone -Reply Message-ID: <199509022301.SAA00324@sam.neosoft.com> >PGPfone was out of the U.S. less than 3 hours after first appearing >publically at the MIT site. > >As I noted in a previous message, MIT takes various steps to ostensibly >protect against export, but there is clearly no practical means of stopping >export once the software has been received by someone. > >I got my copy of PGPfone 16 hours after its public release, via an >anonymous person who posted it on the Cypherpunks list through an anonymous >remailer. Of course that list is distributed to more than 20 foreign >countries, so "export" happened that way, as well as by other means. > >--Tim May > As tim May's .sig should say: "National borders are not even speed bumps on the information highway." Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From hfinney at shell.portal.com Sat Sep 2 17:17:59 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 17:17:59 PDT Subject: PGPfone over Appletalk Message-ID: <199509030016.RAA03752@jobe.shell.portal.com> From: "Rev. Mark Grant" > Can someone tell me how to run PGPfone over Appletalk ? The > documentation says that support has been added for this release, and > there's a preferences box to check to use it, but there's no information > I can find in the documentation on how to initiate a call over > Appletalk.. it just says to enter a telephone number to dial. If I > press 'Connect' without entering anything it hangs up the Mac. > > How do I tell it which machine I want to connect to ? I changed the preferences box setting, but then I exited and restarted the program so that it came up in "appletalk" mode. This is probably the step you are missing. I did this on two different machines, and then when I clicked connect it no longer tried to open the modem, instead it put up a dialog box allowing me to click on the machine running the other PGPfone. I did that and it connected OK. There is a nice audio simulation of an old-fashioned telephone bell ringing. Unfortunately my appletalk "network" consists solely of my power mac and an old 68030 mac laptop, the latter apparently being underpowered for PGPfone. The voice quality changed occasionally as the software adaptively tried different coders, and the powermac instance of the program finally printed a message saying that the list of coders had been exhausted. Hal From hfinney at shell.portal.com Sat Sep 2 18:14:53 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 2 Sep 95 18:14:53 PDT Subject: Quickly checking signatures Message-ID: <199509030113.SAA19877@jobe.shell.portal.com> Let me describe Shamir's method for quickly doing a probabilistic signature check. Since this was a rump session paper he didn't have it written up. Shamir uses a variation of the Rabin system. The Rabin encryption system is similar to RSA, but instead of exponents which are relatively prime to the predecessors of the factors of the modulus, the exponent used is 2. This requires somewhat different techniques. A message M is encrypted by doing M^2 mod n. The decryption is then done by taking the modular square root. There are a few technical hitches that occur here but nothing major. Similarly a message M is signed by calculating its modular square root S such that S^2 = M mod n. Note that with Rabin you can't just sign any arbitrary number as that may allow the factors to be revealed. However this is not a major problem because practical systems in use today sign specially padded hashes, not arbitrary numbers. Now Shamir uses a slight modification to this. Normally we have: S^2 = M mod n This can be written as: S^2 = M + C*n for some C, which is simply the definition of modular equality. Now, what he suggests is that instead of sending S as the signature of M, you send C. This is justified on 3 grounds: - C is the same size as S - C has the same security as S (knowing M and n you can derive C from S and vice versa) _ C and S are equally easy to generate However, by sending C as the signature of a message M it allows a fast screening to be done. The idea is that the message should be accepted if M+C*n is a perfect square (because then S can be derived as the normal square root - that is how you get S from C as mentioned above). And this is something that can be checked quickly. In number theory there is a notion of a "quadratic residue" modulo some number. If a number is a quadratic residue that simply means that it has a square root, that it is the square of some other number using the modulus. With a prime modulus half of the numbers are quadratic residues and half are not. For example, with modulus 7 the q.r.'s are 1, 2 and 4 and the non q.r.'s are 3, 5, and 6. It turns out that testing whether a number x is a quadratic residue modulo a prime p can be done by calculating x^((p-1)/2) mod p. This will be 1 if and only if x is a q.r. Now, the key idea is this: if a number is a perfect square then the result of taking that number modulo a prime must be a quadratic residue. This means that we can quickly determine that C is a perfect square by checking whether C mod p for various random small primes p is a quadratic residue. By picking p to be a single precision prime of say 16 bits, the q.r. calculation can all be done without using multiple precision arithmetic and so it will be very fast compared to actually checking a signature. So, the procedure for the check is as follows: given n, M and C, choose a small prime p and calculate M+C*n mod p. Then raise this to the (p-1)/2 power mod p and see if the answer is 1. If it is, we give a "provisional" acceptance to the signature. If it is not, we reject the signature; it cannot be valid. This test may be repeated a few times with different values of p to improve the rejection of bad signatures. Once we have taken the input numbers mod p the rest of the arithmetic can be done with ordinary single precision integer variables. (One thing I overlooked is the possibility that M+C*n will be a multiple of p. In that case M+C*n mod p will be 0 and this is a provisional pass.) Of course checking the signature the old-fashioned way just takes a single multi precision multiplication, which won't be all that slow. So this puts a limit on the number of p's you can check this fast way before it becomes slower. Also, you'd have to choose the primes at random as otherwise an attacker who knew your p's could conjure up a C which would produce a quadratic residue for some small number of known p's. Hal From pgut01 at cs.auckland.ac.nz Sat Sep 2 11:26:03 1995 From: pgut01 at cs.auckland.ac.nz (Peter Gutmann) Date: 2 Sep 1995 18:26:03 GMT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: <42a7jr$1me@net.auckland.ac.nz> About a month ago, I asked for comments about recovering data from semiconductor memory after power had been removed. After much procrastinating, I've finally finished the summary of what people sent me. Many thanks to everyone who responded, in particular to Bob Hale for answering many questions about the possibility of recovering data from DRAM's. If anyone has any further comments to add to this (I'm particularly interested in actual figures for data retention in DRAM cells, although I've been told this is burn-before-reading proprietary information), you can send it to me at the above address. Peter. -- Summary: Data retention in semiconductor memory -- Contrary to conventional wisdom, "volatile" semiconductor memory does not entirely lose its contents when power is removed. Both static (SRAM) and dynamic (DRAM) memory retain some information on the data stored in it while power was still applied. SRAM is particularly susceptible to this problem, as storing the same data in it over a long period of time has the effect of altering the preferred power-up state to the state which was stored when power was removed. Older SRAM chips could often "remember" the previously held state for several days. In fact, it is possible to manufacture SRAM's which always have a certain state on power-up, but which can be overwritten later on - a kind of "writeable ROM". DRAM can also "remember" the last stored state, but in a slightly different way. It isn't so much that the charge (in the sense of a voltage appearing across a capacitance) is retained by the RAM cells, but that the thin oxide which forms the storage capacitor dielectric is highly stressed by the applied field, or is not stressed by the field, so that the properties of the oxide change slightly depending on the state of the data. One thing that can cause a threshold shift in the RAM cells is ionic contamination of the cell(s) of interest, although such contamination is rarer now than it used to be, because robotic handling of the materials and the purity of chemicals is greatly improved. However, even a perfect oxide is subject to having its properties changed by an applied field. When it comes to contaminants, sodium is the most common offender - it is found virtually everywhere, and is a fairly small (and therefore mobile) atom with a positive charge. In the presence of an electric field, it migrates towards the negative pole with a velocity which depends on temperature, concentration of the sodium, the oxide quality, and the other impurities in the oxide such as dopants from the processing. If the electric field is zero and, given enough time, the sodium contamination tends to spread itself around evenly. Other factors which affect the rate of change are temperature, the field strength of the stored charge, the quality of the oxide, and the concentration of dopants and other impurities which have already been mentioned above. The stress on the cell a cumulative effect, much like charging an RC circuit. If the data is applied for only a few milliseconds then there is very little "learning" of the cell, but if it is applied for hours then the cell will acquire a strong (relatively speaking) change in its threshold. The effects of the stress on the RAM cells can be measured using the built-in self test capabilities of the cells, which provide the the ability to impress a weak voltage on the storage cell in order to measure its margin. Cells will show different margins depending on how much oxide stress has been present. Many DRAM's have undocumented test modes which allow some normal I/O pin to become the power supply for the RAM core when the special mode is active. One way to activate the special test mode might be to underdrive a pin and turn on its protection diodes(s), which will be recognized internally and will change a multiplexer so that the core is powered by some pin which is normally a digital I/O pin. Another way, if the DRAM has suitable clocks, is to recognise an invalid combination of clocks (such as CAS before RAS, if the DRAM doesn't use that mode for higher speed operation) to enable the test mode. Great care must be taken to ensure that the test mode isn't inadvertently entered so that the memory system appears to be malfunctioning (for example in the first case if the system has substantial undershoot at the wrong time, the test mode could be activated). This problem can be avoided by designing the test mode signals such that a certain set of states which would not occur in a normally-functioning system has to be traversed to activate the mode. Manufacturers won't admit to such capabilities in their products because they don't want their customers using them and potentially rejecting devices which comply with their spec sheets, but have little margin beyond that. One way to speed up the annihilation of stored bits in semiconductor memory is to heat it. Both DRAM's and SRAM's will lose their contents a lot more quickly at Tjunction = 140C than they will at room temperature. Several hours at that temperature with no power applied will clear their contents sufficiently to make recovery difficult. Conversely, to extend the life of stored bits with the power removed, drop the temperature below -60C (some people even claim that you can permanently "imprint" an SRAM with its stored bits by rapidly cooling it below liquid nitrogen's boiling point). In any case it should lead to weeks, instead of hours or days, of data "retention". Simply repeatedly overwriting the data held in DRAM with new data isn't nearly as effective as it is for magnetic media. The new data will begin stressing or relaxing the oxide as soon as it is written, and the oxide will immediately begin to take a "set" which will either reinforce the previous "set" or will weaken it. The greater the amount of time that new data has existed in the cell, the more the old stress is "diluted", and the less reliable the information extraction will be. Generally, the rates of change due to stress and relaxation are in the same order of magnitude. Thus, a few microseconds of storing the opposite data to the currently stored value will have little effect on the oxide. Ideally, the oxide should be exposed to as much stress at the highest feasible temperature and for as long as possible to get the greatest "erasure" of the data. Unfortunately if carried too far this has a rather detrimental effect on the life expectancy of the RAM. Therefore the goal to aim for when sanitising memory is to store the data for as long as possible rather than trying to change it as often as possible. Conversely, storing the data for as short a time as possible will reduce the chances of it being "remembered" by the cell. Based on tests on DRAM cells, a storage time of one second causes such a small change in threshold that it probably isn't detectable. On the other hand, one minute probably is detectable, and 10 minutes is certainly detectable. The most practical solution to the problem of DRAM data retention is therefore to constantly flip the bits in memory to ensure that a memory cell never holds a charge long enough for it to be "remembered". While not practical for general use, it is possible to do this for small amounts of data such as encryption keys. From adept at minerva.cis.yale.edu Sat Sep 2 18:32:55 1995 From: adept at minerva.cis.yale.edu (Ben) Date: Sat, 2 Sep 95 18:32:55 PDT Subject: Basic Public key algorithms. In-Reply-To: <199509021813.OAA29335@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 2 Sep 1995, Perry E. Metzger wrote: > > Daniel R. Oelke writes: > > I could use RSA (which is well described in many sources, and has > > RSAREF out there), but I want to avoid the patent issue if possible. > > The sci.crypt FAQ mentions that there are other methods but that > > is about all it says. Are there any that are not patented? > > No, because one patent covers public key cryptography itself, and not > a particular method. Point of information--I'm not flaming you Perry, but Public Key Partners claims that their patent covers all forms of Public Key Crypto. Phoeeey. Ben. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMEjwWb5ALmeTVXAJAQGW2wL/RAfqyRrNoUeYDBkQKSsDhasM/xGSF3R/ JHvJyaFHr04Z+8KydRXxt+fU54JH01webbiol1EmH9ZvOdc175VRVBSg5+EiykzM 1bdW6dZXejeHHVelI343mOv0+Y0fDeiT =FPqc -----END PGP SIGNATURE----- From samman-ben at CS.YALE.EDU Sat Sep 2 18:58:20 1995 From: samman-ben at CS.YALE.EDU (Rev. Ben) Date: Sat, 2 Sep 95 18:58:20 PDT Subject: Basic Public key algorithms. In-Reply-To: <199509030031.UAA29612@frankenstein.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 2 Sep 1995, Perry E. Metzger wrote: > > > No, because one patent covers public key cryptography itself, and not > > > a particular method. > > > > Point of information--I'm not flaming you Perry, but Public Key Partners > > claims that their patent covers all forms of Public Key Crypto. > > How is this at all different from what I just said? It isn't. I just misread what you wrote. Mea culpa. Ben. ____ Ben Samman..............................................samman at cs.yale.edu I have learned silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet, strange, I am ungrateful to those teachers.-- K. Gibran. SUPPORT THE PHIL ZIMMERMANN LEGAL DEFENSE FUND! For information Email: zldf at clark.net http://www.netresponse.com/zldf PGP encrypted mail welcomed--finger samman at cs.yale.edu for public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQB1AwUBMEkLmL5ALmeTVXAJAQHotAL/bW9tN3Lf+9ATx8ks0s8kz8O3zTikverx y9bJfsQRaoDtJkNmeiFPBSCIl9q27OIdpN4tyExmFztJVgEdxRYcqZ19ZcXVDRpI B//GwQQ45JXl1ZKurT0cr2poIecCAFuE =/0J/ -----END PGP SIGNATURE----- From edge at got.net Sat Sep 2 19:41:49 1995 From: edge at got.net (Jay Campbell) Date: Sat, 2 Sep 95 19:41:49 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations In-Reply-To: Message-ID: On 2 Sep 1995, Dar Scott wrote: > >I finished my first release, a megabyte-sized file done in MORE, a powerful > >outline processor (which enabled me to maintain notes, make > >cross-references, and generally manage such a huge writing project). I > >released it last year, and put it in my anonymous ftp account at > >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom > >is often very crowded, though. > > After several tries I was not able to get this. Has anyone made it > available in an alternate location? Tim mentioned that we're planning on spiffing up the cypherpunks web site (including using a real web server) and the cyphernomicon is an obvious candidate for inclusion - depending on how many people help out, the new site (a quasi-mirror at first, till we get sameer/et al's go-ahead) should be live within a couple weeks. If you're interested in gathering documents, hacking HTML, or anything else involved in creating/maintaining a web hierarchy, drop me a line. The space/delivery of the documents we're providing for free, but I don't have a budget to hire a staff to do things the "right way" (my way :) for this project. -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From monty.harder at famend.com Sat Sep 2 20:43:40 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 2 Sep 95 20:43:40 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <8B05513.00030003DB.uuout@famend.com> BS> For the problem that started this discussion, though, there's no good solution. BS> Since the Bad Guys _can_ encrypt a message to you with your signature key, BS> and send it to you by anonymous remailer, they can plant a reason to suspect BS> that you may have evidence encrypted with that key. You've got it backwards. The problem that I originally posited was a corrupt key escrow agent using my signature key to forge a document. The fact that my signature pubkey could be used to encrypt messages to me is not particularly relevant. My employer could set up filters to keep me from recieving email on company time that is not encrypted to a key that the corporate escrow authority has in its possession. NBD. My concern here is with the NGACK situation. Companies have valid reasons to want escrow for their own purposes. I'm just warning people not to accept a signature key being escrowed by =anyone=. When you create a key to be escrowed, make sure the userid includes something like [Not Valid For Signatures]. * Pro Choice on Abortion. * No choice on Education. * Huh? --- * Monster at FAmend.Com * From monty.harder at famend.com Sat Sep 2 20:43:42 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sat, 2 Sep 95 20:43:42 PDT Subject: A problem with anonymity Message-ID: <8B05513.00030003DC.uuout@famend.com> TC> Oh, I agree, of course. Except that the escrow agent need not be a TC> "nonymous" agent, to use Monty's terminology here. Sorry, my Greek is rusty. Shoulda been "onymous", I suppose. But if the escrow agent is anonymous, we simply recurse, moving now to the question of whether anyone can trust the Anonymous Escrow Agency not to take the money and run. TC> (I mention banks because, when you look at it closely, today's banks can TC> quite easily claim that a customer made a withdrawal when he didn't. That TC> they don't says more about the nature of persistent businesses than about TC> any government oversight or security features. This is a side point, but it TC> bears keeping in mind that the real world of banks and businesses, etc., is TC> not fully secure, either. And yet it mostly works pretty well. The reasons TC> for this are interesting to consider.) A bank has $$ invested in impressive-looking buildings, (so that vanishing into the ether and setting up shop elsewhere is rather difficult) and several officers whose TrueNames are registered with the appropriate agencies, so that they may be sued if they pull this crap. While individual stockholders might appreciate the anonymity (and protection from legal action) of owning stock in a bank or escrow agency (might just combine the functions, while we're at it), they demand onymity of the officers with whom they entrust the keys to the corporation. * --- * Monster at FAmend.Com * From tcmay at got.net Sat Sep 2 20:58:25 1995 From: tcmay at got.net (Timothy C. May) Date: Sat, 2 Sep 95 20:58:25 PDT Subject: A problem with anonymity Message-ID: At 2:38 AM 9/3/95, MONTY HARDER wrote: > But if the escrow agent is anonymous, we simply recurse, moving now to >the question of whether anyone can trust the Anonymous Escrow Agency not >to take the money and run. Well, at one level, everything is always recursive. But seriously, the reason it differs is that the escrow agents are in the business to be escrow agents, not to take the money and run. This actually works in the real world. (Game-theoretically, they get a certain payoff in defecting, but then forego the revenue stream from future transactions....) And, of course, it is possible to structure things so that the escrow agent cannot "take the money and run," because the money is not accessible to them. This is analogous to an escrow agent in the real world holding a check from Alice to Bob until Bob completes some set of conditions. The escrow agent--call her Essie--cannot cash the check herself. She can of course renege on the deal, even if Bob does his part of the bargain, but there is little incentive for her to do so. One can ask what payoffs and costs/benefits exist for various actions by these agents, and game theory needs to take a look at these sorts of transactions, but there are plenty of reasons to believe "convergence" will occur (basically, that "effectively honest" behavior will be common). >TC> (I mention banks because, when you look at it closely, today's banks can >TC> quite easily claim that a customer made a withdrawal when he didn't. That >TC> they don't says more about the nature of persistent businesses than about >TC> any government oversight or security features. This is a side point, but it >TC> bears keeping in mind that the real world of banks and businesses, etc., is >TC> not fully secure, either. And yet it mostly works pretty well. The reasons >TC> for this are interesting to consider.) > > A bank has $$ invested in impressive-looking buildings, (so that >vanishing into the ether and setting up shop elsewhere is rather >difficult) and several officers whose TrueNames are registered with the >appropriate agencies, so that they may be sued if they pull this >crap. No, my point was that it is fairly easy for any bank to scam any particular customer, given the flaky nature of verification of withdrawals and other transactions (at least for smallish amounts of money). Few banks check signatures, few banks bother to demand much ID, etc. The issue is not whether you can sue Bank of America, but whether you could win. That banks don't often scam customers for small amounts of money is testimony to the fact that they've got a better payoff matrix element in being a bank than the meager payoff in scamming a few customers. I submit this not as proof, but as evidence that the type of "convergence" mentioned above mostly works. Most commerce hinges on this, not because of law enforcement. Like True Names, the threat of law enforcement is only a part of the overall equation. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jim at acm.org Sat Sep 2 21:35:08 1995 From: jim at acm.org (Jim Gillogly) Date: Sat, 2 Sep 95 21:35:08 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509030434.VAA24841@mycroft.rand.org> Bob Morris (recently retired from NSA) gave a fascinating invited lecture entitled "Non-cryptographic Ways of Losing Information". I hope he writes it up; until then, here are my notes from his presentation. Two things he said which I found new and fascinating: - During the early 1950's many major powers were discouraged by the tendency of then-modern crypto machines to fail in a way that would send plaintext instead of ciphertext, and they went to one time pads for most of their high-level enciphered traffic. Because of key re-use, we were regularly and routinely reading pieces of that traffic -- not just VENONA, but many systems from various countries. Sometimes the people who prepared OTP's would double their profit by selling them to more than one customer. - By the middle to late 1960's cryptanalysis became less cost effective than obtaining the information by other means -- wiretaps and so on. Morris emphasized and said we should write down these dicta: ------------------------------------------------------------------------- Never underestimate the attention, risk, money and time that an opponent will put into reading traffic. Rule 1 of cryptanalysis: check for plaintext. ------------------------------------------------------------------------- The real start of modern cryptology should be dated to the Enigma machines, which typified the new character of the art. Much has been made of the errors of the German cipher clerks, but egregious as they were, the errors made by the British cryptographers were vastly worse, and the American blunders were worse yet. German analysts regularly read and used Atlantic convoy orders throughout the war -- they were transmitted in an old code. One must always assume that the enemy has a copy of the machine/algorithm. A system that relies on keeping the algorithm secret is eventually doomed to failure, because it will always be discovered by some means or other. He sees microphones and antennas everywhere: the telephone line cord is an antenna; if telephone linemen were working on a pole outside his house he'd call the police an then find out what they were working on. In an unspecified country he called Lower Slobbovia (Al Capp, isn't it?) American troops used encrypted radiophones; when they broke they were taken to local repair shops to be fixed. When they got home the US engineers were interested to see the modifications that had been made. He mentioned a few similar instances, including the lovely carved wooden seal given to the US Embassy in Moscow to decorate their anteroom. [It's now on view at the National Cryptologic Museum with the transmitter cavity visible.] Cordless phones have a range of 5 miles or so. Use of cellular phones is increasing dramatically, as well as fax and modems. He discussed the Walker/Whitworth spying case, and said one of his design criteria is to design systems with Walker in them: it's not good enough to have a system where everyone must be trusted, but it must also be made robust against insiders. This may include going to non-paper systems, so that there are no paper keys that the Walkers of the world can shop to the other side. Threats and risks include: overconfidence, carelessness, eavesdropping and tapping, theft of floppies and other materials, purchase, theft of key material, burglary and blackmail. Much or most loss is due to insiders. In the future there will be more radio used for ordinary communications. Americans are unwilling to pay for secure telephones, but that's not the case in Europe. ------------------------------------------------------------------------- Reported by: Jim Gillogly 12 Halimath S.R. 1995, 04:33 From dsc at swcp.com Sat Sep 2 22:00:36 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 22:00:36 PDT Subject: Cyphernomicon Message-ID: Thanks to all who helped me get my hands on Cyphernomicon. I now can breeze through the html site at www.oberlin.edu. I guess at 2am it didn't work because either I or oberlin were too sleepy. I still cannot open an FTP port at netcom. I got a copy on my Mac by giving a lot of memory to Netscape and getting it from www.swiss.ai.mit.edu. I also got a copy from Jeff's zipped copy at ftp.goblin.punk.net, but my unzipping utility hacked out a few lines. Here is a summary of what I learned: Cyphernomicon File Size: 1,287,731 (single character newlines) FTP sites: ftp.netcom.com/pub/tc/tcmay/CP-FAQ The original. "crowded" (I couldn't open an FTP port.) ftp.goblin.punk.net/pub/docs/cypherpunk.faq.gz ftp.goblin.punk.net/pub/docs/cypherfq.zip 28.8 bps modem, newline=CR, but .zip will change to newline=CRLF About 432Kbytes. (On PPP at 14.4 it took me 6+ minutes to get it.) "until someone posts it on a site with higher bandwidth" [the upcoming new/changed/mirrored Cypherpunk site] HTML site: http://www.oberlin.edu/~brchkind/cyphernomicon/ nice. Other http: sites: http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ text. very responsive and fast (6 minutes for my 14.4 connection). http:/www.isse.gmu.edu/~pfarrell/crypto/CP-FAQ text http://www.msen.com/~lwp/Cyphernomicon.gz About 432Kbytes. Need g[un]zip utility. Clearly missing are credits and contact info. I probably won't get to the FAQ much this weekend (wife & kids expect me to do my share and bring home the bacon), but maybe in a week or two. Do I have to read the sci.crypt FAQ, too, to earn my FAQ badge? Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From lwp at mail.msen.com Sat Sep 2 22:06:01 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Sat, 2 Sep 95 22:06:01 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations In-Reply-To: Message-ID: Also available at http://www.msen.com/~lwp/Cyphernomicon.gz On Fri, 1 Sep 1995, Timothy C. May wrote: > released it last year, and put it in my anonymous ftp account at > ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom > is often very crowded, though. > > I know of a couple of alternative places. A very nice job of HTMLizing it > was done by Jonathan Rochkind, a Cypherpunk, and is located at the URL > > http://www.oberlin.edu/~brchkind/cyphernomicon/ > > Another URL, which is just one large file, is > > http://www.swiss.ai.mit.edu/6095/articles/cyphernomicon/CP-FAQ :::::::::::::::::::::::::::::::::::::: :: Lou Poppler :: No animals were harmed in the :: http://www.msen.com/~lwp/ :: production of this message. :::::::::::::::::::::::::::::::::::::: From dsc at swcp.com Sat Sep 2 22:49:23 1995 From: dsc at swcp.com (Dar Scott) Date: Sat, 2 Sep 95 22:49:23 PDT Subject: A problem with anonymity Message-ID: Having not read the FAQ, I foolishly jump in... Timothy May wrote, >At 2:38 AM 9/3/95, MONTY HARDER wrote: > >> But if the escrow agent is anonymous, we simply recurse, moving now to >>the question of whether anyone can trust the Anonymous Escrow Agency not >>to take the money and run. > >Well, at one level, everything is always recursive. [snip] >And, of course, it is possible to structure things so that the escrow agent >cannot "take the money and run," because the money is not accessible to >them. > >This is analogous to an escrow agent in the real world holding a check from >Alice to Bob until Bob completes some set of conditions. The escrow >agent--call her Essie--cannot cash the check herself. She can of course >renege on the deal, even if Bob does his part of the bargain, but there is >little incentive for her to do so. For example, the money exchanger or bank can allow an exchange option that packages up the new money for some AND/OR list of package openers, certify what it is and then seal it up & send it to the escrow agent. As mentioned by Timothy and Monty this just pushes the question down to whether anyone can trust the bank. Timothy claims evidence that there will be entities such as banks that do not scam customers. I observe that from a few trusted entities a great amount of trust can be created--bubbling up that same recursion. In the above example, the trust of the Anonymous Escrow Agency is increased by the mechanism that does not allow the agency to get at the cash. This uses the trust of the bank, but does not decrease the trust of the bank. Perhaps trust formal transfer mechanisms can evolve so that almost everybody can become almost as trustworthy as the most trustworthy entity in the commerce. Dar (who knows he should have checked the FAQ) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 <--- 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html My preference for attached files are in this order: AOL, Mime, Binhex4, PGP, UUencode =========================================================== From edge at got.net Sun Sep 3 00:06:05 1995 From: edge at got.net (Jay Campbell) Date: Sun, 3 Sep 95 00:06:05 PDT Subject: Mailing List Archive Message-ID: For personal reasons (my dislike for big mailboxes) I've set up hypermail to archive the Cypherpunks list at: http://got.net/CypherpunksArchive/ If someone else has done this, I'll stop fiddling with the configs and come use yours. I just set it up, so it's rather empty today... If someone has a non-html archive of the messages, I'm up to tossing some perl around and converting it for the archive. -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From perry at piermont.com Sun Sep 3 00:14:55 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 00:14:55 PDT Subject: Phil Zimmermann/Amnesty International? In-Reply-To: Message-ID: <199509021658.MAA29224@frankenstein.piermont.com> Alan Westrope writes: > On Fri, 01 Sep 1995, Michael Froomkin wrote: > > > I think he would have to be charged first. Have I missed something? > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > recently; a friend happened to catch the program, taped it, and played > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. That's not possible. The offense in question took place on or before September 8, 1992, and the statute of limitations is, to my knowledge, three years. Even if it were four years, it would have to be September 8th of that year. Branko Lankester announced availability of PGP 2.0 on Mon, 7 Sep 1992 at about 20:22 GMT, so since the allegation is that he exported PGP Version 1.0 to the team that developed PGP 2.0 overseas, any export that Phil performed would have of necessity to have taken place before then. Michael, you are one of our local lawyers. Could you please confirm the length of the statute of limitations? Perry From edge at got.net Sun Sep 3 00:18:05 1995 From: edge at got.net (Jay Campbell) Date: Sun, 3 Sep 95 00:18:05 PDT Subject: Mailing List Archive In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Jay Campbell wrote: > For personal reasons (my dislike for big mailboxes) I've set up > hypermail to archive the Cypherpunks list at: > > http://got.net/CypherpunksArchive/ Oops - the real (but temporary) URL is actually: http://got.net:8080/CypherpunksArchive/ -- Jay Campbell - Regional Operations Manager -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net "Shoot the Fruit Loop" 408.469.9400 From mark at unicorn.com Sun Sep 3 00:34:22 1995 From: mark at unicorn.com (Rev. Mark Grant) Date: Sun, 3 Sep 95 00:34:22 PDT Subject: Dumb Question: PGPfone over Appletalk Message-ID: Can someone tell me how to run PGPfone over Appletalk ? The documentation says that support has been added for this release, and there's a preferences box to check to use it, but there's no information I can find in the documentation on how to initiate a call over Appletalk.. it just says to enter a telephone number to dial. If I press 'Connect' without entering anything it hangs up the Mac. How do I tell it which machine I want to connect to ? Mark "Don't know much about Macs" Grant From droelke at rdxsunhost.aud.alcatel.com Sun Sep 3 00:34:28 1995 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Sun, 3 Sep 95 00:34:28 PDT Subject: Basic Public key algorithms. Message-ID: <9509021801.AA07301@spirit.aud.alcatel.com> After doing quite a bit of poking around, I am somewhat discouraged in my attempts to find a simple *pure* public key encryption method, without a lot of other stuff wrapped around it. What I need is to encrypt between 45 and 55 bits of information using a public key algorithm in an embedded environment. Memory usage needs to be minimal (a couple of K), and CPU usage will be tradded off based on key length. Decryption speed/memory usage is not very limited (done on a workstation, not on embedded system). I could use RSA (which is well described in many sources, and has RSAREF out there), but I want to avoid the patent issue if possible. The sci.crypt FAQ mentions that there are other methods but that is about all it says. Are there any that are not patented? Are there any that someone knows of that work well in a limited memory environment? Thanks for any/all pointers. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From perry at piermont.com Sun Sep 3 00:34:32 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 00:34:32 PDT Subject: Basic Public key algorithms. In-Reply-To: <9509021801.AA07301@spirit.aud.alcatel.com> Message-ID: <199509021813.OAA29335@frankenstein.piermont.com> Daniel R. Oelke writes: > I could use RSA (which is well described in many sources, and has > RSAREF out there), but I want to avoid the patent issue if possible. > The sci.crypt FAQ mentions that there are other methods but that > is about all it says. Are there any that are not patented? No, because one patent covers public key cryptography itself, and not a particular method. .pm From jis at mit.edu Sun Sep 3 00:34:34 1995 From: jis at mit.edu (Jeffrey I. Schiller) Date: Sun, 3 Sep 95 00:34:34 PDT Subject: ASN.1 and Kerberos version 5 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes: >I've heard people associated with the decision to use ASN.1 in >Kerberos V say it was a mistake. Frankly, I think ASN.1 is a blight >which should be exterminated from the planet. I'll say it. I was the person who pushed for the use of ASN.1 in Kerberos version 5. I had this disease at the time that made me think that ASN.1 was a good idea. I got better, unfortunately we have been living with the results of my braino for quite some time now... poor Ted. However, the problem with ASN.1 isn't its waste of space (which actually isn't that bad for a mechanism for encoding arbitrary objects). The problem is that it is the product of a standards making process that didn't (and doesn't) value interoperability. Adherence to the ISO specifications does not guarantee interoperation. Instead regional "workshops" negotiate aspects of implementations to obtain interoperation. What does this mean for ASN.1? It means that the definition of ASN.1 is a bit abstract (as its name implies). Problems result when two organizations (say MIT and OSF!) attempt to implement from the specification in ASN.1 but use different ASN.1 compilers and things then don't work. Arguments then ensue about whose compiler (or manually written parsing code) is "correct" in terms of doing the right thing with ASN.1. This is particularly so when using DER (for Distinquished Encoding Rules) which is itself an after-thought added to ASN.1 later in the process. It is required in order to verify digital signatures (which have to be computed on the "encoded" form of an object because there is no good way to calculate a signature on an "abstract" object). If the Kerberos specification said: "pub this byte here and that one there" none of these arguments and problems would happen. -Jeff -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEiaf8UtR20Nv5BtAQFzNAP/Q/LuIMbxAPAp64Kn2PSPd600TYlRAUJh QbsuL/iRhGXWrxSjsFzkcr6e3sIpSFggxglFU38TJT/DG2AD8MOid3Uj4pRJVbyo z7Au0Vp1NiotmRBHq2udItzJ7LLPM0j38FHQenqPs9mkX2Cq5kVgGUBO94HabEuE S9XPCgV8E1Q= =kTyw -----END PGP SIGNATURE----- From ravage at einstein.ssz.com Sun Sep 3 00:34:37 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 3 Sep 95 00:34:37 PDT Subject: Austin Cypherpunks Message-ID: <199509021825.NAA00547@einstein.ssz.com> Hi all, This is of real interest to Austin subscribers only... It has been over a year since the last real meeting of the Austin Cypherpunks. I am interested in getting the group back on a regular schedule and writing code and building hardware. If you share this interest then please drop me a note at ravage at einstein.ssz.com I have created a mailing list for the local members and if interested then send a subscribe austin-cpunks to list at einstein.ssz.com That is all. Jim Choate CyberTects ravage at einstein.ssz.com From adam at bwh.harvard.edu Sun Sep 3 01:00:36 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 3 Sep 95 01:00:36 PDT Subject: Crypto '95 Message-ID: <199509021859.OAA02093@bwh.harvard.edu> Perry asked for an overview of Crypto '95. I missed the rump session, so hopefully someone else will write about that. The best talks were probably by Ross Anderson (Robustness Principles for Public Key Protocols) and Adi Shamir (Myths and Realities of Cryptography). Since Anderson's paper is in the proceedings, I won't rehash it here, but Shamir's talk is not, I present his 10 commandments of Commercial Security: 1. Don't aim for perfect security. 2. Don't solve the wrong problem. 3. Don't try to sell security bottom up. 4. Don't use cryptographic overkill. 5. Don't make it complicated. 6. Don't make it expensive. 7. Don't use a single line of defense. 8. Don't forget the mystery attack. (Know how to regenerate security when you don't know whats going wrong.) 9. Don't trust systems. 10. Don't trust people. In other news: Richard Schroeppel, Hillarie Orman (and others) presented some speedups to elliptic curve systems, based on fast calculation of reciprocals. The speedup is about a factor of 3. There were some interesting analysis of RC5, SAFER-K64. Bruce Dodsen and Arjen Lenstra presented some interesting results running NFS with four large primes. From their abstract: "[factoring with 2 large primes] completion time can quite accurately be predicted...For NFS such extrapolations seem to be impossible--the number o useful combinations suddenly `explodes' in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this is that NFS factoring is substantially faster than expected, which implies that factoring is somewhat easier than we thought." Please note that that doesn't mean RSA has been broken, or that they can factor products of large primes in their heads. It means that there are speedups possible, but not enough that anyone should be worrying about a 1024 bit key. The best quote of the conference was doubtless Robert Morris, Sr, reminding us of the first rule of cryptanalysis, "Don't forget to look for plaintext." Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From don at cs.byu.edu Sun Sep 3 01:43:06 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Sun, 3 Sep 95 01:43:06 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509030845.CAA00124@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- I have been looking at a number of SSLTelnet/FTP programs (available from utopia.hacktic.nl by the way) and they would seem to all require Netscape's library. Anyone know about this? I found the following link for SSLRef but I was just wondering if it was the only way to implement SSL telnet&ftp. I would hate to see people not be able to use them simply because there's no illegal copies available. URL: http://home.netscape.com/info/sslref.html If anyone knows of any clones or foreign sources please speak up. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMElX4cLa+QKZS485AQERIQL/SBZAOAdAWSzfl/W9GNfDEU7e+3pBua5s z84iGGuT5CfCGM4X5rYGKV4DuRVfFPyNQc++bn8SpPgyenbvBK+gc6400FHVskr3 Y4HAlBTqSSoyfOUHlhnEAs63nsjDGdFM =ihYg -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * PS: my failure to lament violations of ITAR should not be confused with actual involvment in criminal activity. Heh heh heh. Catchyalater From monty.harder at famend.com Sun Sep 3 01:45:44 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Sun, 3 Sep 95 01:45:44 PDT Subject: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears... Message-ID: <8B0556B.00030003E0.uuout@famend.com> RA> separate step/pass) Encrypt the Signed Message (IOW is E+S just a short cut RA> for the two processes done in sequence using the same key for both The only way that -es uses the same key for both the encryption and signature is if I have EncryptToSelf turned on, or I explicity specify my signature key as one of the recipients. My privkey is used for the signature, but =your= pubkey is used for the encryption. * A dork with a modem can become a dork with a modem and an Internet address. --- * Monster at FAmend.Com * From Cybie at cris.com Sun Sep 3 02:07:59 1995 From: Cybie at cris.com (Cybie at cris.com) Date: Sun, 3 Sep 95 02:07:59 PDT Subject: Direct Socket to Remailer? In-Reply-To: Message-ID: <9509030907.AA04231@mariner.cris.com> > > At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote: > >I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. > >The procedure, quite frankly, sounds rather complicated. > > > > You should try the telnet port 25 trick. It is amazingly simple (but not > secure). Just "telnet some.machine.com 25" and type help. It will guide you > through it. It is quite informative. > > -Lance Before you do it, make sure your ISP doesn't mind you telneting to port 25. VCU's computer dept. doesn't take to kindly to it. They're worried about people sending forged e-mail. (I was tempted to tell the guy when I got caught doing it that they should put a copy of PGP online for folks to use. But I just wanted my account re-instated.) From perry at piermont.com Sun Sep 3 02:23:04 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 02:23:04 PDT Subject: Basic Public key algorithms. In-Reply-To: Message-ID: <199509030031.UAA29612@frankenstein.piermont.com> Ben writes: > > Daniel R. Oelke writes: > > > I could use RSA (which is well described in many sources, and has > > > RSAREF out there), but I want to avoid the patent issue if possible. > > > The sci.crypt FAQ mentions that there are other methods but that > > > is about all it says. Are there any that are not patented? > > > > No, because one patent covers public key cryptography itself, and not > > a particular method. > > Point of information--I'm not flaming you Perry, but Public Key Partners > claims that their patent covers all forms of Public Key Crypto. How is this at all different from what I just said? .pm From anon-remailer at utopia.hacktic.nl Sun Sep 3 02:50:21 1995 From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request) Date: Sun, 3 Sep 95 02:50:21 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509030950.LAA15691@utopia.hacktic.nl> So Robert Morris worked for NSA. Does that mean that the infamous 1988 Internet Worm was part of a NSA-sponsored intelligence-gathering mission? From Andrew.Spring at ping.be Sun Sep 3 03:04:39 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Sun, 3 Sep 95 03:04:39 PDT Subject: sums with BIG numbers Message-ID: Deranged Mutant wrote: >> >What do you mean? How big numbers are added (trivially easier than >multiplication >or division) or how it handles numbers that are too large for the variable's >size? and Ray Cromwell wrote : To add two bignums, P(x) and Q(x) simply sum coefficients of like terms like you would with any polynomial addition, with one simple modification. If a_k is the coefficient of the x^k term of P(x), and etc, etc. Just a quick clarification, people: In the UK, and, presumably Australia, "doing sums" refers to performing any kind of arithmetic, not just addition. And to Sherry Mayo: Don't give up on the code, just yet. Try running it and watching it with a debugger. From lyalc at ozemail.com.au Sun Sep 3 04:45:46 1995 From: lyalc at ozemail.com.au (lyal collins) Date: Sun, 3 Sep 95 04:45:46 PDT Subject: A bold ssl idea ? Message-ID: <199509031145.VAA12843@oznet02.ozemail.com.au> Having watched the discussions of recent of the SSL bruting, it occured to me that a variation could also be useful. I understand that setting up RC4 keys is slower that testing for the correct key (I may have misuderstood this bit). As a company using SSL can ahve all it's SSL traffic sniffed, from multiple people accessing, a log can easily be built of message/keys. Is it considered practical to modify the brutessl code to have multiple message data, and test each against a key from allocated key space ? If so, this may mean that perhaps 3 message can be tested against a single in the time two single keys could be tested against one message. An an attack scenario, this is a hell of a lot more "efficient" than current trials have been. I realise this could also be considered a bit of target for the main purpose of demonstrating weaknesses, and improving techiquess. My thoughts, anyway - i hope they make sense. lyal From jya at pipeline.com Sun Sep 3 05:35:15 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 05:35:15 PDT Subject: 260_xxx Message-ID: <199509031235.IAA19851@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "It's a Hacker Meeting, So Hide Your Phones." Razor and Curious George showed up. Angstrom and Tigerboy and Cameo came, Rebel and Master Chemist, and the revered Emmanuel Goldstein. And there were dozens more, the illicit apparatus for filching pay-phone calls secreted deep in the pockets of shredded jeans, the hand-held Newton minicomputers at the ready. It was a time for all prudent people to hide their cellular phones and guard their calling cards, and for those who despise Nynex, Bell Atlantic and AT&T to rejoice. Because the electronic virtuosos in the public lobby of the Citicorp building at 53d Street and Lexington Avenue were networking to share clever and highly illegal ways of fooling the phone system and the corporate computer guard dogs meant to keep them out. 260_xxx From jya at pipeline.com Sun Sep 3 05:38:29 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 05:38:29 PDT Subject: ARS_tug Message-ID: <199509031238.IAA19949@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "Aircraft Carrier May Give Way To Missile Ship." The aircraft carrier may soon be shoved off center stage by a new "arsenal ship" that would be able to rain 500 missiles within a matter of minutes on targets hundreds of miles away, without risking pilots' lives. A carrier costs $4.5 billion to build and $440 million a year to operate. The new ship, essentially a floating missile barge, might cost only $500 million and just tens of millions a year to run. The new ship would fire Tomahawk cruise missiles, long-range artillery shells or rocket barrages against ammunition dumps, command posts and artillery. It could prove particularly valuable in the early stages of a crisis, before ground troops were in place. It would travel with other ships and submarines for protection, and target information would be provided by other vessels, reconnaissance aircraft, pilotless drones or ground spotters. The 825-foot ship might require fewer than 20 people to operate, compared with the 5,000 aboard a 1,040-foot carrier. ARS_tug From ab411 at detroit.freenet.org Sun Sep 3 05:53:33 1995 From: ab411 at detroit.freenet.org (David R. Conrad) Date: Sun, 3 Sep 95 05:53:33 PDT Subject: Florida Drivers Permits and a Hello Message-ID: <199509031253.IAA23207@detroit.freenet.org> -----BEGIN PGP SIGNED MESSAGE----- Bill Stewart writes: >At 08:41 PM 8/29/95 -0400, [ I, Dave Conrad ] wrote: >>One benefit to law enforcement, quite apart from the ability to verify a >>license, would be the accumulation of a database of thumbprints of all >>citizens, or at least all those who drive. > >They can get that by just collecting it when you get the license (which CA >does), without having to cram it onto the back of the license. Obviously, but I think many people would resist it if they collect it just for the sake of collecting it. But if they say they are collecting it to put on the license in order to verify licenses "in the field", then the collection will be a lot more palatable to a lot more people. Have people in CA complained much that they collect it when you get the license? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEmhsxEcrOJethBVAQHFqQP9HvbaGMe4pQhlH1EsS9MKuC1L2+DlnXLb lhkzJ9OJHRBJ7lN437I2W04ec0YRZXv3vf3Y3CMlYD1w09Ih54ugZYWzQbG7meu/ SHikLH0KVz86RlCUi5qzCrX3Zs+sFXTvkTSJ5t7G7o24/wpxxB2hy+4NBedTPp3o yYWrn+p0sRU= =mzOJ -----END PGP SIGNATURE----- -- David R. Conrad, ab411 at detroit.freenet.org, http://www.grfn.org/~conrad Finger conrad at grfn.org for PGP 2.6 public key; it's also on my home page Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 Jerry Garcia, August 1, 1942 - August 9, 1995. Requiescat in pace. From johnl at radix.net Sun Sep 3 07:58:54 1995 From: johnl at radix.net (John A. Limpert) Date: Sun, 3 Sep 95 07:58:54 PDT Subject: Crypto '95: Robert Morris Message-ID: <199509031457.KAA21322@saltmine.radix.net> At 11:50 AM 9/3/95 +0200, you wrote: >So Robert Morris worked for NSA. >Does that mean that the infamous 1988 Internet Worm >was part of a NSA-sponsored intelligence-gathering mission? Robert Morris Jr. wrote the worm. His father, Robert Morris Sr. worked for the NSA. -- John A. Limpert johnl at Radix.Net From hfinney at shell.portal.com Sun Sep 3 08:18:22 1995 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sun, 3 Sep 95 08:18:22 PDT Subject: Slightly faster checking for encrypted messages to me Message-ID: <199509031517.IAA26595@jobe.shell.portal.com> One idea we have often discussed is to use a public message pool such as a newsgroup or mailing list reflector as a means of receiving messages anonymously. Each message would be encrypted with my public key (or that of my pseudonym), but with the identifying information stripped. Then I need to scan them all to see which ones are encrypted to me. Those are the ones which decrypt under the public key system to a correctly padded session key. Doing it this way eavesdroppers can't even tell how much mail my nym is receiving. The problem is that doing a PK decrypt is time consuming, and if we had to do it to all the anonymous mail traffic in the world it could become impractical. I had hoped that Shamir's idea which I posted earlier would help with this, but I can't see an application. His idea helps to check for specific signatures, which is a thing anyone can do, but he lets you do it faster. We need a faster way to do a check which only the holder of the secret key can do. I have thought of a small improvement based on Shamir's ideas, though. Use Rabin encryption rather than RSA. In this system the decryption involves taking square roots. This is done by taking the square root of the ciphertext mod p and q (the two secret primes) and using the Chinese Remainder Theorem to get the square root mod n. (This is also done in RSA with eth roots.) If p and q are 3 mod 4, you can get the square root of x mod p as x^((p+1)/4) mod p. This is done for p and q and you then combine them. So the amount of work is pretty much the same as for RSA. However a speedup is possible to do a quicker check for a validly formed encrypted message. The idea is that the encrypted message is of the form M^2 mod n. This means that it is a quadratic residue mod n, and also therefore a q.r. mod p and q. So the speedup is simply to check whether it is a q.r. mod one of the primes and to reject it if not. This takes about half the amount of time to actually try the decryption. All valid messages will pass the test, and half of the invalid messages will be rejected. So this is not very strong, but it is perhaps better than nothing. Maybe Shamir will come up with some idea for this problem. As I wrote before, testing for a q.r. is done by raising to the (p-1)/2 power mod p, and seeing if the answer is 1. I think this can be done in such a way that if it does come out to be 1 we can use our intermediate results to calculate the (p+1)/4 needed for the square root very quickly. Also, BTW Rabin encryption is not specifically patented, only the relatively-untested and almost-expired patent which covers all public key systems (with the failed knapsack algorithm as its specific embodiment) would supposedly prevent its use. However even PKP is apparently becoming more reluctant to throw its weight around on this patent, while they are still quite possessive about RSA. So perhaps a migration to Rabin is in order. Hal From shamrock at netcom.com Sun Sep 3 08:19:46 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:19:46 PDT Subject: Crypto '95: Robert Morris Message-ID: At 11:50 9/3/95, Name Withheld by Request wrote: >So Robert Morris worked for NSA. >Does that mean that the infamous 1988 Internet Worm >was part of a NSA-sponsored intelligence-gathering mission? The worm was relased by his son. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Sun Sep 3 08:19:49 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:19:49 PDT Subject: Florida Drivers Permits and a Hello Message-ID: At 8:53 9/3/95, David R. Conrad wrote: >Obviously, but I think many people would resist it if they collect it just >for the sake of collecting it. But if they say they are collecting it to >put on the license in order to verify licenses "in the field", then the >collection will be a lot more palatable to a lot more people. > >Have people in CA complained much that they collect it when you get the >license? The masses never complain. Fingerprints on driver licenses, pictures on credit cards, and the soon to be mandatory medical monitoring devices that continually check your bloodstream for toxins are for _your_ protection. People demand more, not less, supervision. The government will gladly oblige. -- Lucky Green PGP encrypted mail preferred. From Piete.Brooks at cl.cam.ac.uk Sun Sep 3 08:25:01 1995 From: Piete.Brooks at cl.cam.ac.uk (Piete Brooks) Date: Sun, 3 Sep 95 08:25:01 PDT Subject: A bold ssl idea ? In-Reply-To: <199509031145.VAA12843@oznet02.ozemail.com.au> Message-ID: <"swan.cl.cam.:180200:950903143250"@cl.cam.ac.uk> > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). For pure RC4, Yes. However, SSL is not pure RC4. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? You are the third person I've heard think of this. [ The first did quite a lot of calculations before spotting the problem ! ] > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. Well, the original suggestion I heard was to try 64K at a time :-)) From jya at pipeline.com Sun Sep 3 08:25:23 1995 From: jya at pipeline.com (John Young) Date: Sun, 3 Sep 95 08:25:23 PDT Subject: PEE_per Message-ID: <199509031244.IAA20069@pipe4.nyc.pipeline.com> 9-3-95. NYPaper: "500,000 Clients, No Branches. Phone Banking Is Catching On." Bankers from around the world are making the pilgrimage to Leeds in the north of England for a miracle cure at their stagnant industry's equivalent of a Lourdes. Here is First Direct, a bank with half a million customers and not a single branch. It is the world's leading telephone-only bank; it is the fastest-growing bank in Britain. On the walls are sports stadium scoreboards, constantly flashing the number of customers on hold and how long they have been waiting. While a banker serves a customer, his computer screen is displaying all sorts of personal information about her. "No Adverse Risk" flashes at the top, indicating that the bank would be glad to loan her money. Also displayed is the fact that she is a 30-year-old single renter with a job as a project manager, along with a list of all the bank's prior contacts with her. PEE_per From shamrock at netcom.com Sun Sep 3 08:38:02 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 08:38:02 PDT Subject: hks cypherpunks newsserver down Message-ID: nntp.hks.net's cypyherpunks mail -> news gateway has not shown new messages for more than a week. Strangely, only the cp list seems to be affected. Anyone know what's up? -- Lucky Green PGP encrypted mail preferred. From bigdaddy at ccnet.com Sun Sep 3 10:09:37 1995 From: bigdaddy at ccnet.com (bigdaddy at ccnet.com) Date: Sun, 3 Sep 95 10:09:37 PDT Subject: Direct Socket to Remailer? In-Reply-To: <9509030907.AA04231@mariner.cris.com> Message-ID: On Sun, 3 Sep 1995 Cybie at cris.com wrote: > Before you do it, make sure your ISP doesn't mind you telneting to port 25. > VCU's computer dept. doesn't take to kindly to it. They're worried about > people sending forged e-mail. (I was tempted to tell the guy when I got > caught doing it that they should put a copy of PGP online for folks to use. > But I just wanted my account re-instated.) CMU's systems, for instance, are nice enough to explicitly warn you 'Mis-identifying the sender is an abuse of computing resources.' on their machines' port 25. I take this to imply that they don't take kindly to such use of their machines by students or non-students...but what they would do to a non-CMU student is not clear. Come to think of it, would there be legal issues involved in forging e-mail addresses? Can one have a reasonable expectation of identity in ordinary e-mail? Probably not. How about mail authenticated with PGP, RIPEM, Notes, or a similar system? We've seen key certification by VeriSign, among others...and, if we assume a certification structure which requires checking the True Name of the person, then we have a link between the key and the identity. All well and good. If we add key escrow to this certification structure, or require a True Name for *all* keys, then one could have 'identity escrow'...a situation in which pseudonymous keys can be created and distributed with certification that they really belong to a (presumably unique) True Name. In the example of a bank with anonymous officers, their identities might be held by another organization(oversight committee, industry certification authority, etc.), and revealed in the event of an investigation. Doesn't VeriSign already sign 'Personality Certificates'(sorry if not the right term) for pseudonymous IDs? Obviously, setting and enforcing limits on keys per person, should that be desirable, could be difficult. In the simplest case of one verified key and identity per person, an entity who can satisfy the verification process multiple times can be issued multiple keys. If there are a number of independent Certification Authorities, and assuming they don't cross-check, one could get as many keys as there are CAs. Lag time between, say, the Dhahran, Saudi Arabia office of the CA and the rest of the structure might also allow for two or more keys at once. There's probably a dozen different ways to fool a CA or group of CAs. Unfortunately, they're likely to be so difficult, and the penalties severe enough(e.g. permanent revocation of all keys with a particular CA), that few will use them. I wonder if this sort of "feature" is already on tap for a Government Certification Authority in the U.S.. If pseudonymity is offered at all(perhaps as a sort of compromise), it seems reasonable that any State-sponsored CA would insist on identity escrow. The next logical step, of course, would be to subordinate, discredit, or outlaw other CAs, in order to minimize the 'possibility' of 'evil criminals' using the 'national information infrastructure' for 'nefarious acts of impersonation'. Web-of-trust would probably still be legal. It would be absurdity to even attempt to outlaw it, as one would hope the example of PGP has shown. One might as well outlaw gossip. Unfortunately, web-of-trust is rarely as extensive(at least for me) than a full-blown certification hierarchy. It is certainly more work. In effect, the State would reserve to itself the ability to certify keys on a large scale, on its terms. Scary. On the other hand, it could also make for some very interesting situations...such as a pseudonymous identity, accredited by the State, able to participate in elections, enter into binding contracts, and telecommute to work. Again, making sure no one registers and votes twice might be a bit of work. Perhaps down the line, such an identity could run for office. The line 'I'm With Stupid' takes on a whole new meaning... David Molnar P.S. Andrew L : Yes, I'm the same person you knew in Houston! Have you received the mail I sent you? -Haynow From perry at piermont.com Sun Sep 3 10:59:07 1995 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 3 Sep 95 10:59:07 PDT Subject: Crypto '95: Robert Morris In-Reply-To: <199509030950.LAA15691@utopia.hacktic.nl> Message-ID: <199509031758.NAA01453@frankenstein.piermont.com> Name Withheld by Request writes: > So Robert Morris worked for NSA. > Does that mean that the infamous 1988 Internet Worm > was part of a NSA-sponsored intelligence-gathering mission? You have the junior and senior Robert Morris confused. .pm From mfroomki at umiami.ir.miami.edu Sun Sep 3 11:16:31 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Sun, 3 Sep 95 11:16:31 PDT Subject: Mail to mail.cypherpunks "newsgroup" echoes to list Message-ID: I have been getting a load of duplicate mail from this group; not all messages are duplicated, only those cc'd to mail.cypherpunks as well as sent to the toad.com address. I don't know if this is a gateway to a local newsgroup or what, but I wish the duplication would stop. Thank you. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki ---------- Forwarded message ---------- Date: Sun, 03 Sep 1995 08:38:54 -0600 From: Piete Brooks To: lyal collins Cc: cypherpunks at toad.com, Piete.Brooks at cl.cam.ac.uk Newgroups: mail.cypherpunks Subject: Re: A bold ssl idea ? > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). For pure RC4, Yes. However, SSL is not pure RC4. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? You are the third person I've heard think of this. [ The first did quite a lot of calculations before spotting the problem ! ] > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. Well, the original suggestion I heard was to try 64K at a time :-)) From bal at martigny.ai.mit.edu Sun Sep 3 11:36:26 1995 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Sun, 3 Sep 95 11:36:26 PDT Subject: Looking for NII IP "White Paper"... Message-ID: <9509031836.AA23248@toad.com> According to an article in Sunday's _Washington Post_ the final draft of the "Intellectual Property and the National Information Infrastructure" report is going to be released Tuesday morning. You may recall the premilinary draft of this report, a.k.a. the "Green Paper", and its proposed changes to U.S. Copyright Law. Does anyone on the list have a copy of the final draft/"White Paper"? The administration is evidently keeping it under pretty tight wraps, probably because of the intense criticism the Green Paper received. Personally, I expect the White Paper to be just as bad. --bal References: The Green Paper/Preliminary Draft is available at: http://www.uspto.gov/niiip.html Pam Samuelson's critique, which appeared in _Communications of the ACM_ and which you should definitely read, is available at: http://www-swiss.ai.mit.edu/6095/articles/samuelson-nii-cacm-dec94.html From pfarrell at isse.gmu.edu Sun Sep 3 11:39:09 1995 From: pfarrell at isse.gmu.edu (Pat Farrell) Date: Sun, 3 Sep 95 11:39:09 PDT Subject: WEB pointers for NIS&T Key Escrow meeting Message-ID: <9509031838.AA01294@isse.gmu.edu> To save list bandwidth, I've put the agenda, attendee list, and the three discussion topic papers for this week's Key Escrow meeting on my web. url: http://www.isse.gmu.edu/~pfarrell/nistmeeting.html I'll add anything else I get from NIS&T, and any pointers folks send my way. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From Richard.Johnson at Colorado.EDU Sun Sep 3 12:26:51 1995 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sun, 3 Sep 95 12:26:51 PDT Subject: Dumb Question: PGPfone over Appletalk Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Can someone tell me how to run PGPfone over Appletalk ? The >documentation says that support has been added for this release, and >there's a preferences box to check to use it, but there's no information >I can find in the documentation on how to initiate a call over >Appletalk.. it just says to enter a telephone number to dial. If I >press 'Connect' without entering anything it hangs up the Mac. > >How do I tell it which machine I want to connect to ? > > Mark "Don't know much about Macs" Grant My guess is that you're on a network with multiple AppleTalk zones. The "PGPfone 1.0b4 README" file mentions a known bug that causes PGPfone to freeze when trying to bring up its AppleTalk Browser. The Read Me file then goes on to explain how to connect anyway. Be sure to use a semi-colon, not a colon, between the zone name and the macintosh name... Richard -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEn+T/obez3wRbTBAQHG7gP+J8It6kZTRYhte2ffTSzflQB8ff14a2pR VR81PD0HIjE5cyNTrAlA6FdVGguy21BIK+tUz5rmQBRuZP46OWynBqk4y551M+fg JjnEOk2jXNBZDFdwT9fy5hWc3g38os6vto5/4vsj5Vhw0+6EoVojzJ8AU99ibG7z pKnPhQnpISI= =8lQJ -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Sep 3 12:49:19 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 3 Sep 95 12:49:19 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509031948.MAA17974@jobe.shell.portal.com> The link I used recently to get SSLREF is . I don't now what kind of export restrictions this enforces. I was hoping to write a program which would sit on the user's PC and act as a proxy for Netscape's browser. It would connect using 128 bit SSL instead of 40 bit. The stumbling block is that Netscape won't connect to even the local proxy unless it sees a valid certificate, one signed by a CA that it accepts. For this application I would need such a certificate, and make the corresponding public and private keys public, hard-coding them into the proxy. Since the proxy runs on the same PC as the browser there is no need for confidentiality between them, and the secret key can be revealed. Does anyone have an idea for a way to acquire a certificate acceptable to Netscape, perhaps one with a "broken key", that could be used for this purpose? Hal From hallam at w3.org Sun Sep 3 12:52:12 1995 From: hallam at w3.org (hallam at w3.org) Date: Sun, 3 Sep 95 12:52:12 PDT Subject: ASN.1 and Kerberos version 5 In-Reply-To: Message-ID: <9509031951.AA23373@zorch.w3.org> I don't think that the concept of ASN.1 is as bad as Jeff makes out. If it worked then ASN.1 would be very very usefull. But is just plain don't. ASN.1 is worse than useless, it means that a very good idea is rendered unusable because of a baddly botched implementation. The ambiguities of the ASN.1 spec are at least as bad as Jeff makes out. I have attempted to implement an ASN.1 compiler but I have little cofidence in its correctness because the structure of ASN.1 is so unweildy. It is not just ANY that causes problems, IMPLICIT is a complete cock up. ASN.1 is poor because it is unecessarily complex, has little intelectual coherence and has been extended in a manner which conflicts with the original design principle. Is it any coincidence that ASN.1 backwards is the name of a well known organisation? Also the only person who has defended ASN.1 to my face happened to work for that organisation once. So the motto is: ASN.1 - Just say NO! Phill From rsnyder at janet.advsys.com Sun Sep 3 13:17:32 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Sun, 3 Sep 95 13:17:32 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509031948.MAA17974@jobe.shell.portal.com> Message-ID: <199509032018.QAA03382@janet.advsys.com> hfinney at shell.portal.com said: > Does anyone have an idea for a way to acquire a certificate > acceptable to Netscape, perhaps one with a "broken key", that could > be used for this purpose? RSA will give out certificates to individuals; Apple includes a coupon for a free one with their MacOS 7.5 (and 7 Pro) release. There's a program for the Mac (RIPEM Mac) that will convert the keys returned into RIPEM usable PEM-format keys. Isn't that what SSL uses? The only question is what CAs are supported by the browser.... I think the Apple keys are under RSA's Unaffiliated User CA... If there's interest, I'll look further into this. Bob From ylo at cs.hut.fi Sun Sep 3 13:32:00 1995 From: ylo at cs.hut.fi (Tatu Ylonen) Date: Sun, 3 Sep 95 13:32:00 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509030845.CAA00124@wero.byu.edu> Message-ID: <199509032031.XAA22330@shadows.cs.hut.fi> > URL: http://home.netscape.com/info/sslref.html > If anyone knows of any clones or foreign sources please speak up. SSLeay (Eric Young's free SSL implementation from Australia) is available from ftp.psy.uq.oz.au:/pub/Crypto/SSL. For information on other cryptographic software available outside the United States, see http://www.cs.hut.fi/crypto. Tatu From shamrock at netcom.com Sun Sep 3 14:35:50 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 3 Sep 95 14:35:50 PDT Subject: NIST attendee list Message-ID: The dangers of public attendee lists. Some Cypherpunk might match the list against east cost lawyers and break Black Unicorn's nym. -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Sun Sep 3 14:40:59 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 3 Sep 95 14:40:59 PDT Subject: NIST attendee list In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Lucky Green wrote: > Date: Sun, 3 Sep 1995 14:39:38 -0800 > From: Lucky Green > To: cypherpunks at toad.com > Subject: NIST attendee list > > The dangers of public attendee lists. Some Cypherpunk might match the list > against east cost lawyers and break Black Unicorn's nym. > Luckily I've accounted for this. > > -- Lucky Green > PGP encrypted mail preferred. > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From Tim at alia1.demon.co.uk Sun Sep 3 15:15:52 1995 From: Tim at alia1.demon.co.uk (Tim Magee) Date: Sun, 3 Sep 95 15:15:52 PDT Subject: anyone know what this "top secret" code does? Message-ID: <150@alia1.demon.co.uk> In your message dated Saturday 2, September 1995 : > Does anyone remember the scenario someone suggested awhile back that > hypothesized a scheme by the NSA or other TLAs to encourage the use > of WEAK crypto? It involved spreading a lot of F.U.D. about PGP and > other strong crypto methods, followed by the discovery/leak of a > supposedly "strong" crypto algorithm to replace it. If the YFTLA could diffuse actual source of a method *supposedly* stronger than IDEA and get away with it, could they not equally qell get away with planting their man Zimmermann and having him publish PGP with a cunning trapdoor? Let's see, to lend cred to that though they'd probably have to have him arrested on trumped-up charges and generally harassed ... Many people only THINK they know what cynicism means. Seriously: I've not been round long enough to have a good idea how likely my proposed scenario is. You can all probably tell me things about Z's provenance which blow my little theory sky-high. cheers, tim M. -- "Man is born free, and everywhere he is very reasonable." -- Rousseau (roughly) Tim Magee, e-mail: Tim at alia1.demon.co.uk, tel: +44-1225-316785 From jsw at neon.netscape.com Sun Sep 3 15:20:24 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Sun, 3 Sep 95 15:20:24 PDT Subject: A bold ssl idea ? In-Reply-To: <199509031145.VAA12843@oznet02.ozemail.com.au> Message-ID: <42d9lh$mjf@tera.mcom.com> In article <199509031145.VAA12843 at oznet02.ozemail.com.au>, lyalc at ozemail.com.au (lyal collins) writes: > Having watched the discussions of recent of the SSL bruting, it occured to > me that a variation could also be useful. > I understand that setting up RC4 keys is slower that testing for the correct > key (I may have misuderstood this bit). > As a company using SSL can ahve all it's SSL traffic sniffed, from multiple > people accessing, a log can easily be built of message/keys. > Is it considered practical to modify the brutessl code to have multiple > message data, and test each against a key from allocated key space ? > If so, this may mean that perhaps 3 message can be tested against a single > in the time two single keys could be tested against one message. > An an attack scenario, this is a hell of a lot more "efficient" than current > trials have been. I realise this could also be considered a bit of target > for the main purpose of demonstrating weaknesses, and improving techiquess. This technique has been discussed before. It will not work because the 40-bit export version of SSL actually uses 128 bit keys, with 88 of the bits transfered in the clear. The extra 88-bits act as a "salt" to the key. This defeats attempts to do a single key space search for multiple messages. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rrothenb at ic.sunysb.edu Sun Sep 3 15:41:09 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 15:41:09 PDT Subject: LR/SHS src (386 ASM) Message-ID: <199509032235.SAA03213@csws5.ic.sunysb.edu> I have uploaded a copy of lrsha14.zip to the cypherpunks ftp site. It contains source code for a 32-bit implementation of the Secure Hash Algorithm as well as a Luby-Rackoff/SHA cipher in CFB mode, and a sample Turbo Pascal interface for debugging it, etc. -Rob From futplex at pseudonym.com Sun Sep 3 17:35:43 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 17:35:43 PDT Subject: Joel's RSA-t's In-Reply-To: Message-ID: <9509040035.AA28573@cs.umass.edu> Mike writes [re: Perl-RSA T-shirts]: > I just have one problem though... If these things are classified > as a "munition" aka a "weapon" by da fed's how does that affect us down > here in good old Georgia where our legislature has passed a law making > it a crime to be in posession of a weapon anywhere within a hundred yards > or so of school property. Strong crypto is considered to be a munition *for purposes of U.S. export controls*. With respect to possession within the U.S., there aren't any laws stopping you from waving strong cryptography around wherever you like (at least, not yet). -Futplex From vznuri at netcom.com Sun Sep 3 17:55:13 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 17:55:13 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509030434.VAA24841@mycroft.rand.org> Message-ID: <199509040052.RAA25910@netcom10.netcom.com> jim at acm.org: >- By the middle to late 1960's cryptanalysis became less cost effective > than obtaining the information by other means -- wiretaps and so on. but for some reason, the NSA keeps humming along...? perhaps confirming the rule that bureacracies, like bores at parties, persist long after they are relevant? >In the future there will be more radio used for ordinary communications. >Americans are unwilling to pay for secure telephones, but that's not the >case in Europe. I object to this highly. the NSA has very little credible understanding of market forces, IMHO. they are a government agency. they do not understand marketing or human psychology. Clipper, the closest the agency has come to creeping out of the darkness of their coffin, was a total fiasco. the self-destructing director of NSA whats-his-name who as running for that FBI position or whatever is another example of how the inbred spook society has difficulty dealing with anything outside their artificial reality. as for the market viability of cryptographic phones, I think this is duplicity ranging on utter lying that "the US public is not willing to pay for secure phones". this is precisely the baseless rumor and conventional wisdom one would expect the NSA attempt to spread and use to surreptitiously manipulate the natural market direction. every phone company would avoid even introducing a phone model because "after all the public is not willing to pay for encryption". sure, maybe they won't pay for the very finest encryption money can buy, but they can get some pretty awesome bang for minor bucks when it comes to crypto. the fact is, cryptography is becoming EXTREMELY CHEAP. virtually all phones are going to have some high power microprocessor inside that could be used to do semi-decent secure encryption, far better than *nothing*, the current status quo-- *for free*, virtually, because the phone is already going to have some serious horsepower. the whole issue of "signal transformation" is very intrinsic to the existing phone circuitry anyway. extremely secure encryption (i.e. that the NSA is not likely to break at all) is another issue, but again chips are becoming awfully cheap. so I say anyone spreading a rumor that "american public doesn't want encryption or is not willing to pay for it" (esp. in cell phones or whatever) is either: 1. intentionally lying 2. rather clueless 3. making an unwarranted and undemonstrated assumption 4. possibly has an axe to grind-- i.e. axeing widespread public encryption furthermore, the idea that someone from NSA would say something like "the U.S. public doesn't want so-and-so" encryption I find highly repulsive. the NSA's business is based on SUPPRESSING ENCRYPTION. it would be hard to find a more biased and less credible opinion anywhere. the NSA has done the very best job of sabotaging the natural growth of cyberspace by having its slithering tentacles lodged into key areas of influence within our government, while at the same time pretending that it is actually working in our own best interest. -- frankly, I think any anti-encryption sentiment is inherently unpatriotic. you see, there is far more to be gained from widespread encryption than is to be lost from it. the NSA in their anal retentive, freedom-pissing mode will never understand this, or never apprise the situation unbiasedly, but it appears to me to be fairly unequivocal that there are tremendous benefits from the availability of widespread, seamless, invisible encryption. if the NSA released one public report that analyzed the actual cost benefit ratio to *society* of free encryption, that is the day I will scrape a smidgeon of respect for this vile, odious, noxious excuse for a publicly funded institution. but the NSA will never do this, because (1) the NSA can barely stand to address the congress honestly and openly, and virtually never does even this, and so the idea of justifying its existence to the actual public that pays for its spook toys is beyond distasteful to the agency, it would be sacrilegious!! (2) they are incapable of an unbiased opinion on the issue, in fact they are probably not even capable of any opinion that is not duplicitous and inherently self-serving beneath a surface sugar-coating of actual legitimacy, (3) they don't want to admit that their main motive, their raison d'etre, has absolutely nothing to do with maximizing overall public welfare-- it has to do with maximizing their own budget and maximizing intelligence available to their omnipresent tentacles. but thanks, JG, for a look into the dark, squirmy, teeming recesses of some perverted spook's mind. I would thoroughly enjoy any other choice morsels you have to offer about the lies that spooks tell each other to justify their existence. and the ones that they actually believe are by far the most entertaining! --Vlad Nuri From unicorn at access.digex.net Sun Sep 3 18:19:37 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 3 Sep 95 18:19:37 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: On Sun, 3 Sep 1995, Vladimir Z. Nuri wrote: > was a total fiasco. the self-destructing director of NSA whats-his-name > who as running for that FBI position or whatever is another example of how > the inbred spook society has difficulty dealing with anything outside > their artificial reality. Give this man a prize. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From jirib at sweeney.cs.monash.edu.au Sun Sep 3 18:33:40 1995 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Sun, 3 Sep 95 18:33:40 PDT Subject: SSL search attacks In-Reply-To: <9508311728.AA16306@ozymandias.austin.ibm.com> Message-ID: <199509040132.LAA21977@sweeney.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks at toad.com and Scott Brickner Scott Brickner writes: > Jiri Baum writes ... > >Each client could pick a segment at random, check it and then broadcast > >a NAK. Other clients would then know that the segment in question has ... > This only reduces the cost if everyone is playing fair. In practice, ... No worse than fake NAKs to the central server (viz comment below). > >One advantage is that it is not necessary to have a central infinitely > >trusted server. (Nothing personal, but bogus server is an attack.) > > An attack on what? The overall model here is that someone presents ... An attack on the attempt. If the key owner also volunteers a server, then half the CPU cycles will report to that server (and be given useless chunks of keyspace) thus halving the CPU power available to the usual server ("half" in an infinitely naive world, of course). The approach I suggested basically corresponds to everyone maintaining hir own server; servers that trust each other will coordinate. An attacker can of course NAK the key segment, but only those that trust the attacker will take any notice. > My point is that the "random" efforts are no different than everyone > working on the problem independently, each picking a random place to > start and going sequentially from there. The difference is that in this scheme everyone does coordinate, only it's peer-peer rather than client-server. > >NAKs and IGRABs would be weighted by the trust accorded to the entity > >that originated them. > > This is similar to what I outlined yesterday afternoon. Let unsolicited ... I think that's where it came from. I really should provide citations, shouldn't I... ... > Invalid unsolicited NAKs > don't destroy the current search, they only slow it down slightly --- > but less than a fully random effort. Similarly in the peer-peer approach, the effort is coordinated but untrusted NAKs slow it down only slightly. The only "solicited" NAKs will be your own. Hope that makes sense... Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMEpXLSxV6mvvBgf5AQFn2QP/eJ0BlATPHS2xoLoJuHdJYR7Y5gN5scmK DHOby7rGJ3Rj6CZ6PrdkQVf9ckUdmUwhCzAiCi3wnPHPf0gi4rPjLyBpmyTgl8yA q+VqYPkBAflwHqXIsqbxx94PiZayt8b578Qtqoa2jJzjSCKMa8IonWGeztP/xNxa FCmJDocudq4= =r/Hv -----END PGP SIGNATURE----- From vznuri at netcom.com Sun Sep 3 18:33:54 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 18:33:54 PDT Subject: pseudonyms & list health Message-ID: <199509040131.SAA29509@netcom10.netcom.com> P.M. remarked in exasperation a little while ago that he thought that some of the best minds had been lost in list attrition due to high traffic, naming some people who had seemingly dropped from the list (Bill Stewart? Phil Karn?) but what if these people had just stopped subscribing under their clear name? and started using a pseudonym? this brings to light the idea that credibility is hard won, and that it is hard to get, and that people need all the credibility that they can achieve. it seems that virtually all accomplishments are credibility-enhancing, and people only "notch down" their reputation estimations in extreme circumstances. hence, what I am suggesting is that one of the "stable attractors" that TM is always talking about may be a reality in which people pool most of their accomplishments under a single nym. furthermore, they will wish to avoid conflict with other nyms in respect to attribution. isn't this, functionally, the equivalent of the supposed anti-cypherpunk "true names"? now, I'm not suggesting that "if you want to do something in secret, you must have something to hide". (although that seems almost like a tautology to me). but what I am suggesting, is that if you want to get credit, it may pay to pool all your accomplishments under one nym (tracing it to a physical body is a whole separate issue-- the two should not be confused; although the concept of "true names" does tend to blur this distinction). in the case of PM, he thought that because some people ostensibly dropped from the list, the list quality had decreased. but he seemed to be making this conclusion based on their "real identity". what if they were still around, posting under pseudonyms? would he be able to tell? would the signal quality be the same? the point is that people seem to judge list quality based on criteria in which "true names" play a major role. I'm not saying this is the only way to do it, but I am saying that "true names" seem to be very much ingrained into human psychology, particularly in public forums and attributing credit, and the idea that they are wholly irrelevant to most human endeavor is very suspicious, at least deserving more than a few paragraphs of supposed proof. -- another problem with pseudonyms and list noise is the following. first, let me start by saying I think this list approaches the "dysfunctional" level at times when everyone is ranting about each other about staying on topic. there is an awful lot of hostility on this list. maybe people like it, I'm not sure. I'm interested in the sources of this hostility, though, and I think I can identify some good candidates. the list hostility and tension is quite palpable. when TM prefaces many of his posts, and many others do, with frequent apologies about being on topic, I am amazed to see this because I don't see people so self-conscious on other mailing lists. in my opinion, this is where the role of the moderator is absolutely critical. any mailing list with an AWOL moderator is only asking for total chaos, IMHO. in this case I'll use the word "moderator" and "list creator" interchangeably. the best recommendation to everyone who subscribes to the list, and to the moderator, is that THE MODERATOR DETERMINES WHAT IS RELEVANT. that means that no one else has the authority to do this, NO ONE. if you find a post that bothers you, FIRST WRITE THE LIST MODERATOR. ask the LIST MODERATOR to deal with the offending poster. the list moderator should make a judgement when the list is in a "noise" phase and try to be clear about what is relevant to the list and what is not. what this requires is a watchful eye and regular interventions, IMHO. a list where the moderator is never around may seem like a haven, but in my opinion it only turns into a grouch free-for-all subject to regular conflagrations that leave everyone *really* pissed off, as did a recent eruption by TM and PM. now, whenever you see someone write, THIS ISN'T RELEVANT TO THIS LIST!! THIS DOESN'T HAVE ANYTHING TO DO WITH CRYPTO!! IMHO you should gently remind this person in email that THEIR OPINION OF WHAT IS RELEVANT OR NOT IS NOT RELEVANT. tell them to write the list moderator first, IN EMAIL. jamming up the communication medium with meta traffic about what is an is not relevant is absolutely futile and useless and counterproductive and extremely anxiety producing. so, as you can see, IMHO people who are continually making judgements about what is or is not relevant to the list, and posting those opinions, are PART OF THE PROBLEM. (I am reminded of one himself talking about people who are part of the problem and who is part of the solution. well, IMHO, ironically, he is PART OF THE PROBLEM, and for a very obvious and clear reason that even an intelligent child could grasp). -- the Yin to the Yang of all this, however, is that the LIST MODERATOR MUST OCCASIONALLY SHOW HIS FACE and make unambiguous rulings about what is and what is not appropriate, especially when the noise level increases and people start to wonder. the problem with this is a list moderator who likes to use one or two pseudonyms. the pseudonyms may be so secret that not *anyone* on the list is aware of his identity, even close friends. this list moderator may be loathe to ever post under his "true name" or whatever name he used to start the list. anyway, you can see that this whole business of pseudonyms, while perhaps workable, is certainly fraught with pitfalls IMHO. at least in situations of *public forums*, I am going to go out on a limb and say that it is very troublesome. it seems that in any forum, there are people who will try to disrupt the proceedings so to speak. in real life you can throw them out, by identifying their *picture*. in a cyberspace that lacks true identities, you cannot throw out these "problem people". they continually come back to haunt you despite your best attempts to bar them. doesn't that bug you? doesn't that irritate you? doesn't that drive you crazy? or do you like the idea that the person you most hate in life might be posting behind any of the next few messages? and there's nothing you can do about it? because you in fact embrace the capabilities that let him do this, and you're pretty sure you're not a hypocrite? well, just some musings for those who unabashadly promote pseudonyms to contemplate. p.s. in regard to the above, about "people other than the moderator posting judgements about what is and is not relevant to the list", I am not making a judgement about what is and is not relevant on the list. I am making a judgement about making a judgement about what is and what is not relevant on the list. --Vlad Nuri From jim at acm.org Sun Sep 3 18:40:08 1995 From: jim at acm.org (Jim Gillogly) Date: Sun, 3 Sep 95 18:40:08 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: <199509040139.SAA26859@mycroft.rand.org> > jim at acm.org (reporting on R. H. Morris' talk at Crypto '95): > >- By the middle to late 1960's cryptanalysis became less cost effective > > than obtaining the information by other means -- wiretaps and so on. > "Vladimir Z. Nuri" writes: > but for some reason, the NSA keeps humming along...? perhaps > confirming the rule that bureacracies, like bores at parties, > persist long after they are relevant? Evidently they have plenty of other sources to deal with... their SIGINT charter is to read traffic, not necessarily to decrypt traffic. It does seem excessive, though, and it will seem even more excessive once more traffic is encrypted with strong systems and plaintext begins to disappear from the airwaves and wires. It bothers me that the gov't appears to be redefining the role of the intelligence community to be economic spying rather than the military spying that was (I think) justified during the Cold War. Rather than finding ways to justify and maintain current budgets and bureaucracies, why not just cough up the peace dividend? > >In the future there will be more radio used for ordinary communications. > >Americans are unwilling to pay for secure telephones, but that's not the > >case in Europe. > I object to this highly. the NSA has very little credible understanding > of market forces, IMHO. they are a government agency. they do not ... > as for the market viability of cryptographic phones, I think this > is duplicity ranging on utter lying that "the US public is not > willing to pay for secure phones". this is precisely the baseless I misstated his point to some extent here. He was contrasting current buying practices in the U.S. and in Europe, not predicting the future (i.e. not exactly what I said above). In particular, he mentioned GSM in Europe and its success... of course, that doesn't count as strong encryption with the keys evidently being no better than 40 bits worth, but it's a lot better than calling in the clear from your cellular phone. He indicated that Europe has embraced GSM and the US has not (yet) embraced anything equivalent (about which more below). > Clipper, the closest the > agency has come to creeping out of the darkness of their coffin, > was a total fiasco. Clipper wasn't a fiasco from the gov't's point of view if you look at what it prevented rather than what it achieved. By now the DES-based AT&T encryption box might be the US standard if the Gov't hadn't intervened by "incentivizing" them around the time of the Clipper roll-out. It was ready to go and was already in production when Clipper got rushed up. As it is there is now no standard and most traffic is still in clear. If this doesn't reflect a credible and understanding of how the market works, what would? Of course this one can't completely be laid at NSA's door, but it's convenient to think of them as the fount of US crypto policy decisions. > you see, there is far more to be gained from widespread > encryption than is to be lost from it. Agreed. Jim Gillogly Trewesday, 13 Halimath S.R. 1995, 01:26 From vznuri at netcom.com Sun Sep 3 18:52:47 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 18:52:47 PDT Subject: maximizing cryptographic return Message-ID: <199509040149.SAA01359@netcom10.netcom.com> the question of the cost-effectiveness of phone encryption was raised by my other message. I would like to question how cheaply good encryption could be done on phones, with a poor quality microprocessor. most on this list are aware of the idea that good encryption is often used to send a low-bandwidth session key, which is then used to encrypt that session using a less sophisticated but less computationally-demanding algorithm. hence you seem to have good security at a computational price that is less than encrypting everything with the secure protocol. I was wondering how secure the following algorithm would be for phone calls: suppose that at the beginning of each session, the random key is traded using RSA or some other very secure approach. the key is a *random bit width*, say 100-6000 bits. now, my question is, I wonder if some very cheap algorithms, in terms of computation time, could be used for the "on the fly" encryption of the voice using those bit. would XOR with the pad be totally out of line? the situation is such that trivial algorithms such as XOR with *unlimited cyphertext* can be broken quite trivially. but it seems to me this dogma that "XOR is WEAK" is based on the premise that you have a huge amount of cyphertext to play with. take away this premise, that you have a session key that is guaranteed to really give you very little cyphertext, do these supposedly "weak" algorithms then become pretty secure? what I am getting at is that it seems there is this frequent assumption that "good cryptography for on-the-fly encryption means you need huge computational bandwidth". I wonder how true this really is. can you have a situation where you spend a lot of time computationally negotiating the *random one time pad*, but then have a fairly weak algorithm doing the on-the-fly encryption with the random pad? IMHO this would be the holy grail for phone hardware. as I wrote, you are already going to have something approximating the power of a low- bandwidth microprocessor in a phone. now imagine it took a long time to send the key at the beginning, but that once traded it was no big deal-- real time communication using even "weak" algorithms. what I am suggesting here is that we can get encryption for almost *no additional cost* over existing phone hardware. and I am suggesting that the main hurdles to encryption are political, not technical. again, I wonder if "weak" encryption schemes are really that weak if they are only used on short cyphertexts and if you have a good, secure OTP (one time pad). I think it may be a delusion that you must have a huge amount of computational bandwidth or have to encrypt every bit using state-of-the-art, computationally-demanding algorithms to have extremely secure on-the-fly communications. p.s. can someone give a brief summary of the Nautilus and PGP session key / code frameworks? p.p.s. a few footnotes in regard to the previous article. widespread, seamless phone encryption is the NSA's absolute worse nightmare. everything they are doing to prevent cryptography can be thought of as trying to avoid this particular reality configuration. pay special attention how they approach the issue and it will tell you what they fear the most, and what they are trying to do to prevent it. also, Bob Morris said in his talk, acc. to Gillogly, that Europeans *were* willing to pay for encryption in their phones, but those in the US weren't. please expand on that little nugget!! how did you come to that conclusion? why are americans fundamentally different than europeans in regard to the value of encryption? if humans want the same thing in most markets (as the situation of international product marketing generally seems to suggest) does it make you think that something besides the desirability of crypto is at stake here in the localities, such as *politics*? --Vlad Nuri From alanh at infi.net Sun Sep 3 19:03:26 1995 From: alanh at infi.net (Alan Horowitz) Date: Sun, 3 Sep 95 19:03:26 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040139.SAA26859@mycroft.rand.org> Message-ID: "Just cough up the peace dividend". There is no ppeace dividend. There is a massive eco-spill of government debt; quite possibly larger than the GNP capacity of the American economy to repay anytime in the next century. The debt will be bankrupted, in some stealthy manner, hidden by masses of smoke and mirrors. Nothing new here - it's about the only thing that works. For the mosrt recent examples, read up on FDR's confiscation of gold in (?) 1933. Or read the detrails of the currency changeover effected by the occupation authorities in Germany (1947 or 1948). Alan Horowitz alanh at infi.net From vznuri at netcom.com Sun Sep 3 19:15:32 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 3 Sep 95 19:15:32 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040139.SAA26859@mycroft.rand.org> Message-ID: <199509040212.TAA03591@netcom10.netcom.com> JG: >Rather than finding ways to justify and maintain current budgets >and bureaucracies, why not just cough up the peace dividend? taking money from a bureacracy is like the exact opposite of taking candy from a baby. but hell, maybe you could get a job as a spook in their dark tunnels and "show them the light" so to speak. >I misstated his point to some extent here. oh right, any perceived boneheadness on the part of a premiere spook is surely in the eye of the beholder > He indicated >that Europe has embraced GSM and the US has not (yet) embraced anything >equivalent (about which more below). well, thanks for clearing up the assertion but I stand by my rant. (and BTW, thank you for the wonderful opportunity, one must prize every opportunity to get one's blood boiling to know one is alive). the US may very well not have "embraced" any encryption standard because the NSA is trying to THROW A @#$%^&* WRENCH INTO ANY STANDARD THAT IS DEVELOPED. that is EXACTLY WHAT CLIPPER WAS AN ATTEMPT TO DO. y'know that we MAY HAVE WIDESPREAD ENCRYPTION BY NOW if the NSA has not continually interefered with what is normally a NATURAL PROCESS of standards creation in the technological community. Clipper is a black, black mark not only because of what it tried to *introduce*, but also of what it tried to *replace*. again, the fact that we do not have widespread encryption in the U.S. acc. to the NSA reminds me of the anecdote of the murderer going before the court and stating that he deserved leniency because he was an orphan. THE NSA HAS TRIED TO MURDER CRYPTO IN THE U.S. and then say, "gosh!! there's no crypto!! no one has it!! therefore, no one wants it!! why is everyone so angry when we tried to keep it from everyone when nobody wants it"? @#$%^&*!!! again, I suggest that the lack of crypto in the US is due to a *political* situation, and nothing else. the NSA of course would like to deny that, and justify the *political* situation based on something else (such as that people don't really want encryption or that it is not really in the nation's best interests) >Clipper wasn't a fiasco from the gov't's point of view if you look at what >it prevented rather than what it achieved. By now the DES-based AT&T >encryption box might be the US standard if the Gov't hadn't intervened by >"incentivizing" them around the time of the Clipper roll-out. exactly. THE MARKET COULD HAVE BEEN MATURING LONG AGO INSTEAD OF THROWN INTO CONFUSION. we could have been on the path to improving encryption capability. and Clipper is only the product that we *saw* in front of the world. did anything in the Clipper announcement talk about the government collusion with AT&T? it is patently obvious that the NSA has long worked behind the scenes to try to sabotage crypto, and that Clipper was only the most desperate instance that we *heard* about. of course, when there is widespread crypto the NSA will probably try to justify its existence based on the widespread crypto in the world, and take credit for its introduction. "why, after all, Clipper was a major step in introducing good encryption to the masses". @#$%^&* > It was >rady to go and was already in production when Clipper got rushed up. As >it is there is now no standard and most traffic is still in clear. indeed!! true progress!! the government has accomplished its mission of sabotaging privacy!! so Clipper is a tremendous success in sowing fear of the NSA into every American!! in throwing the standards process into total confusion!! JG, let me ask you a question. imagine there was some foreign government agency, say of a totalitarian government, that wanted to prevent the "spread of cyberspace" around the world. don't you think they could be quite effective in killing the Internet as it was growing? it would be quite trivial to insert agent-provacateurs into all the open standards-making Internet conventions. where would we be now if this happened? cryptography is very intrinsic to cyberspace, and it would be quite ubiquitous now if it werent for the reprehensible covert and overt NSA wrench-throwing acts. the NSA is sabotaging the natural growth of cyberspace, uneqivocally. I hope that every person in the NSA who reads about Netscape or uses it, the Web, or the Internet, hangs hi/her head in shame, that he worked in an agency that helped work *against* the reality that created these wonderful embodiments of freedom in communication. >> you see, there is far more to be gained from widespread >> encryption than is to be lost from it. > >Agreed. actually, to tell you the truth I don't consider that a given. it is very well possible that a huge advantage shifts to the terrorists of the world. it very well may be!! but is anyone actually trying to unbiasedly *answer* this question with honest research? of course not. the NSA, the FBI, the whole law enforcement community is in total CYA mode. we have Freeh actually utter at a press conference, "would you feel the same about strong encryption if your daughter was kidnapped by a pedophile?" or whatever his little @#$%^^&* phrase was....anybody remember that slimy epithet of his? for god's sake, could someone in the government do a study of what would *actually happen* if there was widespread encryption, instead of letting the NSA's apparent default idea of "apocalypse now!!!" rule the whole debate?? the NSA is always talking about "the right to communcation balanced with the needs of law enforcement", but have they ever determined what in fact the costs are to society at large? beyond simply ASSUMING that if a policeman complains that he can't tap a phone line, that the world is really going to end tomorrow?!?! has it ever occured to law enforcement agencies that widespread encryption may actually make their lives *easier*?? I could see a situation where this is possible. the police routinely say, "sorry ma'am we can't do anything because our hands are tied". if the police and our government were prevented from any intervention into any area involving cyberspace, perhaps both society and the police would breath a lot easier!! --Vlad Nuri From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sun Sep 3 19:36:17 1995 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sun, 3 Sep 95 19:36:17 PDT Subject: European wilingness to pay ... Message-ID: <199509040220.24023.0@getafix> > also, Bob Morris said in his talk, acc. to Gillogly, that Europeans > *were* willing to pay for encryption in their phones, but those in the > US weren't. please expand on that little nugget!! how did you come Presumably this is a reference to GSM. - pvm From patrick at Verity.COM Sun Sep 3 19:42:08 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Sun, 3 Sep 95 19:42:08 PDT Subject: Crypto '95: Robert Morris Message-ID: <9509040238.AA04342@cantina.verity.com> > So Robert Morris worked for NSA. > Does that mean that the infamous 1988 Internet Worm > was part of a NSA-sponsored intelligence-gathering mission? > No, that was his kid! Imagine his chagrin! Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From sinclai at ecf.toronto.edu Sun Sep 3 20:16:35 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Sun, 3 Sep 95 20:16:35 PDT Subject: maximizing cryptographic return In-Reply-To: <199509040149.SAA01359@netcom10.netcom.com> Message-ID: <95Sep3.231607edt.994@cannon.ecf.toronto.edu> > I was wondering how secure the following algorithm would be for phone > calls: suppose that at the beginning of each session, the random > key is traded using RSA or some other very secure approach. the > key is a *random bit width*, say 100-6000 bits. now, my question is, > I wonder if some very cheap algorithms, in terms of computation time, > could be used for the "on the fly" encryption of the voice using those > bit. would XOR with the pad be totally out of line? > > the situation is such that trivial algorithms such as XOR with *unlimited > cyphertext* can be broken quite trivially. but it seems to me this > dogma that "XOR is WEAK" is based on the premise that you have a huge > amount of cyphertext to play with. take away this premise, that you > have a session key that is guaranteed to really give you very little > cyphertext, do these supposedly "weak" algorithms then become pretty > secure? No, XOR is weak if used even twice. If you XOR the two pieces of cyphertext with each other, you get the two plaintexts XORed. I'd be willing to bet that the human ear can understand two audio signals XORed. Certainly with practice people can understand audio that has been encrypted with frequency inversion. Pre-encryption compression would solve this, but XOR is still very weak. From cme at clark.net Sun Sep 3 20:38:22 1995 From: cme at clark.net (Carl Ellison) Date: Sun, 3 Sep 95 20:38:22 PDT Subject: rump session papers Message-ID: <199509040337.XAA15787@clark.net> I ran out of copies of my rump session paper handouts. So, I put them on my ftp server... ftp://ftp.clark.net/pub/cme/ps/ cepp.ps :: a couple of symmetric modes for block ciphers which I threw out for people to attack.... k1.ps :: Key exchange algorithm K-1 -- with some very suggestive properties. Whit Diffie titled this one "If S-1 is Skipjack, then K-1 is KEA" in the rump session list. I'm not about to make that claim -- but it *does* have some interesting characteristics. Enjoy, Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From futplex at pseudonym.com Sun Sep 3 21:43:14 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 21:43:14 PDT Subject: Wearing RSA shirt to school In-Reply-To: <199509040130.VAA35298@tequesta.gate.net> Message-ID: <9509040443.AA00884@cs.umass.edu> I wrote: > With respect to possession within the U.S., there aren't any > laws stopping you from waving strong cryptography around wherever you like > (at least, not yet). ---- ...and in private email, Jim Ray pointed out that showing the shirt to a foreign national might technically violate ITAR... ---- Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then flashing it at a furriner could constitute a violation. Thanks for the correction. The gist of my previous message remains: No local or state authority in the U.S. (of which I'm aware) classifies strong cryptography as a munition, weapon, etc. I haven't heard of any restrictions on transporting crypto across state lines, either. Unless the Feds start cracking down on high schools, or the Perl-RSA shirt somehow violates some school dress code, (gang colors ? ;) the original questioner need not fret about his son wearing the shirt to school. -Futplex, just another slimy tentacle of the List Maintainer From hfinney at shell.portal.com Sun Sep 3 21:52:26 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 3 Sep 95 21:52:26 PDT Subject: pseudonyms & list health Message-ID: <199509040451.VAA23173@jobe.shell.portal.com> From: "Vladimir Z. Nuri" > hence, what I am suggesting is that one > of the "stable attractors" that TM is always talking about > may be a reality in which people pool most of their accomplishments > under a single nym. furthermore, they will wish to avoid conflict > with other nyms in respect to attribution. > isn't this, functionally, the equivalent of the supposed > anti-cypherpunk "true names"? An interesting point. I have long wished that there would be a form of "credential certificates" which people could give as special signatures on other people's public keys. Then using Chaumian credential technology it would be possible to anonymously transfer these credentials from one pseudonym to another. This is not a perfect solution, of course. Much reputation is informal and simply resides in the opinions held in people's minds. But perhaps if a more structured solution like this became widespread it would help to prevent the "concentration of reputation" which Vlad describes. Along with the usual flames, I occasionally get messages saying nice things about postings I have made, and I sometimes save these in a file called "praise". Here are some excerpts: > Again, thanks for posting some useful information that > actually has *direct relevance to crypto*. > I really enjoyed reading this. It was well written and comprehensive. > Thanks for sharing it. > Nice post! I certainly appreciate these kinds of comments, but it would be even more useful if such messages were expressed as the kinds of certificates I am describing. I wonder whether people would be willing to use a program which would let them issue such "reputation signatures" of various kinds, and display the signatures which were present on keys. Discussion of such schemes has often bogged down in considering the various categories or types of credentials people might want to give. This is somewhat analogous to the "rate-the-net" schemes we have talked about where a similar issue arises if we try to mark pages with a whole range of characteristics so people can judge whether they should let their kids read them. Perhaps the solution needs to be found in simplicity. SurfWatch (as I understand it) gives a simple "thumbs down" to selected web pages. Maybe a simple "endorsement" would be useful as a reputation credential without trying to identify exactly what it is about the person you are endorsing. I could see such a system initially being piggybacked on PGP keys (the signatures would not be understandable by PGP though), although for Chaumian credential transfers the keys have to be specially structured and that would require a new approach. Who would be willing and/or interested enough to use such a system if it existed? Hal From rrothenb at ic.sunysb.edu Sun Sep 3 21:54:45 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 21:54:45 PDT Subject: Oddly enough, Clipper is helpful Message-ID: <199509040454.AAA05091@csws5.ic.sunysb.edu> Despite a few rants about how the NSA has monkeywrenched potential standards for encryption with Clipper (market forces being what they are, even if there were no Clipper we may still have no standard by now...), I think there is oddly a good side to Clipper: the issue has thrown cryptography and security into the public debate, even if marginally. Prior to Clipper, PGP was not featured in national and international features in TV, newspapers and magazines... now a lot of people want their hands on it. People have become aware of communications security issues--very avaerage folks who one might even consider techno-illiterates or luddites are now concerned with the government's ability to listen in and watch them. Think of Clipper as an opportunity to propose something better, as an opportunity to make people more aware of the issue. From tcmay at got.net Sun Sep 3 21:56:43 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 21:56:43 PDT Subject: Clinton's Black Helicopters Over My House! Message-ID: ObConspiracy content: high. They are coming to take me away, take me away! Clinton's black helicopters are swooping low over my house. What should I do? Yes, this has nothing to do with coding in C, or even coding in Java, but it's too good a story not to share with you. My hilltop house, in the Santa Cruz mountains, lies directly between Monterey and San Jose. His Excellency is landing tonight in Monterey--probably has just done so, judging by the sudden increase in air traffic--to dedicate tomorrow a "defense conversion" of the former Fort Ord to "Cal State Monterey Bay," a new state college. (In California there are three tiers of colleges: the 9 campuses of the University of California system (Berkeley, UCLA, UCSC, UCSB, UCSD, etc.), the twenty-some "Cal State" schools, and some ungodly number of Community Colleges.) Anyway, lots of choppers flying directly over my house, at fairly low altitude. Maybe I could spell out a Cypherpunks message in white stones in my driveway, or maybe just a rose? He'll be choppering from Monterey to Alameda tommorrow, after lunch, so I need to think of something to prepare for him. I'm tempted to try to take a photo with my telescope, but the choppers flying with him might think I had a Redeye or Stinger or something from the weapon shops of Isher, and send me back at least a visit by the Praetorians, so I'll avoid "looking dangerous" in my back yard as the choppers pass overhead. (I find it hard to believe what the scribblers are saying, that this is the first visit by a sitting President to Monterey in 100 years. What with Carmel and Big Sur nearby, kind of hard to believe, eh?) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rrothenb at ic.sunysb.edu Sun Sep 3 22:06:16 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Sun, 3 Sep 95 22:06:16 PDT Subject: pseudonyms & list health In-Reply-To: <199509040451.VAA23173@jobe.shell.portal.com> Message-ID: <199509040505.BAA05115@csws5.ic.sunysb.edu> *My* willingness to use such a system would depend on the system. Of course, if you create such a system there will be somebody who uses it... how well and in what circumstances, and how many people, use it, is another matter. My worry is about abuse. One would prefer to save endorsements and find a way to remove thumbs-downs... also how to prevent one from overdoing a thumbs-up or -down certification for a person (either to inflate or de- flate a reputation). In terms of persons, I see this more as an electronic equivalent of medals awards, or those nifty little smiley stickers my second grade teacher used to give. After a while they become meaningless. Systems to rate web-sites, newsgroups, etc. in terms of specific qualities (sexual content, religious sentiment, useful information, technical/skill level of material, size of posts/files, etc.) that showed the given ratings of various organizations or people who were certified to rate on that system would be good... if implemented properly. From tcmay at got.net Sun Sep 3 22:07:51 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 22:07:51 PDT Subject: Wearing RSA shirt to school Message-ID: Grumpiness warning: I have held my tongue the past few months as all of these "this t-shirt has been declared a munition!!!" messages went out, but I can hold my tongue no longer. At 4:43 AM 9/4/95, Futplex wrote: >I wrote: >> With respect to possession within the U.S., there aren't any >> laws stopping you from waving strong cryptography around wherever you like >> (at least, not yet). > >---- >...and in private email, Jim Ray pointed out that showing the shirt to a >foreign national might technically violate ITAR... Nope, no more so than letting a foreign national read Schneier's book is a violation of the ITAR. If you dispute this, ask whether Schneier's book is banned from export (the book, not the optional diskette). It isn't. Nor are other cryptography _books_ banned from export. I'm not minimizing the issue of export of machine-readable code, as in diskettes. But to claim that a blurry, printed on cotton "barcode" is even remotely in the same class as exporting a workable set of cryptographic system routines, or that letting a furriner merely "gaze upon" this blurry barcode, is a violation of the ITARs is laughable. >Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >flashing it at a furriner could constitute a violation. Thanks for the >correction. No. No more so than "flashing" a copy of a crypto book would constitute a violation. > >The gist of my previous message remains: No local or state authority in the >U.S. (of which I'm aware) classifies strong cryptography as a munition, >weapon, etc. I haven't heard of any restrictions on transporting crypto >across state lines, either. Unless the Feds start cracking down on high >schools, or the Perl-RSA shirt somehow violates some school dress code, (gang >colors ? ;) the original questioner need not fret about his son wearing the >shirt to school. It was this series of posts about whether wearing the "munitions t-shirt" near schools was a crime or not that made me think the silly season had arrived. If the t-shirt is a munition, and books are munitions, then libraries must be real "ammunition dumps," ready to explode at any minute. News at 11. Let's get real. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ethridge at Onramp.NET Sun Sep 3 22:12:51 1995 From: ethridge at Onramp.NET (Allen B. Ethridge) Date: Sun, 3 Sep 95 22:12:51 PDT Subject: ASN.1 and Kerberos version 5 Message-ID: >I don't think that the concept of ASN.1 is as bad as Jeff makes out. If it >worked >then ASN.1 would be very very usefull. But is just plain don't. > >ASN.1 is worse than useless, it means that a very good idea is rendered >unusable >because of a baddly botched implementation. > I'm not familiar with ASN.1 except for the occasional short piece in various books. But i was under the impression that it was similar to the language used to define TCAP and ROSE standards. These standards are reasonably well defined. I've gotten to the point where i get annoyed when working with protocols that treat everything like abitrarily organized bits and bytes (like NA Cellular protocols and PGP). So, would use of the language used to define TCAP and ROSE applications be a possibility? I've occasionally thought about developing such a protocol for PGP. allen From tcmay at got.net Sun Sep 3 22:58:32 1995 From: tcmay at got.net (Timothy C. May) Date: Sun, 3 Sep 95 22:58:32 PDT Subject: Reputations and Reading Preferences Message-ID: (This post has a second part, "Using Web Sites to Get Distributed Ratings," which you might want to read even if the first part looks uninteresting.} Hal has some interesting comments, as usual, about how positive feedback about authors can be integrated into mail readers and news readers. (Or at least I took Hal's post as a jumping off point to think about these issues--again.) I've given this some thought recently, but have reached no firm conclusions, except: it's probably not needed by most of us. That is, I have little interest in what others think. If the herd votes that "America's Funniest Home Videos" is their favorite program, or that Jackie Collins is their favorite author, who cares? At least I don't. I don't read stuff on the basis of a "beauty contest." I suspect the same is true of many others. But Hal was perhaps thinking in terms of the more sophisticated approach of creating scoring systems in which a matrix R[u,v] is created, where each element corresponds to the rating of u given by v. On the Cypherpunks list, for example, with more than 500 subscribers, each of the 500 might have a rating of perhaps 100 of the active posters, maybe only the 20 or 30 most active and memorable posters. (That is, many of you 500 readers would not have a meaningful entry, just because you have posted so little.) And more sophisticated models take into account one's reputation given to the views expressed by others. That is, some of those R[u,v] are discounted, some are held in high esteem. This results in a further weighting of the reputations. As an example, Madonna gives a good rating (0.8) to Da Dogg Pound, but I dislike Madonna and her taste, so I weight her rating accordingly. And one can imagine scoring systems in which cumulative ratings are considered. E.g., a lot of people whom I respect like the works of Thomas Pynchon, so I'll give him a try. (I use a simple scoring system in YA-Newswatcher, though it needs more work, IMO.) Things rapidly spin out of control, in terms of the communication needed, the difficulty of getting participation (like a lot of polls, the most thoughtful often are the least likely to respond), and so on. A few years ago on the Extropians list this was a hot topic, and various "rating systems' were proposed. I recall a particularly complex scheme by Alexander Chislenko which purported to solve this problem...unfortunately, it still looked to me to have the essential characteristics of a beauty contest. Fortunately, I can't see the need. Why not? And what's the better alternative? Here's a recipe which seems to work pretty well, and not just for me: * Apply filters based on one's own likes and dislikes. Killfile some posters, skip some threads, etc. * Periodically get inputs from others that one respects, a la book recommendations, movie reviews, etc. This effectively generates what the mass rating scheme would generate, albeit not identically (how could it?). One's favorite posters get read, and one's favorite posters can make some recommendations of other authors one should look at. Informal, but with many emergent advantages. Using Web Sites to Get Distributed Ratings Concretely, one way to do this is for people to do what Eric Blossom is doing with his "Cypherpunks Lite" mailing list. Or with the Web archives that Todd Masco has been running, and that Jay Campbell just started. Imagine: Rudy the Rater sets up a mail-to-Web-site archive, using whatever these folks above are using. Except, he screens the stuff to separate the bad from the good, using whatever criterion he thinks is right. People either use his site, or don't. (A Web site has some logistical advantages over subscribing to various mailing lists which do the same filtering.) Other services emerge with differing rating criteria, different aesthetic standards of goodness, or even different interests. (Some sites could filter out all of the political posts, others could filter out all the programming posts, etc.) Readers could pick the sites they wish to read, and simultaneously be exposed to authors they might have otherwise overlooked. The authors they like, and the filtering of the site operator, create a "clique" (as in math terminology) that effectively is similar to the vector weighting scheme present in the R[u,v] scheme. An advantage of the distributed site model over the R[u,v] model is the lack of any central coordination, the market anarchy of the process. Shared kill files are another possibility. As kill files become more commonly used, they may be traded around, weighted in the same way as described above. Again, I claim that an adequate and workable solution is not to solve the more general problem of everybody rating everyone else, but just of having access to a limited number of killfiles from people one respects. These approaches are doable today. Especially the distributed Web competing "best of" sites. I may do one myself! (If Jay Campbell lets me have Web stuff on his system.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From suedeenim at censored.org Sun Sep 3 23:06:28 1995 From: suedeenim at censored.org (Sue Deenim) Date: Sun, 3 Sep 95 23:06:28 PDT Subject: pseudonyms & list health Message-ID: <199509040606.XAA29059@mailhost.primenet.com> Is this what your looking for? Love Always, Sue Deenim >but what if these people had just stopped subscribing under >their clear name? and started using a pseudonym? > >well, just some musings for those who unabashadly promote pseudonyms >to contemplate. > >--Vlad Nuri > > -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From pfarrell at netcom.com Sun Sep 3 23:11:39 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 3 Sep 95 23:11:39 PDT Subject: Cyphernomicon, and a section on Escrow and Reputations Message-ID: <50697.pfarrell@netcom.com> > I know of a couple of alternative places. I too got tired of Netcom's anon ftp server. An unaltered, ASCII copy of Tim's CP-FAQ is available as http://www.isse.gmu.edu/~pfarrell/crypto/CP-FAQ This is a low usage site, so response should be fine. BTW, there is a page for the DC-area Cypherpunks as http://www.isse.gmu.edu/~pfarrell/dccp/index.html And a guide to every US GovernmentWWW page that I could find (including locations of spook facilities) starting at http://www.isse.gmu.edu/~pfarrell/government/usgov.html Other crypto related resources are available starting at http://www.isse.gmu.edu/~pfarrell/crypto.html Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From futplex at pseudonym.com Sun Sep 3 23:14:09 1995 From: futplex at pseudonym.com (Futplex) Date: Sun, 3 Sep 95 23:14:09 PDT Subject: pseudonyms & list health In-Reply-To: <199509040505.BAA05115@csws5.ic.sunysb.edu> Message-ID: <9509040614.AA01461@cs.umass.edu> Deranged Mutant writes: > My worry is about abuse. One would prefer to save endorsements and find > a way to remove thumbs-downs... also how to prevent one from overdoing a > thumbs-up or -down certification for a person (either to inflate or de- > flate a reputation). A few nuisance lawsuits from people who were given thumbs-downs might do the trick, as with employment recommendations in the U.S. :[ > In terms of persons, I see this more as an electronic equivalent of medals > awards, or those nifty little smiley stickers my second grade teacher used > to give. After a while they become meaningless. ObTim: As in other reputation markets, some people will spread their blessings more liberally than others. They do this at the risk of diluting the worth of each credential granted. It all comes out in the wash. A reviewer named Susan Granger, for example, is known to me as a person who routinely lauds lousy movies. Thus it's simple for me to ignore her positive recommendations (I've yet to see a negative review from her). In fact, when I observe that a new film prominently features her seal of approval in its advertising, I take that fact as an indication of the lack of praise from more discriminating reviewers. So a nominal "positive" credential may be interpreted as an implicit negative credential, depending upon context. OTOH, if I only give digital thumbs-up to a couple of people on the list, those who consider me a reputable appraiser-of-cpunks should find the information relatively useful. I'm sure I can manage to be a harsher critic than your 2nd-grade teacher :} Using e.g. a single 1-10 scale would be highly practical for such purposes, IMHO. -Futplex From starrd at starrd Sun Sep 3 23:19:40 1995 From: starrd at starrd (starrd@iia2.org) Date: Sun, 3 Sep 95 23:19:40 PDT Subject: Direct Socket to Remailer? In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Lance Cottrell wrote: > You should try the telnet port 25 trick. It is amazingly simple (but not > secure). Just "telnet some.machine.com 25" and type help. It will guide you > through it. It is quite informative. Se sure to test it first, sometimes it records who *really* sent it as well as the "forged" return address. Test it by mailing to yourself and then look at all the headers. ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From starrd at starrd Mon Sep 4 00:00:47 1995 From: starrd at starrd (starrd@iia2.org) Date: Mon, 4 Sep 95 00:00:47 PDT Subject: Clinton's Black Helicopters Over My House! In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Timothy C. May wrote: > My hilltop house, in the Santa Cruz mountains, lies directly between > Monterey and San Jose. His Excellency is landing tonight in > Monterey--probably has just done so... > (I find it hard to believe what the scribblers are saying, that this is the > first visit by a sitting President to Monterey in 100 years. What with > Carmel and Big Sur nearby, kind of hard to believe, eh?) Oh shit! There goes the neighborhood! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From liberty at gate.net Mon Sep 4 05:33:18 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 05:33:18 PDT Subject: Wearing RSA shirt to school Message-ID: <199509041203.IAA38469@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim wrote: >At 4:43 AM 9/4/95, Futplex wrote: >>I wrote: >>> With respect to possession within the U.S., there aren't any >>> laws stopping you from waving strong cryptography around wherever you like >>> (at least, not yet). >> >>---- >>...and in private email, Jim Ray pointed out that showing the shirt to a >>foreign national might technically violate ITAR... > >Nope, no more so than letting a foreign national read Schneier's book is a >violation of the ITAR. If you dispute this, ask whether Schneier's book is >banned from export (the book, not the optional diskette). It isn't. Nor are >other cryptography _books_ banned from export. The law doesn't have to be consistent, or to make sense, or be enforced evenhandedly. The law is, after all, not written, or interpreted, or enforced, by partisan Libertarians like me. My private email to Futplex said *may* violate... and I stand by it. [IANAL, though.] Whether or not a law as incontrovertably stupid as ITAR is enforced may depend on the timing of the next election, as we seem to be witnessing in the limbo-state of PRZ. >I'm not minimizing the issue of export of machine-readable code, as in >diskettes. But to claim that a blurry, printed on cotton "barcode" is even >remotely in the same class as exporting a workable set of cryptographic >system routines, or that letting a furriner merely "gaze upon" this blurry >barcode, is a violation of the ITARs is laughable. Yes, but *many* laws are laughable. >>Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >>the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >>flashing it at a furriner could constitute a violation. Thanks for the >>correction. Actually, it was less a correction than me pointing out (yet another) note of uncertainty. James Madison, in Federalist #62 said it best: "What indeed are all the repealing, explaining, and amending laws, which fill and disgrace our voluminous codes, but so many monuments of deficient wisdom." Now, many of us would be more than satisfied to get back to that level of government. I suggest that everyone go have a look at the entire Code of Federal Regulations, before the next election. >the original questioner need not fret about his son wearing the >>shirt to school. I agree that wearing it through Customs on the way to Jamaica would be more problematic, but I live next to a US Customs agent, and he learned about ITAR from me. Here in Miami, Customs has plenty to think about with the various (occasionally venomous) inbound cargo. >It was this series of posts about whether wearing the "munitions t-shirt" >near schools was a crime or not that made me think the silly season had >arrived. It has, a long time ago. Ever watch C-SPAN? JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEro1W1lp8bpvW01AQHKsgP/bhOcCUoksLvbGe/nAKxDqZU8KvibvRFm nQ++Xy3FjDDJrFg1/lgmivtrriuFK/xg4CvKdu+yQ6zJ72pH+92cLivsfHeg+ljZ MPSXfHftaOP7i1e4KajnlC3jBcYbWQnqZRdduIyPXZnfn5xK5bU99c5oceCABtSx UD/Hp9Poqbc= =7tMD -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From jya at pipeline.com Mon Sep 4 05:47:45 1995 From: jya at pipeline.com (John Young) Date: Mon, 4 Sep 95 05:47:45 PDT Subject: MAN_iax Message-ID: <199509041247.IAA05904@pipe4.nyc.pipeline.com> 9-4-95. NYPaper: "Computers Beware! New Type of Virus Is Loose on the Net." A new and deceptively simple type of computer virus, one that can sneak past security devices by hitching rides on electronic mail and other common Internet files, is causing deep concern among computer security officials around the world. Mr. Schmidt of Sun says, "There are criminals in the world and some of them are programmers. With computer networks, they have an amplifying effect that they've never had before. If I were a criminal with a gun, I might attack one person. But with a computer network, I can attack a million people at a time. It's like an atomic bomb." To avert a potential disaster, Mr. Schmidt has enlisted three of the world's top computer security experts, including Tsutomo Shimomura, Dan Farmer and Whitfield Diffie. "Cybervirus Whodunit: Who Creates This Stuff?" Ms. Gordon conducted detailed interviews, by electronic mail, Internet chat, telephone and in person, with more than 60 virus writers. "The virus writer has been characterized by some as a bad, evil, depraved, maniac, terrorist, technopathic, genius gone mad, sociopath." This, she said, "is a gross oversimplification of the situation." "Dick Tracy, Eat Your Heart Out." Move over, Captain Midnight. Heads up, Mata Hari. Now anyone can have a real-life decoder ring. The ring has a computer chip encoded with an identification number that gives the wearer access to secret computer files or locked rooms. The chip transmits your secret ID number or data at the space-age speed of 16,000 bits a second. Triplets: MAN_iax From rsalz at osf.org Mon Sep 4 06:08:36 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 4 Sep 95 06:08:36 PDT Subject: Wearing RSA shirt to school Message-ID: <9509041307.AA20870@sulphur.osf.org> >Let's get real. Yes, please. The head of Sun's network security group is a foreign national. They're doing DES and public key work. :) From raph at CS.Berkeley.EDU Mon Sep 4 06:52:07 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 4 Sep 95 06:52:07 PDT Subject: List of reliable remailers Message-ID: <199509041351.GAA20450@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.taylored.com This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub reord"; $remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post ek reord"; $remailer{"rahul"} = " cpunk pgp hash filter"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"syrinx"} = " cpunk pgp hash cut reord mix post"; $remailer{"ford"} = " cpunk pgp"; $remailer{"hroller"} = " cpunk pgp hash mix cut ek"; $remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord"; $remailer{"crown"} = " cpunk pgp hash latent cut mix ek reord"; $remailer{"robo"} = " cpunk hash mix"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord"; $remailer{"gondolin"} = " cpunk mix hash latent cut ek ksub reord"; $remailer{"rmadillo"} = " mix cpunk pgp hash latent cut"; $remailer{"ncognito"} = " cpunk"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Last ping: Mon 4 Sep 95 4:00:26 PDT remailer email address history latency uptime ----------------------------------------------------------------------- alumni hal at alumni.caltech.edu ***+****--** 12:42 99.99% hacktic remailer at utopia.hacktic.nl ************ 11:36 99.99% hroller hroller at c2.org --********** 9:55 99.99% c2 remail at c2.org --++++++++++ 45:17 99.99% mix mixmaster at remail.obscura.com .---------+- 2:49:48 99.99% flame remailer at flame.alias.net +++++-++++++ 44:09 99.99% spook remailer at spook.alias.net -+-------.- 2:58:30 99.99% syrinx syrinx at c2.org ----------- 1:42:59 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ***++*****-* 23:51 99.96% rmadillo remailer at armadillo.com ++++*+*++ + 1:04:53 99.93% replay remailer at replay.com _***+******* 17:24 99.86% ideath remailer at ideath.goldenbear.com ----- ----- 5:13:51 99.60% ncognito ncognito at gate.net #+**-** ** 6:07 98.99% portal hfinney at shell.portal.com ***+** **** 5:08 98.91% ford remailer at bi-node.zerberus.de *********** 5:15 97.26% extropia remail at extropia.wimsey.com .-.._._ --- 16:38:13 95.81% crown mixmaster at kether.alias.net --- ----- - 4:03:05 95.06% vishnu mixmaster at vishnu.alias.net -----. --- 6:20:56 90.88% robo robo at c2.org -********** 17:00 90.58% rahul homer at rahul.net ******++*+** 7:45 99.99% penet anon at anon.penet.fi ---++++-- ** 3:02:16 87.70% gondolin mixmaster at gondolin.org ---- . 5:35:11 77.43% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From perry at piermont.com Mon Sep 4 06:59:09 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 06:59:09 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: <199509041358.JAA03311@frankenstein.piermont.com> I'm not sure I see the words "cryptography" or any related to them here. It might be an interesting topic, but it probably isn't cypherpunks material. .pm Alan Horowitz writes: > "Just cough up the peace dividend". > > There is no ppeace dividend. There is a massive eco-spill of government > debt; quite possibly larger than the GNP capacity of the American > economy to repay anytime in the next century. > > The debt will be bankrupted, in some stealthy manner, hidden by masses of > smoke and mirrors. Nothing new here - it's about the only thing that > works. For the mosrt recent examples, read up on FDR's confiscation of > gold in (?) 1933. Or read the detrails of the currency changeover > effected by the occupation authorities in Germany (1947 or 1948). > > Alan Horowitz > alanh at infi.net > > From perry at piermont.com Mon Sep 4 07:05:14 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 07:05:14 PDT Subject: Clinton's Black Helicopters Over My House! In-Reply-To: Message-ID: <199509041405.KAA03334@frankenstein.piermont.com> Timothy C. May writes: > ObConspiracy content: high. > > They are coming to take me away, take me away! > > Clinton's black helicopters are swooping low over my house. > > What should I do? > > Yes, this has nothing to do with coding in C, or even coding in Java, but > it's too good a story not to share with you. Actually, it didn't seem like much of a story at all. The president's choppers flew over your place. Big deal. Can we get back to cryptography, please? Or do you want to hear about the time I urinated next to Paul Newman in the bathroom at the Tanglewood Music Festival? .pm PS Yes, have no sense of humor. So sorry. From perry at piermont.com Mon Sep 4 07:13:36 1995 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 4 Sep 95 07:13:36 PDT Subject: Wearing RSA shirt to school In-Reply-To: <9509041307.AA20870@sulphur.osf.org> Message-ID: <199509041413.KAA03364@frankenstein.piermont.com> Rich Salz writes: > >Let's get real. > > Yes, please. > > The head of Sun's network security group is a foreign national. They're > doing DES and public key work. :) Of course, under the law, foreign nationals are US Persons for purposes of the ITAR if they are permanent residents. Perry From frogfarm at yakko.cs.wmich.edu Mon Sep 4 07:26:44 1995 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 4 Sep 95 07:26:44 PDT Subject: Wearing RSA shirt to school In-Reply-To: Message-ID: <199509041426.KAA24551@yakko.cs.wmich.edu> Timothy C. May writes: > Grumpiness warning: I have held my tongue the past few months as all of > these "this t-shirt has been declared a munition!!!" messages went out, but > I can hold my tongue no longer. [...] > It was this series of posts about whether wearing the "munitions t-shirt" > near schools was a crime or not that made me think the silly season had > arrived. If the t-shirt is a munition, and books are munitions, then > libraries must be real "ammunition dumps," ready to explode at any minute. "Printer's ink has been running a race against gunpowder these many, many years. Ink is handicapped, in a way, because you can blow up a man with gunpowder in half a second, while it may take twenty years to blow him up with a book. But the gunpowder destroys itself along with its victim, while a book can keep on exploding for centuries." - Chistopher Morley, _The Haunted Bookshop_ Res ipsa loquitor. -- http://yakko.cs.wmich.edu/~frogfarm ...with that fresh new lemon scent Don't mess with someone unless they mess with you first. .o. "Creating and distributing neurolinguistic viruses since 1969" From cman at communities.com Mon Sep 4 08:14:49 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 4 Sep 95 08:14:49 PDT Subject: Key attributes (was: pseudonyms & list health) Message-ID: If anyone still has the flyer from the Crypto '95 rump session, there was a guy there talking about ANSI standards, and one of the things he mentioned in his talk was work they were doing on "key attributes." I spoke with him afterwards, and we had a lively discussion about this matter; especially with regard to the relationship between key certification and key attributes. I argued that certification is just another kind of attribute, while he is fairly hung up on certificate hierarchies, etc. (Of course, robust and well-implemented attributes couild be used to implement a hierarchical certification structure if that's what was desired, but there seems to be a deep-seated feeling among crypto folks of a certain ilk that such structure needs to be hard-coded into things.) I'll be following up on this matter with him when I am reuinited with my notes, which made an unintended trip to SF, while I only went to Mountain View. > >I could see such a system initially being piggybacked on PGP keys (the >signatures would not be understandable by PGP though), although for >Chaumian credential transfers the keys have to be specially structured >and that would require a new approach. > >Who would be willing and/or interested enough to use such a system if it >existed? > >Hal From johnl at radix.net Mon Sep 4 08:25:49 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 08:25:49 PDT Subject: maximizing cryptographic return Message-ID: <199509041524.LAA15061@saltmine.radix.net> At 06:49 PM 9/3/95 -0700, Vladimir Z. Nuri wrote: >the question of the cost-effectiveness of phone encryption was raised by >my other message. I would like to question how cheaply good encryption >could be done on phones, with a poor quality microprocessor. It doesn't take much of a microprocessor to do real-time encryption and decryption of digitized voice, at least for DES. The problem is the vocoder. A good vocoder needs a fast DSP chip. A custom vocoder chip could cut this cost considerably, look at how cheap data pumps for V.34 modems have become with mass production. If ISDN ever becomes the mass market standard, replacing analog local loops, it would be very inexpensive to add encryption. Even with today's phone system, I can't see why a mass market secure telephone couldn't be built for less than $200. The problem is convincing enough people that they need secure telephones to get that mass market. The secure telephone also needs to be transparent to the users. It should be able to setup a secure connection without requiring the user to press any buttons or know what hardware is at the other end. The voice quality has to be much better than some of the "Donald Duck" quality systems that have been used in the past. -- John A. Limpert johnl at Radix.Net From tcmay at got.net Mon Sep 4 09:11:44 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 4 Sep 95 09:11:44 PDT Subject: pseudonyms & list health Message-ID: At 6:13 AM 9/4/95, Futplex wrote: >Deranged Mutant writes: >> My worry is about abuse. One would prefer to save endorsements and find >> a way to remove thumbs-downs... also how to prevent one from overdoing a >> thumbs-up or -down certification for a person (either to inflate or de- >> flate a reputation). > >A few nuisance lawsuits from people who were given thumbs-downs might do the >trick, as with employment recommendations in the U.S. :[ A good point that deserves further comment. Employers have taken to _saying nothing_ about past employees, for fear of lawsuits by disgruntled job seekers. So much for free speech, courtesy of the American legal system. But as we can't changed the litigious nature of American society (and maybe European society--I don't know), the emphasis ought to be on digital systems and reputations by pseudonyms. Hal's comment about transferring credentials is one approach. Sort of an automated version of "Pr0duct Cypher says the work of Sue D'Nim is good." At this point, not enough pseudonymns to make it very worthwhile, but someday... >ObTim: As in other reputation markets, some people will spread their blessings >more liberally than others. They do this at the risk of diluting the worth of >each credential granted. It all comes out in the wash. > >A reviewer named Susan Granger, for example, is known to me as a person who >routinely lauds lousy movies. Thus it's simple for me to ignore her positive >recommendations (I've yet to see a negative review from her). In fact, when >I observe that a new film prominently features her seal of approval in its >advertising, I take that fact as an indication of the lack of praise from >more discriminating reviewers. So a nominal "positive" credential may be >interpreted as an implicit negative credential, depending upon context. Another good point. I always think: "Ah, they couldn't get either Siskel or Ebert to endorse it." As Futplex notes, endorsements by second- or third-tier endorsers are often a _negative_ endorsement. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From ian at bvsd.k12.co.us Mon Sep 4 09:42:04 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Mon, 4 Sep 95 09:42:04 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509040052.RAA25910@netcom10.netcom.com> Message-ID: <199509041641.KAA26589@bvsd.k12.co.us> > but for some reason, the NSA keeps humming along...? perhaps > confirming the rule that bureacracies, like bores at parties, > persist long after they are relevant? Cryptography is a new science, it may be more effective to break in to an office than to hack in to their computers, but maybe new discoveries will change that. > understand marketing or human psychology. Clipper, the closest the > agency has come to creeping out of the darkness of their coffin, > was a total fiasco. the self-destructing director of NSA whats-his-name > who as running for that FBI position or whatever is another example of how > the inbred spook society has difficulty dealing with anything outside > their artificial reality. I think you are dead wrong. The NSA has mastered the market psychology. Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... the NSA has had a hand in them all. DES is by far the most popular cipher, popular enough that it will takes years and years to switch to something new. As for the clipper "fiasco," I would argue that it was an excellent marketing move. The NSA is aware that there is only a very very small percentage of society the thinks about crypto, with the internet and what have you it is now possible for this minority to be heard, the NSA proposes clipper, and so we all bitch about it because it's only secure against non-government attacks. Now the public hears this and resists clipper. There isn't another product that is winning support that clipper could have had. You step back and look at it, and the public is exactly where they were 5 years ago, no crypto. Clipper was a no lose situation for them, if it is adopted only they can read all transactions made with it, if it isn't adopted, everybody can read all transactions, they didn't lose anything. They have some top minds working for them, it's been proven that they have been a few steps ahead of the public for a long time; it's foolish to think they don't understand the psychology of the market. Just as the public starts to desire something like public key crypto, they can publish a standard on it and it is likely to be adopted. From pfarrell at netcom.com Mon Sep 4 09:55:34 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 4 Sep 95 09:55:34 PDT Subject: Key attributes (was: pseudonyms & list health) Message-ID: <46463.pfarrell@netcom.com> cman at communities.com (Douglas Barnes) writes: > If anyone still has the flyer from the Crypto '95 rump session, > there was a guy there talking about ANSI standards, and one of > the things he mentioned in his talk was work they were doing on > "key attributes." > I spoke with him afterwards, and we had a lively discussion about > this matter; especially with regard to the relationship between > key certification and key attributes. I argued that certification is > just another kind of attribute, while he is fairly hung up on > certificate hierarchies, etc. Did he perchance work for some US Federal Agency such as NIS&T? Or a large corporation? My small PGP key was created at the National Computer Security Conference in 1992. About half the attendees were NSA, and lots more were from assorted defense and civilian agancies. During the free time, I talked to a bunch of them about Phil's web of trust. I had a really hard time understanding with where they were comming from, and they had no clue as to why I thought hierarchical CA chains are so bad. I didn't convince anyone. But I have come to understand that if you spend your entire working life in a job that is structured from the President on down a heirarchy, you can't imagine any other organizational structure. This includes the obvious LEAs such as FBI, ATF, all the Defense folks and sppoks like CIA, DIA, NSA, and the standards "setting" folks out at NIS&T. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From pfarrell at netcom.com Mon Sep 4 09:55:39 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Mon, 4 Sep 95 09:55:39 PDT Subject: Acceptable NIS&T restrictions Message-ID: <46477.pfarrell@netcom.com> If we can break away from t-shirts as munitions... I'm going to the NIS&T session this week. I'm trying to figure out what, if any, part of the process can be made acceptable to those in favor of bringing US policy into the 90s. I'm not sure that this is possilbe. NIS&T published (and it has been reposted to the list and sci.crypt many times) their goals. Can we make suggestions to any that are acceptable and realistic? Here are some of their criteria: "Avoiding multiple encryption -- How can the product be designed so as to prevent doubling (or tripling, etc.) the key space of the algorithm?" CME has been suggesting DES | TRAN | DES | TRAN | DES for years. Can they really _avoid_ (i.e. prevent) this? "Disabling the key escrow mechanism -- How can products be made resistant to alteration that would disable or circumvent the key escrow mechanism? How can the "static patch" problem be avoided? How can this be tested?" This is easy in hardware. Is it even possible in software? "Practical Key Access -- How can mechanisms be designed so that repeated involvement of escrow agents is not required for decryption for multiple files/messages during the specified access period?" At least this has a chance of being real. We need to have a suggestion for expiration times for the escrowed keys. This was a huge problem with the initial Clipper. Is there a reasonable middle ground between long term keys such as PGP uses, and the ephemeral keys of a D-H exchange? "Certified escrow agents -- Can products be designed so that only escrow agents certified by the U.S. government (domestic, or under suitable arrangements, foreign) are utilized? What should be the criteria for an acceptable U.S. escrow agent?" We all know that Tim's Flakey Key Escrow Service is most likely not "an acceptable US escrow agent." But since CKE is a good thing, what are the characteristics of an acceptable service to us? I've added the discussion "topics" that NIS&T sent to participants to my WWW pages if you want to see them all, http://www.isse.gmu.edu/~pfarrell/nistmeeting.html But I expect that most of the criteria that I edited out are unacceptable to most on this list. Without further discussion. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From tcmay at got.net Mon Sep 4 10:09:18 1995 From: tcmay at got.net (Timothy C. May) Date: Mon, 4 Sep 95 10:09:18 PDT Subject: The Dangers of Caribbean Data Havens Message-ID: >From Bruce Sterling in "Islands in the Net" to various reports of data havens and Internet services being set up by actual people, there has been much speculation about using Caribbean islands for data havens. But the infrastructure has been lacking. Low-bandwidth inter-island links. And now yet another huge hurricane is bearing down on the Lesser Antilles, heading directly for Puerto Rico and Hispaniola (Haiti and Dominican Republic). "Outages" lasting days or weeks after these islands get torn up every few years will not go too well with international commerce. Some fixes may help: * higher-bandwidth connections, e.g., undersea fiber. * satellites as primary or secondary connections * more secure on-island facilities, designed to maintain contact with satellites or fibers even with a Force 4 hurricane direct hit. The "regulatory arbitrage" aspects still make using the Islands advantageous (though they can be buffeted by political storms as well as physical ones). At least two current or past Cypherpunks are living in the Islands and working on some schemes. Something to think about. Personally, I think a distributed system based on crypto is a more robust approach, the "Libertaria in Cyberspace" view I've talked about. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From anon-remailer at utopia.hacktic.nl Mon Sep 4 10:25:21 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Mon, 4 Sep 95 10:25:21 PDT Subject: Emergency File Wipe AlgorithimRe: Emergency File Wipe Algorithim Message-ID: <199509041725.TAA12314@utopia.hacktic.nl> When a running computer is seized in some sort of law enforcement raid, what are the chances someone would think to backup the contents of a RAMDISK drive prior to powering it down? From rah at shipwright.com Mon Sep 4 10:42:03 1995 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 4 Sep 95 10:42:03 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: Has anyone heard about this bill? Comments? Cheers, Bob Hettinga >From: glasgow at geoserv.isgs.uiuc.edu (Mary.Glasgow) >Subject: Senate Bill 307 2-tier Money System >Date: 31 Aug 1995 13:54:45 GMT >Organization: University of Illinois at Urbana >Summary: Senate Bill 307 2-Tier Money System >Keywords: Senate Bill 307 2-Tier Money System > >In the Senate of the United States, January 30, 1995, Mr. Leahy introduced >the following bill, which was read twice and referred to the Committee on >Banking, Housing, and Urban Affairs. > >...for purposes of brievty, I will quote only from sections (c) Currency >Exchange and (d) Domestic Use and Nondomestic Use Currency. > >(c) Currency Exchange-- > (1) Plan--Not later than 12 months after the date of enactment of this >section, the Secretary shall devedlop and begin implementation of a plan to >require the exchange of all existing $100 denomination United States currency >held within and outside of the United States for $100 denomination domestic >use and nondomestic use United States currency issued in accordance with this >sectin. > > (2) Exchange Requirements--The plan established under paragraph (1) shall >require the currency to be exchanged-- > (A) at financial institutions regulated under United States law and >subject to United States currency transaction reporting and other money >laundering deterrence requirements; or > (B) at financial institutions that the Secretary finds, because of >treaty obligations, other provisions of law, or other agreements, are >required to report significant transactions in United States currency to >the United States Treasury, and abide by such obligations. > (3) 6-Month Exchange Period-- > (A) In general--During the period beginning on the date that is 12 >months after the date of enactment of this section and ending on the date >that is 18 months after that date of enactment, the Secretary shall permit >the exchange of circulating $100 denomination United States currency for >equal numbers of the domestic use and nondomestic use $100 currency issued >in accordance with this section at institutions described in paragraph (2). > (B) Non-Negotiability--Except for claims pursuant to subsection (e), >beginning on the dat that is 18 months after the date of enactment of this >section, the United States Treasury shall not recognize $100 >denomination >United States currency issued prior to the date that is 12 months after the >date of enactment of this section as constituting a negotiable claim against >the United States Treasury, and such currency shall not constitute legal >tender for any debts, public or private. > >(d) Domestic Use and Nondomestic Use Currency--Beginning on the date that is >18 months after the date of enactment of this section-- > (1) domestic use currency, issued in accordance with this section shall >be recognized as constituting a negotiable claim against the United States >Treasury only when presented within the United States, and shall constitute >legal tender for any debts, public or private, only when presented in the >United States, but such currency may be exchanged for equal values of $100 >denomination nondomestic use currency (or other United States currency) only >at financial institutions regulated by United States law and subject to >United States currency transaction reporting and other money laundering >deterrence requirements; and > (2) nondomestic use currency shall be recognized as constituting a >negotiable claim against the United States Treasure, and legal tender >for >any debts, public or private, only when presented outside of the United >States, but such currency may be exchanged for equal values of $100 >denomination domestic use currency (or other United States currency) at >financial institutions regulated by United States law and subject to >United States currency transaction reporting and other money laundering >deterrence requirements. > ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From kkennedy at mindspring.com Mon Sep 4 10:57:41 1995 From: kkennedy at mindspring.com (Ken Kennedy) Date: Mon, 4 Sep 95 10:57:41 PDT Subject: Helping out on site In-Reply-To: Message-ID: <199509041757.NAA21117@dylan.mindspring.com> On 2 Sep 1995 20:47:04 -0600, you wrote: >On 2 Sep 1995, Dar Scott wrote: > >> >I finished my first release, a megabyte-sized file done in MORE, a powerful >> >outline processor (which enabled me to maintain notes, make >> >cross-references, and generally manage such a huge writing project). I >> >released it last year, and put it in my anonymous ftp account at >> >ftp.netcom.com, in the directory /pub/tc/tcmay, as the file CP-FAQ. Netcom >> >is often very crowded, though. >> >> After several tries I was not able to get this. Has anyone made it >> available in an alternate location? > >Tim mentioned that we're planning on spiffing up the cypherpunks web >site (including using a real web server) and the cyphernomicon is an >obvious candidate for inclusion - depending on how many people help out, >the new site (a quasi-mirror at first, till we get sameer/et al's >go-ahead) should be live within a couple weeks. > >If you're interested in gathering documents, hacking HTML, or anything >else involved in creating/maintaining a web hierarchy, drop me a line. >The space/delivery of the documents we're providing for free, but I >don't have a budget to hire a staff to do things the "right way" (my way :) >for this project. > >-- > Jay Campbell - Regional Operations Manager > -=-=-=-=-=-=- Sense Networking (Santa Cruz Node) edge at you.got.net > "Shoot the Fruit Loop" 408.469.9400 > > Jay: Let me know if I can be of any assistance. I'm no UNIX guru, but I can find my way around, and I can "hack"(literally! :-) ) HMTL (I use the HotDog HTML editor). I've been lurking around the list for awhile now, and this looks like a good opportunity to be "of service". Just let me know, or reply if you have any questions. Thanks. Later, Ken Kennedy or Finger kenzoid at io.com for PGP public key... http://www.io.com/~kenzoid/ From adwestro at ouray.cudenver.edu Mon Sep 4 10:58:47 1995 From: adwestro at ouray.cudenver.edu (Alan Westrope) Date: Mon, 4 Sep 95 10:58:47 PDT Subject: The Dangers of Caribbean Data Havens In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 4 Sep 1995, tcmay at got.net (Timothy C. May) wrote: > From Bruce Sterling in "Islands in the Net" to various reports of data > havens and Internet services being set up by actual people, there has been > much speculation about using Caribbean islands for data havens. > But the infrastructure has been lacking. Low-bandwidth inter-island links. > And now yet another huge hurricane is bearing down on the Lesser Antilles, > heading directly for Puerto Rico and Hispaniola (Haiti and Dominican > Republic). > "Outages" lasting days or weeks after these islands get torn up every few > years will not go too well with international commerce. > Some fixes may help: > * higher-bandwidth connections, e.g., undersea fiber. I don't have the citation handy, but I recall reading that Cable & Wireless has plans to link much of the region via undersea fiber over the next few years. I think it will be a simple North-South line -- Virgin Islands to Trinidad and Tobago or something like that, bypassing the Caymans, etc. The cost of the project is outweighed by the gains of eliminating these recurring weather-related outages. In fact, someone (Duncan?) may have posted the press release here over a year ago. Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEs3CVRRFMq4NZY5AQG1bQP/SpX3Q4oVYy1BZMALu5jCWOZPi9h1DCNn hJQ//+sRstVRhq3Alek2KHqLtO0lJdngD0RO/zrWwfy+49wFjgplyfSpwlVMFPh/ DrUxZcl3yRkfzTt+4pJtrAjuKGz6uKtbMnZ5NlCI19K9csqt2z4Di93nGwQYDG12 RccfMnhsT6Y= =Bcpk -----END PGP SIGNATURE----- From terrell at sam.neosoft.com Mon Sep 4 11:02:38 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Mon, 4 Sep 95 11:02:38 PDT Subject: A problem with anonymity Message-ID: <199509041812.NAA06959@sam.neosoft.com> >To: TCMAY at GOT.NET, CYPHERPUNKS at toad.com >Subject: Re: A problem with anonymity >From: monty.harder at famend.com (MONTY HARDER) > > > But if the escrow agent is anonymous, we simply recurse, moving now to >the question of whether anyone can trust the Anonymous Escrow Agency not >to take the money and run. > >TC> (I mention banks because, when you look at it closely, today's banks can >TC> quite easily claim that a customer made a withdrawal when he didn't. That >TC> they don't says more about the nature of persistent businesses than about >TC> any government oversight or security features. This is a side point, but it >TC> bears keeping in mind that the real world of banks and businesses, etc., is >TC> not fully secure, either. And yet it mostly works pretty well. The reasons >TC> for this are interesting to consider.) > > A bank has $$ invested in impressive-looking buildings, (so that >vanishing into the ether and setting up shop elsewhere is rather >difficult) and several officers whose TrueNames are registered with the >appropriate agencies, so that they may be sued if they pull this >crap. > > While individual stockholders might appreciate the anonymity (and >protection from legal action) of owning stock in a bank or escrow agency >(might just combine the functions, while we're at it), they demand >onymity of the officers with whom they entrust the keys to the >corporation. >Monster at FAmend.Com * > > The real secret is that for most banks the individual transaction is << than the total stream of transactions. Defaulting on a single transaction will show a profit that is miniscule compared to the over-all earnings at stake if the bank's credibility is jeopardized. When banks have gotten into trouble it is frequently when they allow one customer or one transaction to represent a significant share of their business. You have a high probability of being able to trust an escrowee with your $1 if you know he intends to collect commissions on holding $1million for others based on his "trusted" representation. Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From mab at research.att.com Mon Sep 4 12:04:13 1995 From: mab at research.att.com (Matt Blaze) Date: Mon, 4 Sep 95 12:04:13 PDT Subject: my crypto rump session abstract Message-ID: <9509041912.AA06063@merckx.info.att.com> (the one that david sternlight misinterpreted to mean that we had proven that clipper has no back doors): M. Blaze, J. Feigenbaum, F.T. Leighton, "Master Key Cryptosystems", Crypto '95 "rump session" abstract, August 1995. Available as: ftp://research.att.com/dist/mab/mkcs.ps -matt From sandfort at crl.com Mon Sep 4 12:20:27 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 4 Sep 95 12:20:27 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 4 Sep 1995, Robert Hettinga wrote: > Has anyone heard about this bill? Comments? > >(c) Currency Exchange-- > > (1) Plan--Not later than 12 months after the date of enactment of this > >section, the Secretary shall devedlop and begin implementation of a plan to > >require the exchange of all existing $100 denomination United States currency > >held within and outside of the United States for $100 denomination domestic > >use and nondomestic use United States currency issued in accordance with this > >sectin. . . . > > (1) domestic use currency, issued in accordance with this section shall > >be recognized as constituting a negotiable claim against the United States > >Treasury only when presented within the United States, and shall constitute > >legal tender for any debts, public or private, only when presented in the > >United States, . . . > > (2) nondomestic use currency shall be recognized as constituting a > >negotiable claim against the United States Treasure, and legal tender > >for any debts, public or private, only when presented outside of the > >United States, . . . It's obvious that this bill has very little to do with large-scale money laundering, narcotrafficking nor terrorism. All those folks will simply use "domestic use currency" inside or outside of the United States. At worst, it will cause them a one-time problem. Then at whom is the bill really aimed? Average, middle-class Americans, is my guess. Fortunately, it doesn't look too tough to get around. If you have a matress full of C-notes, I suggest you start using them to buy travelers checks--including a few denominated in strong foreign currencies. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ghio at c2.org Mon Sep 4 13:06:17 1995 From: ghio at c2.org (Matthew Ghio) Date: Mon, 4 Sep 95 13:06:17 PDT Subject: alpha.c2.org nymserver source code Message-ID: I have packaged up the source for the nymserver I run on alpha.c2.org, and written a brief description of how to install it. E-mail me if you want it. From jlasser at rwd.goucher.edu Mon Sep 4 13:31:43 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Mon, 4 Sep 95 13:31:43 PDT Subject: The Dangers of Caribbean Data Havens In-Reply-To: Message-ID: On Mon, 4 Sep 1995, Timothy C. May wrote: > >From Bruce Sterling in "Islands in the Net" to various reports of data > havens and Internet services being set up by actual people, there has been > much speculation about using Caribbean islands for data havens. > > But the infrastructure has been lacking. Low-bandwidth inter-island links. [...] > Personally, I think a distributed system based on crypto is a more robust > approach, the "Libertaria in Cyberspace" view I've talked about. For legal purposes, perhaps, set up shop on the Islands. Then have a site somewhere else -- backup of your corporate system, nothing more. And, of course, a net connection -- all for redundancy's sake. If your Euro/American site is merely a mirror of a legal site in another country, and you're the same organization, would it be legal? Hmmmm... this all still needs work... Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From lwp at mail.msen.com Mon Sep 4 14:08:41 1995 From: lwp at mail.msen.com (Lou Poppler) Date: Mon, 4 Sep 95 14:08:41 PDT Subject: pseudonyms & list health In-Reply-To: <199509040451.VAA23173@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 3 Sep 1995 21:51:21 -0700, Hal wrote: } An interesting point. I have long wished that there would be a form of } "credential certificates" which people could give as special signatures } on other people's public keys. Then using Chaumian credential technology } it would be possible to anonymously transfer these credentials from one } pseudonym to another. /.../ } I certainly appreciate these kinds of comments, but it would be even } more useful if such messages were expressed as the kinds of } certificates I am describing. I wonder whether people would be willing } to use a program which would let them issue such "reputation } signatures" of various kinds, and display the signatures which were } present on keys. /.../ } I could see such a system initially being piggybacked on PGP keys (the } signatures would not be understandable by PGP though), although for } Chaumian credential transfers the keys have to be specially structured } and that would require a new approach. When the list was discussing "key as final authority" a while back, Wei Dai posted (on May 31) a program called 'addid' which allows one to add arbitrary strings as user IDs on other peoples' pgp keys. These appear just as though PGP had added them itself, and are signable and displayable by regular old PGP. As an exercise, I grabbed Hal's "insecure key" from the keyserver, and used 'addid' to add a new ID to it, which I then signed. Here's the output of 'pgp -kc 0xcbd301': Key ring: 'pubring.pgp', looking for user ID "0xcbd301". Type bits/keyID Date User ID pub 512/4ECBD301 1994/11/29 Hal writes good posts -- Read them all sig! 2C48CAE9 1995/09/04 Lou Poppler Hal Finney insecure key sig! 58214C37 1994/12/01 Hal Finney <74076.1041 at compuserve.com> (If anyone cares) here is Hal's key cbd301, as summarized above: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAy7bVn8AAAECAPRhqHLha5WFaFQw0/b1Wn8XCuHokjvbEeJbg5UPHs6fBE3i uZTmAY5aFqnFXOdNGackOOTYu3tEGcwsm07L0wEABRG0JkhhbCB3cml0ZXMgZ29v ZCBwb3N0cyAtLSBSZWFkIHRoZW0gYWxsiQCVAwUQMEtYRWpfQFwsSMrpAQFG4gQA gH38LFuPGKo/bP2paTNWdpid9Gq8+xF3/K35I3fj+mgDsRDoGQGiJOzpksqAOYy5 PRKW9lC9vB1kPGoit7L4kjptsVB6MtBJeLnMYDF77CZUj/Sjvcjapbn0pNgFVHd5 AQjD8JJilL9nzjc6C77XUcDMAqoBFDmOsDU0+epzv/m0F0hhbCBGaW5uZXkgaW5z ZWN1cmUga2V5iQCVAwUQLt5K9agTA69YIUw3AQED0gQAoORH1weDQ+L2gefrRauI GLqDlNy0nJQDo5wgdJky5Pd7vUJalwxGuqnQG1QV+ejnRYEN7wEoYQRjv21tTos9 nbUtWAoINrEVjWHpG7AXIRNyoCJtket9mQ2jz9QNTD9Nt8JsedJlqLuT7RMLN1tb /cIYnrBCyuTCek4fRbTYkSU= =xEr2 - -----END PGP PUBLIC KEY BLOCK----- here is my key 48cae9, which signs the above new ID (and this mail): - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAiyLuS0AAAEEALvPIvz5q0PzIEvuAmyIXPz89jG8jB5tcRl5itVNVhvqTL9/ Z+dlfBHvzL5d7FpTj3qPxe7tDFsH/MB1JJV/DhhLSAzvoyg8cEDkFJhwPihrytGK xgTgdO3NYL0Pq5o6Kk86LqVpRO8LamKM9sJgQGn6q9t+vbtHdGpfQFwsSMrpAAUR tB9Mb3UgUG9wcGxlciA8bHdwQG1haWwubXNlbi5jb20+iQCVAwUQL+6zzGpfQFws SMrpAQHAMwQAuzbPEV2JP6nUKKP8v1qRAQELvz4GfH++B6XwzxTmiz65kkfC/uOz LB9MIe/VNrulriTUGI3U0FjfuaSvJLQq92t434NK9/SXAfK6iemq9Bz7Pb8/iuB7 VfMTR8+Yvda8zScX6Rms49zmyOf8vC1n+4C0kJsKSlw+gy8GuaxSLZ6JAJUDBRAv vAPCG46b4I3URvEBAZwfBACNXe36MeaLcJIVvSQz4/1Iz7Iqy8ukS2xoG7fJGPvx DHjDYMn2xFtGF16IRKN8UuIpldfY1fFU5CI9vLCEqd5katbRrnZjcpF2Vp0QC3nP egpDlXYUOe9kwSjIOdUIlCQn0lTIxqGSzT8hCKxn8i0HD1hSa2NtREptf8pUH3Ln Ig== =w+eq - -----END PGP PUBLIC KEY BLOCK----- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Lou Poppler | Doom an evil deed, :: :: http://www.msen.com/~lwp/ | liven a mood. :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEtoa2pfQFwsSMrpAQGDAwQAjrdHWqJSsI5WB9exvJZf21mVZwCjaGuH XlK/e0+i6p3Zf8YYyY3EFP/gwL4191PhB2AG2gD77tI0ijG7GI8gD0nZQc3ZwH/C N+zfgH9OOOVxu5CUKcuSBC8AgIu7RYdKb3WFqA+5QczjaWjKiz5XuviJoUg1QLGD TemyBujRxhE= =RYHl -----END PGP SIGNATURE----- From johnl at radix.net Mon Sep 4 14:12:34 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 14:12:34 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042110.RAA22377@saltmine.radix.net> At 01:41 PM 9/4/95 -0400, Robert Hettinga wrote: >Has anyone heard about this bill? Comments? This idea seems to get proposed every few years. In the past it has been shelved as soon as someone figures out the disaster that would be caused by the resultant decline in the value of the dollar. The U.S. Government has to be nice to foreigners that hold large quantities of dollars and treasury securities, even if it doesn't care about the political consequences at home. -- John A. Limpert johnl at Radix.Net From unicorn at access.digex.net Mon Sep 4 14:14:41 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 14:14:41 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: Message-ID: On Mon, 4 Sep 1995, Sandy Sandfort wrote: > Date: Mon, 4 Sep 1995 11:35:20 -0700 (PDT) > From: Sandy Sandfort > To: Robert Hettinga > Cc: cypherpunks at toad.com > Subject: Re: e$: More fun with cash: Senate Bill 307 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Mon, 4 Sep 1995, Robert Hettinga wrote: > > > Has anyone heard about this bill? Comments? > > > >(c) Currency Exchange-- > > > (1) Plan--Not later than 12 months after the date of enactment of this > > >section, the Secretary shall devedlop and begin implementation of a plan to > > >require the exchange of all existing $100 denomination United States currency > > >held within and outside of the United States for $100 denomination domestic > > >use and nondomestic use United States currency issued in accordance with this > > >sectin. > > . . . > > > > (1) domestic use currency, issued in accordance with this section shall > > >be recognized as constituting a negotiable claim against the United States > > >Treasury only when presented within the United States, and shall constitute > > >legal tender for any debts, public or private, only when presented in the > > >United States, . . . > > > > (2) nondomestic use currency shall be recognized as constituting a > > >negotiable claim against the United States Treasure, and legal tender > > >for any debts, public or private, only when presented outside of the > > >United States, . . . > > It's obvious that this bill has very little to do with large-scale > money laundering, narcotrafficking nor terrorism. All those folks > will simply use "domestic use currency" inside or outside of the > United States. At worst, it will cause them a one-time problem. > > Then at whom is the bill really aimed? Average, middle-class > Americans, is my guess. Fortunately, it doesn't look too tough > to get around. If you have a matress full of C-notes, I suggest > you start using them to buy travelers checks--including a few > denominated in strong foreign currencies. Actually it was aimed at the rumors that Iran had been printing U.S. currency on a large scale and using it abroad. When I say Iran, I mean a government backed program. New York Times had an article on the matter last year. With enough interest I will try to Lexis/Nexus it. While there was some evidence that Iran had indeed been forging notes, the extent was unclear/minimal. Of course, with this kind of rumor there is the issue of confidence in the currency as well as actual threat. The first response was the inset of the polyester and foil thread in the bills (and NO they can't detect quantity as you go through airport sensors, and don't ask me again). The foreign traveller will notice the serious scrutiny all U.S. bills abroad will receive, particular attention paid to the presence of the strip. Many foreign shops will not take U.S. bills which are older and have no strip as a result. This new plan, which is total lunacy of course, and which I expect to fail, but the real zap is on anyone with a spare million in counterfeit or undeclared currency. I might add, try being a tourist in Estonia and presenting U.S. bills that are no good in the U.S. You'll be about as popular as someone in the Midwest with Canadian bills. > > S a n d y > --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From johnl at radix.net Mon Sep 4 14:21:11 1995 From: johnl at radix.net (John A. Limpert) Date: Mon, 4 Sep 95 14:21:11 PDT Subject: The Dangers of Caribbean Data Havens Message-ID: <199509042119.RAA22672@saltmine.radix.net> At 10:19 AM 9/4/95 -0700, Timothy C. May wrote: >"Outages" lasting days or weeks after these islands get torn up every few >years will not go too well with international commerce. I thought there were a number of bank and credit card data entry centers that had already moved to the Carribean. They may not care if the local phone service gets wiped out for several weeks if they have a hardened line to the nearest Cable & Wireless earth station. -- John A. Limpert johnl at Radix.Net From unicorn at access.digex.net Mon Sep 4 14:36:54 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 14:36:54 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509041725.TAA12314@utopia.hacktic.nl> Message-ID: On Mon, 4 Sep 1995, Anonymous wrote: > Date: Mon, 4 Sep 1995 19:25:07 +0200 > From: Anonymous > To: mail2news at utopia.hacktic.nl, cypherpunks at toad.com > Newgroups: alt.security.pgp, alt.politics.org.fbi > Subject: Re: Emergency File Wipe Algorithim > > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? > > Why would you even ask this question? If the odds are > 0 (which they are) they are too high as the solution is simple. A screensaver which shuts down the system entirely if anything but "}" is pressed. If any key but the secret one is pressed by an excited agent, the ramdisk is gone. If the computer is simply powered down, the ramdisk is gone. I suggest, rather than a ramdisk however, an encrypted partition al la CryptDisk or Secure(Drive? Device?). --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From MAILER-DAEMON at access.digex.net Mon Sep 4 14:40:09 1995 From: MAILER-DAEMON at access.digex.net (Mail Delivery Subsystem) Date: Mon, 4 Sep 95 14:40:09 PDT Subject: Returned mail: User unknown Message-ID: <199509042136.RAA18457@access2.digex.net> The original message was received at Mon, 4 Sep 1995 17:35:13 -0400 from unicorn at localhost ----- The following addresses had delivery problems ----- Anonymous (unrecoverable error) ----- Transcript of session follows ----- ... while talking to utopia.hacktic.nl.: >>> RCPT To: <<< 550 ... User unknown 550 Anonymous ... User unknown 451 cypherpunks at toad.com... reply: read error from toad.com. ----- Original message follows ----- To: Anonymous Subject: Re: Emergency File Wipe Algorithim From: Black Unicorn Date: Mon, 4 Sep 1995 17:35:07 -0400 (EDT) cc: mail2news at utopia.hacktic.nl, cypherpunks at toad.com In-Reply-To: <199509041725.TAA12314 at utopia.hacktic.nl> On Mon, 4 Sep 1995, Anonymous wrote: > Date: Mon, 4 Sep 1995 19:25:07 +0200 > From: Anonymous > To: mail2news at utopia.hacktic.nl, cypherpunks at toad.com > Newgroups: alt.security.pgp, alt.politics.org.fbi > Subject: Re: Emergency File Wipe Algorithim > > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? > > Why would you even ask this question? If the odds are > 0 (which they are) they are too high as the solution is simple. A screensaver which shuts down the system entirely if anything but "}" is pressed. If any key but the secret one is pressed by an excited agent, the ramdisk is gone. If the computer is simply powered down, the ramdisk is gone. I suggest, rather than a ramdisk however, an encrypted partition al la CryptDisk or Secure(Drive? Device?). --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From joelm at eskimo.com Mon Sep 4 14:59:35 1995 From: joelm at eskimo.com (Joel McNamara) Date: Mon, 4 Sep 95 14:59:35 PDT Subject: Seattle area Cypherpunks Message-ID: <199509042159.OAA15140@mail.eskimo.com> With the Labor Day weekend/vacation season almost over and a variety of projects completed, I'm going to attempt to jump-start Cypherpunk activities in the Seattle area (the Seattle Cypherpunks sub-list appears to have withered away, so delete this if you're outside the Pacific Northwest). The first order of business is to get an idea of how many people would be interested in meeting some evening, likely toward the end of September. Send me e-mail (please don't reply to the list) with a time and geographic preference as to location. I'm on the Eastside, so will be slightly biased in finding an appropriate meeting place in the Bellevue/Redmond area, unless persuaded otherwise. Also, let me know if you're interested in discussing (or presenting) any specific crypto/privacy/ecash-related topics in a very informal setting. Aside from key signing and general face-to-face networking, I would like to have a few set items on the agenda. Any suggestions welcomed. Based on your responses, I'll do all of the running around and organizational type activities, and follow-up with e-mail and a general announcement to the main list when arrangements are finalized. This is an opportunity to get away from your keyboards and meet other folks who share your interests. Hope to see you later this month. Joel McNamara joelm at eskimo.com - http://www.eskimo.com/~joelm for PGP key Thomas Jefferson used strong crypto, shouldn't you? From cwe at Csli.Stanford.EDU Mon Sep 4 15:17:31 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 15:17:31 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: Message-ID: <199509042217.PAA17498@Csli.Stanford.EDU> Anon writes> > When a running computer is seized in some sort of law enforcement > raid, what are the chances someone would think to backup the > contents of a RAMDISK drive prior to powering it down? Also note the recent posting on sci.crypt by Peter Gutmann about being able to recover data from DRAMs and SRAMs after powerdown. It hits cryptokeys really bad. I suppose this is really academic at the current stage, but that might change. /Christian From liberty at gate.net Mon Sep 4 15:25:40 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 15:25:40 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042224.SAA05533@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: > >Actually it was aimed at the rumors that Iran had been printing U.S. >currency on a large scale and using it abroad. When I say Iran, I mean >a government backed program. New York Times had an article on the matter >last year. With enough interest I will try to Lexis/Nexus it. I had heard that it was the Columbians, branching out from the cocaine business with those fancy new copy machines, which are supposed to be able to duplicate the blue & red threads in US currency paper. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEt7vW1lp8bpvW01AQGnwwQAmPz1SagLoKpAmfUvwyI8GVq8wSOaFH96 vTarz6PxnuNPHhITIAzPeq8EX5N8MexRfHtMbmK0JOxA5L+B+QHP1rTM8mqUbAJh Gg4ZMC9Jzvhq+JENaP8ZG03+pvm1nnZIr8WarY5DJ8FYNMLvDrSUhhWFu7OSo2a+ fS0NKxpm5Ps= =HXa+ -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From thad at hammerhead.com Mon Sep 4 15:43:30 1995 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Mon, 4 Sep 95 15:43:30 PDT Subject: Encrypted desktop videoconferencing Message-ID: <199509042240.PAA01994@hammerhead.com> A friend of mine works for a large input-device company, and they are looking to get into the desktop videoconferencing business. Their current business is extremely competitive on price, and they'd like to do something in desktop videoconferencing that would distinguish them from everybody else. Naturally, I suggested cryptography. I have always thought that the biggest problem introducing crypto to phone conversations was the large amount of cpu speed and software complexity to digitize the audio; that adding the crypto code is relatively minor. Certainly RC4 and IDEA for instance, run very fast. In videoconferencing applications, this audio compression is already being done, so adding the crypto should be almost free. Well, except for licensing costs. I'd really like to use Diffie-Hellman to negotiate a key. Does anyone know how much it would cost to license that from PKP? I'd expect that there would be a one time fee, plus a per-copy-sold fee. Does anybody know - and if so, can they say - if anybody else has added or is adding cryptography to their videoconferencing systems? It seems like such a killer ap that I must be overlooking something. thad -- Thaddeus Beier email: thad at hammerhead.com Technology Development vox: 408) 286-3376 Hammerhead Productions fax: 408) 292-8624 From unicorn at access.digex.net Mon Sep 4 15:48:00 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 15:48:00 PDT Subject: e$: More fun with cash: Senate Bill 307 In-Reply-To: <199509042224.SAA05533@tequesta.gate.net> Message-ID: On Mon, 4 Sep 1995, Jim Ray wrote: > Date: Mon, 04 Sep 1995 18:22:43 -0400 > From: Jim Ray > To: cypherpunks at toad.com > Subject: Re: e$: More fun with cash: Senate Bill 307 > > -----BEGIN PGP SIGNED MESSAGE----- > > Black Unicorn wrote: > > > > > >Actually it was aimed at the rumors that Iran had been printing U.S. > >currency on a large scale and using it abroad. When I say Iran, I mean > >a government backed program. New York Times had an article on the matter > >last year. With enough interest I will try to Lexis/Nexus it. > > I had heard that it was the Columbians, branching out from the cocaine > business with those fancy new copy machines, which are supposed to be > able to duplicate the blue & red threads in US currency paper. > JMR I've not heard anything about this. Any sources? > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Freedom isn't Freeh > > iQCVAwUBMEt7vW1lp8bpvW01AQGnwwQAmPz1SagLoKpAmfUvwyI8GVq8wSOaFH96 > vTarz6PxnuNPHhITIAzPeq8EX5N8MexRfHtMbmK0JOxA5L+B+QHP1rTM8mqUbAJh > Gg4ZMC9Jzvhq+JENaP8ZG03+pvm1nnZIr8WarY5DJ8FYNMLvDrSUhhWFu7OSo2a+ > fS0NKxpm5Ps= > =HXa+ > -----END PGP SIGNATURE----- > Regards, Jim Ray > > See, when the GOVERNMENT spends money, it creates jobs; whereas > when the money is left in the hands of TAXPAYERS, God only knows > what they do with it. Bake it into pies, probably. Anything to > avoid creating jobs. -- Dave Barry > ------------------------------------------------------------------------ > PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 > Key id. # E9BD6D35 James M. Ray > ------------------------------------------------------------------------ > Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf > ________________________________________________________________________ > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From rrothenb at ic.sunysb.edu Mon Sep 4 15:50:01 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Mon, 4 Sep 95 15:50:01 PDT Subject: pseudonyms & list health In-Reply-To: Message-ID: <199509042248.SAA08649@csws5.ic.sunysb.edu> Tim wrote: > At 6:13 AM 9/4/95, Futplex wrote: > >Deranged Mutant writes: > >> My worry is about abuse. One would prefer to save endorsements and find > >> a way to remove thumbs-downs... also how to prevent one from overdoing a > >> thumbs-up or -down certification for a person (either to inflate or de- > >> flate a reputation). > > > >A few nuisance lawsuits from people who were given thumbs-downs might do the > >trick, as with employment recommendations in the U.S. :[ > > A good point that deserves further comment. Employers have taken to _saying > nothing_ about past employees, for fear of lawsuits by disgruntled job > seekers. So much for free speech, courtesy of the American legal system. As a somehow related note, my experience with some past jobs is that in some circumstances the employee turnover rate is high enough that a manager will give a neutral or good rating simply because they have no experience with a previous employee who clearly did not deserve a good rating. Something similar could happen with mailing lists... hardly anyone can remember when a 'newbie' posted to a list a few years ago, irregardless of whether a person is still worth a certain rating after a time. Then again, with a lot of material being archived, it might be easier in some circumstances to review a person's contributions to a list rather than rely on a rating... or maybe send a trusted rater to research an author on the 'net for you rather than maintain a huge database of ratings that will need some form of interpretation. Then again, (as Tim and others noted) there's alws killfiles and manual glossing over of threads, etc. > But as we can't changed the litigious nature of American society (and maybe > European society--I don't know), the emphasis ought to be on digital > systems and reputations by pseudonyms. Litigating in a society of pseudonyms may have it's own problems anyway... (imagining suing a trusted friend of yours who prefers to give you much needed crticisms through a pseudonym so as to protect the friendship... on example off the top of my head)... How can a 'nym be held legally accountable as a non-'nym? -Rob From hallam at w3.org Mon Sep 4 16:11:55 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 4 Sep 95 16:11:55 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509042217.PAA17498@Csli.Stanford.EDU> Message-ID: <9509042310.AA27080@zorch.w3.org> >Also note the recent posting on sci.crypt by Peter Gutmann about being >able to recover data from DRAMs and SRAMs after powerdown. It hits >cryptokeys really bad. If the power is cycled as opposed to turned off only then a memory self test program will probably erase the data. Phill From cwe at Csli.Stanford.EDU Mon Sep 4 16:14:32 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 16:14:32 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: Message-ID: <199509042314.QAA18360@Csli.Stanford.EDU> Someone proposed that one could wipe the memory before power-down, for example during 1 second or something like that. Unfortunately, that wont help, unless I misread the paper. It is effectively the same as if the key had been stored in the cell for 1 second less, nothing else. The only way I can see how to avoid generating "imprints" of more or less static data is to make them non-static. Start circulating them around. One way that springs to mind for keys are to do something like inverting the meaning of the key every x milliseconds. Like this; /* pseudo code */ char master_key[KEYSIZE]; int meaning = ZEROS; void encryption(char *input, char *output); /* implicit master_key */ int using_key = FALSE; main() { input_from_keyboard(master_key); timer(100 ms, flipem()); /* calls flipem every 20 ms */ main_loop(); /* occansionally using encryption() */ } void flipem() { if (using_key) /* risk of never being able to flipem() */ return; /* some kind of semaphored section */ using_key = TRUE; master_key = inverse(master_key); meaning = (!meaning); using_key = FALSE; } void encryption(char *input, char *output) { char real_key[KEYSIZE]; /* must be on stack */ copy_key(real_key, master_key); if (meaning == ONES) invert(real_key); /* recovering real content */ encrypt(input, output, real_key); write_random_key(real_key); /* so "real" key doesn't become imprinted as well. */ } Do don't care about the plaintext in the above. Nor stack content vrey much. Nor about coding style. From liberty at gate.net Mon Sep 4 16:25:30 1995 From: liberty at gate.net (Jim Ray) Date: Mon, 4 Sep 95 16:25:30 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <199509042324.TAA65697@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: >> >> >> > [I said] >> >> I had heard that it was the Columbians, branching out from the cocaine >> business with those fancy new copy machines, which are supposed to be >> able to duplicate the blue & red threads in US currency paper. >> JMR > >I've not heard anything about this. Any sources? Sorry, just my vague memory of a Miami Herald article from a while back. Perhaps someone else on the list is more familiar with good copy-machines. Around here, the Columbian cartels are depicted as very, powerful, with easy payoffs to the highest levels of their country's political and judicial systems, and access to technology such as Motorola's encrypted walkie-talkie (supposedly a restricted-sale item). Of course, US politicians are completely immune to bribes from drug cartels. JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEuHYG1lp8bpvW01AQFTFwP+NhvKkGzuoXVOkd8oKWxFwQm4LvG+DL08 L6i/oXJVq2+AMApc12TS4VT7AS5UKfPp7Gu2pLKt6/G4m6KqLeN8vi31+ssOEBZs PJhCV/GdXBwXCvHM+oklQI4Tref5zzs0Wu+ai2pE3tCt+sVL4t9SeFexhexbjwn3 H6cnT/g79Qs= =NP8N -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From bplib at nic.wat.hookup.net Mon Sep 4 16:27:48 1995 From: bplib at nic.wat.hookup.net (bplib at nic.wat.hookup.net) Date: Mon, 4 Sep 95 16:27:48 PDT Subject: VCRPLUS Huffman code Message-ID: <199509042328.TAA02676@nic.wat.hookup.net> I too would be interested in the VCRPlus code. Has anyone broken it? Tim Philp From cwe at Csli.Stanford.EDU Mon Sep 4 16:38:57 1995 From: cwe at Csli.Stanford.EDU (Christian Wettergren) Date: Mon, 4 Sep 95 16:38:57 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <199509042314.QAA18360@Csli.Stanford.EDU> Message-ID: <199509042338.QAA18782@Csli.Stanford.EDU> FYI. Repost from sci.crypt. It seems as it has expired at some places. /Christian From cman at communities.com Mon Sep 4 16:45:35 1995 From: cman at communities.com (Douglas Barnes) Date: Mon, 4 Sep 95 16:45:35 PDT Subject: Identity Agnostic Online Cash Message-ID: An early draft of a paper based on my comments at the Crypto '95 rump session is available at: http://www.communities.com/paper/agnostic.html Here's the abstract: Abstract: One of the unique aspects of Chaum's blind signature scheme for anonymous transactions is that it is practiced entirely by the side that wants to be anonymous. In a customer-bank relationship, the customer's software practices the technology, not the bank's. Chaum's patent on blind signatures cites as prior art a non-anonymous signature scheme that differs significantly only in steps taken by the "customer" side. An open standard for electronic cash would then allow a bank or other cash issuer to remain agnostic with respect to customer's software blinding or not blinding. Since the bank's software would be practicing technology cited as prior art by Chaum in his patent, and would have a substantial non-infringing use, I argue that the bank would not need to license Chaum's patents, provided the bank itself only provided non-blinding customer software. Here's a review of the talk by Hal Finney... :-) One of the more interesting talks I thought was from cypherpunk Doug Barnes, on "identity agnostic" electronic cash. This is basically an idea for creating a Magic-Money-type electronic cash server without violating Chaum's cash patent. What you do is to run the server and publish a spec it will follow. All the server does is do an RSA signature on the raw data it receives and decrement the user's account accordingly. The user has a choice of doing blinding or not on the signature. Chaum's patent covers the blinding, so if the user wants to do that he should be sure to license the patent or live somewhere it doesn't apply (or ignore it if he figures he's too small potatoes for them to care about). But the server isn't responsible for checking all this. It just does RSA sigs, which is prior art as far as Chaum's patent goes. Users can blind or not, it doesn't care. It is "identity agnostic" as Doug says. The implication is that with an RSA license you could run this kind of bank (online cash) and ignore Chaum's patents, while a horde of end users violate the patents but take safety in numbers and get anonymity. Lawyers like to go after big targets but the servers aren't violating anything. From hallam at w3.org Mon Sep 4 16:48:00 1995 From: hallam at w3.org (hallam at w3.org) Date: Mon, 4 Sep 95 16:48:00 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: <9509042347.AA27160@zorch.w3.org> >I too would be interested in the VCRPlus code. Has anyone broken it? Challenge time ! C'mon - can do this by exhaustive search probably :-) There is a lot of stuff in the satelite tv newsgroups on this topic. I think its an item well worth cracking. Phill From sdw at lig.net Mon Sep 4 17:08:23 1995 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 4 Sep 95 17:08:23 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: It was broken, and I might have the reference in my archives... If I get time I'll find it. > I too would be interested in the VCRPlus code. Has anyone broken it? > Tim Philp > > -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From stewarts at ix.netcom.com Mon Sep 4 17:23:23 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 17:23:23 PDT Subject: Acceptable NIS&T restrictions Message-ID: <199509050019.RAA27055@ix9.ix.netcom.com> At 12:54 PM 9/4/95 -0400, Pat Farrell commented on the NIST's latest proposals for their September meeting on export controls and software with built-in government access to keys (GAK). I'll generally use the terms GAK or master keying rather than escrow, since escrow is a legal term that implies both the willingness of both parties to use it, and also that the escrowed material be delivered only when certain criteria are satisfied, which is out of the scope of almost any proposals I've seen labelling themselves "key escrow", particularly the Clipper system. Material with > and indentation are from the NIST paper; material with just > and 0-1 spaces is Pat's. 64 bits of keyspace is of course hopelessly inadequate for financial transactions - crackerboxes have been designed that allow very rapid breaking of single-DES or short-key RC4, and a useful platform needs to accommodate high-value transactions such as customers access to stockbrokers as well as more limited-value transactions such as credit cards where a $1000 cracking cost makes crime not pay well. The Administration argues that the limitation makes up for the possibility that users may find ways to evade GAK; but users can already do that now. > "Avoiding multiple encryption -- How can the product be > designed so as to prevent doubling (or tripling, etc.) the > key space of the algorithm?" >CME has been suggesting DES | TRAN | DES | TRAN | DES >for years. Can they really _avoid_ (i.e. prevent) this? (CME is Carl Ellison at TIS; tran is a simple transposition system.) Sure - if the software always tacks in master keys any time it does a symmetric-key encryption, and won't/can't decrypt without it, then DES+GAK | DES+GAK | DES+GAK is just as vulnerable to someone with the master key as single DES+GAK - it just takes three separate phases of key forfeiture to decode. (yes, I left out the tran phase; anybody going to that much work is using something other than the built-in encryption, at which point they might as well use non-government-approved encryption themselves.) Does it triple the key space? For people without the master key, yes, though maybe they get some known plaintext. For people with the master key, it depends on your definitions, and maybe _they_ put in some known plaintext that they don't give outsiders, but it probably doesn't lose them much. > "Disabling the key escrow mechanism -- How can products be > made resistant to alteration that would disable or > circumvent the key escrow mechanism? How can the "static > patch" problem be avoided? How can this be tested?" > >This is easy in hardware. Is it even possible in software? Probably. Consider the sort of master-key system where part of the session key isn't transmitted - maybe you do something like hash the user portion of the session key with the hash of the program and feed it to the KeyMaster's public key to get the session key. By the time you put all of that into Pretty Good PatchAround, you might as well just use PGP. > "Practical Key Access -- How can mechanisms be designed so > that repeated involvement of escrow agents is not required > for decryption for multiple files/messages during the > specified access period?" >At least this has a chance of being real. We need to have a suggestion >for expiration times for the escrowed keys. This was a huge problem with the >initial Clipper. Information can't be destroyed, only forgotten, so time-limitation is tough. What you can do is limit the scope of messages that can be decrypted by one trip to the keymaster - the Feds are looking for some mechanism so that any limits like this won't require multiple trips for one bunch of wiretapping. >Is there a reasonable middle ground between long term keys such >as PGP uses, and the ephemeral keys of a D-H exchange? What's reasonable? Some potential models for a PGPng would be - Use separate keys for signatures/keysigning and messages, so you could change your message key frequently while leaving your signature (or at least key-signature) key stable. (This tends to need an extra layer in the web of trust, since you now have two tiers for yourself, but no biggie.) - Diffie-Hellman kind of mechanism to encrypt the keys, with published g, p, g**x mod p, x changing frequently, RSA or DSS or whatever to sign the keyparts - this works better with a more interactive key negotiation so you can use a new x every time (e.g. request directly from the user, though that's difficult for email, or a keyserver that maintains a set of keys to be doled out.) > "Certified escrow agents -- Can products be designed so that > only escrow agents certified by the U.S. government (domestic, > or under suitable arrangements, foreign) are utilized? > What should be the criteria for an acceptable U.S. escrow agent?" The technical and political questions are quite different. Technically, you could have the software require a hierarchical-style certificate for the key-master keys with a US Government CA wired in. It's not totally foolproof - patching the CA is easy unless you've got some sort of checksum on the software. But it's a start, and it's simple enough that either the US could authorize separate versions for France or certify the French government's key-master agency. Also, there's a need for escrow/keymaster agents to be negotiable per-message - since escrow inherently requires the trust of all parties, and probably contractual agreements as well, and government-enforced keymastering may require satisfying multiple governments, parties will persumably have different lists of acceptable keymasters. >We all know that Tim's Flakey Key Escrow Service is most likely not >"an acceptable US escrow agent." But since CKE is a good thing, what >are the characteristics of an acceptable service to us? As far as the political criteria go, I believe the traditional formulation is along the lines of "I am not now, nor have I ever been, a member of...." :-) Establishing criteria is difficult, and depends on whether the whole system will be defined by laws passed by Congress or only by organizational policy; there are also issues of control between the Commerce Department, NIST, NSA, and the State Department. For Commercial Key Escrow, or commercial key-backup services, the criteria are "whoever can be trusted to provide the services the customers want". In this case, of course, the service most customers want is to be left alone, or, failing that, to have the government's Master Key system provide minimal risk to the security of the actual transactions - 64 bit keys are not enough security for any high-valued financial transactions, though they may suffice for credit cards. One required characteristic would appear to be either sufficiently deep pockets to collect judgements for violations of trust or a sufficiently high reputation that violations of trust are not expected. Most of the commercial market for key escrow or backup services fits into three categories - backups for the owner/sender of a file (which they can provide themselves, using techniques like PGP's Encrypt-to-Self option, or file backups with secret-sharing), acknowledgements of transmission (signed hashes would do), and dispute-resolution issues (verifying the contents of a message which may require information from both parties or ephermeral session key information.) Most can be provided by the kind of services currently provided by companies like bonding agencies, emergency backup and offsite storage companies, etc. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From stewarts at ix.netcom.com Mon Sep 4 17:23:55 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 17:23:55 PDT Subject: Basic Public key algorithms. Message-ID: <199509050020.RAA27203@ix9.ix.netcom.com> At 01:01 PM 9/2/95 CDT, droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) wrote: >After doing quite a bit of poking around, I am somewhat discouraged >in my attempts to find a simple *pure* public key encryption method, >without a lot of other stuff wrapped around it. Pure public-key is usually not very useful, since it's rather slow for encrypting big messages by itself. PKP has the patents to all public- key systems until mid-1997, and for RSA until some time like 2001, and Schnorr for longer. Unfortunately, RSAREF (except for one version where they slipped) requires non-commercial users to limit themselves to the published interface or get explicit permission, and the published interface always throws in DES with a random key for encryption. Since you're talking embedded systems, you're probably commercial and high enough volume that the cost for licensing RSA is probably low enough. >What I need is to encrypt between 45 and 55 bits of information >using a public key algorithm in an embedded environment. 45-55 bits may be tough, depending on the constraints of your environment - most public-key systems need 768-1024 bits of key to be reasonably secure, and need to send an output field at least that long to be decodeable. If that's not a problem, you've got some choices. For instance, you could use Diffie-Hellman to create a shared secret, and just XOR that with your material (have the workstation generate a master x, g, and p, and store g**x in your embedded system; choose a random y each time, and send g**y mod p and the first |M| bits of (g**xy mod p) xor M. To do that, you need to store g**x, g, and p, possibly in ROM, and enough code to do modular exponentiation and random number generation; hopefully your system will have some kind of quasi-physical source of randomness. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From microbody at wirepool.ruhr.de Mon Sep 4 17:45:40 1995 From: microbody at wirepool.ruhr.de (Matthias Jordan) Date: Mon, 4 Sep 95 17:45:40 PDT Subject: Q: PGPfone where Message-ID: <5tEkFnD0J2B@blank.wirepool.ruhr.de> Hello, guys! I just want to know where to get PGPfone outside the USA. Ciao! /\/\icroBod\/ |\?/| SoziBits <---- Anschlaege Drogen Waffen / \______/ | I | Falken im Netz RAF ETA KGB LSD XTC BND From monty.harder at famend.com Mon Sep 4 17:47:53 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Mon, 4 Sep 95 17:47:53 PDT Subject: maximizing cryptographic return Message-ID: <8B072A1.00030003E8.uuout@famend.com> VZ> this list are aware of the idea that good encryption is often used VZ> to send a low-bandwidth session key, which is then used to encrypt VZ> that session using a less sophisticated but less computationally-demanding VZ> algorithm. hence you seem to have good security at a computational VZ> price that is less than encrypting everything with the secure protocol. Why must this process be limited to two levels? VZ> I wonder if some very cheap algorithms, in terms of computation time, VZ> could be used for the "on the fly" encryption of the voice using those VZ> bit. would XOR with the pad be totally out of line? The RSA could be used by the caller to precompute the session key to send to the reciever. The session key (IDEA or whatever) could be used to send "subsession keys" which are actually parameters for the PRNGs (use at least two, with different periodic characteristics, and XOR them together) that create the pad for your XOR. The subsession size should be chosen so that very little "clearvoice" is transmitted in each subsession. Perhaps a bit of randomness is in order here, as well. Along with the PRNG parms, a length field, within certain absolute limits. Now the spook doesn't even know where one subsession ends, and the next begins. Add to this the use of a (lossy?) compression engine that can run with little power, and a simple microcontroller (or several cheaper ones in parallel-I can see one master for the session and subsession key management and several slaves to handle the on-the-fly (en)(de)cryption itself) should be able to do the job, fitting the subsession key exchange in right along with the cyphervoice. Ideallly, we could have a box that could pull its power from the phone line, and take touch-tone control inputs. * Long, long ago, in a tagline far far away... --- * Monster at FAmend.Com * From stewarts at ix.netcom.com Mon Sep 4 18:30:48 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 4 Sep 95 18:30:48 PDT Subject: (NOISE) Re: e$: More fun with cash: Senate Bill 307 Message-ID: <199509050127.SAA14037@ix9.ix.netcom.com> >I had heard that it was the Columbians, branching out from the cocaine >business with those fancy new copy machines, which are supposed to be >able to duplicate the blue & red threads in US currency paper. But if the government was _serious_ about supply-side drug-trade reduction, wouldn't they _encourage_ this sort of thing? After all, that way the Colombians can make as much money as they do today without the bother of hauling all that white powder into the US? :-) (Sure, it's a cypherpunk topic, after all real crypto is mainly about economics and threat analysis :-) >See, when the GOVERNMENT spends money, it creates jobs; whereas >when the money is left in the hands of TAXPAYERS, God only knows >what they do with it. Bake it into pies, probably. Anything to >avoid creating jobs. -- Dave Barry #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From vznuri at netcom.com Mon Sep 4 18:56:52 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 4 Sep 95 18:56:52 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509041641.KAA26589@bvsd.k12.co.us> Message-ID: <199509050153.SAA23364@netcom17.netcom.com> >> understand marketing or human psychology. Clipper, the closest the >> agency has come to creeping out of the darkness of their coffin, >> was a total fiasco. the self-destructing director of NSA whats-his-name >> who as running for that FBI position or whatever is another example of how >> the inbred spook society has difficulty dealing with anything outside >> their artificial reality. > >I think you are dead wrong. The NSA has mastered the market psychology. >Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... >the NSA has had a hand in them all. DES is by far the most popular cipher, >popular enough that it will takes years and years to switch to something new. no, I think the NSA is very adept at infiltrating and twisting existing cryptographic market processes to suit their own ends. DES is a good example of this. it was created by IBM largely, and then "manipulated" by the NSA. this is well known and understood. the NSA does not work with standards or markets so much as *interfere* with them. how can you deny this basic premise embraced by virtually everyone on this list? >As for the clipper "fiasco," I would argue that it was an excellent marketing >move. The NSA is aware that there is only a very very small percentage of >society the thinks about crypto, with the internet and what have you it is now >possible for this minority to be heard, the NSA proposes clipper, and so we all >bitch about it because it's only secure against non-government attacks. Now >the public hears this and resists clipper. There isn't another product that is >winning support that clipper could have had. You step back and look at it, and >the public is exactly where they were 5 years ago, no crypto. clearly, the first attempt was to get the public to embrace clipper. lacking that, they have thwarted natural market progression. I agree they have done this. but it's like making a pool shot accidentally and saying, "I meant to do that". the NSA is *not* an agency that has a single clue about *real* markets. they do have a brilliant ability to leverage their political coercion skills to the absolute maximum to *manipulate* and *interfere* and *piss on* newly growing markets. the NSA has screwed up public crypto in uncountable ways. you cannot deny this!! they secretly visit people doing state-of-the-art research and intimidate them into silence or going other directions. they visited Mosaic designers to tell them that the things they were installing in the software were not acceptable legally. of course, any other legal arm of the government would simply sue once the software appeared, but not try to manipulate the design prior to its release. this is the tactics of an *espionage* and *intelligence* agency. surprise!! to say that the NSA understands markets is like saying that thieves understand how to pick pockets. yeah, that's true, but that's not quite how I would have put it. >Clipper was a no lose situation for them, if it is adopted only they can read >all transactions made with it, if it isn't adopted, everybody can read all >transactions, they didn't lose anything. huge amounts of cash and credibility have been WASTED on it. the NSA has lost enormous credibility because of this fiasco. furthermore, the way they tried to hide behind presidential directives is absolutely repugnant to anyone who has a belief in the separation of powers within our government. >They have some top minds working for them, I know, it's a pity they don't get more respectable and socially fulfilling jobs at companies, where they can be publicly rewarded and recognized for their brilliance. >it's been proven that they have been k >a few steps ahead of the public for a long time; it's foolish to think they >don't understand the psychology of the market. they *do* understand the market, only to the extent that they are trying to successfully SABOTAGE what would regularly be it's natural growth. they have been ahead in *theoretical* knowledge, but it was precisely my *point* that this nebulous eggheadism has demonstrably exploded when placed in public scrutiny. do you realize the sheer ability of Microsoft to build software that succeeds in *markets*? Microsoft doesn't care much about Netscape because, as one microsoft engineer remarked, "well, it's strange to talk about market share when you are giving away software for free". well, the NSA is the absolute *opposite* of Microsoft. they don't have a *clue* about true market forces. they do however understand ways in which the government interferes with markets, and they seize on every one of those mechanisms as their lifeblood for control and "shadow/invisible oppression". >Just as the public starts to >desire something like public key crypto, they can publish a standard on it >and it is likely to be adopted. the NSA is quickly losing relevance. the public *does* desire public key crypto, and a defacto standard *has* been created, it's called PGP. if the NSA proposes something in public key areas, it is likely to be pissed on by the public as much as Clipper, in many ways because of the failure of Clipper. clipper in a big sense *was* the NSA's first step toward public key encryption, and it was widely trounced on. face it dude, the NSA has shown far less competence in the public arena than *any* apologist such as yourself can ever demonstrate. From adam at bwh.harvard.edu Mon Sep 4 19:46:28 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 4 Sep 95 19:46:28 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509031948.MAA17974@jobe.shell.portal.com> Message-ID: <199509050246.WAA14488@bwh.harvard.edu> To get a certificate, you need to talk to Verisign, and give them a business plan, a key, and 270 bucks per year to get your key certified. Verisign is a spin off of RSA. | The stumbling block is that Netscape won't connect to even the local | proxy unless it sees a valid certificate, one signed by a CA that it | accepts. For this application I would need such a certificate, and make | the corresponding public and private keys public, hard-coding them into | the proxy. Since the proxy runs on the same PC as the browser there is | no need for confidentiality between them, and the secret key can be | revealed. | | Does anyone have an idea for a way to acquire a certificate acceptable to | Netscape, perhaps one with a "broken key", that could be used for this | purpose? | | Hal | -- "It is seldom that liberty of any kind is lost all at once." -Hume From edgar at highnrg.sbay.org Mon Sep 4 20:19:31 1995 From: edgar at highnrg.sbay.org (Edgar Swank) Date: Mon, 4 Sep 95 20:19:31 PDT Subject: SecureDrive 1.4 Announcement Correction Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It has been brought to my attention that the phone number supplied to me by Michael Paul Johnson for his Catacombs BBS which appeared here in a previous announcement was incorrect. The correct number is 303-772-1062. Other information in the announcement is correct. Edgar Swank SecureDrive Co-Author -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMEtHj94nNf3ah8DHAQGarAP+JVbBj/lwfz6x8+5VXql7y0EopkN0GmxM pq+X5/20hxAotWWK2D99xIile1pxAyVvXVLZnwH8N4xdFFQPwydxxAzgLuURQoum zxZBugrygM/6SAe1hF5hw1Z6YYJeR39g8O25CDY/1eSOIi9MQ1oJ4bdmANjLR2p7 cm7wMIagcyI= =ZRG3 -----END PGP SIGNATURE----- --- edgar at HighNRG.sbay.org Keep Freestyle Alive! From monty.harder at famend.com Mon Sep 4 20:44:01 1995 From: monty.harder at famend.com (MONTY HARDER) Date: Mon, 4 Sep 95 20:44:01 PDT Subject: Emergency File Wipe Algorithim Message-ID: <8B074DD.00030003EA.uuout@famend.com> CW> and relaxation are in the same order of magnitude. Thus, a few microseconds of CW> storing the opposite data to the currently stored value will have little effect CW> on the oxide. Ideally, the oxide should be exposed to as much stress at the Here is a simple way to handle the problem, using our old discredited friend, XOR. Set up your software to periodically XOR the key with FFFF. This way, each bit will be a 0 half the time, and a 1 the other half. You have a flag that tells whether the key is in normal or inverted form, so that you can quickly perform any necessary computations on it, but there should not be any long-term memory effect. * Free will made me do it! --- * Monster at FAmend.Com * From unicorn at access.digex.net Mon Sep 4 20:44:48 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 20:44:48 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: I have received a pile of requests for citations Here are segments of a few. As I typed them all by hand, errors are likely to be mine. My comments follow the articles, so you can stop reading just before them :) ###The San Francisco Examiner March 7, 1995 - Tuesday Global Counterfeiting traced to Tehran [...] For the past five years, so called superbills, crisp $100 Federal Reserve Notes, so perfectly forged that they might be fresh off U.S. government printing presses, have been flooding banks and money markets around the world. The total amount currently in circulation is believe to be $10 Billion or more. Currency officials alarmed. Alarmed Treasury and Federal Reserve Board officials fear the increasing number of such superbills has shaken international confidence in America's currency. [...] >From the moment the new superbills surfaced in 1989, it was clear to the secret service... that these were no ordinary forgeries. Under microscopic examination, they showed only infinitesimal differences from legitimate notes. Most significant, the counterfeits had been printed on presses virtually identical to those used at the Bureau of Engraving and Printing. Secret service investigators concentrated on those nations that had acquired the same kind of intagilo presses. Only two companies sold them on the international market. One was a U.S. company, none of whose overseas customers was considered suspect. The second was a Swiss company, De La Rue Giori. Evidence pointed to Iran By the end of 1991, investigators had eliminated all but one of Giori's clients: the Islamic Republic of Iran. [...] Intelligence agencies uncovered evidence that Iran was not only mass-producing the notes, but had built a world-wide distribution network. Key transshipment points had been established in Lebanon, Syria, Sudan, and North Korea. Ronald de Valderano of Britain's Research Foundation for the Study of Terrorism says practically every Iranian-backed terrorist cell in the world is at least partially supported by the forgeries. The notes most often are used to buy arms or pay operating expenses or are sold on the currency black markets for legal cash. Indeed, when FBI agents searched the residence of suspects arrested for the bombing of New York's World Trade center, they found $20,000 of the forgeries. [...] Critics have for years urged that U.S. currency be better protected against such onslaughts. Last July, the treasury finally announced that changed were planned for U.S. currency, including covert security features. [...] ###The Independent June 19, 1995 - Monday 'Perfect dollar forgeries flood Middle East; The Israeli and Iranian governments top the list of suspects behind the faultless $100 bills. Robert Fisk The Lebanese know how to spot a fake. Fake weapons, fake perfumes, fake diplomatic consuls, fake money. But the latest US $100 bills are a near perfect forgeries as they have seen, many of them accepted happily by Beirut's notoriously suspicious money changers. [...] The bills, dated 1988 but probably forged in Lebanon in the following two years - the last two years of the civil war - are still arriving at the Allied Business Bank at the rate of one a month, often brought in from Cyprus or other Middle East states by Arab clients unaware that they are forged. [Laws of most middle eastern countries make perfect forgeries a capital crime] "Anyone who makes a 'perfect' dollar bill out here is going to get strung up if he's caught," another bank official said. "So the guys who're going to make a perfect note, without any mistakes, are working for a government who will protect them. So a government must be involved, the intelligence services, ministries, the lot." A senior bank official in Lebanon believed that Iran or Israel might be responsible. "When you're producing this kind of high- tech stuff, it's got to have official backing," he said. "If you're spending this kind of money on a 'perfect' forgery, it's for big business - for political parties, arms purchases, for paying militias." He repeated a rumour believed by several other banking officials in Lebanon - that the "perfect" dollars might be coming off counterfeit presses and dollar plates taken into Afghanistan by the Soviet intelligence service during the Soviet occupation; Afghanistan is now divided among militias respectively funded by Saudi Arabia and Iran. [...] "The security thread is the reason why we are alarmed," the senior Lebanese bank official said of the new forgeries. "It's not easy to get the thread in. You put in the thread when you produce the note - it's not printed on, it's embedded in the paper. And it's a real security thread. "We suspect they're being exported to a variety of places: to the US, to the former Soviet Union...." Other bank officials suspect Iran... and suggest that Tehran has used fake currency bills to fund the Hizbollah, Hamas and other armed groups which are opposed to Israeli occupation. ###The Washington Post May 05, 1995 - Friday, Final edition Bogus Bills?; Rumors Persist That Iran Is Counterfeiting U.S. Currency to Sabotage the Economy. Thomas. W. Lippman [...] The allegation that Iran is waging economic warfare against the United States by printing and distributing millions of dollars in phony U.S. currency has been circulating on Capitol Hill at least since 1992, when it was made by a House Republican Task Force on Terrorism and Unconventional Warfare. It might even be true or partly true, according to some sources. There is a problem with counterfeit greenbacks around the world, these sources said. It's just not clear that Iran is responsible for it. The question arose again Tuesday when the irrepressible Rep. Dana Rohrabacher (R-Calif.) asked Assistant Secretary of State Robert Pelletreau about it in an International Relations Committee hearing on the Clinton administration's economic boycott of Iran. Rohrabacher, who spend much of the recent congressional recess traveling in Asia, said he heard about the phony money from many people. "Have you received and credible reports that the Iranians are counterfeiting American money" he asked. Pelletreau, a normally unflappable career diplomat, looked uncomfortable. "I know there is an intense investigation and campaign underway, led by the U.S. Secret Service to uncover all the sources of counterfeiting of American money abroad," he said. "I just am personally not in a position to give you the exact details of what we believe Iranian involvement is in that." "There are many leaders throughout the world... who believe that the American currency is being undermined by an intentional act of economic warfare on the part of the Iranian government... by counterfeiting billions of dollars' worth of U.S. currency," Rohrabacher said. "Am I getting you right that basically you're not denying that this is going on?" "I am not denying it," Pelletreau said. The 1992 GOP report said the fake currency is being printed in the Iranian mint in Tehran, "using equipment and know-how purchased from the U.S. during the reign of the Shah," which ended in 1979.... A Wall Street Journal report at the time said that the phony bills-- whoever was making them-- were so good they could fool sophisticated currency- handling equipment at the Federal Reserve. ###Counterfeiting and Money Laundering Deterrence act of 1995 Patrick Leahy I rise today to introduce the Counterfeiting and Money laundering Deterrence Act of 1995. [...] A number of analysts believe the threat to the U.S. currency is urgent. News reports say that intelligence experts in the U.S. and Israel are aware of a highly skilled group of counterfeiter operating out of Lebanon's Bekaa Valley. The counterfeiters, controlled by Syria and Iran, have turned out as much as $1 billion of the extremely high-quality reproductions of the U.S. $100 bill. [...] First, the bills requires all existing $100 denomination U.S. currency to be exchanged within a 6-month period. This would make drug traffickers who hoard vast amounts of hard currency hard- pressed to convert their existing cash into the new money. If they cannot exchange their funds in the specified time frame, their funds are worthless under the bill. [...] Second, the bill established two new versions of the $100 bill: one for use at home and one for use abroad. The only business that relies on exporting large amounts of hard currency is drug trafficking. This provision would make money smuggled out of the United States worthless, turning the tables on drug traffickers who covertly move money from the streets of this country to foreign bankers who launder it without reporting illicit transaction to the Treasury. A U.S. citizen traveling abroad who wished to bring $100 currency with him would hardly be inconvenienced by this measure: a quick stop at a U.S. bank to convert their greenbacks into differently- colored foreign-use bills would be all that is necessary-- just like purchasing travelers, checks. The only ones who would be inconvienced would be drug traffickers who would hate to exchange their greenbacks for foreign use currency at a U.S. bank because of currency transaction reporting requirements. [...] ### END ARTICLES The presence of counterfeit bills, the legislation to defeat them, and the general sentiment of government in the matter is disturbing for a few reasons. 1. Focus on Surveillance The legislation adopted to defeat counterfeiting is linked with the four horsemen quite closely. The solution, instead of making the bills difficult to forge like they should have been in the first place (U.S. bills are currently the easiest to forge of western nations- and counterfeit bills are long lived as currency changes are unheard of in the U.S.) is to create a regime where an additional tier of reporting is required. It seems the first answer to every "problem" (read: every element which might allow citizen autonomy) now is to link it to money laundering and terrorism and drop a blanket solution over it which without fail includes highlevel reporting or tracking elements. (Anyone seen this before with the... oh, I dunno, strong encryption issue?) 2. The demonization of cash. I have written here before on the increasing difficulty with which one uses cash without suspicion in the United States. It has come to the point where money, in any amount, won't buy you everything anymore. Many products and services are available ONLY by credit or credit card- and by extension, available only to traceable transactions. Is it any wonder Americans have one of the lowest ratios of income to debt in the world today? "They" would have you believe that cash is nothing but a tool for the four horsemen. I am most disturbed in this context by the way the act is financed- i.e. by the extinguished obligations from unexchanged currency. Does this measure sound ominous to anyone but me? 3. The corruption of e-cash to further the above. If the government is disturbed by the laundering of money enough to actually print, or even propose printing, two kinds of currency, how will they respond to untraceable, unaccountable and infinitely liquid e-cash? I think the answer is in past behavior: e-cash will be linked to the four horsemen and subjected to rigorous reporting requirements- systems which are true e-cash will be banned. At the same time the widespread presence and use of e-cash will be used to question anyone who uses physical currency. The death of cash continues as it were. Why would anyone carry bills anymore when a plastic smartcard (or your highschool ring) is so much more convenient? You must have something to hide. No, good citizen units will WANT to use "e- cash" because they are honest, and know the government means them no harm and is here to protect them from the four horsemen. The cash is dead, long live the king. 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From jamesd at echeque.com Mon Sep 4 20:48:12 1995 From: jamesd at echeque.com (James A. Donald) Date: Mon, 4 Sep 95 20:48:12 PDT Subject: A problem with anonymity Message-ID: <199509050347.UAA09032@blob.best.net> At 06:40 PM 9/2/95 +1300, David Murray wrote: > I still think that, because of > the (perfect) ease with which net.rep's are transferrable/cash-in-able, > the chances you take in the digital domain are so much higher as to be > (almost?) qualatatively different. Then good names will have sufficient cash value, that their owners will be deeply reluctant to damage those good names. Obviously if one can obtain a good name cheaply, then in might be profitable to misuse it. In which case we swiftly run short of good names, and they become expensive. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jsimmons at goblin.punk.net Mon Sep 4 20:51:06 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Mon, 4 Sep 95 20:51:06 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050153.SAA23364@netcom17.netcom.com> Message-ID: <199509050348.UAA19868@goblin.punk.net> > > > >> understand marketing or human psychology. Clipper, the closest the > >> agency has come to creeping out of the darkness of their coffin, > >> was a total fiasco. the self-destructing director of NSA whats-his-name > >> who as running for that FBI position or whatever is another example of how > >> the inbred spook society has difficulty dealing with anything outside > >> their artificial reality. > > > >I think you are dead wrong. The NSA has mastered the market psychology. > >Who has defined all of the most popular standards? DES, DSS, ElGamal, SHS... > >the NSA has had a hand in them all. DES is by far the most popular cipher, > >popular enough that it will takes years and years to switch to something new. > > no, I think the NSA is very adept at infiltrating and twisting existing > cryptographic market processes to suit their own ends. DES is a good example > of this. it was created by IBM largely, and then "manipulated" by the > NSA. this is well known and understood. the NSA does not work with standards > or markets so much as *interfere* with them. how can you deny this basic > premise embraced by virtually everyone on this list? > The NSA doesn't really bother me all that much, because all they've managed up to now is to slow things down (by about 3 hrs. in the case of PGPhone). But what happens when someone who HAS mastered market psychology gets into the game? Here's a prediction: within one year, we will see the advent of Micro$oft's "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by Micro$oft itself, or a flat-out trap door. ANY communications with a Windoze box or network will have to use it, or loose the market. About the same time, Justice will suddenly 'loose interest' in its various investigations of M$. Micro$oft will probably give it away for free as part of the Windows 95.702 upgrade. At this point, the NSA's 'speed bump' becomes Micro$oft's 'brick wall'. And while some of us will continue to use PGP and other strong crypto, the average American will have kissed off ALL of her privacy to the tune of "... you make a grown man cry." -- Jeff Simmons jsimmons at goblin.punk.net From unicorn at access.digex.net Mon Sep 4 21:01:44 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 4 Sep 95 21:01:44 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050348.UAA19868@goblin.punk.net> Message-ID: On Mon, 4 Sep 1995, Jeff Simmons wrote: > Date: Mon, 4 Sep 1995 20:48:51 -0700 (PDT) > From: Jeff Simmons > To: cypherpunks at toad.com > Subject: Re: NSA says Joe Sixpack won't buy crypto > > Here's a prediction: within one year, we will see the advent of Micro$oft's > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > Micro$oft itself, or a flat-out trap door. ANY communications with a > Windoze box or network will have to use it, or loose the market. It's here already. It's called "lotus notes." > About the > same time, Justice will suddenly 'loose interest' in its various > investigations of M$. Micro$oft will probably give it away for free as part > of the Windows 95.702 upgrade. Wait a few months. Justice is boring of the investigation even now. > -- > Jeff Simmons jsimmons at goblin.punk.net > --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From ian at bvsd.k12.co.us Mon Sep 4 21:16:04 1995 From: ian at bvsd.k12.co.us (Ian S. Nelson) Date: Mon, 4 Sep 95 21:16:04 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509050153.SAA23364@netcom17.netcom.com> Message-ID: <199509050415.WAA05593@bvsd.k12.co.us> > no, I think the NSA is very adept at infiltrating and twisting existing > cryptographic market processes to suit their own ends. DES is a good example > of this. it was created by IBM largely, and then "manipulated" by the > NSA. this is well known and understood. the NSA does not work with standards Well known that the NSA manipulated DES? How so? I am willing to believe that they had a lot of say in it and they probably wanted it weakened, but I think you'll be very hard pressed to find proof of that. Based on some of the analysis of lucifer, it could be said that IBM weakened the key space to because that was a side effect of adding strength to the overall cipher. Keyspace is just about the only weakness of DES, I don't think that can be said about lucifer. > or markets so much as *interfere* with them. how can you deny this basic > premise embraced by virtually everyone on this list? Interference is just noise, the NSA has pretty much pushed the market where they want it to go. If you think that is just "interference" then we use the word differently. > clearly, the first attempt was to get the public to embrace clipper. lacking > that, they have thwarted natural market progression. I agree they have > done this. but it's like making a pool shot accidentally and saying, > "I meant to do that". the NSA is *not* an agency that has a single clue > about *real* markets. they do have a brilliant ability to leverage their > political coercion skills to the absolute maximum to *manipulate* and > *interfere* and *piss on* newly growing markets. If they are as powerful as we both seem to think (easily "interfering" with markets and screwing the public for decades) how can you underestimate them like that? If they are actually spying on us, then they know what moves we'll make and they can always head that off, it's not slop pool. If they aren't then I don't know what I'm supposed to hold against them, I don't have to use their standards unless I wish to export stuff. > > the NSA has screwed > up public crypto in uncountable ways. you cannot deny this!! they secretly This is true, they make long term industry standards that are short lived. DES's keyspace was far too small. Escrow isn't a great idea (excpet for signatures) ITAR is bullshit. > visit people doing state-of-the-art research and intimidate them into > silence or going other directions. they visited Mosaic designers to tell > them that the things they were installing in the software were not > acceptable legally. of course, any other legal arm of the government > would simply sue once the software appeared, but not try to manipulate > the design prior to its release. this is the tactics of an *espionage* > and *intelligence* agency. surprise!! This is all hearsay. I doubt that the mosaic designers have had any contact with the NSA unless they invented a significant new cryptographic technology, all Netscape/Mosaic have done is implement existing technology. They even implemented SSL with the 40bit exportable key size using rc4, which is what the law says you are supposed to do. Any netscape employees want to dispute this and tell me about your encounters with the NSA? > huge amounts of cash and credibility have been WASTED on it. the NSA has > lost enormous credibility because of this fiasco. furthermore, the way > they tried to hide behind presidential directives is absolutely repugnant > to anyone who has a belief in the separation of powers within our > government. They have only lost credibility to the cryptographic community, where they already had very little credibilty. This is the point that we all tend to overlook. Joe SixPack, doesn't know much about the NSA or cryptography, when first told about them he tends to think that they are their to protect him and doesn't think of them as an enemy. The biggest accomplishment of the clipper thing is that nobody (very few at least) are using secure public key crypto and the few new people to the issue have no idea who to trust now. If their job is to listen to tranmitions, then their money was well spent because there aren't many secure transmitions right now. and since everybody is scared about it there aren't likely going to be a lot of secure transmitions real soon. > do you realize the sheer ability of Microsoft to build software that > succeeds in *markets*? Microsoft doesn't care much about Netscape > because, as one microsoft engineer remarked, "well, it's strange > to talk about market share when you are giving away software for free". > well, the NSA is the absolute *opposite* of Microsoft. they don't > have a *clue* about true market forces. they do however understand > ways in which the government interferes with markets, and they seize > on every one of those mechanisms as their lifeblood for control > and "shadow/invisible oppression". I disagree, the NSA and MS have a lot in common, they both have defined shoddy standards that we are all using for one part of our life or other. We will have to put up with both of them for a long time and both of them are anticompetitive. If market forces were so much more powerful than the NSA can understand, then why the hell are all the banks in the world depending on DES? > the NSA is quickly losing relevance. the public *does* desire public > key crypto, and a defacto standard *has* been created, it's called PGP. > if the NSA proposes something in public key areas, it is likely to > be pissed on by the public as much as Clipper, in many ways because > of the failure of Clipper. clipper in a big sense *was* the NSA's first > step toward public key encryption, and it was widely trounced on. The NSA is only losing relevance with us, how many average folks even know what clipper was? We could even disregard the average people and just ask the computer users, how many of those 80million windows users know about clipper? If it is enough for the NSA to "lose relevance" I would think this list with be many times larger than it is. > > face it dude, the NSA has shown far less competence in the public arena > than *any* apologist such as yourself can ever demonstrate. > I take offence at that, I am not an apologist, I'm just trying to show the other side. We can't fight the NSA if we are all blind to what they do in the general public's eyes. For what it's worth, I can't think of a major commercial product that uses cryptography that hasn't had the NSA's hands in it; that is pretty damn competent if you ask me. From hfinney at shell.portal.com Mon Sep 4 21:19:00 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 4 Sep 95 21:19:00 PDT Subject: SSLRef (SSLtelnet) Message-ID: <199509050417.VAA05211@jobe.shell.portal.com> From: Adam Shostack > To get a certificate, you need to talk to Verisign, and give > them a business plan, a key, and 270 bucks per year to get your key > certified. > > Verisign is a spin off of RSA. Yes, this is my understanding. I have also heard that the process is not easy or routine, that the business plan receives considerable scrutiny. What I would be doing with the certificate is unconventional. I would publicize the secret key, and ship out free software which would use the certificate to establish SSL communications with the Netscape browser within the same PC that runs the browser. The real purpose of the certificate is not to authenticate the key of a server running remotely, but simply to bypass the security checks within Netscape Navigator. So I am not confident that this business plan will pass Verisign's muster. Among other things, it would be difficult to enforce the one year restriction (unless Navigator checks a date in the certificate). I understand that Netscape's browser will also accept certificates created by a Netscape-internal "test" CA. I hoped that perhaps some junk certificates from that CA might be floating around, ones which would be useless for conventional purposes because their secret keys are exposed, but which would be perfect for my needs. There is one "fallback" strategy possible which would allow the 128-bit SSL security proxy to work. That is to filter *all* connections, not just secure ones, and convert https: URL's to http:. Then Navigator will not attempt to make any SSL connections at all, and the proxy can talk to it non-securely, using 128-bit SSL for the external connection to the server. However this would be much harder, and the proxy would have to somehow remember which URL's had been massaged like this so it would know which ones are eligible to have secure connections made. Hal From tn0s+ at andrew.cmu.edu Mon Sep 4 21:31:28 1995 From: tn0s+ at andrew.cmu.edu (Timothy L. Nali) Date: Mon, 4 Sep 95 21:31:28 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <8B074DD.00030003EA.uuout@famend.com> Message-ID: Excerpts from internet.cypherpunks: 4-Sep-95 Re: Emergency File Wipe Alg.. by MONTY HARDER at famend.com > CW> and relaxation are in the same order of magnitude. Thus, a few microsecon > ds of > CW> storing the opposite data to the currently stored value will have little e > ffect > CW> on the oxide. Ideally, the oxide should be exposed to as much stress at t > he > > Here is a simple way to handle the problem, using our old discredited > friend, XOR. Set up your software to periodically XOR the key with FFFF. > This way, each bit will be a 0 half the time, and a 1 the other half. > You have a flag that tells whether the key is in normal or inverted > form, so that you can quickly perform any necessary computations on it, > but there should not be any long-term memory effect. > > On today's machines, it's a little more complicated than that. After you XOR the key, you have to then flush all the cache lines that contain the key, to make sure that the XOR operation makes it to the main memory. Unless I'm mistaken, a write-back cache will not propogate the XOR operation to main memory unless another memory operation(s) forces bumps the XORed key out of cache memory. Successive XOR operations on the key won't necessarily do this; you need some other memory op to flush the cache lines. _____________________________________________________________________________ Tim Nali \ "We are the music makers, and we are the dreamers of tn0s at andrew.cmu.edu \ the dreams" -Willy Wonka and the Chocolate Factory From wilcoxb at nag.cs.colorado.edu Mon Sep 4 22:12:29 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Mon, 4 Sep 95 22:12:29 PDT Subject: article/author ratings/reputations (was Re: pseudonyms & list health) In-Reply-To: <9509040614.AA01461@cs.umass.edu> Message-ID: <199509050512.XAA08518@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Futplex sez: > > A reviewer named Susan Granger, for example, is known to me as a person who > routinely lauds lousy movies. Thus it's simple for me to ignore her positive > recommendations (I've yet to see a negative review from her). In fact, when > I observe that a new film prominently features her seal of approval in its > advertising, I take that fact as an indication of the lack of praise from > more discriminating reviewers. So a nominal "positive" credential may be > interpreted as an implicit negative credential, depending upon context. > > OTOH, if I only give digital thumbs-up to a couple of people on the list, > those who consider me a reputable appraiser-of-cpunks should find the > information relatively useful. I'm sure I can manage to be a harsher critic > than your 2nd-grade teacher :} Using e.g. a single 1-10 scale would be > highly practical for such purposes, IMHO. There are people working on an extension of UseNet to allow each reader to publish ratings which propagate in the same way that articles do. These ratings can be of specific articles, of threads or of authors. Your newsreaders can rank the articles and present them to you in highest-to-lowest ranked order, or kill all those below a certain mark, or some such. The heuristic that the researchers originally started with was "if I agreed with so-and-so in the past then I'll probably agree with him again." (Personally I would rather have some degree of manual control over my ratings-weightings. My good friends automatically get more weight than people I don't know, regardless of how much our ratings coincide. Similarly I might want to downgrade certain net.assholes just out of a sense of justice, even if they recommend good articles usually. :-) ) Unfortunately I have lost the URL for this wonderful experiment. Hopefully the fruits of their labors will become publically available soon. I will certainly be one of the first to sign up to distribute ratings and to listen to (some) other people's. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEvcJfWZSllhfG25AQE+0QQAj2rx2gT9gaYlMyhiJd3TkfrjAS9dVcYk iFUHu1wsrcIoXvHExRmvborJArcix7uz/qptO9lg8DHRAxHYGtJyEzDaCnq60juz xFHt/7NdV+gLIv5JVHFDCxTzzfmwNSvr5Q2Rb5vv8jUmih4AhSzkApBHF/lzFhNH 2U3SYK7Vmhc= =Zodf -----END PGP SIGNATURE----- From wilcoxb at nag.cs.colorado.edu Mon Sep 4 22:15:38 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Mon, 4 Sep 95 22:15:38 PDT Subject: Wearing RSA shirt to school In-Reply-To: <199509041203.IAA38469@tequesta.gate.net> Message-ID: <199509050515.XAA08896@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Note failed signature. Great Dave Barry quote, by the way. :-) Bryce ******* rest of message is file included by Bryce - -----BEGIN PGP SIGNED MESSAGE----- Tim wrote: >At 4:43 AM 9/4/95, Futplex wrote: >>I wrote: >>> With respect to possession within the U.S., there aren't any >>> laws stopping you from waving strong cryptography around wherever you lik > e >>> (at least, not yet). >> >>---- >>...and in private email, Jim Ray pointed out that showing the shirt to a >>foreign national might technically violate ITAR... > >Nope, no more so than letting a foreign national read Schneier's book is a >violation of the ITAR. If you dispute this, ask whether Schneier's book is >banned from export (the book, not the optional diskette). It isn't. Nor are >other cryptography _books_ banned from export. The law doesn't have to be consistent, or to make sense, or be enforced evenhandedly. The law is, after all, not written, or interpreted, or enforced, by partisan Libertarians like me. My private email to Futplex said *may* violate... and I stand by it. [IANAL, though.] Whether or not a law as incontrovertably stupid as ITAR is enforced may depend on the timing of the next election, as we seem to be witnessing in the limbo-state of PRZ. >I'm not minimizing the issue of export of machine-readable code, as in >diskettes. But to claim that a blurry, printed on cotton "barcode" is even >remotely in the same class as exporting a workable set of cryptographic >system routines, or that letting a furriner merely "gaze upon" this blurry >barcode, is a violation of the ITARs is laughable. Yes, but *many* laws are laughable. >>Yeah, I suppose I overstated it a bit. It appears that if the ITAR do cover >>the shirt (unclear at present, AFAIK -- any news on the CJR, Raph ?), then >>flashing it at a furriner could constitute a violation. Thanks for the >>correction. Actually, it was less a correction than me pointing out (yet another) note of uncertainty. James Madison, in Federalist #62 said it best: "What indeed are all the repealing, explaining, and amending laws, which fill and disgrace our voluminous codes, but so many monuments of deficient wisdom." Now, many of us would be more than satisfied to get back to that level of government. I suggest that everyone go have a look at the entire Code of Federal Regulations, before the next election. >the original questioner need not fret about his son wearing the >>shirt to school. I agree that wearing it through Customs on the way to Jamaica would be more problematic, but I live next to a US Customs agent, and he learned about ITAR from me. Here in Miami, Customs has plenty to think about with the various (occasionally venomous) inbound cargo. >It was this series of posts about whether wearing the "munitions t-shirt" >near schools was a crime or not that made me think the silly season had >arrived. It has, a long time ago. Ever watch C-SPAN? JMR - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBMEro1W1lp8bpvW01AQHKsgP/bhOcCUoksLvbGe/nAKxDqZU8KvibvRFm nQ++Xy3FjDDJrFg1/lgmivtrriuFK/xg4CvKdu+yQ6zJ72pH+92cLivsfHeg+ljZ MPSXfHftaOP7i1e4KajnlC3jBcYbWQnqZRdduIyPXZnfn5xK5bU99c5oceCABtSx UD/Hp9Poqbc= =7tMD - -----END PGP SIGNATURE----- Regards, Jim Ray See, when the GOVERNMENT spends money, it creates jobs; whereas when the money is left in the hands of TAXPAYERS, God only knows what they do with it. Bake it into pies, probably. Anything to avoid creating jobs. -- Dave Barry - ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray - ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEvc4vWZSllhfG25AQHtewP/YYdT/kcDZOtykQnKKU6OTcas006ft/dq nB76g1DBJqNzyZj4UHE+AVoMZ61wCMXHUwjipTwfXHMYwJ5ystJQ9LbPUgMIb1kx GNyZua7VJwvaGO2+M0FCzBopoQs2MavegxPdAPaxquZJWlB1KesbLkNoUWIF4St6 XtxP4EcVec4= =1bvR -----END PGP SIGNATURE----- From sandfort at crl.com Mon Sep 4 23:48:23 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 4 Sep 95 23:48:23 PDT Subject: DUMPSTER BONANZA Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, This is not a crypto post, but those interested in threat models and counter-measures might want to read on. I just looked at the October issue of Soldier of Fortune. In an article entitled "SOF Exposes ATF's Warbirds" the author tells about the 7 to 12 attack aircraft that the BATF has purchased. Of course, it's interesting to hear how and why this agency decided it needed an airforce to pursue its mission, but the real story for me was how SOF busted them. SOF had heard rumors about a covert operation on the part of the BATF to procure these aircraft. They did their own surveillence of the BATF's phony cover corporation. This included dumpster diving. What they came up with was unbelievable. It included agents home addresses, the names of family members, official BATF stationery, the works. If you want to read a fascinating tale of BATF incompetence and duplicity, check this one out. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dr261 at cleveland.Freenet.Edu Tue Sep 5 00:01:46 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Tue, 5 Sep 95 00:01:46 PDT Subject: article/author ratings/reputations (was Re: pseudonyms & list health) Message-ID: <199509050701.DAA15561@kanga.INS.CWRU.Edu> This idea of "ratings" over usenet is very interesting.. If anyone has addittional info or URLs where I can look, please send me "private" mail at dr261 at cleveland.freenet. (Or post them to the list, but it doesn't seem crypto-related.) Thanks. -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From hal9001 at panix.com Tue Sep 5 00:54:29 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Tue, 5 Sep 95 00:54:29 PDT Subject: VCRPLUS Huffman code Message-ID: At 20:06 9/4/95, Stephen D. Williams wrote: >It was broken, and I might have the reference in my archives... > >If I get time I'll find it. Why not just do the simple thing and look at Gemstar Development Corporation's Patent for the details . From cg at bofh.lake.de Tue Sep 5 02:37:38 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Tue, 5 Sep 95 02:37:38 PDT Subject: maximizing cryptographic return In-Reply-To: <8B072A1.00030003E8.uuout@famend.com> Message-ID: A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From anon-remailer at utopia.hacktic.nl Tue Sep 5 02:54:36 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 5 Sep 95 02:54:36 PDT Subject: SUMMARY: Not-so-volatile volatile memoryRe: SUMMARY: Not-so-volatile volatile memory Message-ID: <199509050954.LAA15934@utopia.hacktic.nl> > -- Summary: Data retention in semiconductor memory -- > > Contrary to conventional wisdom, "volatile" semiconductor memory > does not entirely lose its contents when power is removed. Both > static (SRAM) and dynamic (DRAM) memory retain some information on > the data stored in it while power was still applied. SRAM is > particularly susceptible to this problem, as storing the same data > in it over a long period of time has the effect of altering the > preferred power-up state to the state which was stored when power > was removed. Older SRAM chips could often "remember" the previously > held state for several days. In fact, it is possible to manufacture > SRAM's which always have a certain state on power-up, but which can > be overwritten later on - a kind of "writeable ROM". Is this a new discovery? When I used to work with DOD classified data, not so long ago, disk drives had to be declassified using an approved program, such as Norton Utilities' "WIPEINFO". (That was approved up through the SECRET/SAR level, anyway. I don't know about TS/SCI/SI.) But those same regulations said that RAM was considered declassified within a certain time (30 seconds, I think) after power was removed. (That time figure was UNclassified, BTW.) I think it was just to allow time for the voltage to bleed off of the power supply's filter capacitors, and not related to the relative volatility of DRAM. From trei at process.com Tue Sep 5 07:35:31 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 07:35:31 PDT Subject: VCRPLUS Huffman code Message-ID: <9509051435.AA15596@toad.com> > Has anyone worked out the VCRPLUS code? It was partially broken a few years ago, and the results published in Cryptologia. I have a xerox in a carton somewhere. The break was for codes up to 4or 5 digits long, if I recall - this covers most of the major timeslots on the main stations. Longer codes cover odd timeslots on less popular stations. Code which implemented this partial crack was published on the net, and the VCR+ people got very upset about it - apparently they make money selling the codes to TV Guide and newspapers. It's protected as a trade secret, not a patent. It used a combination of lookup tables and Huffman codes, and included a certain amount of obfuscation to resist cracking. Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From trei at process.com Tue Sep 5 07:46:52 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 07:46:52 PDT Subject: Non-US SSL128 site Message-ID: <9509051446.AA16057@toad.com> > > a) Use 128 bit SSL if the client allows it. > > b) Tell users which cipher is being used on a secure session. > Netscape's press release on the RC4-40 crack seems to have disappeared from > their home page, but I don't remember any specific mention of 128-bit > U.S.-only clients, just servers. > So what's up? Netscape sells a 128-bit US-only client for $39 Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From adam at bwh.harvard.edu Tue Sep 5 07:55:29 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 5 Sep 95 07:55:29 PDT Subject: Non-US SSL128 site In-Reply-To: <9509051446.AA16057@toad.com> Message-ID: <199509051449.KAA13448@joplin.bwh.harvard.edu> | Netscape sells a 128-bit US-only client for $39 Does the US only server also do des, 3des and IDEA, or just rc4-128? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jeffb at sware.com Tue Sep 5 08:12:35 1995 From: jeffb at sware.com (Jeff Barber) Date: Tue, 5 Sep 95 08:12:35 PDT Subject: Non-US SSL128 site In-Reply-To: <199509051449.KAA13448@joplin.bwh.harvard.edu> Message-ID: <9509051506.AA09665@wombat.sware.com> Adam Shostack writes: > | Netscape sells a 128-bit US-only client for $39 > Does the US only server also do des, 3des and IDEA, or just > rc4-128? Yes. It does: RC4 - 128 RC4 - 40 RC2 - 128 RC2 - 40 IDEA DES, "64 bits" DES "with EDE 3, 192 bits" -- Jeff From asgaard at sos.sll.se Tue Sep 5 09:33:35 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 5 Sep 95 09:33:35 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: Black Unicorn posted a very interesting info summary on the subject of foreign state US$$ forgery. This is a story I heard, long ago, from a Brit, Mr Waterlow, about something that happened to his grandfather, chairman of the Waterlow bank: Early in this century Portugal didn't print it's own money but contracted this job to the Waterlow Bank in England. Some skilled conmen succeeded in making the bank beleive they were representatives of the Portugeese National Bank. Then they ordered a huge amount of new bills and got away (at least for some time) with it. Now, the point is that this was acually GOOD for the Portugeese ecomomy, the real National Bankers having underestimated the optimal size of their cash stock. So, I wonder, perhaps the world economy might benefit from some Iranian addings to the number of $$ araound? A Keynesian boost? Just drifting (I know very little about economy...). Mats From andrew_loewenstern at il.us.swissbank.com Tue Sep 5 09:45:12 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 5 Sep 95 09:45:12 PDT Subject: Emergency File Wipe Algorithim Message-ID: <9509051644.AA00586@ch1d157nwk> Peter Gutmann writes in an article quoted by Christian Wettergren > The greater the amount of time that new data has existed in the > cell, the more the old stress is "diluted", and the less reliable > the information extraction will be. Generally, the rates of change > due to stress and relaxation are in the same order of magnitude. > Thus, a few microseconds of storing the opposite data to the ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ > currently stored value will have little effect on the oxide. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Phill Hallam writes: > If the power is cycled as opposed to turned off only then a memory > self test program will probably erase the data. Assuming Peter Gutmann is correct, a memory test program "probably" won't do much. Of course, you data must be worth quite a pretty penny for an attacker to attempt to recover data from the oxides on the cells in your RAM. andrew From tcmay at got.net Tue Sep 5 09:46:15 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 09:46:15 PDT Subject: "This discussion is off-topic, please take it elsewhere" Message-ID: At 5:58 AM 9/5/95, Sandy Sandfort wrote: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > >C'punks, > >This is not a crypto post, but those interested in threat models >and counter-measures might want to read on. This brings up an important issue. Sorry it is not written in C, or even TCL. I actually agree with a point the noted tentacle VZNuri ("visionary," obviously) wrote, namely, that people are getting entirely too apologetic (myself included, though most of my "apologies" have had an ironic edge to them) about posting things that are other than about coding in C, writing sockets for Windows, or breaking SSL. Folks, this list is about a _lot more_ than just some facet of writing software. It started as a wide-ranging list, with many topics, many interests. I don't think I need to try to list the topics, but they obviously include things such as legal issues, policy, PGP, remailers, digital money, money laundering, regulatory arbitrage, data havens, steganography, languages, frameworks, Unix utilities, and dozens of other related topics. We've covered hundreds of topics, and are probably the only such list on the planet that routinely considers the ramifications and ways of actually building the exciting ideas that the academics at the Crypto conferences discover and write about. (I can tell you that one of the main motivations we (Eric and I) had in starting the group was to take the academic abstractions, things like "bit commitment" and "dining cryptographers networks" and reify them into actual blocks of code, or running programs.) Some have argued that "Cypherpunks write code," which has been a short slogan making it clear that one of our main interests is in actually building and deploying these methods. This was a major goal in the spring of 1992 when Eric (Hughes, for any newcomers) and I spent time hashing out what is needed in crypto. As far as I'm concerned, we're on track. Remailers have advanced far beyond the early remailers, and that they exist at all is an accomplishment. The "theory" of remailers is immensely accelerated by having actual remailers in actual use to test theories against and to see real world behaviors. Likewise, message pools have been built. A working anonymous market (BlackNet, for example) has been instantiated, albeit not proliferated. Digital money in various forms (Magic Money, work with Chaum's DigiCash, etc.) has been used. Lots of other examples. PGP, hooks to mail programs (though a lot more are needed), key escrow considerations, etc. Of course, things have gone more slowly in some areas than in others. Digital money, and financial instruments in general, have proceeded in fits and starts. I suspect this indicates that things like money are not done lightly, and that many non-coding issues are intertwined in such a way as to make any "amateur" efforts problematic. But it's only through trying that the obstacles can be seen, so even our failures are useful. Is this "writing code" in all cases? Of course not. Not everything is coding. Planning and preparing is just as important. And consideration of threat models is part and parcel of writing code, else one will not know where to start writing code. Thus, for example, the hundreds of posts here on key escrow (and some of us anticipated Clipper six months before it was announced, allowing the Cypherpunks to hit the ground running as soon as it was announced) and GAK are useful in countering the arguments of those who have spent years planning such escrow (GAK) policies. What I'm getting at is that the "Cypherpunks write code" mantra does not mean that _only_ the few dozen folks actively writing C code can contribute. Indeed, many of the folks now writing code have _claimed_ that they were inspired to write some code in some area--remailers, digital cash, SSL challenges, whatever--by the discussions here on this list. Would they have been so inspired if all political, legal, and cultural discussions had been expunged, if only the arcania of programming and C were being discussed? After all, sci.crypt already exists, and even sci.crypt.research, so why should the Cypherpunks list even exist, as these groups are already ostensibly focussed on pure crypto issues. No, Cypherpunks is about more than just C programming, about more than just IETF issues, about more than just algorithms. I think it great that so much programming discussion occurs, that so much progress is being made. I just think some list.cops are going a bit overboard in their denunciations of "off-topic" posts, and their increasing shrillness in saying that anyone not out there writing Unix crypto programs should stop posting. Those who only want to read about "malloc" and "struct" are encouraged to use the filtering tools which they surely have access to and to stop telling us in shrill voices that posts are "off-topic." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Sep 5 10:02:53 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 10:02:53 PDT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: At 9:54 AM 9/5/95, Anonymous wrote: >> -- Summary: Data retention in semiconductor memory -- >> >> Contrary to conventional wisdom, "volatile" semiconductor memory >> does not entirely lose its contents when power is removed. Both >> static (SRAM) and dynamic (DRAM) memory retain some information on >> the data stored in it while power was still applied. SRAM is >> particularly susceptible to this problem, as storing the same data >> in it over a long period of time has the effect of altering the >> preferred power-up state to the state which was stored when power >> was removed. Older SRAM chips could often "remember" the previously >> held state for several days. In fact, it is possible to manufacture >> SRAM's which always have a certain state on power-up, but which can >> be overwritten later on - a kind of "writeable ROM". > >Is this a new discovery? When I used to work with DOD classified >data, not so long ago, disk drives had to be declassified using an >approved program, such as Norton Utilities' "WIPEINFO". (That was >approved up through the SECRET/SAR level, anyway. I don't know >about TS/SCI/SI.) But those same regulations said that RAM was >considered declassified within a certain time (30 seconds, I think) >after power was removed. (That time figure was UNclassified, BTW.) >I think it was just to allow time for the voltage to bleed off of >the power supply's filter capacitors, and not related to the >relative volatility of DRAM. The Gutman article was discussing residual/remnant storage a lot more subtle than the usual "bleed-off" charateristics. One interesting twist is using radiation sources to "snapshot" or "freeze" the internal contents of dynamic RAM. I worked with DRAMs for more than a decade at Intel, though never on this particular issue. But I read a lot of the public papers on radiation effects on DRAMS, including the "freezing" of data patterns into DRAMs by exposure. (I recall thinking at the time, circa 1980, that someday raids on computers could involve bringing in flash radiation sources to "snapshot" the contents of DRAM.) Sandia Labs did a lot of the work on this, and results are reported at the annual Nuclear and Space Radiation Effects Conference. The December issue of "IEEE Transactions on Nuclear Science" every year includes the proceedings of this conference. Any large university library should have it. It's also possible to literally freeze a DRAM--with "Arctic Freeze" spray, for example--and stop the self-discharge of DRAM cells. I doubt any of these efforts are being used, though. Looking at how raided computers are simply carted off in the backs of pickup trucks, with disk drives thrown in with monitors, I suspect nothing this sophisticated has ever been tried. Quantico might have some more sophisticated approaches, but they're not publically discussing them. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cman at communities.com Tue Sep 5 10:33:28 1995 From: cman at communities.com (Douglas Barnes) Date: Tue, 5 Sep 95 10:33:28 PDT Subject: Slightly faster checking for encrypted messages to me Message-ID: Hal -- I've actually given this some thought in the past, and the most practical solution IMHO is much lower tech, although it only works on non-initial messages in a correspondence. If two entities want to communicate via a message pool, without worrying about traffic analysis, but don't want the overhead of trying to decrypt every headerless message to the pool, then they can do the following: 1) In a "headered" message, one of the entities (A) sends a collection of large random numbers to be used as return markers, encrypted with the public key of the desired correspondent (B). 2) B can then respond to A with an essentially headerless message prefixed with one of the numbers send by A. This initial message should contain a list of similar numbers for B, that A can use to send messages to B. 3) Numbers are only used once; entities can now quickly scan the message pool by hashing the initial N bits of each message into a lookup table seeded with all the remaining random return markers they've distributed. 4) As an extension, you can divide your message pools into "initial contact" pools, which would begin with headerless public key encrypted blocks, and "conversation" pools that would begin with return markers. (Of course this is trivially open to denial of service attacks.) This is the basic principal behind the TA-resistant streams over UDP stuff I wrote up for cypherpunks last spring, except in that case a given server does the lookup first, and only then tries to treat the header as a public key encrypted block instead of a MAC. The Rabin stuff is a step in the right direction for the long term, however. From dneal at usis.com Tue Sep 5 10:43:21 1995 From: dneal at usis.com (David Neal) Date: Tue, 5 Sep 95 10:43:21 PDT Subject: A recent article on Electronic Commerce Message-ID: In the August 28, 1995 issue of Communications Week, the editor Mitch Irsfield briefly discusses electronic checking, and the joint venture between Sun, BBN, IBM, et al. He also references an article explaining the venture on Page 5 of the same issue. I dropped him a quick note thanking him for writing a non-hysterical article on cryptography, and also briefly mentioned that some of us would prefer electronic cash to electronic checking. Since part of being a cypherpunk is political, I'd like to encourage everyone to write a quick e-mail which expresses your own views to Mr. Irsfield (678-7017 at mcimail.com). Speaking of talking to the 'public' about crypto-cash, we really need a meme of our own. Just as The Other Side invokes the specters of terrorism and child pornography, we need something like 'traceable transactions', 'government approved checking', 'uncle sam's clearing house', or 'irs approved bill payments.' Obviously the creative types on the list can come up with much better. But, I digress. The Page 5 article doesn't go into much detail, but says in essence that the system is an api layer and a smart card. In the cases of larger corporations, they may require a seperate processor. This says 'encryption in hardware' to me. Gee, wonder if someone found a use for all those useless tessera cards after all? :-) David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From markm at omni.voicenet.com Tue Sep 5 11:11:08 1995 From: markm at omni.voicenet.com (Mark M.) Date: Tue, 5 Sep 95 11:11:08 PDT Subject: VCRPLUS Huffman code In-Reply-To: <199509042328.TAA02676@nic.wat.hookup.net> Message-ID: On Mon, 4 Sep 1995 bplib at nic.wat.hookup.net wrote: > I too would be interested in the VCRPlus code. Has anyone broken it? > Tim Philp > > > You can get the source code to VCR+ encoding and decoding at ftp://sable.ox.ac.uk/pub/crypto/cryptanalysis/vcr+.shar.gz From dr261 at cleveland.Freenet.Edu Tue Sep 5 11:22:45 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Tue, 5 Sep 95 11:22:45 PDT Subject: [trei@process.com: Re: VCRPLUS Huffman code] Message-ID: <199509051806.OAA03038@kanga.INS.CWRU.Edu> ================= Begin forwarded message ================= From: trei at process.com (Peter Trei) To: miniters at citadel.edu, cypherpunks at toad.com Subject: Re: VCRPLUS Huffman code Date: Tue, 05 Sep > Has anyone worked out the VCRPLUS code? It was partially broken a few years ago, and the results published in Cryptologia. I have a xerox in a carton somewhere. The break was for codes up to 4or 5 digits long, if I recall - this covers most of the major timeslots on the main stations. Longer codes cover odd timeslots on less popular stations. Code which implemented this partial crack was published on the net, and the VCR+ people got very upset about it - apparently they make money selling the codes to TV Guide and newspapers. It's protected as a trade secret, not a patent. It used a combination of lookup tables and Huffman codes, and included a certain amount of obfuscation to resist cracking. Peter Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From trei at process.com Tue Sep 5 11:53:33 1995 From: trei at process.com (Peter Trei) Date: Tue, 5 Sep 95 11:53:33 PDT Subject: SSL trouble Message-ID: <9509051853.AA21783@toad.com> > >I did a distributed scheme for something else that had two levels, a master > >and a group of slaves. Only the slaves talked to the master. For this > >effort I think a variation of the idea would be better. Have all of the > >brutes contact the master, who will, in the first transaction assign them > >to the next slave in a round-robin fashion. > Why not just have the brutes pick a slave at random? Of course, you need > to give them a complete list of slaves to choose from. But then the only > difference between the master and the slaves will be that the master > doesn't get any keyspace (it's got it all to begin with) and doesn't > report any results upward. This is starting to sound like alt.sex.bondage.... Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From blane at eskimo.com Tue Sep 5 12:07:37 1995 From: blane at eskimo.com (Brian Lane) Date: Tue, 5 Sep 95 12:07:37 PDT Subject: VCRPLUS Huffman code In-Reply-To: <9509051435.AA15596@toad.com> Message-ID: On Tue, 5 Sep 1995, Peter Trei wrote: > > > Has anyone worked out the VCRPLUS code? > > Code which implemented this partial crack was published on the net, > and the VCR+ people got very upset about it - apparently they make I believe the code is in the cookbook archive at ftp.ee.ualberta.ca, but when I just tried to confirm I got timeouts. Brian ------------------------------------------------------------------------------ ftp.eskimo.com/blane | | www.eskimo.com/~blane ------------------------------------------------------------------------------ From wec at dallas.net Tue Sep 5 10:17:54 1995 From: wec at dallas.net (Fred Sammet) Date: Tue, 5 Sep 1995 12:17:54 -0500 Subject: response (fwd) Message-ID: <2989ce0b6683a4c535b5c428f0e0275e@NO-ID-FOUND.mhonarc.org> [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] >> What we need is for Fred to send to you a copy of the >> program in electronic form (I'm waiting for the too -- then I can >> highlight the important sessions for you. ANNOUNCING: The Second Annual . . . WORLDWIDE ELECTRONIC COMMERCE Law, Policy, Security & Controls Conference October 18-20, 1995 At the Hyatt Regency Bethesda Phone: (214) 516-4900 The Second Annual WorldWide Electronic Commerce; Law, Policy, Security and Controls conference is fast approaching. This important event will feature the world's foremost experts addressing the most important issues of implementation and control related to secure electronic commerce. It will focus on current problems and provide a foundation for dealing with the emerging problems that promise to make the future more complex. We have been fortunate in securing a faculty that is unusually qualified and internationally recognized who will share their experience, knowledge and theories on the wide range of issues being addressed by this program. We are equally pleased to have obtained affiliation for this conference of a number of prestigious and influentual organizations. Please join us and your colleagues at this unique event! Michael S. Baum, J.D., M.B.A. Conference Chair Provided in Affiliation with: ============================================= * American Bar Association Section of Science and Technology Information Security Committee * University of London Queen Mary & Westfield College Centre for Commercial Law Studies * EDI Association of the United Kingdom * Harvard Law School * Internation Union of Latin Notaries * International Chamber of Commerce, Paris * National Institute of Standards and Technology (NIST) * Software Publishers Association * United Nations Commission on International Trade Law (UNCITRAL) * U.S. Council of International Business ============================================= Keynote Speaker: ---------------- Dr. Vinton G. Cerf, Ph.D. Senior Vice President MCI Telecommunications Corp. CONFERENCE PROGRAM ...at a glance GENERAL SCHEDULE ------------------------------------------------- Wednesday, October 19, 1995 6:00pm - 7:30pm SECURE ELECTRONIC COMMERCE FOR THE BEGINNER Thursday, October 20, 1995 8:00am - 9:00am Welcome & Keynote Speech 9:00am - 5:50pm Sessions 1 - 5 Friday, October 21, 1995 8:00am - 4:50pm Sessions 6 - 10 ---------------------------------------------- TRACK - A AGREEMENTS, LEGISLATION, POLICY AND REGULATION ---------------------------------------------- Session 1 So Who's in Charge, Anyway? The Impact of National & Int'l Leadership & Initiatives in Secure EC SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor Sally Katzen, Office of Management and Budget Bruce McConnell, Office of Management & Budget Renaud Sorieul, Esq., UNCITRAL Session 2 Drafting Agreements for Secure Electronic Commerce SPEAKERS: Michael S Baum, Esq., Independent Monitoring Thomas J Smedinghoff, Esq., McBride Baker & Coles Joe Wackerman, Esq., United States Postal Service Session 3 Are Privacy Requirements Inhibiting Electronic Commerce? SPEAKERS: Kenneth C Bass III, Esq., Venable, Baetjer, Howard & Civiletti Prof. George Trubow, The John Marshall Law School Ian Walden, Ph.D., Commission of the European Communities Session 4 Alternative Methods of Signing: Legal Aspects of the IRS's July 1995 Regulation SPEAKERS: Tom Baker, Esq.,Internal Revenue Service Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Session 5 Digital Signature Legislation and Electronic Commerce SPEAKERS: Alan Asay, Esq., Utah Department of Commerce Kirk W Dillard, Esq., State Senator, State of Illinois Dean Sutherland, State Senator, Washinton State William E. Wyrough, Jr., J.D., M.B.A., Florida Legislature Session 6 The Legal Status and Effect of Digital Signatures - Perspectives SPEAKERS: Prof. Mads Andersen, University of Copenhagen Mario Miccoli, International Union of Latin Notaries Session 7 On-Line Registration vs. In-Person Registration: What Satisfies Business and Legal Requirements? SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Jeff Treuhaft, Netscape Communications Corporation Peter Williams, Verisign Session 8 Antitrust in Electronic Commerce: Shopping, Payments & Certification Authorities SPEAKERS: Prof. Mads Andersen, University of Copenhagen John Greanley, Esq., US Department of Justice, Antitrust Division Session 9 Proving Secure Computer-Based Transactions: Evidence Revisited SPEAKERS: Margaret A Berger, Brooklyn Law School Charles Nesson, Harvard Law School Ian Walden, Ph.D., Commission of the European Communities Session 10 Third Party Service Providers & Certification Authorities-Can They Successfully Limit their Liabilty SPEAKERS: Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Renaud Sorieul, Esq., UNCITRAL -------------------- TRACK - B INFORMATION SECURITY -------------------- Session 1 Requirements for Implementing Reasonable Security Procedures SPEAKERS: Robert Daniels, Esq., U.S. Social Security Administation Dain Gary, Morgan Stanley Allan M Shiffman, Terisa Systems, Inc. Session 2 Information Security Standards: Policy, Coordination & Interoperability SPEAKERS: Marty Ferris, US Department of Treasury Hoyt Kesterson II, Bull Worldwide Information Systems Peter Landrock, Ph.D., CRYPTOMATHIC David Solo, Bolt, Beranek and Newman Session 3 Who's Really on the Other End: Identification Technologies and Nonrepudiation SPEAKERS: Benjamin Miller, Personal Identification News John E Siedlarz, IriScan, Inc. William Sweet, National Semiconductor Session 4 Security and Security Policy in Internet-based Payments Systems SPEAKERS: Marty Ferris, US Department of Treasury Tim Jones, Mondex Anne Wallace, US Department of Treasury Session 5 When You Forget Your PIN or Die: Key Escrow in Secure Electronic Commerce SPEAKERS: Prof. Michael Froomkin, University of Miami School of Law Jeff Greiveldinger, US Department of Justice, Criminal Div. Frank W Sudia, Bankers Trust Company Session 6 Comparing Critical Cryptographic Algorithms, Protocols, and Standards to Enable Secure Electronic Commerce SPEAKERS: Peter Landrock, Ph.D., CRYPTOMATHIC Ron Rivest, Massachusetts Institute of Technology Miles E Smid, National Institute of Standards & Tech. Session 7 Export Controls & Transborder Data Flows: Is Secure Electronic Commerce in Jeopardy? SPEAKERS: James Bidzos, RSA Data Security Renee H Danckwerth, Export Consultant Session 8 'Certificates-R-US': Trust Models and the Developing Secure Information Infrastructure SPEAKERS: Warwick Ford, Bell-Northern Research Sead Muftic, COST Computer Security Technologies Peter Williams, Verisign Session 9 Professional Accreditation and Certification - The New Frontier in 'Remote Trust' SPEAKERS: Richard C Koenig, Int'l Info. Sys. Security Cert. Consort. Alan M Schwartz, Esq., American Bar Association Session 10 Looking into the Crystal Ball: Certificates Revisited SPEAKERS: Web Augustine, VeriSign, Inc. Warwick Ford, Bell-Northern Research Hoyt Kesterson II, Bull Worldwide Information Systems ------------------------------------------- TRACK - C LEGAL ASPECTS OF SECURE ELECTRONIC COMMERCE ------------------------------------------- Session 1 Do Criminal Laws Really Protect Electronic Commerce? SPEAKERS: Scott Charney, Esq., US Department of Justice William J Cook, Brinks, et al. Richard A Ress, Federal Bureau of Investigation Session 2 Who Owns the Information, Standards, Certificates and Cryptographic Keys? SPEAKERS: Peter Harter, National Public Telecomputing Network David W Maher, Esq., Sonnenschein Nath & Rosenthal James Powers, Esq., Shulman, Rogers et. al Session 3 Consumers on the Net - Fairness, Conspicuousness, Notice, and Reliance SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ray Nimmer, Esq., Weil, Gotshal & Manges Session 4 Electronic Licensing and Distribution of Digital Content: Downloading for Liability? SPEAKERS: James C McKay, Jr., Office of the Corporation Counsel, D.C. Thomas J Smedinghoff, Esq., McBride Baker & Coles Mark Traphagen, Software Publishers Association. Session 5 Insuring Electronic Commerce Transactions and Infrastructure SPEAKERS: Andrew Cockrane, Alexander & Alexander Norman R Nelson, New York Clearing House Association Session 6 Auditing a Third Party/Value Added Network or Certification Authority (and Its Implications) SPEAKERS: Charles H LeGrand, CIA, Institute of Internal Auditors John Stelzer, COMMERCE:Institute Session 7 Electronic Recordkeeping - What to Save, When and How to Save It, and for How Long SPEAKERS: Lynn Casimir, Esq., Internal Revenue Service Celia Gabrysh, Esq., Internal Revenue Service Claude Perreault, Chambre des notaires du Quebec Session 8 Disaster and Contingency Planning Services: What is Needed for EC and Certification Authorities SPEAKERS: Dain Gary, Morgan Stanley Ake Nilson, Marinade Limited Helena Roine-Taylor, The Finnish Data Communication Assoc. FINPRO David Solo, Bolt, Beranek and Newman Session 9 General Counsel's Forum on Computer-Based Trade SPEAKERS: Robert W Barger, Esq., AT&T Bruce Hunter, Esq., General Electric Information Services Ellen Kirsh, Esq., America On Line Session 10 An Audit Model for Your Electronic Commerce Infrastructure SPEAKERS: Gerald R Bielfeldt, NationsBank Phillip Oddo, Ciba-Geigy Horton Sorkin, Ph.D., Howard University ------------------------------ TRACK - D INFRASTRUCTURAL CONSIDERATIONS ------------------------------ Session 1 Securely Shopping on the Web: New Paradigms, Protocols and Opportunities SPEAKERS: Jeff Hilt, VISA International Todd Ostrander, Egghead Software Session 2 What can Trusted Third Parties and Certification Authorities Learn from the Financial Clearinghouses SPEAKERS: Carol Barrett, Federal Reserve Bank of New York Bill Nelson, National Automated Clearinghouse Associa Norman R Nelson, New York Clearing House Association Session 3 Electronically 'Gluing' Computer-based Records SPEAKERS: Phillip Hallam-Baker, Massachusetts Institute of Technology Allan M Shiffman, Terisa Systems, Inc. Session 4 Global Registries for Secure Electronic Commerce SPEAKERS: Jonathan Allen, Barum Computer Consultants Michel Peereman, Federation Nationale des Chambres Peter Robinson, US Council for International Business Session 5 Computer-based Negotiability: What is Needed to Make it Work SPEAKERS: Harold S Burman, Esq., Office of the Legal Advisor James E Byrne, James Mason University Law School Ake Nilson, Marinade Limited Session 6 Time/Date Stamping of Digital Information: Necessities & Options SPEAKERS: Richard Rothwell, United States Postal Service Scott Stornetta, Surety Technologies, Inc. Session 7 Will Healthcare-related Electronic Commerce Require Special Controls and Secure Infrastructures? SPEAKERS: Kathleen Frawley, J.D., M.S., R.R.A, AHIMA Daniel J O'Shea, National Computer Claims Service Session 8 The Role of Notaries in Securing Computer-Based Commerce: the CyberNotary(sm) SPEAKERS: Theodore S Barassi, Esq., US Council for International Business Mario Miccoli, International Union of Latin Notaries Session 9 Electronic Cash and Novel Electronic Commerce Payments Systems SPEAKERS: Nessa Eileen Feddis, Esq., Government Relations/Retail Banking Ron Rivest, Massachusetts Institute of Technology Marvin Sirbu, Carnegie-Mellon University Session 10 Why does Everyone Want to be a Trusted Third Party/Certification Authority (at Least Initially)? SPEAKERS: Sead Muftic, COST Computer Security Technologies Stratton D Sclavos, VeriSign, Inc. ----------------------------------------------------------------- TO REGISTER: ------------- Price: $550.00 (U.S.) Name: Title: First Name for Badge: Company/Organization: Address: City/State/Prov/Zip/Postal code: Country: Telephone: Fax: E-Mail: Check One: ========== [ ] I am Mailing a check in the amount of $______ [ ] I wish to charge this to a credit card (fax or mail only) [ ] American Express [ ] Visa [ ] MasterCard Card Number: Expiration Date: Name on Card: Signature (fax or mail): ----------------------------------------------------------------- HOTEL RESERVATIONS: A special conference rate of $129 has been arranged for our attendees. To make arrangements, please call the Hyatt Regency Bethesda at (301) 657-1234 Hyatt Regency Bethesda One Bethesda Metro Center Bethesda, MD 20814 ----------------------------------------------------------------- For more information or a complete program brochure and schedule, contact the conference coordinators as shown below: HOW TO CONTACT US ================= E-Mail: wec at multicorp.com Phone: (214) 516-4900 Fax: (214) 424-0562 Mail: Worldwide Electronic Commerce PO Box 743485 Dallas, TX 75374 =============================================== From shamrock at netcom.com Tue Sep 5 12:41:48 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 12:41:48 PDT Subject: Acceptable NIS&T restrictions Message-ID: At 17:20 9/4/95, Bill Stewart wrote: [...] >For Commercial Key Escrow, or commercial key-backup services, the criteria are >"whoever can be trusted to provide the services the customers want". >In this case, of course, the service most customers want is to be left alone, >or, failing that, to have the government's Master Key system provide minimal >risk >to the security of the actual transactions - 64 bit keys are not enough >security >for any high-valued financial transactions, though they may suffice for >credit cards. >One required characteristic would appear to be either sufficiently deep pockets >to collect judgements for violations of trust or a sufficiently high >reputation that >violations of trust are not expected. I seems obvious to me that prospective key escrow agents would be exempt from all liability for damages caused by releasing a key, exept in cases of gross negligence. Gross negligence being defined as giving a key to a person who explicitly states that they intend to use it for illegal purposes. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 12:43:09 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 12:43:09 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 23:44 9/4/95, Black Unicorn wrote: [...] >3. The corruption of e-cash to further the above. > >If the government is disturbed by the laundering of money enough >to actually print, or even propose printing, two kinds of >currency, how will they respond to untraceable, unaccountable and >infinitely liquid e-cash? I think the answer is in past behavior: >e-cash will be linked to the four horsemen and subjected to >rigorous reporting requirements- systems which are true e-cash >will be banned. This is unnecessary, since there is no "true" ecash. DigiCash's ecash in its current form, the only version David Chaum is willing to licenese, is fully traceable. Popular Cypherpunk's myths nonwithstanding. First, the recipient of funds is non-anonymous by design. Second, any payer can trivialy make the recipient of a ecash note known by revealing the blinding factor. For purposed of lawenforcement, DigiCash's ecash in no more secure than if the (insert horseman here) billed his fees to a credit card. -- Lucky Green PGP encrypted mail preferred. From iagoldbe at csclub.uwaterloo.ca Tue Sep 5 12:46:19 1995 From: iagoldbe at csclub.uwaterloo.ca (Ian Goldberg) Date: Tue, 5 Sep 95 12:46:19 PDT Subject: Wearing RSA shirt to school Message-ID: <199509051946.PAA03230@calum.csclub.uwaterloo.ca> OK, I'm confused. Is it or is it not legal to disclose cryptology to a foreigner? T.C.May (I think it was; sorry if I misremember this) posted a couple of days ago that it _was_ legal (citing that textbooks are not stopped from being published internationally). Perhaps this is just because the publishers of these texts never applied for an export license (maybe)? I was reading Bernstein vs. US Dept. of State, et al. (http://pgp.ai.mit.edu/~bal/legal/complaint-950221.html), and found this: G. RESULT OF DEFENDANTS' REJECTION OF PLAINTIFF'S CJ REQUEST 71. Plaintiff's scientific paper, algorithm and computer program are speech protected by the First Amendment to the United States Constitution. Thus, by rejecting Plaintiff's CJ Request, Defendants have determined that these items are "defense articles or defense services" which may not be exported without submitting to the above-described prior restraints. Since Defendants define "export" to include disclosing or transferring cryptology to a foreign person anywhere in the world, including within the United States, Plaintiff is informed and believes and therefore alleges that he is required by law to obtain a license to publish or publicly discuss any of the Items whether within or outside the United States. 72. Plaintiff is presently unable to publish his scientific paper, algorithm or computer program within or outside the United States. The only reason preventing publication is the threat of prosecution for an illegal export if he does so without a license. 73. To this date, Plaintiff has not received a response to his appeal or a license to publish his paper, algorithm, or computer program and as a result, he has not published the Items. So it seems to me (at least according to the Plaintiff (EFF, I guess)), that the ITAR regulations _do_ restrict publication and public discussion of cryptology. - Ian "and why is Canada considered part of the US for this?" From shamrock at netcom.com Tue Sep 5 13:38:05 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 13:38:05 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 11:44 9/5/95, Andrew Loewenstern wrote: >Of course, you data must be worth quite a pretty penny for an attacker to >attempt to recover data from the oxides on the cells in your RAM. Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned that one should never underestimate the time and effort an opponent is willing to put into recovering your data? May I also point out that the rules of economics do not apply to the federal government, since it insits - quite successfully - on having a monoploy on using lethal force to extract arbitraily large amounts from hundreds of millions of working Americans? -- Lucky Green PGP encrypted mail preferred. From jsw at neon.netscape.com Tue Sep 5 13:45:08 1995 From: jsw at neon.netscape.com (Jeff Weinstein) Date: Tue, 5 Sep 95 13:45:08 PDT Subject: Non-US SSL128 site In-Reply-To: <199509051449.KAA13448@joplin.bwh.harvard.edu> Message-ID: <42icqu$gst@tera.mcom.com> In article <9509051506.AA09665 at wombat.sware.com>, jeffb at sware.com (Jeff Barber) writes: > Adam Shostack writes: > > > | Netscape sells a 128-bit US-only client for $39 > > > Does the US only server also do des, 3des and IDEA, or just > > rc4-128? > > Yes. It does: > > RC4 - 128 > RC4 - 40 > RC2 - 128 > RC2 - 40 > IDEA > DES, "64 bits" > DES "with EDE 3, 192 bits" Our software does not implement idea at this time. It is in the SSL spec, as a possible cypher choice. We do implement the rest, including DES and 3DES. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jim at rand.org Tue Sep 5 13:54:02 1995 From: jim at rand.org (Jim Gillogly) Date: Tue, 5 Sep 95 13:54:02 PDT Subject: Another Son of Clipper discussion paper Message-ID: <199509052053.NAA01226@mycroft.rand.org> I sent along two discussion papers for tomorrow's NIST session on the revised plans for GAK last week. Here's the third. Jim Gillogly Hevensday, 14 Halimath S.R. 1995, 20:49 ----------------------------------------------------------------------------- Key Escrow Issues Meeting, September 6-7, 1995 Discussion Paper #3 Export Criteria Discussion Draft -- 64-bit Software Key Escrow Encryption As discussed at the SPA/AEA meeting on August 17, 1995, the Administration is willing to allow the export of software encryption provided that the products use algorithms with key space that does not exceed 64 bits and the key(s) required to decrypt messages/files are escrowed with approved escrow agents. On the same date, the September 6-7 key escrow issues meeting at NIST was also announced. The two principal topics at the meeting will be: discussion of issues of exportability of 64-bit software key escrow encryption and 2) desirable characteristics for key escrow agents. In order to help make most productive use of the limited time available at the upcoming meeting and to better focus deliberation, the following criteria are being distributed for discussion purposes. Since it is important that final criteria be clear, straightforward, consistent, and implementable, please review these draft criteria and be prepared to discuss how they may be refined and made more specific. --- Draft Export Criteria --- for Software Key Escrow Encryption Software key escrow encryption products meeting the following criteria will be granted special export licensing treatment similar to that afforded other mass-market software products with encryption. 1. The product will use an unclassified encryption algorithm (e.g., DES, RC4) with a key length not to exceed 64 bits. 2. The product shall be designed to prevent multiple encryption (e.g., triple-DES). 3. The key required to decrypt each message or file shall be accessible through a key escrow mechanism in the product, and such keys will be escrowed during manufacture in accordance with #10. If such keys are not escrowed during manufacture, the product shall be inoperable until the key is escrowed in accordance with #10. 4. The key escrow mechanism shall be designed to include with each encrypted message or file, in a format accessible by authorized entities, the identity of the key escrow agent(s), and information sufficient for the escrow agent(s) to identify the key or key components required to decrypt that message. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. 7. The key escrow mechanism allows access to a user's encrypted information regardless of whether that user is the sender or the intended recipient of the encrypted information. 8. The key escrow mechanism shall not require repeated involvement by the escrow agents for the recovery of multiple decryption keys during the period of authorized access. 9. In the event any such product is or may be available in the United States, each production copy of the software shall either have a unique key required for decrypting messages or files that is escrowed in accordance with #10, or have the capability for its escrow mechanism to be rekeyed and any new key to be escrowed in accordance with #10. 10. The product shall accept escrow of its key(s) only with escrow agents certified by the U.S. Government or by foreign governments with which the U.S. Government has formal agreements consistent with U.S. law enforcement and national security requirements. Note: Software products incorporating additional encryption methods other than key escrow encryption methods will be evaluated for export on the basis of each encryption method included, as is already the case with existing products. Accordingly, these criteria apply only to the key escrow encryption method incorporated by a software product, and not to other non-escrowed encryption methods it may incorporate. For instance, non-escrowed encryption using a key length of 40 bits or less will continue to be exportable under existing export regulations. - - - Please also review discussion paper #1 (distributed earlier), which raises a number of issues involving exportability criteria and how exportable products could be designed. Discussion paper #2 (also previously distributed) presents questions involving key escrow agents. Note: These issues will be discussed at the Key Escrow Issues Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National Institute of Standards and Technology (Gaithersburg, Maryland). The meeting will be open to the public, although seating is limited. Advance registration is requested, please contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e- mail: carlton at micf.nist.gov. 9/1/95 ----------------------------------------------------------------------------- From cman at communities.com Tue Sep 5 13:57:43 1995 From: cman at communities.com (Douglas Barnes) Date: Tue, 5 Sep 95 13:57:43 PDT Subject: approx of bignum^rational Message-ID: Does anyone have a good method for approximating bignums raised rational exponents in the interval [0,1]? Thanks, Douglas Barnes Electric Communities From anon-remailer at utopia.hacktic.nl Tue Sep 5 14:06:19 1995 From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request) Date: Tue, 5 Sep 95 14:06:19 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509050417.VAA05211@jobe.shell.portal.com> Message-ID: <199509051940.VAA26244@utopia.hacktic.nl> Hal (hfinney at shell.portal.com) wrote: >I understand that Netscape's browser will also accept certificates >created by a Netscape-internal "test" CA. I hoped that perhaps some >junk certificates from that CA might be floating around, ones which >would be useless for conventional purposes because their secret keys >are exposed, but which would be perfect for my needs. Is it possible that since this was only a "test" CA, that netscape used less than a full-strength key? If it was only 512 bits or so, we could try cracking it. From announce at xs4all.nl Tue Sep 5 14:10:25 1995 From: announce at xs4all.nl (announce) Date: Tue, 5 Sep 95 14:10:25 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509052109.AA16923@xs1.xs4all.nl> From: XS4ALL Internet Postbus 22864 1100 DJ Amsterdam tel: +31 20 6222885 fax: +31 20 6222753 PRESS RELEASE ------------- Police and members of Scientology church enter offices of XS4ALL ================================================================ Amsterdam - thuesday september 5, 1995. Today at about 14:00, XS4ALL was visited by Mr. S. Braan, bailiff. He was acting on behalf of the Religious Technology Centre, better known as the Scientology Church, or Scientology for short. He was assisted by a local police officer and Mr. Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology in The Netherlands. Also present were two computer experts (Mr. Ootjes and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Scientology is filing for seizure of XS4ALL's computer equipment. Under dutch law, this means that a bailiff comes in to record your assets. In real-life, the computer-experts that were present have recorded the types and serial numbers of all the computers in our offices. They did not take any equipment, the continuity of XS4ALL's services is not in jeopardy. What is this all about? ----------------------- The Scientology Church claims that the XS4ALL anonymous remailer was used to disseminate documents over the Internet to which the church holds the legal copyright. This has led the church to ask the president of the district court of Amsterdam to grant permission for this seizure as a prelude to legal procedures concerning damages suffered by the church. The remailer in question has been disabled more than 2 months ago. During the visit of Scientology to XS4ALL this afternoon, the remailer was not the subject of any conversation. The organisation seemed totally preoccupied with the information about Scientology that one of our users has put on his home page. Part of this information is said to be a file to which Scientology holds the copyright. If we were to delete the file in question on the spot, they were willing to drop the seizure. Responsability of Internet Providers ------------------------------------ XS4ALL categorically denies any responsability for contents of users' homepages. The users decide for themselves what is on their homepage. Since XS4ALL does not edit the homepages and has no mechanism of control over the contents we strongly feel that the users themselves are responsible for what they say on their homepage. This whole affair demonstrates the need for clarity concerning the legal postion of Internet Providers. We are shocked that our offices can be invaded bij freshly flown-in U.S. cult members. If we as Internet providers are held responsible for what our users say, that will undoubtebly kill freedom of speech on the net. Scare-tactics ------------- XS4ALL is not alone in receiving this kind of attention from Scientology. Scientology, a semi-religious multinational, is at war with a number of people on the Internet. A non-organized group of people on the net has started to openly discuss the activities of the church. Until recently, the church has always managed to supress critical voices by means of sheer intimidation and by engaging in endless legal battle. One of the people that Scientology has a problem with is 'fonss', an XS4ALL user that publishes the F.A.C.T.-net Kit on his home page (http://www.xs4all.nl/~fonss). This kit (which can be found on numerous homepages all over the Internet) consists of a large number of documents that show the true face of Scientology. One of these documents is a piece to which Scientology supposedly holds the copyright and which has been added to the kit without the church's permission. Additional information can be found on the Internet: http://www.cybercom.net/~rnewman/scientology/home.html http://www.xs4all.nl/~fonss news:alt.religion.scientology news:alt.censorship news:alt.clearing.technology From unicorn at access.digex.net Tue Sep 5 14:11:36 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 14:11:36 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 12:45:44 -0800 > From: Lucky Green > To: Black Unicorn , cypherpunks at toad.com > Subject: Re: Forgery, bills, and the Four Horsemen (Articles and Comment) > > At 23:44 9/4/95, Black Unicorn wrote: > [...] > > >3. The corruption of e-cash to further the above. > > > >If the government is disturbed by the laundering of money enough > >to actually print, or even propose printing, two kinds of > >currency, how will they respond to untraceable, unaccountable and > >infinitely liquid e-cash? I think the answer is in past behavior: > >e-cash will be linked to the four horsemen and subjected to > >rigorous reporting requirements- systems which are true e-cash > >will be banned. > > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. Perhaps true, but this assumes that the Chaum method is the only method, which I believe to be incorrect. Perhaps I should use the term "future e-cash models" or "True Digital Cash." Currently there is no "true" e-cash implemented (as far as I know), but this is part of the problem. The product introduced to the public, the original market release will be (is) traceable, why should the public expect anything different? In addition this is exactly what I was talking about in deterring the use of "real" e-cash. Real e-cash will be seen as an anomoly, a perversion of e-cash to make it sneaky for the four horsemen (or that's how I would play it to the public were I a statist). > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. > Again, one more reason that "real" e-cash will be banned. The public doesn't need it as an alternative is widely available. This is the curse (or gift) of crippleware- its use as a diversion. See also, Clipper > -- Lucky Green > PGP encrypted mail preferred. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From andrew_loewenstern at il.us.swissbank.com Tue Sep 5 14:21:26 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 5 Sep 95 14:21:26 PDT Subject: Emergency File Wipe Algorithim Message-ID: <9509052120.AA02633@ch1d157nwk> Lucky Green writes: > Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned > that one should never underestimate the time and effort an opponent > is willing to put into recovering your data? > > May I also point out that the rules of economics do not apply to > the federal government, since it insits - quite successfully - on > having a monoploy on using lethal force to extract arbitraily large > amounts from hundreds of millions of working Americans? As always, Rubber Hose Cryptanalysis(*tm, patent pending) is usually the cheapest way to go...if you're a federal government. But not all threats are that serious. For instance, I have no fears that the admins here would grovel over the oxides on RAM cells in order to determine the pass-phrase of my PGP key if they suspected me of doing something naughty (even if they knew this was possible, which is unlikely). You can get really paranoid about security and rightly so if your opponent is a federal government. However, pushing key-material bits around RAM in order to prevent them from being burned into the chips is probably going to do you little good if, for instance, a hardware keystroke monitor is surreptitiously installed in your keyboard (which is likely far cheaper and easier than analysing RAM chips and maybe even disk platters). BTW, this is not a troll and I know that the possible constitutionality of court-ordered disclosure of passphrases or key-material has been hashed over many times in the past here, but have any cases with this particular attribute gone through court yet? There were reports even years ago of pedophiles and other agents of the Four Horsemen using PGP to encrypt diaries and such, have any of these cases gone to court yet and did the prosecution attempt to force the defendant to reveal a passphrase?? andrew (wonders how many readers will take their keyboards apart to look for radio transmitters) From m5 at dev.tivoli.com Tue Sep 5 14:37:28 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Tue, 5 Sep 95 14:37:28 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <9509052136.AA11617@alpha> This is really interesting to me: Jim Gillogly forwards: > Key Escrow Issues Meeting, September 6-7, 1995 > Discussion Paper #3 > > Export Criteria Discussion Draft -- > 64-bit Software Key Escrow Encryption > . . . > --- Draft Export Criteria --- > for Software Key Escrow Encryption > > Software key escrow encryption products meeting the following > criteria will be granted special export licensing... > > 1. The product will use an unclassified encryption algorithm > (e.g., DES, RC4) with a key length not to exceed 64 bits. Ok, sounds good... but what I don't understand is further on: > 5. The product shall be resistant to any alteration that would > disable or circumvent the key escrow mechanism, to include > being designed so that the key escrow mechanism cannot be > disabled by a static patch, (i.e., the replacement of a > block of code by a modified block). [ that I can understand ] > 6. The product shall not decrypt messages or files encrypted by > non-escrowed products, including products whose key escrow > mechanisms have been altered or disabled. This is where I start scratching my head. I mean, how exactly will the software be able to tell that what's being fed into it came from a Good version versus an Evil version of the cryptosystem? Isn't that very issue the reason for Skipjack being (A) secret and (B) kept on a supposedly auto-desctruct chip? If the algorithm is public (and to stretch a point, if the executable makes it onto somebody's hard disk, it's effectively public), I don't really understand how the above can be made a realistic goal. I'd always thought that the idea behind software key escrow was that it'd be stuck into most "name-brand" tools, so that Joe Lazy AOL User wouldn't bother (or wouldn't know how) to circumvent it. (Still seems kinda ridiculous, but maybe that's just me.) Anyway, this document makes it seem like somebody seriously expects this is doable. If it is, then I *really* want to know how (because I'd like to exploit that sort of technology myself...). > 7. The key escrow mechanism allows access to a user's encrypted > information regardless of whether that user is the sender or > the intended recipient of the encrypted information. Ooh. > 8. The key escrow mechanism shall not require repeated > involvement by the escrow agents for the recovery of > multiple decryption keys during the period of authorized > access. Hmm... > 9. In the event any such product is or may be available in the > United States, each production copy of the software shall > either have a unique key required for decrypting messages or > files that is escrowed in accordance with #10, Well there go the manufacturing costs up through the roof... > or have the > capability for its escrow mechanism to be rekeyed and any > new key to be escrowed in accordance with #10. I guess that'd work with the somewhat weak mechanisms used with "unlockable" CD-ROM stuff. > 10. The product shall accept escrow of its key(s) only with > escrow agents certified by the U.S. Government or by foreign > governments with which the U.S. Government has formal > agreements consistent with U.S. law enforcement and national > security requirements. Again, how can it tell? Maybe I'm just being dense. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Tue Sep 5 14:48:13 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 14:48:13 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 16:20 9/5/95, Andrew Loewenstern wrote: [...] >andrew >(wonders how many readers will take their keyboards apart to look for radio >transmitters) Been there. Done that. Hmm, come to think of it, it's about time for another check. -- Lucky Green PGP encrypted mail preferred. From jim at rand.org Tue Sep 5 15:04:59 1995 From: jim at rand.org (Jim Gillogly) Date: Tue, 5 Sep 95 15:04:59 PDT Subject: Son of Clipper (commentary) Message-ID: <199509052204.PAA01423@mycroft.rand.org> I didn't want to mix my comments with the recent discussion paper I sent along, so here they are separately. Please refer back to my last msg to see the points I'm bitching about. It's a depressingly restrictive list of things to require for software escrow encryption. I can only conclude that they're not serious. Clipper itself fails to meet many of them, including (I think) #1, #2, #5, and #6. Rumor has it that Clipper does not meet #9 either -- at Crypto '95 somebody in the Key Escrow session said many government Clipper keys are not escrowed, and somebody in the back spoke up and said he owned such a chip. By the way, Moti Yung (noted crypto guy at IBM Yorktown Heights) presented more breaks in Clipper's protocols like those Matt Blaze found, and pointed out some aspects of Matt's break that he thinks make it more important than previously thought. Other things that bother me about the list: #1: If it's escrowed, there should be no need to limit the key length unless somebody's planning to cheat. #3: This rules out the possibility of escrowing individual session keys to limit the access of LE to sessions they are entitled by law to intercept. #5: Care to tell us how to create software that can't be patched? This is one that's been played in the marketplace and has lost. The battle between copy protectors and crackers has been decided in favor of the crackers: legitimate users largely refuse to buy packages that are too messy to deal with (e.g. they leave hidden files all over the disk, which may interfere with backups or other programs) or that use special purpose hardware (e.g. dongles that eat up a printer port). This one's a loser, I think. #6: This is clearly a research issue. Several speakers (even pro-GAK) at Crypto '95 said the policy decisions are being made before the research has been done. The protocols and system specifications are key here, and it's not obvious how this criterion can be met. It's not obviously impossible, but it certainly hasn't been solved in Clipper. #7: One of the Crypto '95 attacks on the Clipper protocol makes use of this misfeature of Clipper. It allows a broadening of the net of captured keys so that many more unauthorized messages may be read. #8: See #3 above -- let's wait on the policy decision until we have a policy debate. A mandated compromise is an oxymoron. I (for one) would prefer to see much more limited keys (like session keys) if Congress decides that the right to privacy is not infringed by these technologies. There's nothing in here that specifically excludes dividing your keys among multiple escrow agents; I assume this is still an open issue still, or that it goes without saying (one way or the other). #3 and #6 make it impossible to prevent LE from reading messages from before or after their legally authorized window. This is clearly broken. Again, this appears to be trying to put all the power in the hands of LE to the detriment of the people. It's advertized as a compromise, but I see nothing gained over Clipper I. The only differences appear to be that the escrow agent(s) may be private instead of government, and the algorithms may be something other than SKIPJACK as long as they are at least 16 bits weaker as well as being known algorithms. It also doesn't address the main problem with Clipper I: that it wouldn't work, since (like Clipper I) it will catch only crooks who are smart enough to encrypt but stupid enough to encrypt with a system they (should) know LE can read -- probably a null set. If, on the other hand, this is made mandatory for encrypted transmissions, it will create a new and unnecessary class of criminals, probably including myself (though I won't promise to break any laws at this point). This really burns me up. What do they think they're doing here? Am I missing a big piece of it? Jim Gillogly Hevensday, 14 Halimath S.R. 1995, 22:02 From tunny at Inference.COM Tue Sep 5 15:13:33 1995 From: tunny at Inference.COM (James A. Tunnicliffe) Date: Tue, 5 Sep 95 15:13:33 PDT Subject: VCRPLUS Huffman code Message-ID: <304CCA55@smtp-pc> >On Tue, 5 Sep 1995, Peter Trei wrote: > >> >> > Has anyone worked out the VCRPLUS code? >> > > > >> Code which implemented this partial crack was published on the net, >> and the VCR+ people got very upset about it - apparently they make > > I believe the code is in the cookbook archive at ftp.ee.ualberta.ca, >but when I just tried to confirm I got timeouts. > > Brian Among many other places, you can get this off my Web page, in: http://www.inference.com/~tunny/crypto/primer.html - Tunny ______________________________________________________________________ James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | <--finger for key 36 07 D9 33 3D 32 53 9C ====================================================================== From hallam at w3.org Tue Sep 5 15:23:36 1995 From: hallam at w3.org (hallam at w3.org) Date: Tue, 5 Sep 95 15:23:36 PDT Subject: SSLRef (SSLtelnet) In-Reply-To: <199509051940.VAA26244@utopia.hacktic.nl> Message-ID: <9509052222.AA31819@zorch.w3.org> >Is it possible that since this was only a "test" CA, that netscape used >less than a full-strength key? If it was only 512 bits or so, we could >try cracking it. Netscapes test cert is for a 1024 bit key Phill From jsimmons at goblin.punk.net Tue Sep 5 16:02:55 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Tue, 5 Sep 95 16:02:55 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: <199509052300.QAA21504@goblin.punk.net> > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > Windoze box or network will have to use it, or loose the market. > Black Unicorn wrote: > > It's here already. > It's called "lotus notes." > So what form of GAK or trap-door does lotus notes contain? -- Jeff Simmons jsimmons at goblin.punk.net From skaplin at mirage.skypoint.com Tue Sep 5 16:04:54 1995 From: skaplin at mirage.skypoint.com (Sam Kaplin) Date: Tue, 5 Sep 95 16:04:54 PDT Subject: Police and scientology visit XS4ALL Amsterdam Message-ID: From: XS4ALL Internet Postbus 22864 1100 DJ Amsterdam tel: +31 20 6222885 fax: +31 20 6222753 PRESS RELEASE ------------- Police and members of Scientology church enter offices of XS4ALL ================================================================ Amsterdam - thuesday september 5, 1995. Today at about 14:00, XS4ALL was visited by Mr. S. Braan, bailiff. He was acting on behalf of the Religious Technology Centre, better known as the Scientology Church, or Scientology for short. He was assisted by a local police officer and Mr. Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology in The Netherlands. Also present were two computer experts (Mr. Ootjes and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Scientology is filing for seizure of XS4ALL's computer equipment. Under dutch law, this means that a bailiff comes in to record your assets. In real-life, the computer-experts that were present have recorded the types and serial numbers of all the computers in our offices. They did not take any equipment, the continuity of XS4ALL's services is not in jeopardy. What is this all about? ----------------------- The Scientology Church claims that the XS4ALL anonymous remailer was used to disseminate documents over the Internet to which the church holds the legal copyright. This has led the church to ask the president of the district court of Amsterdam to grant permission for this seizure as a prelude to legal procedures concerning damages suffered by the church. The remailer in question has been disabled more than 2 months ago. During the visit of Scientology to XS4ALL this afternoon, the remailer was not the subject of any conversation. The organisation seemed totally preoccupied with the information about Scientology that one of our users has put on his home page. Part of this information is said to be a file to which Scientology holds the copyright. If we were to delete the file in question on the spot, they were willing to drop the seizure. Responsability of Internet Providers ------------------------------------ XS4ALL categorically denies any responsability for contents of users' homepages. The users decide for themselves what is on their homepage. Since XS4ALL does not edit the homepages and has no mechanism of control over the contents we strongly feel that the users themselves are responsible for what they say on their homepage. This whole affair demonstrates the need for clarity concerning the legal postion of Internet Providers. We are shocked that our offices can be invaded bij freshly flown-in U.S. cult members. If we as Internet providers are held responsible for what our users say, that will undoubtebly kill freedom of speech on the net. Scare-tactics ------------- XS4ALL is not alone in receiving this kind of attention from Scientology. Scientology, a semi-religious multinational, is at war with a number of people on the Internet. A non-organized group of people on the net has started to openly discuss the activities of the church. Until recently, the church has always managed to supress critical voices by means of sheer intimidation and by engaging in endless legal battle. One of the people that Scientology has a problem with is 'fonss', an XS4ALL user that publishes the F.A.C.T.-net Kit on his home page (http://www.xs4all.nl/~fonss). This kit (which can be found on numerous homepages all over the Internet) consists of a large number of documents that show the true face of Scientology. One of these documents is a piece to which Scientology supposedly holds the copyright and which has been added to the kit without the church's permission. Additional information can be found on the Internet: http://www.cybercom.net/~rnewman/scientology/home.html http://www.xs4all.nl/~fonss news:alt.religion.scientology news:alt.censorship news:alt.clearing.technology From hfinney at shell.portal.com Tue Sep 5 16:11:53 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Sep 95 16:11:53 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509052310.QAA10027@jobe.shell.portal.com> From: shamrock at netcom.com (Lucky Green) > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. This is not completely correct; there is a degree of anonymity in DigiCash's ecash. That is anonymity of how a person spends his money. Neither the bank nor the payor is in a position to learn who or where a particular piece of ecash comes from (assuming that anonymous communication means are used). This is not trivial anonymity. IMO the greatest privacy threat posed by credit cards is exactly this, the tracking of spending information and patterns. With credit card payments a great deal of information can be learned by the credit card company about what I do. With ecash almost no information is learned, only the raw amounts I spend. And if I occasionally make payments to myself even that is blurred. Ecash is not all that we might hope it could be but it is more than a myth that it allows untraceable transactions. Hal From unicorn at access.digex.net Tue Sep 5 16:13:55 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 16:13:55 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: <199509052300.QAA21504@goblin.punk.net> Message-ID: On Tue, 5 Sep 1995, Jeff Simmons wrote: > Date: Tue, 5 Sep 1995 16:00:38 -0700 (PDT) > From: Jeff Simmons > To: cypherpunks at toad.com > Subject: Re: NSA says Joe Sixpack won't buy crypto > > > > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > > Windoze box or network will have to use it, or loose the market. > > > Black Unicorn wrote: > > > > It's here already. > > It's called "lotus notes." > > > So what form of GAK or trap-door does lotus notes contain? No, it's just been so weak before the current implementation of RC4 (and note the export version still has 40 bits) that it might as well be nothing. > > -- > Jeff Simmons jsimmons at goblin.punk.net > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From anon-remailer at utopia.hacktic.nl Tue Sep 5 17:25:23 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Tue, 5 Sep 95 17:25:23 PDT Subject: Secure Device 1.4 QuestionSecure Device 1.4 Question Message-ID: <199509060025.CAA05098@utopia.hacktic.nl> I just installed Secure Device, v1.4 on a PC at work. After installing it, I looked at the encrypted volume and found the string "SECDEV " starting at the fourth byte of the file. I'd prefer that this file look like some temporary file that got left on the disk by a program that didn't clean up properly after itself, and not be identifiable as an encrypted volume. Is there a way to get Secure Device to not leave identifiable plaintext like that in the file? Will I do any harm to the file if I replace that string with blanks, or something more innocuous? If it's required to be there, then I'd like to put its removal on the "wish list" for the next version. (I copied the file, replaced the string "SECDEV" with blanks using a hex editor, and then mounted the copy as an encrypted volume, and it seems to be working OK, but I wanted to make sure this won't cause unforseen problems in the future.) As you've probably guessed, I'm not supposed to have any personal files on my work computer, and an entire encrypted volume would undoubtedly make someone go ballistic if they discovered it. When I want to use my encrypted file system, I reboot off of a floppy, and all Secure Device programs and drivers are kept on the floppy. The only thing that has to be left on the hard drive is the encrypted volume itself. Please post a copy of any replies to the Cypherpunks mailing list at "cypherpunks at toad.com". Thanks. From mfroomki at umiami.ir.miami.edu Tue Sep 5 17:27:53 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Tue, 5 Sep 95 17:27:53 PDT Subject: Emergency File Wipe Algorithim In-Reply-To: <9509052120.AA02633@ch1d157nwk> Message-ID: On Tue, 5 Sep 1995, Andrew Loewenstern wrote: [...]> > BTW, this is not a troll and I know that the possible constitutionality of > court-ordered disclosure of passphrases or key-material has been hashed over > many times in the past here, but have any cases with this particular > attribute gone through court yet? There were reports even years ago of AFAIK no reported cases. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From stevenw at iglou.com Tue Sep 5 18:16:49 1995 From: stevenw at iglou.com (Steven Weller) Date: Tue, 5 Sep 95 18:16:49 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: > Black Unicorn posted a very interesting info summary on the > subject of foreign state US$$ forgery. > >This is a story I heard, long ago, from a Brit, Mr Waterlow, >about something that happened to his grandfather, chairman >of the Waterlow bank: > >Early in this century Portugal didn't print it's own money but >contracted this job to the Waterlow Bank in England. Some >skilled conmen succeeded in making the bank beleive they were >representatives of the Portugeese National Bank. Then they >ordered a huge amount of new bills and got away (at least >for some time) with it. Tis all in a book: "The Man Who Stole Portugal". I picked it up for about $2 in a bookstore a few months ago. Very much worth a read. An incredibly audacious escapade. ------------------------------------------------------------------------- Steven Weller | "The Internet, of course, is more | than just a place to find pictures Windsor Consulting Group | of people having sex with dogs." stevenw at iglou.com | -- Time Magazine, 3 July 1995 From wilcoxb at nagina.cs.colorado.edu Tue Sep 5 18:32:19 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 5 Sep 95 18:32:19 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509060132.TAA04511@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Lucky Green wrote: > > This is unnecessary, since there is no "true" ecash. DigiCash's ecash in > its current form, the only version David Chaum is willing to licenese, is > fully traceable. Popular Cypherpunk's myths nonwithstanding. > > First, the recipient of funds is non-anonymous by design. Second, any payer > can trivialy make the recipient of a ecash note known by revealing the > blinding factor. For purposed of lawenforcement, DigiCash's ecash in no > more secure than if the (insert horseman here) billed his fees to a credit > card. I'm sorry-- what do you mean by "the recipient of funds is non-anonymous"? I cannot envision any centralized currency system in which a user's funds were *not* known to the bank! Secondly, there is a tremendous difference between a person being able to identify you as the recipient of their money (which they can pretty much do anyway, with less surety, just by saying "That's him! He's the one I gave it to!") and a third party such as the bank or a government being able to monitor all your transactions. For such an organization to perform that feat on a DigiCash user they would need the cooperation of all of the people with whom he exchanges currency, and if they have that, then cryptography seems irrelevant. :-) I hope I'm not missing anything here. Regards, Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBMEz5/vWZSllhfG25AQEVsAQAo27grJhSgGV6iO2vIMILiBiib33/Z/73 Fzj5jgGVgqnlJ73UjHrInSas0p7wdKUf+PeLEtSc4xkMnOPvr3gsT34YAOvO6rcR DsKwE7mnxK6hmxZl2UkUJ/dhZql5wbT2im27/RC+N2wgaGbahedpJfdjj+QPP06h uEPTjvT7Yco= =hDCy -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 18:55:45 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:55:45 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060153.VAA14379@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509052310.QAA10027 at jobe.shell.portal.com>, hfinney at shell.portal.com (Hal) wrote: >This is not completely correct; there is a degree of anonymity in >DigiCash's ecash. That is anonymity of how a person spends his money. >Neither the bank nor the payor is in a position to learn who or where a >particular piece of ecash comes from (assuming that anonymous >communication means are used). So it is harder to compile dosiers on people. Big deal. The recipient can still determine who gets the goods paied for by the "anonymous" ecash by conventional means (hint: shipping address), so the payee anonymity is of little value as far as protecting the privacy of the payer (most likely the recipient of the goods) is concerened. Ecash of course is of *no* value for the various assasination markets, drug dealing, money laundring, etc that routinely get mentioned in the same paragraph as Ecash. The reason is the *full traceability* of the payee that has been deliberately built into the current version of Ecash. A "feature" that you may rest assured will be part of all future versions backed by anyone with even marginal reputation in the financial markets. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMEz/CyoZzwIn1bdtAQErdwGA3TrIYF5+O1EOQ+qdCyZRo8ePJnxmAAAl EeES8xBtWDBFwqUXTFRbj1hqLv9kwQ6K =7w8Q -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 18:57:30 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:57:30 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: At 23:09 9/5/95, announce wrote: [...] > Police and members of Scientology church enter offices of XS4ALL > ================================================================ I am wondering about the legalities of booby trapped computer equipment. Would it be legal if a clear warning to the fact was posted on the hardware? Interesting side note: a few months ago, several hundred 5 gallon containers of insecticide were stolen from the lot of an agricultural supply dealer here in California. The incident made a small note in the SF Chronicle. It was mentioned that the FBI is taking part in the investigation. What wasn't mentioned was that this insecticide is an ideal precursor to various forms of neuro toxins, namely Tabun and Soman, two types of nerve gas so vicious and toxic that even Hitler refused to approve their use. I predict that eventful times are just around the corner. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 18:57:33 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:57:33 PDT Subject: Emergency File Wipe Algorithim Message-ID: At 15:47 9/5/95, Sameer R Manek wrote: >> May I also point out that the rules of economics do not apply to the >> federal government, since it insitsts - quite successfully - on having a >> monopoly on using lethal force to extract arbitrarily large amounts from >> hundreds of millions of working Americans? > >How do you figure the above? You only get to go to jail if you don't >pay taxes...then you can't pick up the soap. If aren't willing to pay your taxes, which by the way are nothing but forced labor for a large part of the year, it is unlikely that you are willing to spend the same or more forced time maufactoring license plates. If your resist that kidnapping and introduction into a slave labor camp that follows a "conviction" for not paying your taxes you will be forced to comply. If you then resist that force you will be killed. Chisel it in granite: the ultimate threat by which any government compels compliance is _always_ lethal force. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 18:58:05 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 18:58:05 PDT Subject: Another Son of Clipper discussion paper Message-ID: At 16:36 9/5/95, Mike McNally wrote: >If the algorithm is public (and to stretch a point, if the executable >makes it onto somebody's hard disk, it's effectively public), I don't >really understand how the above can be made a realistic goal. Windows 95 is on a lot of people's hard drives. It is therefore public and available for every one's inspection. How many people do you know that have reverse engineered Windows 95. How many of those use a reverse engineered version. I'd venture it is zero out of zero. -- Lucky Green PGP encrypted mail preferred. From Tweetpunk at aol.com Tue Sep 5 19:14:05 1995 From: Tweetpunk at aol.com (Tweetpunk at aol.com) Date: Tue, 5 Sep 95 19:14:05 PDT Subject: Key Certification by US Post Office Message-ID: <950905221353_11856933@mail02.mail.aol.com> Copious apologies if this is old news, but I just got a chance to read some mags from the last few weeks: An article in *The Economist* (August 5th-11th 1995 p56) reports that the United States Postal Service has plans to offer *electronic certificates of identity encoded to prevent forgery* It goes on to say that they are working with the usual suspects (Microsoft and Lotus/IBM) to get appropriate software included in their products. Future services include timestamping, multimedia kiosks in post office lobbies and e-mail print out and delivery services (for the connectivity challenged). I guess this puts a new twist on saying that PGP is an envelope for your e-mail. ------- Greg Anders tweetpunk at aol.com To have loved and lost liked Patsy Cline, it is better to have never loved at all. From pfarrell at netcom.com Tue Sep 5 19:33:24 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 5 Sep 95 19:33:24 PDT Subject: NSA says Joe Sixpack won't buy crypto Message-ID: <80607.pfarrell@netcom.com> Black Unicorn writes: > On Tue, 5 Sep 1995, Jeff Simmons wrote: >> So what form of GAK or trap-doorodoes lotus notes contain? > No, it's just been so weak before the current implementation of RC4 (and > note the export version still has 40 bits) that it might as well be > nothing. Uni is right. Notes used RSA, which starts out fine. but it has nothing like PGP's passphrase to protect the private key. You can simply copy the "username.ID" file, and you can sign and encrypt messages with "username"'s nym. Of course, Corporate america loves Notes, which is why IBM bought it. Weak encryption for weak minds. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From tcmay at got.net Tue Sep 5 20:17:51 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 20:17:51 PDT Subject: Lotus Notes vs. the Web and the Net Message-ID: At 2:23 AM 9/6/95, Pat Farrell wrote: >Of course, Corporate america loves Notes, which is why IBM bought it. > >Weak encryption for weak minds. It may also signal that Lotus Notes has peaked, as IBM has a knack for "buying at the top." Interestingly, the current issue of "Wired" (morphed Aryanized OJ) says that Lotus Notes is tired, and Web-based groupware is wired. On this one I agree...and I've said this here on this list. Local groups, such as university departments, corporate departments, even entire corporations, can use the Web/Net in ways similar to what Lotus Notes provides (using their own LANs, or even the Internet, with suitable security steps). Granted, Lotus Notes currently has more stuff oriented towards groupware (from what I've been reading for several years, as I'm not a user), but I'd expect a huge amount of work on Netscape and similar browsers, and other Net systems, will make the Web/Net a more common groupware platform. I don't know this is so, but this is where I'd bet money. No way would I pay $3 billion for Lotus Notes! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Tue Sep 5 20:38:15 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 20:38:15 PDT Subject: Are booby-trapped computers legal? Message-ID: (I've changed the name of this thread.) At 2:30 AM 9/6/95, Lucky Green wrote: >I am wondering about the legalities of booby trapped computer equipment. >Would it be legal if a clear warning to the fact was posted on the >hardware? There are two types of "booby traps" to consider: * Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if and when a burglar enters. Or an electrified region of a room is set to "get energized" when an intruder enters. These are "surprises" and are canonical booby traps. These have been found to be illegal in several court cases. (I'm not a lawyer, but I've been reading about them for 20 years. Famous cases where a burglar sued, and won, because he was injured when breaking into a house.) * Type 2 Booby Trap: electrified perimeter fences. So long as these are adequately marked ("If you touch this fence, you will probably die"), and are not public nuisances where children and pets will inadvertently validate Darwin's theory, these are--I think--legal. There may be license fees required, to build an electrified fence, but I think it is possible to build a lethal voltage electrified fence on one's property. Thus, I suspect it is fully legal to build an electrified fence around one's PC, providing suitable warnings are included. I would not call the second type a real booby trap, though some courts might, depending. A properly labelled electrified fence seems legal, on one's own property, but may not be. And certainly I think any explosive-rigged system is illegal, for explosives reasons if not for booby trap reasons. I know of no case law on this, and suspect that if an FBI agent were to be electrocuted or blown up upon trying to open/use/disconnect the PC, even with clear warnings, that a prosecution would happen. Results are unclear (to me). (I think that if an FBI agent were to be electrocuted while climbing on a clearly labelled electrified fence, no prosecution would result.) Of course, if a PC were to be clearly labelled as being rigged, then steps could presumably be taken to defuse the arrangement. >Interesting side note: a few months ago, several hundred 5 gallon >containers of insecticide were stolen from the lot of an agricultural >supply dealer here in California. The incident made a small note in the SF >Chronicle. It was mentioned that the FBI is taking part in the >investigation. > >What wasn't mentioned was that this insecticide is an ideal precursor to >various forms of neuro toxins, namely Tabun and Soman, two types of nerve >gas so vicious and toxic that even Hitler refused to approve their use. I >predict that eventful times are just around the corner. As Lucky knows, I live out in the country. I agree that some "muckers" (R.I.P. John Brunner) are likely to mount assaults on urban centers. Bad news for some. But then the good news is that the threat of nuclear annihilation has all but gone away completely, and that cancels out an awful lot of the minor bad news items the scribblers keep telling us are so awful. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Tue Sep 5 20:47:45 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 20:47:45 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 19:32 9/5/95, Bryce Wilcox wrote: >I hope I'm not missing anything here. Only that Ecash has no benefits for transactions that are of an illegal nature. The meaning of "illegal" is of course increasing as new laws are passed every session of the legislature. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 20:48:03 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 20:48:03 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: With every session of Congress, previously legal acts become illegal. Has anyone worked out a function of this growth (number of crimes in the books vs. time)? I am not looking at the numbers of laws passed, but at individual acts that are defined to be illegal. If this has been studied, what is the formula? If anyone with access to more appropriate lists could please give me a pointer/forward the post there, I'd be grateful. TIA, -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Tue Sep 5 20:57:27 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 20:57:27 PDT Subject: Growth of actions definded as crime. Which math formula? In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 20:50:44 -0800 > From: Lucky Green > To: cypherpunks at toad.com > Subject: Growth of actions definded as crime. Which math formula? > > With every session of Congress, previously legal acts become illegal. Has > anyone worked out a function of this growth (number of crimes in the books > vs. time)? I am not looking at the numbers of laws passed, but at > individual acts that are defined to be illegal. If this has been studied, > what is the formula? If anyone with access to more appropriate lists could > please give me a pointer/forward the post there, I'd be grateful. > > TIA, > > -- Lucky Green > PGP encrypted mail preferred. Really it's hard to answer this because what constitutes a "NEW" act is a real question in and of itself. For example, wire fraud. Is it a "NEW" crime? Or just a subset of fraud, or mail fraud? Carjacking... is that a new offense? Or just a solidification and increase of punishment for armed robbery unauthorized use of a motor vehicle, possession of stolen property, and grand theft auto? Check forgery now has it's own offense, but is this distinct from forgery? Most "new offensives" are simply re-classifications of old offenses or efforts to move them into the federal arena. I think the conception that entirely new acts are often made illegal (excepting burning the flag or some such) is an erronious one. --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From alt at iquest.net Tue Sep 5 21:12:02 1995 From: alt at iquest.net (Al Thompson) Date: Tue, 5 Sep 95 21:12:02 PDT Subject: SUMMARY: Not-so-volatile volatile memory Message-ID: At 11:54 AM 9/5/95 +0200, Anonymous wrote: > >Is this a new discovery? When I used to work with DOD classified >data, not so long ago, disk drives had to be declassified using an >approved program, such as Norton Utilities' "WIPEINFO". (That was >approved up through the SECRET/SAR level, anyway. I don't know >about TS/SCI/SI.) But those same regulations said that RAM was >considered declassified within a certain time (30 seconds, I think) >after power was removed. (That time figure was UNclassified, BTW.) >I think it was just to allow time for the voltage to bleed off of >the power supply's filter capacitors, and not related to the >relative volatility of DRAM. I worked at a DoD contractor for a while, and there was a DoD-approved method of disposing of hard drives, which was expensive, laborious, and rather silly. We just had two witnesses watch as we smashed it to smithereens (technical term) with a sledge hammer, and then handed the parts over to an approved disposal person (trash man). It's JUST that easy. From futplex at pseudonym.com Tue Sep 5 21:13:12 1995 From: futplex at pseudonym.com (Futplex) Date: Tue, 5 Sep 95 21:13:12 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: <199509060153.VAA14379@book.hks.net> Message-ID: <9509060413.AA00437@cs.umass.edu> Lucky Green writes: > The recipient can > still determine who gets the goods paied for by the "anonymous" ecash by > conventional means (hint: shipping address), ...unless the goods are data. -Futplex mailto:futplex at pseudonym.com From ravage at einstein.ssz.com Tue Sep 5 21:14:42 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 5 Sep 95 21:14:42 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: <199509060419.XAA04296@einstein.ssz.com> > > There are two types of "booby traps" to consider: > > * Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if and > when a burglar enters. Or an electrified region of a room is set to "get > energized" when an intruder enters. These are "surprises" and are canonical > booby traps. > > These have been found to be illegal in several court cases. (I'm not a > lawyer, but I've been reading about them for 20 years. Famous cases where a > burglar sued, and won, because he was injured when breaking into a house.) > These are completely illegal in Texas and Florida for shure. To make such devices legal the state legal system has to equate property value to parity with life. See below for further comment on this. > * Type 2 Booby Trap: electrified perimeter fences. So long as these are > adequately marked ("If you touch this fence, you will probably die"), and > are not public nuisances where children and pets will inadvertently > validate Darwin's theory, these are--I think--legal. There may be license > fees required, to build an electrified fence, but I think it is possible to > build a lethal voltage electrified fence on one's property. > > Thus, I suspect it is fully legal to build an electrified fence around > one's PC, providing suitable warnings are included. > As far as I know the owner of property has no legal right to kill a person either traspassing or stealing it in any of the 50 states. There was a recent federal ruling that basicly says that if you meet a burglar in your home at nite you can not kill or otherwise harm them unless you're life is directly threatened. In short, you MUST give up the ground if at all possible. Federal and all 50 states (as far as I have been able to determine) rule human life to have a inherantly higher value than property of any type (this does not apply to government institutions). In Texas and all other cattle states that I am aware of, there are specific laws that limit how much voltage and current capacity an electrified fence can have. These laws specificaly prohibit any form of lethal installation. There is no license required nor do you have to mark the fences as electrified. To address the issue of premeditation in regards to this sort of system, does attempted murder ring any bells? If the officer(s) have warrents (and it is not up to the accussed to decide that issue at any time) and you refuse to assist them you are guilty of a crime (justifiably so). > I would not call the second type a real booby trap, though some courts > might, depending. A properly labelled electrified fence seems legal, on > one's own property, but may not be. And certainly I think any > explosive-rigged system is illegal, for explosives reasons if not for booby > trap reasons. > I don't know what you call it but if nothing else it is ethicaly and moraly reprehinsible. > I know of no case law on this, and suspect that if an FBI agent were to be > electrocuted or blown up upon trying to open/use/disconnect the PC, even > with clear warnings, that a prosecution would happen. Results are unclear > (to me). > > (I think that if an FBI agent were to be electrocuted while climbing on a > clearly labelled electrified fence, no prosecution would result.) > Of course not, the FBI as SOP turn the electricity, water, etc. off prior to assaults. In either case the person responsible for the electrification would find themselves in court facing some nasty charges. The law does not recognize the awareness of the victim in these types of cases. It in general falls to the owner/operator to inshure safe operating conditions. In the case off electrification this would mean current limiting on the power supply such that no permanent damage would result to the hapless. From frissell at panix.com Tue Sep 5 21:29:06 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 5 Sep 95 21:29:06 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > I am wondering about the legalities of booby trapped computer equipment. > Would it be legal if a clear warning to the fact was posted on the > hardware? Generally not. If you can kill the cops anyway (legally, I mean) you might get away with it but remember, Kunstler is dead now so getting a good defense might be tough. DCF From tcmay at got.net Tue Sep 5 21:31:51 1995 From: tcmay at got.net (Timothy C. May) Date: Tue, 5 Sep 95 21:31:51 PDT Subject: Are booby-trapped computers legal? Message-ID: At 4:19 AM 9/6/95, Jim Choate wrote: >> Thus, I suspect it is fully legal to build an electrified fence around >> one's PC, providing suitable warnings are included. >> > >As far as I know the owner of property has no legal right to kill a person >either traspassing or stealing it in any of the 50 states. There was a >recent federal ruling that basicly says that if you meet a burglar in your >home at nite you can not kill or otherwise harm them unless you're life is >directly threatened. In short, you MUST give up the ground if at all >possible. Federal and all 50 states (as far as I have been able to >determine) rule human life to have a inherantly higher value than property >of any type (this does not apply to government institutions). Well, I wasn't saying one had a legal right to kill a person either trespassing or stealing, I was saying that electrified fences carrying lethal voltages are extant. How they got that way, and what licenses are involved, is unknown to me. But they do exist. >In Texas and all other cattle states that I am aware of, there are specific >laws that limit how much voltage and current capacity an electrified fence >can have. These laws specificaly prohibit any form of lethal installation. >There is no license required nor do you have to mark the fences as electrified. Cattle fences are not what I was talking about. I have an electrified fence on one side of my property, to keep the deer away. Lethal voltage fences, to keep humans out, are another matter. .... >I don't know what you call it but if nothing else it is ethicaly and moraly >reprehinsible. Different strokes for different folks. Anyone entering my house unannounced faces lethal response. I think of it as evolution in action, and doubt I would lose any sleep over this. It has nothing to do with equating human life over property, it has to do with defending one's property and (maybe) one's life. Here in California, it is becoming more and more common for "home invasions" to be followed by execution of all of the witnesses. (Read "The San Jose Mercury News" for accounts of gang invasions in which all the residents in a home are lined up and shot, excecution-style.) I won't get into a discussion of which states permit lethal force responses, as this is a topic which even I think belongs in talk.politics.guns or similar fora. Suffice it to say that most states allow lethal response under threatening circumstances. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Tue Sep 5 21:33:34 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 5 Sep 95 21:33:34 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060432.VAA05003@jobe.shell.portal.com> From: shamrock at netcom.com (Lucky Green) > So it is harder to compile dosiers on people. Big deal. The recipient can > still determine who gets the goods paied for by the "anonymous" ecash by > conventional means (hint: shipping address), so the payee anonymity is of > little value as far as protecting the privacy of the payer (most likely > the recipient of the goods) is concerened. This would be true for physical goods in any payment system, no matter how anonymous, unless physical remailers are used (and they have their limitations). However software (including music, video, etc.) would be easier to deliver anonymously. It is generally agreed that more of our economy is moving towards information exchanges and so ecash-like systems can play an increasingly larger part in protecting privacy. To me, this is indeed a big deal. Even for physical goods, the use of ecash is better than credit cards because the information about purchases is distributed rather than centralized. Every time I look at my credit card bill I feel dismayed at what the company is finding out about my family. Ecash could also be used as a cash replacement in smartcards. Consider as an alternative a fully traceable payment system, where you use your debit card at the supermarket, the bus station, the snack bar, the drug store. I suspect that if we don't get something like ecash then this system will be the alternative. It opens up possibilities for dossiers that will fulfill Big Brother's dreams. Virtually every move of every citizen will be recorded in just a few centralized places. IMO the protection of payor privacy that even Chaum's limited ecash provides is very important. > Ecash of course is of *no* value for the various assasination markets, > drug dealing, money laundring, etc that routinely get mentioned in the > same paragraph as Ecash. The reason is the *full traceability* of the > payee that has been deliberately built into the current version of Ecash. > A "feature" that you may rest assured will be part of all future versions > backed by anyone with even marginal reputation in the financial markets. Well, I have never fully accepted the notion that crypto was going to usher in an age of anarchy. As long as we deal with physical goods in the physical world it seems to me that anonymity will be difficult. On the net it is easier but man does not live by bits alone. For me, protecting privacy is a difficult enough problem. Transforming the world into a libertarian/anarchist utopia is somebody else's job. Hal P.S. Without seeing the technical specs it is hard to describe in detail, but generally Chaumian ecash allows fully anonymous coerced transfers. The payee/coercer supplies the blinded coins and forces the payor to use them to make withdrawals from his account. The resulting signed tokens are passed to the coercer who unblinds them and now has fully anonymous, untraceable cash tokens which he can spend. From wilcoxb at nagina.cs.colorado.edu Tue Sep 5 21:42:46 1995 From: wilcoxb at nagina.cs.colorado.edu (Bryce Wilcox) Date: Tue, 5 Sep 95 21:42:46 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509060442.WAA08575@nagina.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- I, Bryce Wilcox wrote: > > >I hope I'm not missing anything here. shamrock at netcom.com (Lucky Green) wrote: > > Only that Ecash has no benefits for transactions that are of an illegal > nature. The meaning of "illegal" is of course increasing as new laws are > passed every session of the legislature. Chaum says that (especially when speaking before U.S. Congress) but I think he is playing both sides of the fence. He is a die-hard privacy advocate who allegedly turns down lucrative business deals because he feels they would dilute his privacy achievements. The truth is that Chaumian DigiCash is a *lot* safer for criminals than, say, credit cards, and when it is combined with the other tools in a money launderer's toolbox, I expect it will be a great boon to them. Suppose you have acquired a million dollars worth of legal, above-board DigiCash dollars and you want to surreptitiously transfer this wealth to a below-board friend. Your friend creates a temporary anonymous account at an understanding bank. You just use a lot of small denominations to squirt the dollars to your friend's account. Then he squirts them to his real accounts and destroys the blinding factors that the temporary anon account used. Now without active physical surveillance, nobody other than yourself and your friend will ever know where the money went, and you can't prove that you gave it to him, either... I hope no bloodthirsty mob bosses or statist legislators are reading this... Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME0mG/WZSllhfG25AQES6AP9H6wluOOoUKpN92hiVSrwrig4dKoRbPJt d7ROsrQUyx5OXBZXRxyrQvY3z/Qd4ytHXpoKAfpizGwAClqFubZ/OcRxTyiAudgG 0mA+dd9nHYPswAyVFmLk9rqkv3AIO3Ikq8uunh4KkUx72rmZf62G8+N4nkR7TKZP /E+1PDmuPzI= =wvSK -----END PGP SIGNATURE----- From an253398 at anon.penet.fi Tue Sep 5 22:07:21 1995 From: an253398 at anon.penet.fi (Mole Rat) Date: Tue, 5 Sep 95 22:07:21 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <9509060434.AA09596@anon.penet.fi> announce at xs4all.nl writes: [ snip ] > Police and members of Scientology church enter offices of XS4ALL > ================================================================ > > Amsterdam - thuesday september 5, 1995. > > Today at about 14:00, XS4ALL was visited by Mr. S. Braan, > bailiff. He was acting on behalf of the Religious > Technology Centre, better known as the Scientology Church, or > Scientology for short. He was assisted by a local police officer and Mr. > Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology > in The Netherlands. Also present were two computer experts (Mr. Ootjes > and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and > two American employees of Scientology, Mr. Weightman and Ms. Jenssen. [ snip ] This is the second or third time I've seen descriptions of such raids where cult (no, I'm not trying to be diplomatic) representatives were present and participating. Is this legal in Amsterdam? How about in the U.S.? Britain? If a police officer has a warrant then I really don't have much choice about letting him in. Am I also under an obligation to allow the people who filed for the warrant into my home or business? Thanks, Mole Rat ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From sandfort at crl.com Tue Sep 5 22:34:46 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 5 Sep 95 22:34:46 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 5 Sep 1995, Jim Choate wrote: > . . . federal ruling that basicly says that if you meet a burglar in your > home at nite you can not kill or otherwise harm them unless you're life is > directly threatened. In short, you MUST give up the ground if at all > possible. . . . Citation please. Killing is usually a state matter. I doubt there was any such federal ruling. In California, there is a legal presumption that anyone who illegally enters an occupied dwelling, at night, is a threat to life or great bodily harm. You may, therefore, use deadly force without further evidence. (This means you can shoot 'em in the back if you want.) Now back to the booby-trapped computer thread: I think it would be better to have your booby-trap kill your data, not the nice men in the nomex ski masks. While those folks might take a dim view of the former, they would most certainly would take extreme umbridge at the latter. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Tue Sep 5 22:57:11 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:11 PDT Subject: Non-Delivery Notification Message-ID: What is this shit? Got about ten today. --- begin forwarded text From: sysop at dkmail.dkeep.com To: shamrock at netcom.com Subject: Non-Delivery Notification Organization: Dragon Keep (904) 375-3500 Date: Wed, 06 Sep 95 00:05:41 EST NON-DELIVERY NOTICE ------------------- The message you sent on: Unknown to -unknown was undeliverable. ========================= !!! Automated Notice !!! ======================= E-mail replies to this user should have the following on the first line of message text: TO: -unknown ========================================================================== --- end forwarded text -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 22:57:13 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:13 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 23:56 9/5/95, Black Unicorn wrote: rypted mail preferred. > >Really it's hard to answer this because what constitutes a "NEW" act is a >real question in and of itself. > >For example, wire fraud. Is it a "NEW" crime? Or just a subset of >fraud, or mail fraud? If they guy would have gotten away before the new law was passed, it is a new crime. That's the stats I am looking for. -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 22:57:17 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 22:57:17 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: At 22:42 9/5/95, Bryce Wilcox wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >I, Bryce Wilcox wrote: >> >> >I hope I'm not missing anything here. > > >shamrock at netcom.com (Lucky Green) wrote: >> >> Only that Ecash has no benefits for transactions that are of an illegal >> nature. The meaning of "illegal" is of course increasing as new laws are >> passed every session of the legislature. > > >Chaum says that (especially when speaking before U.S. Congress) but I think >he is playing both sides of the fence. He is a die-hard privacy advocate who >allegedly turns down lucrative business deals because he feels they would >dilute his privacy achievements. The truth is that Chaumian DigiCash is a >*lot* safer for criminals than, say, credit cards, and when it is combined >with the other tools in a money launderer's toolbox, I expect it will be a >great boon to them. Chaum is a privacy advocate when it comes to companies compiling dosiers on you. When it comes to criminal use, my conversations with Chaum, his public comments, and last not least the current implementation of his software suggest otherwise. > >Suppose you have acquired a million dollars worth of legal, above-board >DigiCash dollars and you want to surreptitiously transfer this wealth to a >below-board friend. Your friend creates a temporary anonymous account at an >understanding bank. Y Won't work. Ecash, except as used for frequent flyer like points, will exist in only *one* world wide e$ currency, issued by a single entity composed of various major banks and subject to US laws. Getting Ecash accounts will therefore be subject to the same legal requirenments that apply to normal US checking accounts. >Now without active physical surveillance, nobody other than yourself and your >friend will ever know where the money went, and you can't prove that you gave >it to him, either... You or a sting operation can always reveal the recipient by publishing the blinding factor. Besides, your Ecash client keeps a log of the payees. -- Lucky Green PGP encrypted mail preferred. From unicorn at access.digex.net Tue Sep 5 22:58:40 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 22:58:40 PDT Subject: Are booby-trapped... [Detailed treatment] In-Reply-To: Message-ID: >From tcmay at got.netWed Sep 6 00:30:39 1995 Date: Tue, 5 Sep 1995 20:49:25 -0700 From: "Timothy C. May" To: cypherpunks at toad.com Subject: Are booby-trapped computers legal? (I've changed the name of this thread.) At 2:30 AM 9/6/95, Lucky Green wrote: >>I am wondering about the legalities of booby trapped computer equipment. >>Would it be legal if a clear warning to the fact was posted on the >>hardware? >There are two types of "booby traps" to consider: >* Type 1 Booby Trap: a shotgun is placed inside a home, set to fire if >and when a burglar enters. Or an electrified region of a room is set to >"get energized" when an intruder enters. These are "surprises" and are >canonical booby traps. >These have been found to be illegal in several court cases. (I'm not a >lawyer, but I've been reading about them for 20 years. Famous cases >where a burglar sued, and won, because he was injured when breaking >into a house.) Katko v. Briney, 183 N.W.2d 657 (Iowa 1971). The defendants owned an old, boarded-up house, located several miles from their home, in which they stored various old bottles, fruit jars and the like, which they considered to be antiques. Several times during the previous several years the windows in the house had been broken and the entire place "messed up." The defendants first posted "no tresspass" signs to keep off intruders, but the break-ins continued. Shortly before the injury to the plaintiff, the defendants placed a "shotgun trap" in one of the bedrooms. The gun was first positioned so as to hit an intruder in the stomach, but Mr. Briney, at his wife's insistance, lowered it to hit at the legs. He said that he set the gun "because I was mad and tired of being tormented," but insisted that "he did not intend to injure anyone." The plaintiff was shot in the legs and permantly injured when he entered the defendant's bedroom shortly after the gun was set. He had been to the place several times before, and had intended upon this occasion to steal some of the defendant's possessions. The plaintiff pleaded guilty to a charge of larceny and paid a fine of $50. He also sued the defendant for personal injuries and was awarded $20,000 in actual damages and $10,000 in punitive damages. [Jury instruction #6 was one of the items at issue in the appeal to the Iowa Supreme court] Instruction 6 stated: "An owner of a premises is prohibited from willfully or intentionally injuring a tresspasser by means of force that either takes life or inflicts great bodily injury and therefore a person owning a premise is prohibited from setting out "spring guns" and like dangerous devices which will likely take life or inflict great bodily injury, for the purpose of harming tresspassers. The fact that the tresspasser may be acting in violation of the law does not change the rule. The only time when such conduct of setting a "spring gun" or a like dangerous device is justified would be when the tresspasser was committing a felony of violence or a felony punishable by death, or where the trespasser was endangering human life by his act." [Upheld on appeal] Note that the case caused a literal riot in Iowa. Checks poured in to the Briney's (the boobytrappers) from everywhere (by one account, even from prisons). They raised over $10,000 this way. Briney was heard to comment: "They used booby traps in Viet Nam didn't they?" Asked if he would do it again: "There's one thing I'd do different, though, I'd have aimed that gun a few feet higher." Reference is given to a front page story in the Chicago Trib. of April 25, 1975. See also, Allison v. Fiscus, 156 Ohio St. 120, 100 N.E.2d 237 (1951). [Plaintiff could collect damages when he was injured by a booby trap consisting of two sticks of dynamite even though he was feloniously breaking into defendant's warehouse with intent to steal.] Some states allow a criminal liability, even of homocide, to landowners installing booby traps. The basic rule today in most states resembles the restatement position: Section 85. Use of Mechanical Device Threatening Death or Serious Bodily Injury. The actor is so far privileged to use such a device intended or likely to cause serious bodily harm or death for the purpose of protecting his land or chattels from intrusion that he is not liable for the serious bodily harm or death thereby caused to an intruder whose intrusion is, in fact, such that the actor, were he present, would be privileged to prevent or terminate it by the intentional infliction of such harm. Some states have deviated from Section 85, however, California included. People v. Caballos, 12 Cal. 470, 526 P.2d 241, 116 Cal. Rptr. 233 (1974). "It seems clear that the use of such [mechanical] devices should not be encouraged. Moreover, whatever may be thought in torts, the [Restatement] rule setting forth an exception to liability for death or injuries inflicted by such devices 'is inappropriate in penal law for it is obvious that it does not prescribe a workable standard of conduct; liability depend on fortuitous results.' (i.e. what the trespasser was doing in there in the first place) What constitutes reasonable force is generally a question for the jury. Some exceptions exist. When the invasion is peaceful, and in the presence of the possessor, the use of any force at all will be unreasonable unless a request has been made to depart. Chapell v. Schmidt, 38 P. 892 (1894) (Defendant caned elderly person who was picking flowers); A request need not be made however when conduct of the intruder would indicate to a reasonable person that it would be useless or that it could not safely be made in time. See Higgins v. Minagham, 47 N.W. 941 (1891). >* Type 2 Booby Trap: electrified perimeter fences. So long as these are >adequately marked ("If you touch this fence, you will probably die"), >and are not public nuisances where children and pets will inadvertently >validate Darwin's theory, these are--I think--legal. There may be >license fees required, to build an electrified fence, but I think it is >possible to build a lethal voltage electrified fence on one's property. While clear notice of the danger of deadly force is a partial defense to criminal and civil liability in some states, (Starkey v. Dameron, 21 P.2s 1112 (1933) [Colorado] State v. Marfaudille, 92 P. 939 (1907) [Washington State]) and implicit or constructive notice in others (Quigley v. Clough, 53 N.E. 884 (1899) (Presence of barbed wire may constitute notice of deadly or injurious force)), some prohibit it outright, notice or not (State v. Plumlee, 149 So. 425 (1933) [La.] An obnoxiously exhaustive treatement of the entire subject can be found in Bohlen and Burns, The privilege to Protect Property by Dangerous Barriers and Mechanical Devices, 35 Yale L.J. 535 (1926); or for a more interesting treatement (IMHO) Hart, Injuries to Trespassers, 47 Law Q.Rev. 92 (1931). >Thus, I suspect it is fully legal to build an electrified fence around >one's PC, providing suitable warnings are included. Varies by state. If your intent is to prevent ACCESS to the computer, as opposed to THEFT, I cannot see how electrocution could be considered "reasonable force" to prevent it, given the host of other methods to prevent access without harm to the trespasser. >I would not call the second type a real booby trap, though some courts >might, depending. A properly labelled electrified fence seems legal, on >one's own property, but may not be. I don't know that CRIMINAL liability will insue in those states that exempt defenses with warnings, but certainly civil liability might. Never know what a jury will do. >And certainly I think any explosive-rigged system is illegal, for >explosives reasons if not for booby trap reasons. Again, reasonable force will be a question for the jury. Explosives are a bit dramatic for a jury to swollow as "reasonable." Explosives charges will likely be in counts 4&5. >I know of no case law on this, and suspect that if an FBI agent were to >be electrocuted or blown up upon trying to open/use/disconnect the PC, >even with clear warnings, that a prosecution would happen. Results are >unclear (to me). >(I think that if an FBI agent were to be electrocuted while climbing on >a clearly labelled electrified fence, no prosecution would result.) >Of course, if a PC were to be clearly labelled as being rigged, then >steps could presumably be taken to defuse the arrangement. Ominously, the possessor is responsible for determining the 'trespasser's' right to enter the property. In other words, if a officer with legal rights to enter the property was injured or killed by a booby trap (warnings or not) liability would almost without question insue. The only defined defense available would be the officer's contributatory negligence (ignoring the sign- etc.). My guess is that FBI enters, sees the PC, calls bomb squad, a member of bomb squad is injured by explosive or electrocution or whatever, liability insues, warning or not. At this point warning is not an issue as the possessor would not have the right to repell legally entitled officers were he present and thus cannot repell them while absent. I've completely ignored the use of other deadly force in home invasion cases. Mr. Sandfort was pretty close to right on there for Cali. >--Tim May >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero --- 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From chen at intuit.com Tue Sep 5 22:59:41 1995 From: chen at intuit.com (Mark Chen) Date: Tue, 5 Sep 95 22:59:41 PDT Subject: Crypto '95 In-Reply-To: <199509021859.OAA02093@bwh.harvard.edu> Message-ID: <9509060553.AA08998@doom.intuit.com> > The best talks were probably by Ross Anderson (Robustness > Principles for Public Key Protocols) and Adi Shamir (Myths and > Realities of Cryptography). One interesting aspect of Anderson's result is that it decisively breaks X.509 (he shows how to forge signatures in encrypt-before-signing protocols by computing a discrete log over the RSA modulus). I strongly recommend the paper. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From unicorn at access.digex.net Tue Sep 5 23:01:11 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 5 Sep 95 23:01:11 PDT Subject: Growth of actions definded as crime. Which math formula? In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Lucky Green wrote: > Date: Tue, 5 Sep 1995 23:01:01 -0800 > From: Lucky Green > To: Black Unicorn > Cc: cypherpunks at toad.com > Subject: Re: Growth of actions definded as crime. Which math formula? > > At 23:56 9/5/95, Black Unicorn wrote: > rypted mail preferred. > > > >Really it's hard to answer this because what constitutes a "NEW" act is a > >real question in and of itself. > > > >For example, wire fraud. Is it a "NEW" crime? Or just a subset of > >fraud, or mail fraud? > > If they guy would have gotten away before the new law was passed, it is a > new crime. This is very rare. It's mostly in definitional cases, for example, where Extacy was just not defined as a controlled substance some years ago. Created crimes are few and far between. There's a lot of jurisprudence. Criminals are creative, but there are only so many things that can't be covered by "Fraud." > > That's the stats I am looking for. > > -- Lucky Green > PGP encrypted mail preferred. > > > 00B9289C28DC0E55 nemo repente fuit turpissimus - potestas scientiae in usu est E16D5378B81E1C96 quaere verum ad infinitum, loquitur sub rosa - wichtig! *New Key Information* - Finger for key revocation and latest key update. From michaelb at primenet.com Tue Sep 5 23:01:57 1995 From: michaelb at primenet.com (Michael Bredimus) Date: Tue, 5 Sep 95 23:01:57 PDT Subject: Are booby-trapped computers legal? Message-ID: <199509060601.XAA08779@mailhost.primenet.com> At 09:43 PM 9/5/95 -0700, Timothy C. May wrote: >>As far as I know the owner of property has no legal right to kill a person >>either traspassing or stealing it in any of the 50 states. There was a >>recent federal ruling that basicly says that if you meet a burglar in your >>home at nite you can not kill or otherwise harm them unless you're life is >>directly threatened. In short, you MUST give up the ground if at all >>possible. Federal and all 50 states (as far as I have been able to >>determine) rule human life to have a inherantly higher value than property >>of any type (this does not apply to government institutions). > The laws regarding the use of deadly force against an unarmed burglar in one's home vary from state to state. In Massachusetts, for example, a homeowner has a DUTY to retreat from his own home before employing deadly force against an intruder. In Arizona, however, we prefer a much different approach. 13-411. Justification; use of force in crime prevention A. A person is justified in threatening or using both physical force and deadly physical force against another if an to the extent the person reasonably believes that physical force or deadly physical force is immediately necessary to prevent the other's commission of ... burglary in the second or first degree under section 13-1507 ... 13-1507. Burglary in the second degree; classification A. A person commits burglary in the second degree by entering or remaining unlawfully in or on a residential structure with the intent to commit any theft or any felony therein. michaelb at primenet.com From shamrock at netcom.com Tue Sep 5 23:15:31 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:15:31 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 2:00 9/6/95, Black Unicorn wrote: >> If they guy would have gotten away before the new law was passed, it is a >> new crime. > >This is very rare. It's mostly in definitional cases, for example, where >Extacy was just not defined as a controlled substance some years ago. > >Created crimes are few and far between. Excurse my ignorance, but it just begs the question. Why then all the new laws? Just to twist the penalty screw another turn? Confused, -- Lucky Green PGP encrypted mail preferred. From shamrock at netcom.com Tue Sep 5 23:40:44 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:40:44 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) Message-ID: <199509060638.CAA15606@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <199509060432.VAA05003 at jobe.shell.portal.com>, hfinney at shell.portal.com (Hal) wrote: >P.S. Without seeing the technical specs it is hard to describe in detail, >but generally Chaumian ecash allows fully anonymous coerced transfers. >The payee/coercer supplies the blinded coins and forces the payor to use >them to make withdrawals from his account. The resulting signed >tokens are passed to the coercer who unblinds them and now has fully >anonymous, untraceable cash tokens which he can spend. Assuming it can be done (I am checking), he would also have a large balance on his non-anoymous Ecash account that he would have a very hard time explaining to the IRS, FINsomething [sorry, forgot the name], and other interested and certainly to be involved parties. Cyberspace is much closer connected to the real world as many people on this list, myself included, would like to think it is. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBME1B1SoZzwIn1bdtAQF7FwGAgqmPsLaol1LbR2zb+FI7nmYDlp7BY91G SsT6iJukYmiKzcmG4YNPtGJ8QCrUGkZo =CNiP -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Sep 5 23:43:14 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 5 Sep 95 23:43:14 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509060640.CAA15617@book.hks.net> -----BEGIN PGP SIGNED MESSAGE----- In article <9509060434.AA09596 at anon.penet.fi>, an253398 at anon.penet.fi (Mole Rat) wrote: > This is the second or third time I've seen descriptions of such > raids where cult (no, I'm not trying to be diplomatic) > representatives were present and participating. Is this legal in > Amsterdam? How about in the U.S.? Britain? > > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? I doubt it. Get a good attorney. - -- - -- Lucky Green PGP encrypted mail preferred. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBME1CaSoZzwIn1bdtAQGGyAF7BojcAMnxvfMcyJSWLHlJe0d0QezwdVGZ paDopX2LMcxjuUgupNXgF1GwRPbvx2dl =Dstl -----END PGP SIGNATURE----- From carolann at censored.org Tue Sep 5 23:58:27 1995 From: carolann at censored.org (Carol Anne Braddock) Date: Tue, 5 Sep 95 23:58:27 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <199509060658.XAA28913@mailhost.primenet.com> Anon.penet.fi succinctly scribed: > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? The aren't, but they do, and only a good civil rights lawyer can help you out of the resulting quagmire. It's done in a lot of civil cases, particularly where restraining orders are used. Love ALways, Carol Anne -- Member Internet Society - Certified BETSI Programmer - Webmistress *********************************************************************** Carol Anne Braddock (cab8) carolann at censored.org 206.42.112.96 My Homepage The Cyberdoc *********************************************************************** ------------------ PGP.ZIP Part [017/713] ------------------- M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M MF=O0H+*%(-S%&>S%+FS& http://dcs.ex.ac.uk/~aba/export/ From an5877 at anon.penet.fi Wed Sep 6 00:12:45 1995 From: an5877 at anon.penet.fi (deadbeat) Date: Wed, 6 Sep 95 00:12:45 PDT Subject: SSLRef (SSLtelnet) Message-ID: <9509060647.AA14769@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- > Verisign is a spin off of RSA. Verisign, Inc. (VERISIGN-DOM) 100 Marine Parkway, Suite 525 Redwood City, CA 94065 Domain Name: VERISIGN.COM Administrative Contact, Technical Contact, Zone Contact: Taylor, Simon (ST192) simon at RSA.COM (415) 508-1151 Record last updated on 21-Jun-95. DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBFAgUBME0AO/FZTpBW/B35AQFdLAGAiV1RqNmLh5W+uuHeKsXX/819qK5WTq3Y TobFKWLxkTjkEwDs6Js7UB2PFRnt6gDk =HEHU -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From Davidwfox at eworld.com Wed Sep 6 00:59:22 1995 From: Davidwfox at eworld.com (Davidwfox at eworld.com) Date: Wed, 6 Sep 95 00:59:22 PDT Subject: e$: More fun with cash: Senate Bill 307 Message-ID: <950906005854_14454028@eWorld.com> ----------------------------- Begin Original Text ----------------------------- Has anyone heard about this bill? Comments? Cheers, Bob Hettinga ----------------------------- End Original Text ----------------------------- There was an investigative article in a recent Readers Digest (no I'm not a regular reader, heard it through Radio for the Print Handicapped in Australia) regarding a major counterfieting operation that uses same printing presses as used by US Treasury. The proceeds amount to BIG numbers and are used to fund various terrorist organizations. regards David Fox The e-commerce directory www.kweb.com From eric at remailer.net Wed Sep 6 01:28:08 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 6 Sep 95 01:28:08 PDT Subject: ANNOUNCE: September 1995 SF Bay Area physical meeting Message-ID: <199509060824.BAA02026@largo.remailer.net> ANNOUNCEMENT ============ What: September 1995 SF Bay Area physical meeting When: Saturday, 9 September 1995 12:00 noon - 6:00 p.m. Where: that hard-to-find loft space at 2nd & Brannan where we had July's meeting This month's meeting is the "Even More Catastrophically Overnamed Fourth Annual Cypherpunks Conclave, Congress, Schmooze-Fest, Meeting, and Feast". It's been three years since the first meeting at my house at the time in Oakland. If you only come to one meeting a year, come to this one. It's canonical. The agenda for this meeting is completely empty. I've been out of town for all but a total of about three weeks since the last meeting two months ago (and I'm gone the rest of this week and flying in Saturday morning). So where in the past we've had something approaching a schedule, this time I've not made even a pretense at scheduling. So just show up -- we always find something good to talk about. And besides, if you don't show up, you can't here about my unexpected genetic discovery! Directions follow. See you there. Eric ----------------------------------------------------------------------------- Exact Location: 340 Bryant St., 4th floor (top level); SF. Directions: 1) From the East Bay--Cross the Bay Bridge and take the LEFT exit for Main St./Embarcadero. You will be making a series of LEFT turns as follows : LEFT on Harrison LEFT on 2nd LEFT on Bryant. PARK! There is parking around the back of the building, and also across the street. 2) From the Peninsula--101 North, take the 4th Street exit. (The last SF Exit before the Bay Bridge. GET OFF HERE!) Follow to the RIGHT onto Bryant. Once you've crossed Second St., PARK! 3) If you get LOST: Call 415/284-0252. From asb at nexor.co.uk Wed Sep 6 01:46:03 1995 From: asb at nexor.co.uk (Andy Brown) Date: Wed, 6 Sep 95 01:46:03 PDT Subject: Equinox/cypherpunks/www Message-ID: Anyone that missed or was unable to get the UK TV programme Equinox might like to take a look at: http://www.cityscape.co.uk/channel4/big_bytes/cybersecrecy/cyber000.html - Andy From rrothenb at ic.sunysb.edu Wed Sep 6 01:57:46 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 01:57:46 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <199509060858.EAA15990@libws4.ic.sunysb.edu> > > Key Escrow Issues Meeting, September 6-7, 1995 > Discussion Paper #3 > > Export Criteria Discussion Draft -- > 64-bit Software Key Escrow Encryption Pardon my obvious question, but if there's some sort of GAK/LEAF, then why limit it to 64-bit? It seems possible that the assumption is 'just in case the GAK is tampered with' there's still a chance of cracking it, should the need arise. [..] I'm wondering just how securely a hack-proof escrow system can be written. It seems that someone can always go in with a sophisticated debugger and do some tampering of the software. And one need not mention the what-if-foreign-competitors-do-not-implement- this-scheme? question... From rrothenb at ic.sunysb.edu Wed Sep 6 02:14:01 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 02:14:01 PDT Subject: Secure Device 1.4 Question In-Reply-To: <199509060025.CAA05098@utopia.hacktic.nl> Message-ID: <199509060915.FAA16064@libws4.ic.sunysb.edu> > I just installed Secure Device, v1.4 on a PC at work. After > installing it, I looked at the encrypted volume and found the string > "SECDEV " starting at the fourth byte of the file. I'd prefer that > this file look like some temporary file that got left on the disk by > a program that didn't clean up properly after itself, and not be > identifiable as an encrypted volume. Problems with that: 1. SecDev needs a way to easily ID it's own files. Encrypting a known ID string would be a weakness (known plaintext) so it's better to have a plaintext identifyer. 2. If someone thinks it's a lost TMP file they will delete it. Not a risk you want. It's better if they think it's a strange type of swap file or something needed by an application. [..] Source is available... so you can change the ID string in source to something innocuous yet unique and recompile it. > As you've probably guessed, I'm not supposed to have any personal > files on my work computer, and an entire encrypted volume would > undoubtedly make someone go ballistic if they discovered it. When I > want to use my encrypted file system, I reboot off of a floppy, and > all Secure Device programs and drivers are kept on the floppy. The > only thing that has to be left on the hard drive is the encrypted > volume itself. Well, there's a risk of someone seeing a mysterious file and deleting it anyway... assuming they don't go ballistic over it anyhow. There's also a risk of someone peering over your shoulder and noticing that something's afoot as well, is there not? From buster at klaine.pp.fi Wed Sep 6 04:37:21 1995 From: buster at klaine.pp.fi (Kari Laine) Date: Wed, 6 Sep 95 04:37:21 PDT Subject: Police and scientology visit XS4ALL Amsterdam Message-ID: <199509061135.AA26720@personal.eunet.fi> > PRESS RELEASE > ------------- > Police and members of Scientology church enter offices of XS4ALL > ================================================================ They really are not getting it - are they stupid or what? Scientology people are not behaving so I take a standing that I don't have to behave when I treat them as well. Good, remember they started it ... > Today at about 14:00, XS4ALL was visited by Mr. S. Braan, > bailiff. Sorry to hear that Mr. Braan >Religious Technology Centre O camoon - that name sounds great what's inside it? Research department of Brainwashing? Wast that the technology you tried to sell to CIA? And luckily CIA told you to piss off. >, better known as the Scientology Church, or > Scientology for short. He was assisted by a local police officer and Mr. > Hermans from the 'Nauta-Dutilh' legal firm that represents Scientology > in The Netherlands. We would need a list of all legal offices representing scienos in all countries. Also does anyone has a list of top scienos and some kind of organization flow chart of this evil emperium? >Also present were two computer experts (Mr. Ootjes > and Mr. Van Suchtelen) a locksmith (to enter had we not been present) and > two American employees of Scientology, Mr. Weightman and Ms. Jenssen. Does anyone has tel number to these Co$s? > Scientology is filing for seizure of XS4ALL's computer equipment. Under > dutch law, this means that a bailiff comes in to record your assets. In > real-life, the computer-experts that were present have recorded the > types and serial numbers of all the computers in our offices. They did > not take any equipment, the continuity of XS4ALL's services is not in > jeopardy. Good - you have civilised police there. > XS4ALL is not alone in receiving this kind of attention from > Scientology. Scientology, a semi-religious multinational, is at war with > a number of people on the Internet. They wan't a war - well let's give them one! I don't mean this bashing in the net - I mean a REAL WAR! Co$ has been on offensive for some time now and they must be got to the defence mode. > Until recently, the church has always managed to supress critical voices > by means of sheer intimidation and by engaging in endless legal battle. I think it would be a jolly good day if they would try that against me. I would make best of it... > One of these documents is a piece to which Scientology supposedly holds > the copyright and which has been added to the kit without the church's > permission. Screw with their permission. Sorry for the raw language but I get so damn angry when I even see these scienos mentioned. To fight them we need an organization to fight them. Todays situation is like uncontrolled and thefore unoptimised guerrilla operations. Results will be weak. Best Regards Kari Laine Kari Laine buster at klaine.pp.fi LAN Vision Oy Tel. +358-0-502 1947 Sinikalliontie 14 Fax +358-0-524 149 02630 ESPOO BBS +358-0-502 1576/1456 FINLAND From bianco at itribe.net Wed Sep 6 05:48:12 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 05:48:12 PDT Subject: Searchable Crypto Paper Archive? Message-ID: <199509061244.IAA01601@gatekeeper.itribe.net> [My apologies if this is a repost. The original was posted a a couple of days ago via a news gateway which may or may not have actually worked.] I was trying to dig up some cryptography papers cited as references today, when a thought hit me; there seem to be a fair amount of crypto papers available on the Net, but they're pretty scattered. Bell Labs has some online, which is great! The cypherpunks FTP archive has a few, though you can't perform keyword searches against them. In short, it's hard to find papers unless you already know what you want and where it might be. Having had some experience in designing and implementing technical report retrieval services, I naturally think there's room for improvement here. 8-) What I have in mind is something like NASA's NTRS ("NASA Technical Report Server", ), which I helped design and implement at my last job. The basic idea behind NTRS is that users submit a query to a sort of "search multiplexer" which queries a list of selected databases, merges the separate result sets and gives them back to the user. The results are typically bibliographic and abstract data about papers, which contain links to the papers themselves if they are available online, or ordering info if they're not. From past experience, I think this model could be applied here very successfully. One way to accomplish this would be to establish an archive where people could submit papers to be indexed. Larger institutions (such as Bell Labs) might run their own servers, so they would have control of their own content but could still be searched via the multiplexer. Users of the service could then search all the different archives they were interested in with one simple query. Anyway, this is what I'd like to see. I'm willing to work on such a system if there's enough positive feedback. Does anyone else think they'd like to use or contribute to such a system? -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From rah at shipwright.com Wed Sep 6 06:03:28 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 6 Sep 95 06:03:28 PDT Subject: Lotus Notes vs. the Web and the Net Message-ID: At 11:29 PM 9/5/95, Timothy C. May wrote: >On this one I agree...and I've said this here on this list. Local groups, >such as university departments, corporate departments, even entire >corporations, can use the Web/Net in ways similar to what Lotus Notes >provides (using their own LANs, or even the Internet, with suitable >security steps). My favorite financial application for small multinationals (one of my clients is a haircutter with 50 salons and 4 schools worldwide) is nightly remittances to the home office in e$, especially in cash. The consequences for the banking and tax systems are obvious. But it's possible to imagine interesting changes in the foriegn exchange markets as well ... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From m5 at dev.tivoli.com Wed Sep 6 06:13:41 1995 From: m5 at dev.tivoli.com (Mike McNally) Date: Wed, 6 Sep 95 06:13:41 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: Message-ID: <9509061312.AA12676@alpha> Lucky Green writes: > Windows 95 is on a lot of people's hard drives. It is therefore public and > available for every one's inspection. How many people do you know that > have reverse engineered Windows 95. How many of those use a reverse > engineered version. I'd venture it is zero out of zero. Problems with this analogy: 1) Windows 95 is somewhat bigger than your typical encryption routine; 2) The factor of motivation isn't considered. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5 at tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From schneier at winternet.com Wed Sep 6 07:09:33 1995 From: schneier at winternet.com (Bruce Schneier) Date: Wed, 6 Sep 95 07:09:33 PDT Subject: the S-1 Algorithm Message-ID: <199509061409.JAA05371@subzero> [I just posted this to sci.crypt. I don't normally read Cypherpunks, so please forward any substantive replies directly to me. Thanks. -Bruce] I was in Europe while S-1 was posted, so I missed most of the discussion. Better late than never.... Over the last year, I have spent considerable effort collecting SKIPJACK information. I have gone through the published literature, the rumors, and a large stack of documents received by EPIC through Freedom of Information Act (FOIA) lawsuits. At Crypto last week I gave a Rump Session talk entitled "Reverse Engineering SKIPJACK from Open Sources." I prepared the slides before I left for Europe. Here is what I said: What the government told us: Single-key block cipher. Can be used in ECB, CBC, CFB, or OFB. 64-bit block size. 80-bit key size. What the review committee told us: 32 rounds. No weak keys (like DES has). No key complementation property (like DES has). What the hardware specifications tell us: The latency of the Mykotronx chip has 64 clock cycles. This means two clock cycles per round. Assorted rumors (excuse me if I don't reveal sources): SKIPJACK does not have rounds in the same sense that DES does: i.e., half of the text block is not encrypted in each round. SKIPJACK has half the total S-box data as DES. SKIPJACK has a 48-bit internal structure analogous to a 32-bit internal structure in DES. The masks for the Clipper/Capstone chip are unclassified and the chips can be produced in an unclassified foundry. Part of the programming in the secure vault includes installing part of the SKIPJACK algorithm. The part of the algorithm installed in the secure vault are the "S-tables", suggesting that perhaps unprogrammed Clipper chips can be programmed to implement other 80-bit key, 32 round ciphers. Trying to puzzle out the meaning of the third rumor, Matt Blaze and I invented something called an Unbalanced Feistel Network. These are Feistel networks where the source and target blocks are of different size. For example, in each round 48 bits might be used as an input into the F function, and produce 16 output bits to be XORed with the remainder of the bits. We called this a 48:16 UFN, and we proposed a design at last year's Algorithms Workshop in Leuven. Our design was broken, but I am still examining the structure. A 48:16 UFN satisfies the first and third rumor above, and I think it as good a guess as any regarding SKIPJACK. A few months ago, I found some additional information in the form of documents released under FOIA. One document was a Mykotronx design review for "Project Capstone" dated 10 December 1991. The design review was unclassified. Among the details about the modular multipliers and the SHA code was the following page about SKIPJACK: ECB Processing Rate 2 clocks per G-Box operation x 1 G-box per shift x 32 shifts per ECB encryption ______________________________ 64 clocks per ECB 64 clocks per ECB / 64 bits out per ECB = 1 clock per bit Yields 40 Mbit encryption using a 40 MHz clock. The only other thing I found was a SECRET memo. The organization name (either from or to) is blacked out. The date is 25 August 1992. The subject is "SKIPJACK Revision." Paragraph 2 is blacked out, but paragraph 1 reads: 1. (U) The enclosed Informal Technical Report revises the F-table in SKIPJACK 3. No other aspect of the algorithm is changed. That's it. Rounds are called "shifts," which seems to indicate that they are not "rounds" in the DES sense. A shift consists of a "G-box" operation, which includes not only what we call the F- F-function but the XOR as well. And there is something called an F-table, which could be a table of constants or perhaps a table of functions. In any case, it is something that can be revised without changing the rest of the algorithm. Now let's look at S-1. The most probable explanation is that it is a hoax. But it is a very good hoax: The hoaxer knew enough about algorithm design to make a cipher that was not obviously lousy, while at the same time not unduly complicated. The hoaxer knew enough to make a design that included three novel ideas not seen anywhere else: S-boxes that are created according to no known criteria, a G-table that chooses a rotation of S-boxes to use in a given round, and a bizarre key schedule. The hoaxer knew enough about how algorithms are used in the military to make a spookish interface. I am particularly interested in the "zeroize" function, the separation of the key creation and key loading functions, and the key masking. Blaze said that the interface was similar to the Fortezza interface, but not the same. The hoaxer knew about Blaze's and my MacGuffin paper and that we thought SKIPJACK was a 48:16 UFN. We made no secret about this, and our paper is on Blaze's web page. The hoaxer knew to use the term F-table. I haven't shown many people what I found in EPIC's documents, so the hoaxer either had to look through them himself or get them by some other means (maybe an independent FOIA request). It's not a perfect hoax, though. The classification markings look odd: NSA algorithms are SECRET, not TOP SECRET, and the codeword restriction sentence is strange. The key schedule is hopelessly flawed (David Wagner posted an attack to sci.crypt). The coding style is amateurish, like it was translated from one language to another. (Maybe this is clever on the hoaxer's part.) And there's even a typo in the code. And maybe the hardware latency is wrong. Clearly the design facilitates parallelization. You can precompute all possible F- table outputs in previous shifts, and then use the G-table result to select between them; I am not sure you can get a shift down to two clock cycles. I don't have the hardware background, and would appreciate comments from others. And why are there not bitwise permutations? If SKIPJACK is designed for hardware, it makes sense to put them in. They're free, after all. Anyway, it's a real good hoax. Blaze estimated that he could have done it, but it would have taken him a month of effort. I agree with his assessment: one man-month. It's a lot of time to spend on a hoax, especially one where the hoaxer doesn't get any credit. So, maybe it's SKIPJACK. It has a 64-bit block size and an 80- bit key size. It's a 48:16 UFN with 32 rounds (or shifts, or whatever). And it has an F-table. This is really interesting, because the structure really is an S-box. Everyone knows it's an S-box, and it makes no sense for a hoaxer to call it something else. But in S-1 it's called an F-table. (I think this is very significant, but others find it less convincing.) And the F-table has been revised at least once. In the code it says that the F-table entries "differ in the S-2 version." The code is dated 1 February 1989 and 31 July 1991, and I have a memo dated 25 August 1992 that says the F-table has been revised in "SKIPJACK 3." Pretty convincing, I think. (Of course this means that we can't confirm anything by testing the hardware, since the F-table entries are different.) Maybe there are no bit permutations because they make analysis harder, and perhaps they don't add all that much. Maybe the algorithm was designed for both hardware and software, or maybe it was designed for specialized cryptographic hardware with several parallel microprocessors and some cryptographic primitives. If it is real, we have a lot to learn about S-box design. The S- boxes are not even balanced. Maybe they are created just so to avoid some bizarre attack we can only dream about, but I kind of doubt it. But the key schedule is just plain wrong. So, here's a theory. Let's assume the code is real. (Not that it's SKIPJACK, but that it's a real algorithm from some military or some corporation.) Clearly the code is not designed to test the cryptographic algorithm, but to simulate some kind of hardware interface: it's called a "software chip simulator." If I were the NSA and I designed an algorithm whose security rested on some tables of constants, I might replace them with phony constants before giving them to another organization to test. I might call the phony version S-1 and the real version S-2. Maybe the code was originally written in FORTRAN, and then translated into C. (NSA doesn't use ADA.) NSA algorithms are classified SECRET, put perhaps algorithms in development are classified TOP SECRET. (We know cryptanalytic techniques can be TOP SECRET, so perhaps commented code falls under that category as well.) And maybe the code originally didn't have an 80-bit key schedule. Maybe it had a longer key schedule. The poster then modified this key schedule to make it look more like SKIPJACK. (This might also explain the bug in the code, which might not be a bug if it still had the original key schedule.) Which leaves us precisely nowhere. The most likely explanation is that it is a hoax, but I am hard-pressed to imagine a hoaxer with the requisite combination of skills, resources, and attitude. I also don't believe that it is SKIPJACK. It might be a preliminary design for SKIPJACK, but if both the key schedule and F-table entries are wrong, we really haven't learned anything. If we suddenly discovered that unbalanced S-boxes are far superior to balanced ones, then all best are off. Bruce ************************************************************************ * Bruce Schneier 2,000,000,000,000,000,000,000,000,002,000, * Counterpane Systems 000,000,000,000,000,000,002,000,000,002,293 * schneier at counterpane.com The last prime number...alphabetically! * (708) 524-9461 Two vigintillion, two undecillion, two * 730 Fair Oaks Ave. trillion, two thousand, two hundred and * Oak Park, IL 60302 ninety three. ************************************************************************ From mfroomki at umiami.ir.miami.edu Wed Sep 6 07:22:49 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 6 Sep 95 07:22:49 PDT Subject: "This discussion is off-topic, please take it elsewhere" In-Reply-To: Message-ID: You keep talking about this "Eric Hughes" nym. I've been a member of this list for weeks, months, over a year even, and I never see any posts from "him". Is he a dead tentacle? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | This post is smiley-free and may injure the humor-impaired. From tunny at Inference.COM Wed Sep 6 07:49:18 1995 From: tunny at Inference.COM (James A. Tunnicliffe) Date: Wed, 6 Sep 95 07:49:18 PDT Subject: Equinox/cypherpunks/www Message-ID: <304DB3A8@smtp-pc> > Anyone that missed or was unable to get the UK TV programme Equinox > might like to take a look at: > > http://www.cityscape.co.uk/channel4/big_bytes/cybersecrecy/cyber000.html > > - Andy Thanks for the pointer. I was reading through their nicely organized gentle introduction to basic concepts, when I nearly sprayed coffee all over my monitor from laughing so hard at the following gaffe: "...most modern codes rely on the intractable mathematical problem of 'factorisation'. This is the process of trying to find the two prime factors that, multiplied together, would give you a third prime number. [JT: Yes, I'd call that an intractable problem, all right.] For example, if you take 3337 - a prime number (i.e. a number that has precisely two divisors) - how would you find its two prime factors? (They are, in fact, 47 and 71.)" A little unclear on that "prime" thing, it sounds like... :-) - Tunny ______________________________________________________________________ James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | <--finger for key 36 07 D9 33 3D 32 53 9C ====================================================================== From anon-remailer at utopia.hacktic.nl Wed Sep 6 08:14:19 1995 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Wed, 6 Sep 95 08:14:19 PDT Subject: Michael Moriarity in _Penthouse_ on Law Enforcer Power Expansion Message-ID: <199509061513.RAA17510@utopia.hacktic.nl> From: "Clay Irving" Date: Wed, 6 Sep 1995 07:36:47 -0500 To: sea-list at panix.com Subject: (Fwd) Michael Moriarity in _Penthousse_ Mime-Version: 1.0 Thought I'd pass this along -- It was in my mailbox this morning... --- Forwarded mail from "Linda Thompson, American Justice Federation" Date: Wed, 6 Sep 95 02:52 EST To: news at aen.org From: lindat at iquest.net (Linda Thompson, American Justice Federation) Subject: Michael Moriarity in _Penthousse_ In the "Special 26th Anniversary Issue -- Collector's Edition" of _Penthouse_, Michael Moriarity wrote the "Advise & Dissent" feature. The cover tickler reads: "Michael Moriarity -- Charging Janet Reno with Genocide" TREES FOR ALL THE DEAD CHILDREN by Michael Moriarity [The author is an Emmy, Tony, and Golden Globe award-winning actor. He is also an accomplished classical and jazz pianist-composer, with three CDs in release and another about to be recorded.] _A nation may lose its liberties in a day and not miss them for a century._ Montesquieu I am sitting in a sidewalk cafe in Canada at the moment. I am here because I can no longer live in the United States of America. The nation my father knew as a surgeon for the Detroit Police Department and the country in which my grandfather built a 50-year professional baseball career has become a nightmare of lies, propaganda, and vicious disinformation pouring out of Washington, D.C. Today, the F.B.I. and Janet Reno are asking for new legislation that would permit them to investigate anyone for simply opposing their ideas of what causes violence. I protested the attorney general's initial assault on network television during her back-room meetings with NBC executives. "What are we talking about here?" asked Dick Wolf, executive producer of "Law and Order." "Federally controlled programming between the hours of three and six?" "How about three to nine." Janet Reno said that without a question mark. It was not a request. It seemed to her a foregone conclusion. She had the right to say the most insane thing I've heard from a reasonably well-dressed person, let alone the highest law-enforcement officer in the land. she claimed that the mere words of a murder-mystery TV show were dangerous to the health of the nation. I simply asked that she be relieved of her post and sent on a long vacation and given therapy. Who left their jobs instead? Philip Heymann, her respected deputy, and yours truly. Resignations in protest. Now she and her Justice Department -- and even more recently, Bob Dole, the next frighteningly viable candidate for president of the United States -- would like to brand all artists and producers dealing with dramatizes violence and sex as accessories to drive-by shootings, terrorist bombings, and the moral degeneration of our nation. And she's hoping that people like me and Rush Limbaugh, and anyone who makes fun of her, like David Letterman, will be counted by the American public as accessories to the bombing in Oklahoma. Did Al Capone really learn everything he knew from George Raft? Was the death of Christopher Marlowe a product of the fight scenes in William Shakespeare's _Romeo and Juliet_? Blaming violent drama for real-life violence is like indicting _Penthouse_ for the spread of AIDS. Until I left my country, I was living in a novel by Franz Kafka, with characters like the real Elie Wiesel telling me, "It's not possible, Michael. This is America." They told Elie and his family the same thing in Europe, just before they carted him off to Auschwitz. "It's not possible, Elie. This is Germany." How far is Janet Reno willing to go in her definition of what is causing violence? "I know 'Murder She Wrote' has no violent images," said the attorney general, "but they talk about nothing but violence." What does this mean? Does she charge that Jessica Fletcher was an agent provocateur for Timothy McVeigh in the Oklahoma City bombing? Has Angela Lansbury been derelict in her concern for the children? Was Reno's fear of language, this frontal assault on the entire meaning of the First Amendment, merely a lapse in the attorney general's thinking process? As "kooky" and as "noisy" and as "paranoid" as I am accused of being, I have never put together a sentence quite that sick. Where was the reaction from the Fourth Estate, the one branch of our democratic process that is sworn, above all, to uphold our freedom of speech? Today, unfortunately, the media is a direct extension of the two-party system, and now that the Republicans and Democrats are a coalition dedicated to expanding federal law-enforcement armies exponentially, there is little protest from the pundits. A coalition in a two-party democracy is not an option. It is tyranny. Since mainstream American journalism is either Republican or Democratic, we now hear no outcry (although _The New York Times_ did quote one "law-enforcement official at the Treasury Department .. who spoke on condition that he not be named, [who] said there was a tremendous potential for abuse in some of the recent F.B.I. proposals to relax the standards for investigating suspected terrorists"). Speaking out publicly would risk careers, and if anything is at fault for the disastrous situation we are in, it is a mad obsession with career. Read John Dean's _Blind Ambition_ if you don't believe me. My role in the miniseries "Holocaust" -- that of the Nazi lawyer Eric Dorf -- was inspired by the idea that if Watergate's John Dean were a German professional in the 1930s and less sensitive to his own corruption, he would have risen to the very top of the Third Reich. With no strong feelings, apart from an obsession with his own career, such a man would find himself standing proudly at the side of Adolf Hitler. "Free speech," the Justice Department seems to be saying, "is the root cause of all violence." Has anyone been fired for such a tyrannical notion? No, but Jocelyn Elders was dismissed for broaching the possibility that our drug laws should be reexamined, and for speaking honestly about AIDS and condoms and children. I began my campaign fighting the drug laws. I'm right back to those statutes as the main cause of domestic violence in America. Only this time the violence is not the drive-by shootings in ghettos. It is the speed with which our law enforcement has been destroyed from within by its own increasing power. The F.B.I. will be given almost absolute power to harass and wiretap and investigate any opponent of the standing government. The drug laws and now, so conveniently, the Oklahoma City bombing are the linchpins for billions of dollars pouring into the American law-enforcement community. Their increasing freedom to hassle suspected anti-big-government agitators must not be threatened. Will it work? Not if this nation sees the tapes called _Waco: The Big Lie_, a two-part examination of the murder of the Branch Davidians. This video, which Gary Null wrote about in _Penthouse_ this past April, is all over the country now, and more and more people will see it despite how Janet Reno, the F.B.I., and the leadership of both parties try to misinform the public about the tapes and their maker, Linda Thompson. The obvious questions raised by Thompson's analysis of government-approved violence are damning to the F.B.I., the Bureau of Alcohol, Tobacco, and Firearms, Janet Reno, and all other parties accessory to the obvious cover-up. They show hard evidence of a government lynch mob at Waco. If the Rodney King tapes won him $2 million, the implications of _Waco: The Big Lie_ could win the surviving Branch Davidians tens and possibly hundreds of millions from the government, criminal charges against perpetrators, and the downfall of major careerists in the current administration. Now, with the help of her spokesmen, who just happen to be President Clinton and Bob Dole, possibly the next occupant of the White House, Janet Reno is trying to convince America that her enemies are just as bad as her own army. They can't be worse. Try as she may, she knows that history cannot draw the bombers of children as any worse than the burners of children. Washington, D.C., is saying that there is a difference between the children of Waco and the children of Oklahoma City. The deaths in Oklahoma warrant capital punishment. "Swift and severe punishment," was the fate the president and attorney general promised for the killers of federal employees. Since the F.B.I., the C.I.A., A.T.F., and other arms of federal law enforcement have been gutting the Bill of Rights for years, such threats are not unlike the reprisals announced in Germany following the Reichstag fire. What about the death of civilians? Not only does Reno not call for capital punishment for the incineration of the Waco children and the equally cold-blooded murders in Idaho of survivalist Randy Weaver's wife and child by federal agents, her response to these crimes doesn't even merit the term _pursuit of justice_. And any movement that calls for such justice, like Linda Thompson's American Justice Federation, is branded "fanatic." Who has more blood on their hands? Network television or federal law enforcement? Until justice befalls the Justice Department, a tree must be planted for all the children of violence ... including the children of Waco. "Peace is not the absence of war," said one letter written to me while I was performing in the television series "Law and Order." "It is the presence of Just." ---End of forwarded mail from "Linda Thompson, American Justice Federation" -- .-. .-. / \ .-. .-. / \ / \ / \ .-. _ .-. / \ / \ -/--Clay Irving-N2VKG-(clay at panix.com)-\---/---\-----/-----\-------/-------\-- http://www.panix.com/clay `-' `-' \ / \ / \ / `-' `-' \ / `-' `-' From wilcoxb at nag.cs.colorado.edu Wed Sep 6 08:46:25 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Wed, 6 Sep 95 08:46:25 PDT Subject: Forgery, bills, and the Four Horsemen (Articles and Comment) In-Reply-To: Message-ID: <199509061545.JAA24947@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- I, Bryce Wilcox wrote: > > > Suppose you have acquired a million dollars worth of legal, above-board > > DigiCash dollars and you want to surreptitiously transfer this wealth to > > a below-board friend. Your friend creates a temporary anonymous account > > at an understanding bank. shamrock at netcom.com (Lucky Green) wrote: > > Won't work. Ecash, except as used for frequent flyer like points, will > exist in only *one* world wide e$ currency, issued by a single entity > composed of various major banks and subject to US laws. Getting Ecash > accounts will therefore be subject to the same legal requirenments that > apply to normal US checking accounts. 1. Sez who? 2. We are discussing the feasibility of using DigiCash currency for illegal money laundering. We have to assume (ceteris paribus) that the would-be launderers are still capable of the same tricks that they are currently capable of, which, apparently, includes access to anonymous bank accounts. > > Now without active physical surveillance, nobody other than yourself and > > your friend will ever know where the money went, and you can't prove > > that you gave it to him, either... > You or a sting operation can always reveal the recipient by publishing the > blinding factor. If you do it via his one-time bank account then you can only reveal to which one-time anonymous account you transferred the money-- no more. Even if you and your beneficiary don't have this option, the transaction is still much safer and more convenient if done via DigiCash than via any other current currency. Criminals and conspirators live with the everpresent problem of betrayal, and this "one step, one way, requires the cooperation of the payer" traceability seems to me to be a small hassle on the way to a big win for such people. > Besides, your Ecash client keeps a log of the payees. Crytographically (and in the limit, legally) meaningless, right? I could edit my log right now to say I gave you a thousand cyberbucks in return for an illegal copy of some information, but no-one would care. I appreciate your correspondance. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME3CFvWZSllhfG25AQFi3gQAmyJoB3RJKx3lNb1fCLPluulVbi6kh3+I ++fGXC8vTGOEfaNnkjOxvcZ5VCXRJNlwQB9D2hKICSJCxpoQWKSDjgEWy48HH8AV P0LSBfQ/LX9O91X7/dkyBCDoULhPx2HYTSbOgumS10+X/IsldUfcY36q0tTQy3u7 7ES5HIG2wv8= =idOQ -----END PGP SIGNATURE----- From jonathon at japan.sbi.com Wed Sep 6 09:17:28 1995 From: jonathon at japan.sbi.com (Jonathon Fletcher) Date: Wed, 6 Sep 95 09:17:28 PDT Subject: "This discussion is off-topic, please take it elsewhere" In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Michael Froomkin wrote: > > You keep talking about this "Eric Hughes" nym. I've been a member of > this list for weeks, months, over a year even, and I never see any posts > from "him". Is he a dead tentacle? [deleted] > > This post is smiley-free and may injure the humor-impaired. > is he kidding ? -Jon PS: In case I qualify as humor impaired - Eric 'potty-trains' majordomo. -- Jonathon Fletcher, Salomon Brothers Asia Limited, Tokyo jonathon at japan.sbi.com From tcmay at got.net Wed Sep 6 09:25:08 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 09:25:08 PDT Subject: Searchable Crypto Paper Archive? Message-ID: At 12:48 PM 9/6/95, David J. Bianco wrote: >I was trying to dig up some cryptography papers cited as references >today, when a thought hit me; there seem to be a fair amount of crypto >papers available on the Net, but they're pretty scattered. Bell Labs >has some online, which is great! The cypherpunks FTP archive has a >few, though you can't perform keyword searches against them. In >short, it's hard to find papers unless you already know what you want >and where it might be. > >Having had some experience in designing and implementing technical >report retrieval services, I naturally think there's room for >improvement here. 8-) What I have in mind is something like NASA's >NTRS ("NASA Technical Report Server", >), which I helped >design and implement at my last job. It's an idea with some attraction. But some issues need discussing. Being an analytical sort of person, prone to looking for flaws in ideas, I'll mention a few: 1. First and foremost, _copyright_ issues. Most articles are copyrighted (automatically, by Berne Convention) and the permission of the authors must be obtained. Authors may also collect royalties, or the conferences may, so unlimited electronic distribution is a potential problem. NASA can publish its reports (and those of other government agencies) electronically because it has the copyrights, or the copyrights are free and clear. Try putting someone's article on the Net without their permission and look out. Indeed, there are a couple of the most important papers on the soda archive site, some of them scanned-in and OCRed by "The Information Liberation Front." There are so few that the authors likely don't even know they are there, or care. But try to put lots of copyrighted material on a site and get ready for actions. Remember, most nations are party to the Berne Convention(s). 2. Many of the papers have complex typography, lots of equations and diagrams. These reproduce poorly on most screens, and really need a new level of display presentation. (Yes, I know about Adobe Acrobat, which I have. Ditto for FrameMaker, and a few other such systems. But not many others have them.) I happen to know the ILF member who posted the Chaum "Dining Cryptographers" paper, anonymously, and know that he picked that paper both because of its importance to his interests and because it was pure text, with no equations and no diagrams. This made it a natural for scanning. 3. In the crypto domain, the papers are much more conveniently concentrated into a handful of conference proceedings, nearly all published by Springer-Verlag. (Those great silvery-grey paperbacks.) This point about Springer-Verlag relates to Item #1 above. Namely, that copyright holders (Springer-Verlag, through publishing arrangements with the conferences) will not take kindly to folks making the papers available electronically. This point, about the limited number of main crypto volumes, also implies another point: many of these papers refer to other papers in the same volume or set of volumes (e.g., papers in the "Crypto '93 Proceedings" will refer to papers in that volume or earlier volumes). This makes it *even more advantageous* for a serious researcher to buy the complete set of volumes. 4. Authentication issues. Electronic versions of articles will need to be signed, to prevent unauthorized modifications. The infrastructure for this is beginning to build, but is clearly not available to many. I am confident that someday most journals will be published electronically. Many people think this likely, whether in 5 years or 15 years. Just too many advantages. However--and this is my point--before that happens a huge amount of negotiation about author's rights to reproduction, about verification of copies, about royalty payments for copies, etc., has to happen. And, the display software/hardware is not quite there yet....too many people would be unable to see the equations and diagrams on the screen. In 5 years, less of a problem. Many authors make their papers available by anonymous ftp, or via the Web. I think this is the way to do it: let those who feel their papers need electronic dissemination do so. The author makes the choice. In summary, this project is probably premature (technologically), has numerous copyright issues to be resolved, and is probably less needed in the crypto community than in some other areas. (Granted, we are not following those other areas, necessarily. But that other domains have not yet gone fully electronic is indicative that others see some of these same problems, and are likely to address them before the math/crypto community does.) Sorry to dissect this proposal so thoroughly, but it's one of the things I do. --Tim May (P.S. The copyright problems can possibly be skirted by using anonymous remailers and offshore data havens in jurisdictions that will not raid the sites, or by message pools. But these are major steps, mostly untested. A "Scientology" site is probably a better test than a site with crypto papers. I wouldn't want to run either of them.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From bianco at itribe.net Wed Sep 6 09:46:21 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 09:46:21 PDT Subject: Searchable Crypto Paper Archive? In-Reply-To: Message-ID: <199509061642.MAA01932@gatekeeper.itribe.net> On Sep 6, 9:36, Timothy C. May sent the following to the NSA's mail archives: > Subject: Re: Searchable Crypto Paper Archive? Thanks for the reply. I think there are a few misconceptions, though. I've responded in place to some of your comments... || || It's an idea with some attraction. But some issues need discussing. Being || an analytical sort of person, prone to looking for flaws in ideas, I'll || mention a few: || || 1. First and foremost, _copyright_ issues. Most articles are copyrighted || (automatically, by Berne Convention) and the permission of the authors must || be obtained. Authors may also collect royalties, or the conferences may, so || unlimited electronic distribution is a potential problem. || || NASA can publish its reports (and those of other government agencies) || electronically because it has the copyrights, or the copyrights are free || and clear. Try putting someone's article on the Net without their || permission and look out. || || Indeed, there are a couple of the most important papers on the soda archive || site, some of them scanned-in and OCRed by "The Information Liberation || Front." There are so few that the authors likely don't even know they are || there, or care. But try to put lots of copyrighted material on a site and || get ready for actions. Remember, most nations are party to the Berne || Convention(s). Hmmm... I guess I didn't specifically mention this point since it seemed obvious to me, though I probably should have: Papers should come from the authors or the organization which holds the copyright. I wouldn't be in favor of accepting 3rd party submissions, for both copyright and authenticty/integrity issues. || || 2. Many of the papers have complex typography, lots of equations and || diagrams. These reproduce poorly on most screens, and really need a new || level of display presentation. (Yes, I know about Adobe Acrobat, which I || have. Ditto for FrameMaker, and a few other such systems. But not many || others have them.) || || I happen to know the ILF member who posted the Chaum "Dining || Cryptographers" paper, anonymously, and know that he picked that paper both || because of its importance to his interests and because it was pure text, || with no equations and no diagrams. This made it a natural for scanning. || The model we've used so far is that the format of the papers is independant of the bibliographic information which we index. For example, the NASA system I mentioned has papers in both HTML and Postscript formats. The abstracts (which are what's indexed) simply contain URLs, and don't really care what the document types are. In my experience, most of the target audience for technical papers has access to a postscript previewer (for online viewing) and/or a postscript printer, so postscript tends to be the format of choice. Still, it can be anything; text, PDF, scanned in TIFF files all have worked for us in the past. || 3. In the crypto domain, the papers are much more conveniently concentrated || into a handful of conference proceedings, nearly all published by || Springer-Verlag. (Those great silvery-grey paperbacks.) || || This point about Springer-Verlag relates to Item #1 above. Namely, that || copyright holders (Springer-Verlag, through publishing arrangements with || the conferences) will not take kindly to folks making the papers available || electronically. || || This point, about the limited number of main crypto volumes, also implies || another point: many of these papers refer to other papers in the same || volume or set of volumes (e.g., papers in the "Crypto '93 Proceedings" will || refer to papers in that volume or earlier volumes). This makes it *even || more advantageous* for a serious researcher to buy the complete set of || volumes. || Now that's a pretty good point. Wonder if we could convince them to make their papers available electronically? 8-) But ignoring them, there still seem to be a fair amount of cryptography papers published as technical reports by individual authors or organizations. These would be what I'd like to see in CTRS. || 4. Authentication issues. Electronic versions of articles will need to be || signed, to prevent unauthorized modifications. The infrastructure for this || is beginning to build, but is clearly not available to many. || || I am confident that someday most journals will be published electronically. || Many people think this likely, whether in 5 years or 15 years. Just too || many advantages. || Another good point, but I think this could easily be marked down as an issue to be worked on after the basic functionality is available. I'd hate to see this as a reason for not doing something. || However--and this is my point--before that happens a huge amount of || negotiation about author's rights to reproduction, about verification of || copies, about royalty payments for copies, etc., has to happen. And, the || display software/hardware is not quite there yet....too many people would || be unable to see the equations and diagrams on the screen. In 5 years, less || of a problem. || || Many authors make their papers available by anonymous ftp, or via the Web. || I think this is the way to do it: let those who feel their papers need || electronic dissemination do so. The author makes the choice. This is exactly the target audience I'm looking for. When an author wants to put a paper up on his FTP or WWW site, I hope they'll also send me the indexing information so that when people want to find it, they can use CTRS. I'm not interested in actually storing a copy of the report, although I'm willing to do so if they cannot make it available any other way. || || In summary, this project is probably premature (technologically), has || numerous copyright issues to be resolved, and is probably less needed in || the crypto community than in some other areas. || || (Granted, we are not following those other areas, necessarily. But that || other domains have not yet gone fully electronic is indicative that others || see some of these same problems, and are likely to address them before the || math/crypto community does.) || I have to disagree strongly about the technologically premature part, since I have had a lot of experience to the contrary during my involvment with several major technical report systems. I'm afraid I also have to disagree with you about the need for this service. Having attempted to find some of the reports which I've heard are available on the Net, I'd have to say it's not a task I'd set an Internet novice too, or one I'd give to someone on a deadline. I think a good bibliographic database like I propose in CTRS would be a definite help. And at the very very very least, it probably won't hurt. 8-) || Sorry to dissect this proposal so thoroughly, but it's one of the things I do. || S'ok with me. It's not like I'm dead set on doing this or anything. It's just an observation, and an offer of service if anyone thinks it'd be useful. Oh, BTW, another thing I probably should mention that seems obvious to me: I'm offering to do this for free. That is, the database would be a public service, with no charge to list papers, add another database to the searching list or to query/retrieve abstracts. -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From cort at bioanalytical.com Wed Sep 6 09:54:06 1995 From: cort at bioanalytical.com (Cortland D. Starrett) Date: Wed, 6 Sep 95 09:54:06 PDT Subject: "Living in real time, side A" (article ref) Message-ID: <199509061651.LAA00565@bioanalytical.com> "Living in real time, side A" by Ted Lewis, Naval Postgraduate School, is an extremely concise (<3 pages) and insightful look into the future of information technology and society. Subjects dear to many cypherpunks are indirectly addressed throughout. A detail of particular interest to the lawyers on the list described "A vapor trail of litigation". The author notes that, "Plea bargaining, out-of-court settlements, and appeals are the norm in Post-industrial legal circles. These are all legal devices for delaying the opposition rather than deciding on a proactive course of action. In the Info Age, legal procedures will be too cumbersome and too expensive to accommodate the rate of change." ... "The mechanisms for protecting Info Age property (information) are trade secrets and obsolescence." other key terms: Moore's Law, civilization on speed, inverse economics, rate of change, Direct democracy tending toward anarchy... The article can be found on page 8 of the September issue of IEEE Computer. Cort. (Mistakes in quotes are mine.) From bianco at itribe.net Wed Sep 6 09:55:18 1995 From: bianco at itribe.net (David J. Bianco) Date: Wed, 6 Sep 95 09:55:18 PDT Subject: Searchable Crypto Paper Archive? In-Reply-To: <199509061632.MAA00622@james.bwh.harvard.edu> Message-ID: <199509061650.MAA01945@gatekeeper.itribe.net> On Sep 6, 12:32, Adam Shostack sent the following to the NSA's mail archives: > Subject: Re: Searchable Crypto Paper Archive? || | Anyway, this is what I'd like to see. I'm willing to work on such a || | system if there's enough positive feedback. Does anyone else think || | they'd like to use or contribute to such a system? || | || || I think this would be a fabulously useful service, one which I'd be || glad to subscribe to as an amateur. (I could see forking over $20-50 || for search priority, possibly more if it was really well done). || Ack! Money involved? "Just say no!" 8-) When I said "contribute" I meant placing papers in it, or if you've got a lot already, adding your own database to the list of possible search sites. I wanna do this as a free service. There are several reasons (like I can't see charging people for information that I didn't even produce), but the real reason for doing it is simple: I wanna use it. I made a mock up of CTRS, which is available at: http://www.itribe.net/CTRS/ https://www.itribe.net/CTRS/ (of course we have to offer SSL 8-) There aren't any crypto papers in it yet, though. The iTRiBE database (the only one available for searching right now) is filled with some NASA test data. Try doing searches on things like "ratio" or "nasa" for an example of the output you'd get. || || Don't forget the value of sci.crypt[.research] and cypherpunks || postings, nor of crypto 'rump session' papers. I admit I hadn't thought of these. I'm not sure I could sign up for the task of archiving the newsgroups (disk space) but if the authors/copyright holders of rump papers want to submit them, I'd be happy to index them. I don't think the database necessarily has to be composed only of referreed papers or anything. I'd be happy to index rump papers, technical reports or maybe even presentation materials like postscript copies of overhead transparencies. Anyway, thanks for the reply! -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From tcmay at got.net Wed Sep 6 09:56:34 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 09:56:34 PDT Subject: Searchable Crypto Paper Archive? Message-ID: At 4:45 PM 9/6/95, David J. Bianco wrote: >S'ok with me. It's not like I'm dead set on doing this or anything. It's >just an observation, and an offer of service if anyone thinks it'd be >useful. > >Oh, BTW, another thing I probably should mention that seems obvious to me: > I'm offering to do this for free. That is, the database would be a public >service, with no charge to list papers, add another database to the >searching list or to query/retrieve abstracts. I'll look forward to seeing this, then. I was just noting some issues which seem likely to arise. But if you plan to do this "if anyone thinks it's be useful," then I think it would be useful, so you've met your criterion for doing the project. Good luck! Keep us posted. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cort at bioanalytical.com Wed Sep 6 10:11:51 1995 From: cort at bioanalytical.com (Cortland D. Starrett) Date: Wed, 6 Sep 95 10:11:51 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509061709.MAA00612@bioanalytical.com> As a follow-up to the article reference I posted, I pose the following question: Will cryptographic technology and information (communication) technology reduce the need for legal services in the future? (especially regarding contracts, buying/selling, patent law, etc.) Will legal services just look different? Will they be more efficient (cheaper)? Put bluntly, will cryptography put lawyers out of business? Any comments would be appreciated. Cort. From robl at on-ramp.ior.com Wed Sep 6 10:40:34 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 10:40:34 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061709.MAA00612@bioanalytical.com> Message-ID: > Will cryptographic technology and information (communication) > technology reduce the need for legal services in the future? > (especially regarding contracts, buying/selling, patent law, etc.) > Will legal services just look different? Will they be more > efficient (cheaper)? > > Put bluntly, will cryptography put lawyers out of business? I certainly expect the world of business to change and reflect the use of crytographic tech as soon as it becomes an acceptable practice to use it. This may take awhile as the media and current administration continue to paint black anyone who wants to use such tech for any reason. Should there come a time, however, when crypto is a fashionable and accepted thing, I would expect to see law offices offering to send and recieve documents using such tech, as well as generating and maintaining keys off-site for clients. With such a legal hoopla being made over crypto, I can not fathom lawyers not getting in on the action.. While the need for lawyers may decline with the increased use of crypto, I do not think they are about to become an endangered species. Those that are smart will find a way to profit from it, while those that can not adapt will be left behind (and who says lawyers are not part of evolution ) RobL From tedwards at src.umd.edu Wed Sep 6 10:54:06 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Wed, 6 Sep 95 10:54:06 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: On Tue, 5 Sep 1995, Jim Choate wrote: > As far as I know the owner of property has no legal right to kill a person > either traspassing or stealing it in any of the 50 states. There was a > recent federal ruling that basicly says that if you meet a burglar in your > home at nite you can not kill or otherwise harm them unless you're life is > directly threatened. In short, you MUST give up the ground if at all > possible. In Maryland you have the responsibility to retreat if possible when confronted by someone threatening your life or limb. If you are unable to retreat or are in your domicile (or motel room, etc.) you have the right to use deadly force to stop an attack. You certainly do not have the right to use deadly force against someone for any other reason than immediate threat of life or limb to you or someone else. -Thomas From tedwards at src.umd.edu Wed Sep 6 10:56:41 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Wed, 6 Sep 95 10:56:41 PDT Subject: Anonymous CU-SeeMe reflector Message-ID: If anybody has worked on or is interested in working on creating an anonymous CU-SeeMe reflector, please contact me (where anonymous in this case means that CU-SeeMe clients do not report the proper IP numbers of other clients). I've done a bit of work on it but can't quite get "normal" reflector behaviour. -Thomas Edwards From dlambert at aigtc.com Wed Sep 6 11:36:35 1995 From: dlambert at aigtc.com (Dave Lambert) Date: Wed, 6 Sep 95 11:36:35 PDT Subject: Anonymous http daemon? Message-ID: <199509061821.OAA01040@ptolemy> Hi. Some time ago, there were some discussions concerning an anonymous http daemon. As far as I can recall, the discussion just sort of trailed off, and nothing got implemented. I'm considering making an anonymous server available, and would like: 1. to know whether I need to hack some code (or if someone has done so already) 2. to reopen the discussion of the desirable characteristics such a beast would possess. - David C. Lambert dlambert at aigtc.com From alt at iquest.net Wed Sep 6 11:39:07 1995 From: alt at iquest.net (Al Thompson) Date: Wed, 6 Sep 95 11:39:07 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 02:00 AM 9/6/95 -0400, Black Unicorn wrote: >Created crimes are few and far between. You mean like buying a 30 round magazine, or putting a different stock of your choice on a rifle, or owning an automatic weapon, or mailing crypto out of the country, or hiring someone due to their race, or not hiring someone because they are "fat?" From robl at on-ramp.ior.com Wed Sep 6 11:56:50 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 11:56:50 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061834.NAA27747@freeside.fc.net> Message-ID: > Rob, > > re: Will Cryptography put lawyers out of business? > > I see no connection between the use/non-use of crypto and the > occurrence/non-occurrence of the conflicts and threats of conflicts > which give rise to the use of lawyers. What's the connection? I know from my employers perspective, that lawyers are retained for more than just litigation. Often they handle the exchange of critical documents and transactions that need to be kept confidential. The impact of crypto as I see it is a reduction in the use of legal services of this nature, not in litigation. Using a lawyer to pass on tech specs on a new product to the patent office is a common occurance, as it is assumed that the lawyer can maintain the secrecy required for handling these documents. Should the patent office offer a key, you could just as easily send an encrypted message in place of a lawyer handling this. There are bound to be other options and opportunities as well for lawyers to use crypto.. securing a companies documents or whatever. RobL From robl at on-ramp.ior.com Wed Sep 6 12:06:02 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 12:06:02 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: > > As far as I know the owner of property has no legal right to kill a person > > either traspassing or stealing it in any of the 50 states. There was a > [...] > In Maryland you have the responsibility to retreat if possible when [...] > You certainly do not have the right to use deadly force against someone > for any other reason than immediate threat of life or limb to you or > someone else. Being a freedom loving, gun owner, with an interest in maintaining both my rights to guns, and my right to cryto, I am saddened to see that you have to retreat at all. As far as I am concerned, if I am in my house, and someone uninvited is in there also (burglar/thief/psycho/whatever) then I have already sufficiently retreated.. and they will likely be shot. Anyone invading my home is considered a threat to my wife, children and myself. I had heard that in the state of Texas, intruders/trespassers are at their own risk after sundown, as it is legal to fire upon them at that point, regardless of thier intent.. I have not been able to confirm this, as of yet.. but am looking for the answer in my meager spare time. RobL From tcmay at got.net Wed Sep 6 12:18:09 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 12:18:09 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: At 6:32 PM 9/6/95, Al Thompson wrote: >At 02:00 AM 9/6/95 -0400, Black Unicorn wrote: > >>Created crimes are few and far between. > >You mean like buying a 30 round magazine, or putting a different >stock of your choice on a rifle, or owning an automatic weapon, >or mailing crypto out of the country, or hiring someone due to their >race, or not hiring someone because they are "fat?" Or drinking alcohol, or owning gold, or possessing a copy of a Traci Lords video, or selling bullets recently declared illegal, or having a "men only" gym (but "women only" gyms are legal), or making condoms available, or not making condoms available, or teaching women how to use birth control, or denying a Satanist a job at a child care center on the basis of his religious beliefs, and so on. Too many transient, created crimes. To answer Lucky's original question, one way to measure the total number of new laws--most of them covering "created crimes"--is to measure the total number of volumes of statutes at the Federal, state, and local levels. I've seen figures on the "linear feet" of regulations, and how they are growing exponentially, but I don't recall the numbers. Something like the total number of laws doubling every 10 years or so, but don't quote me on this one. Whether these are "created crimes" in most cases is unclear, but certainly the really basic crimes (murder, assault, rape, theft, etc.) were adequately covered 20 years ago, or 50 years ago, etc. I can see some reasons for refining the definitions in the light of new situations, but I have to conclude that _most_ of the vast number of new laws and statutes deal with "created crimes," as I understand the term. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From hallam at w3.org Wed Sep 6 12:39:50 1995 From: hallam at w3.org (hallam at w3.org) Date: Wed, 6 Sep 95 12:39:50 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: <9509061938.AA02249@zorch.w3.org> Under UK law it is certainly illegal to create any device with the intention of causing greivous bodily harm to anyone. The right to self defense is very precisely that, the right to take reasonable steps to defend yourself with commensurate force if attacked. If someone hits you in the face you do not have the right to kill him. If someone tries to do serious harm to you and the only way to avoid that harm is to kill them that is self defense. There is no self defense argument where the purpose is not to prevent physical harm. Any device intended to cause harm to someone tampering with a computer could well land the perpetrator in jail for a very long time for attempted murder or murder. People who go round drawing parallels to gun ownership and cryptography ownership are simply playing into the governments hands. Cryptography has net benefits to society. Most advocates of gun ownership tend to convince me of little more than they are a danger to society. Regardless of their case they are the biggest argument for gun control, and therfore poor advocates of their cause. I see their attempts to draw parallels with cryptography to be little more than trying to shore up their sinking ship with one thats afloat. Phill From dsc at swcp.com Wed Sep 6 12:52:37 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 6 Sep 95 12:52:37 PDT Subject: cryptography eliminates lawyers? Message-ID: Cort Starrett wrote, >Put bluntly, will cryptography put lawyers out of business? Even in a cryptoanarchy I would want to treat customers kindly and I would want to make sure that in any agreement that both parties are clear as to when we are complying or not. A lawyer might help in complex cases. Especially if UCC is referenced. And in some kinds of escrow a "judge" might be invoked if there is a despute. The judge might be a lawyer or might bring in a lawyer as an expert. The nature of the work of a lawyer in a crytoanarchy might be very different. Lawyers might even become highly respected and liked! Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From sandfort at crl.com Wed Sep 6 12:52:47 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 6 Sep 95 12:52:47 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509061709.MAA00612@bioanalytical.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 6 Sep 1995, Cortland D. Starrett wrote: > Will cryptographic technology and information (communication) > technology reduce the need for legal services in the future? > (especially regarding contracts, buying/selling, patent law, etc.) > Will legal services just look different? Will they be more > efficient (cheaper)? The U.S. legal system is in free fall, and lawyers are almost totally to blame. ("Lawyers" as used here includes all judges and most legislators.) This does not mean, however, that cryptographic/information/communications technologies can forgo the use of advocates and arbitors. There will always be a place for people who can fulfill these functions. They may or may not be called lawyers, but most of the same folks who now go into law, will be the dispute specialists of cyberspace. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From scottg at b4a206.mdc.com Wed Sep 6 13:28:28 1995 From: scottg at b4a206.mdc.com (TECO Master) Date: Wed, 6 Sep 95 13:28:28 PDT Subject: Where is Secure Drive 1.4? Message-ID: <95090613224714@b4a206.mdc.com> -----BEGIN PGP SIGNED MESSAGE----- Hi Folks, I have a previous version of SecureDevice (v1.3). Is v1.4 the current version or something higher? Where is an FTP site so I can grab it? TIA, scott gallaher | I believe in the 1st Amendment. TECO Master & DBA | Pornography is just a fringe benefit. PGP Key fingerprint: AD A8 C9 AA D7 D3 6A E3 0C 58 5A 10 41 37 45 EE GCS d- s+: a C++++ U->L++++ P? L>+++ !E[teco+++] W N++ k- w--- !O M- V$ PS+ PE Y++ PGP(++) t+ !5 X R(++) tv+ b++(+++) DI+ !D G e++ h----(*) r+++ y++++(++*) -- Geek Code V3.0 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBME4SV9PstJd5R1NxAQFN9wH/UYh59UzgBKotUs/HDYJ7jHEPlcmOIy/E Zo74KQcSb9QtaPMntSpHiZq3W1ZaIRrl+jx9HkZbsBbXHRVi7+HGXQ== =xvbE -----END PGP SIGNATURE----- From cg at bofh.lake.de Wed Sep 6 13:29:12 1995 From: cg at bofh.lake.de (Cees de Groot) Date: Wed, 6 Sep 95 13:29:12 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: > > This is the second or third time I've seen descriptions of such > raids where cult (no, I'm not trying to be diplomatic) > representatives were present and participating. Is this legal in > Amsterdam? How about in the U.S.? Britain? > Probably. Amsterdam isn't exactly the wild west, and they didn't take the computer equipment with them, they just inventoried everything so to have something to sell when their claims prove valid. Which I doubt (shit, I will be moving to this country in a couple of weeks...) > If a police officer has a warrant then I really don't have much > choice about letting him in. Am I also under an obligation to > allow the people who filed for the warrant into my home or > business? > I don't know whether this is valid. I assume so. I also think it is about time we develop some ideas about anonymous web publishing. Probably some chained cgi scripts could do, but how to get around traffic analysis? -- Cees de Groot, OpenLink Software 262ui/2048: ID=4F018825 FP=5653C0DDECE4359D FFDDB8F7A7970789 [Key on servers] http://www.lake.de/sonst/homepages/s2449/index.html From dneal at usis.com Wed Sep 6 13:51:15 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 13:51:15 PDT Subject: Collection of personal info Message-ID: I sent this to the risks moderator some time back, but I guess he didn't like it. For those of you who think that perhaps people advocating cybercash are just a bunch of paranoid lunatics. -------------- As advertised in the trade magazine "DM News" (Direct Marketing News), Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, any typos are mine. >From the huge number of people in the database, it would seem that TRW is now marketing a subset of their credit records they keep on everyone. Does anyone else remember the flap over Lotus' product (Magellan) that was going to allow something similar? The risks? This is the perfect database if you want to red-line your offerings. I'm sure others will have more creative answers. -------------- TRW DISCOVERED Some very smart people are uncovering exciting ways to increase response rates, find profitable customers, and develop new market niches. It's been a well kept secret. Now it's out. It's TRW. It all started with the search for more creative information solutions. Solutions that help you discover hidden markets and unique ways of using ordinary data to target qualified prospects. The result: a proven and massive database in the hands of people with real data management know-how. So far the findings have revealed: o A database of 170+ million consumers o 100+ demographic, psychographic and geographic selects o A full range of computer services. o Comprehensive motor vehicle data >From this comes an array of products and services to intrigue even the most seasoned direct marketer. One of these is called the TRW Smart Targeting Tools (SM). It links 98 million households with the goods and services they are most likely to buy. Choose consumer names by 50 neighborhood or 3600 household level clusters, by 56 broad product categories or by 516 specific product or brand preferences. Looking at all the advantages, TRW may be the direct marketer's find of this century. And the next. Energize your marketing. Contact your TRW representative or call 800.527.3933 Ext 640. You have a great find ahead of you. TRW Target Marketing Services Your one source for reaching all the right people. 701 TRW Parkway Allen, TX 75002-3717 800.527.3933 David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From bdolan at use.usit.net Wed Sep 6 14:18:30 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Wed, 6 Sep 95 14:18:30 PDT Subject: booby-traps, crypto, guns, and tea In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: On Wed, 6 Sep 1995 hallam at w3.org wrote: > > Under UK law it is certainly illegal to create any device with the > intention of causing greivous bodily harm to anyone. The right to self > defense is very precisely that, the right to take reasonable steps to > defend yourself with commensurate force if attacked. [...] > > People who go round drawing parallels to gun ownership and cryptography > ownership are simply playing into the governments hands. Cryptography has net > benefits to society. Most advocates of gun ownership tend to convince me of > little more than they are a danger to society. Regardless of their case they are > the biggest argument for gun control, and therfore poor advocates of their > cause. I see their attempts to draw parallels with cryptography to be little > more than trying to shore up their sinking ship with one thats afloat. > > > Phill > King George didn't like us owning guns either. I'm pleased my ancestors had a difference of opinion with him concerning this and a few other things. Brad From tms at TIS.COM Wed Sep 6 14:34:39 1995 From: tms at TIS.COM (Thomas M. Swiss) Date: Wed, 6 Sep 95 14:34:39 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509062125.RAA10123@ziggy.tis.com> David Neal writes: >I sent this to the risks moderator some time back, but I guess >he didn't like it. I can guess why; PGN might be skeptical of your precognitive powers. B-> >... >As advertised in the trade magazine "DM News" (Direct Marketing News), >Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, ^^^^ -Tom Swiss / tms at tis.com From dneal at usis.com Wed Sep 6 14:44:05 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 14:44:05 PDT Subject: Collection of personal info In-Reply-To: <199509062125.RAA10123@ziggy.tis.com> Message-ID: On Wed, 6 Sep 1995, Thomas M. Swiss wrote: > > David Neal writes: > > >I sent this to the risks moderator some time back, but I guess > >he didn't like it. > > I can guess why; PGN might be skeptical of your precognitive powers. B-> > > >... > >As advertised in the trade magazine "DM News" (Direct Marketing News), > >Apr. 24, 1997, V. 17 N. 16. I've typed the entire text of the advertisement, > ^^^^ Well, I did say all typos were _mine_ -- That's 1995 folks, just for the record and thanks to Tom Swiss for being the first in a long line of people who will point this out. :-) But back to the topic; am I the only one who gets the willies just reading this? From adam at bwh.harvard.edu Wed Sep 6 14:57:13 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 6 Sep 95 14:57:13 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509062144.RAA05718@cushing.bwh.harvard.edu> | But back to the topic; am I the only one who gets the willies just | reading this? No. But the interesting question is, what to do about it? The answer in part, is personal anonymity through cash and avoiding US IDs. But in the long run, thats broken. You can't have privacy for 1000 people; they'll just toss us all in jail. In the long run, we need to convince most Americans that their freedom is worth more than the Drug War. The only way to do that is to look and sound reasonable, and convince people a few at a time. Do it with letters to the editor, editorials, articles for your local newspaper, discussions on the street. Try not to rant; if you sound like a nut, people dismiss your ideas along with you. Be reasonable and measured. Use a spell checker. Stick to one idea, and give a few backing points. Don't insult your opponent. Don't try for a convoluted closing or slogan. (This isn't to disparage the creation of new facts, like an international remailer network. I am saying that the problems are as much political as technological.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From robl at on-ramp.ior.com Wed Sep 6 15:16:06 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 15:16:06 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Well, I did say all typos were _mine_ -- That's 1995 folks, just for the > record and thanks to Tom Swiss for being the first in a long line > of people who will point this out. :-) -would you expect anything less from us? > > But back to the topic; am I the only one who gets the willies just > reading this? Beyond having the willies.. This is more than just scary, it feels like rape when you think about it for awhile. Everything you buy, on credit, is recorded and sold to someone who wants to know your secrets. Everytime you make a banking transaction, someone is watching and compiling the data. Is there any legal recourse to get your name removed from the sellable list? Or is it too late and we can not save even the vestiges of our privacy? Oh, but if only I had the 'hacker' skill to break into such a database.. I have always been against the destruction of data.. but there are exceptions... RobL From loki at obscura.com Wed Sep 6 15:51:05 1995 From: loki at obscura.com (Lance Cottrell) Date: Wed, 6 Sep 95 15:51:05 PDT Subject: Direct Socket to Remailer? Message-ID: At 11:41 PM 9/3/95, starrd at iia2.org wrote: >On Fri, 1 Sep 1995, Lance Cottrell wrote: > >> You should try the telnet port 25 trick. It is amazingly simple (but not >> secure). Just "telnet some.machine.com 25" and type help. It will guide you >> through it. It is quite informative. > >Se sure to test it first, sometimes it records who *really* sent it as >well as the "forged" return address. > >Test it by mailing to yourself and then look at all the headers. > I should have been more clear. I was advocating this as interesting and educational, not as an effective anonymity technique. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From tcmay at got.net Wed Sep 6 16:09:51 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:09:51 PDT Subject: Collection of personal info Message-ID: At 8:39 PM 9/6/95, David Neal wrote: >From the huge number of people in the database, it would seem that TRW >is now marketing a subset of their credit records they keep on everyone. >Does anyone else remember the flap over Lotus' product (Magellan) that >was going to allow something similar? > >The risks? This is the perfect database if you want to red-line your offerings. >I'm sure others will have more creative answers. About the Lotus Marketplace product of several years ago, many of us thought at the time that the furor was misdirected, and the result ultimately damaging to privacy concerns. Why? Because the ZIP code data is _already_ available to the mass marketers, etc. The Marketplace produce merely made it available to "the rest of us," allowing many people to have their eyes opened about what exists. By getting Lotus to pull the product, the public went back to sleep, lulled into the false sense of privacy that their ZIP codes were once against private. Privacy needs to be protected by keeping some things secret, not by passing laws limiting the records others can collect from public or voluntarily offered information. Don't get me wrong--I don't like TRW Credit, Equifax, TransUnion, or anyone else compiling "dossiers" on my spending habits, my travel itineraries, etc. But by using my VISA and MasterCard cards, and by agreeing to their terms and conditions, I am tacitly accepting that credit reporting agencies will have access to my transactions. If there is a "market for privacy," and this is something we've talked about before, then someone will offer "The Privacy Card." We can debate what this card might offer, randing from complete unlinkability (ecash protocols of various sorts) to non-reporting of records to the Big Three of credit reporting agencies. Even cards issued in the name of pseudonyms, of various sorts and backings. Should there be laws _against_ this kind of Privacy Card, we should fight these laws. But we should not lull ourselves into a false sense of security by adopting the unconstitutional and anti-liberty approach of having "Fair Credit Reporting Act" and "Data Privacy Act" sorts of laws. In my opinion, of course. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Wed Sep 6 16:16:27 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:16:27 PDT Subject: Collection of personal info Message-ID: At 10:15 PM 9/6/95, Rob Lowry wrote: >Beyond having the willies.. This is more than just scary, it feels like >rape when you think about it for awhile. Everything you buy, on credit, is >recorded and sold to someone who wants to know your secrets. Everytime >you make a banking transaction, someone is watching and compiling the >data. > >Is there any legal recourse to get your name removed from the sellable list? >Or is it too late and we can not save even the vestiges of our privacy? Rob, I have entered this posting of yours into the "BlackNet Dossier Service" I operate. Sounds creepy and scary, eh? Well, it's part of freedom. The "legal recourse" you mention about having your name taken off lists kept by people or agencies ultimately involves visits by the authorities to private homes (like mine) to verify that the data are being "properly collected" and that no "illegal or incorrect data" are being stored. If someone wants something kept secret, the solution is to keep it secret. If someone doesn't want their postings going into my 220 megabyte file of postings, they shouldn't send them to me. Or they should adopt a digital pseudonym, unlinkable to their True Name or any other nyms they may have. Things are much simpler and less stressful when you don't look to the law to fix things. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From terrell at sam.neosoft.com Wed Sep 6 16:25:19 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Wed, 6 Sep 95 16:25:19 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509062335.SAA02364@sam.neosoft.com> >From: "Cortland D. Starrett" >Subject: cryptography eliminates lawyers? >As a follow-up to the article reference I posted, I pose the >following question: > >Will cryptographic technology and information (communication) >technology reduce the need for legal services in the future? >(especially regarding contracts, buying/selling, patent law, etc.) >Will legal services just look different? Will they be more >efficient (cheaper)? > >Put bluntly, will cryptography put lawyers out of business? >Any comments would be appreciated. > >Cort. > How could crypto put lawyers out of business? People would still have disagreements; plans would still go wrong; cars would still crash. More important, transactions would still need to be structured to carry out the desires of the parties while minimizing risks. Good communications technology, including crypto, could make lawyering more efficient, but I suspect the savings would be minimal. Communications technology will no more put lawyers out of business than CASE put programmers out of business. Buford C. Terrell 1303 San Jacinto Street Professor of Law Houston, TX 77002 South Texas College of Law voice (713)646-1857 terrell at sam.neosoft.com fax (713)646-1766 From robl at on-ramp.ior.com Wed Sep 6 16:31:35 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 16:31:35 PDT Subject: Flame: Re: Collection of personal info In-Reply-To: <9509062238.AA06272@cs.umass.edu> Message-ID: > Some close friends of mine have been raped, and I get the overwhelming > impression from them that rape has about as much in common with the sale of > financial databases as it does with Rice-a-Roni. Find a better analogy, or > you'll sound about as credible as those who insist the Internet teems with > pedophilic bombers who push dope outside preschools. Sorry if my choice of words offended you.. the intent was to express the feeling of being violated without consent. Perhaps I should have used the term violated or some other less violent term. The point being, I did not give permission for my records to be distributed, nor did I see a disclaimer on my credit cards that states that the transactions I make will be sold off to mailing houses in order to target me for additional sales. RobL From robl at on-ramp.ior.com Wed Sep 6 16:37:53 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 16:37:53 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Rob, I have entered this posting of yours into the "BlackNet Dossier > Service" I operate. At least you notified me.. :) Something the TRW crew or others like them do not do. > If someone doesn't want their postings going into my 220 megabyte file of > postings, they shouldn't send them to me. Or they should adopt a digital > pseudonym, unlinkable to their True Name or any other nyms they may have. This is true.. I could adopt a nym, such as I use on my BBS, or when I am doing other stuff on the net.. but it is difficult at best to get a new set of credit cards, ID and so on with a new name/alias and still maintain your own name. If it were possible to have an alias in real life, as easy as it is to get one on the 'net that is, then I would most certainly do so.. 'Frothmonger' From unicorn at polaris.mindport.net Wed Sep 6 16:52:17 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 6 Sep 95 16:52:17 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Rob Lowry wrote: > > Rob, I have entered this posting of yours into the "BlackNet Dossier > > Service" I operate. > > At least you notified me.. :) Something the TRW crew or others like them > do not do. > > > > If someone doesn't want their postings going into my 220 megabyte file of > > postings, they shouldn't send them to me. Or they should adopt a digital > > pseudonym, unlinkable to their True Name or any other nyms they may have. > > This is true.. I could adopt a nym, such as I use on my BBS, or when I am > doing other stuff on the net.. but it is difficult at best to get a new > set of credit cards, ID and so on with a new name/alias and still > maintain your own name. In fact it's not difficult. It's quite simple to estlablish new identity for the individual willing to risk the charges and consequences of exposure. The basic impediment is time. Good credit doesn't come overnight. The second impediment is tax evasion- which is less than justifiable in the United States on the grounds of privacy. If you're willing to be patient, and pay taxes on more than one name, its easy to maintain several identities. > If it were possible to have an alias in real > life, as easy as it is to get one on the 'net that is, then I would most > certainly do so.. Which tells me how serious you really are about your privacy. You have made a decision here about how much trouble privacy is worth to you, which is "not much." I hear people bitch about privacy endlessly. Privacy helps those who help themselves to privacy. I think Mr. May was precisely correct in saying that it is so much easier and simpler for one to rely on self privacy insurance rather than government privacy insurance. > 'Frothmonger' From tcmay at got.net Wed Sep 6 16:57:45 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 16:57:45 PDT Subject: Collection of personal info Message-ID: At 11:37 PM 9/6/95, Rob Lowry wrote: >> Rob, I have entered this posting of yours into the "BlackNet Dossier >> Service" I operate. > >At least you notified me.. :) Something the TRW crew or others like them >do not do. If you mean that TRW Credit does not inform you every time a transaction is entered into their files, this is true. Be grateful they don't. If you mean the existence of the record itself has not been reported to you, it has hardly been a secret. It has been very well-known for many years that these records exist, and you can subscribe to a service that reports to you regularly about your credit record. (No, it is not "free," but why should it be? It costs them money to send this stuff to you, and they see it as a valid business market, as do I. At least the cost is fairly nominal.) Again, you are free to use cash, to use a bank card which protects your privacy, and so forth. ... >This is true.. I could adopt a nym, such as I use on my BBS, or when I am >doing other stuff on the net.. but it is difficult at best to get a new >set of credit cards, ID and so on with a new name/alias and still >maintain your own name. If it were possible to have an alias in real >life, as easy as it is to get one on the 'net that is, then I would most >certainly do so.. I was not saying such nums are easy to use in the real world (though friends of mine have VISA cards in fictitious names, and the cards are fully functional, and are not just "second names" on their main card). What I am saying is that we should be very careful not to lobby for laws which will make the surveillance state _more_ invasive, and more insinuated into every aspect of our lives. Be concerned about the dossier society, just don't look to "the government" to protect you. Not only will they continue to keep their own dossiers (*), they'll use such "Data Privacy" laws to invade the privacy of others. (* I've got a long section in my Cyphernomicon on the ties between the Big Three of credit reporting agencies, the FinCEN and similar folks, the intelligence agnencies, and Witness Protection folks who give out those wonderful new identities. You think the Big Three don't know immediately who the 50,000+ people in Witness Protection (aka Witness Security) are? This may sound like something from the "Vince Foster and Danny Casolaro conspiracy tapes," but it has some direct links to Cypherpunks issues: the Feds have the power now to create new identities, falsify past financial records, and run the scams that these methods imply...and the Big Three are all headquartered within a few miles of the relevant agencies, in Vienna, Langley, MacLean, Tyson's Corner, Herndon, Chantilly, Reston, and suchlike spook haunts in No. Virginia.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From robl at on-ramp.ior.com Wed Sep 6 17:08:05 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 17:08:05 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Which tells me how serious you really are about your privacy. You have > made a decision here about how much trouble privacy is worth to you, > which is "not much." If I were single, it would be a lot easier to just start making up names and living under assumed aliases.. but with a wife and two kids, I have to follow the rules a bit more.. My privacy is worth variable amounts depending on who has access to it.. I certainly do not care if anyone on this list knows who I am or not, as it is something I voluntarily chose to join. Selling info about me, without notifying me before hand is another situation altogether. Even the magazines I subscribe to have notices that my name may be sold.. and the mags that don't have such a warning, but sell my name anyways, get cancelled as soon as I discover it. Far easier to stop by the local PC store and buy it a week later than to have mounds of junk mail piling up. > I hear people bitch about privacy endlessly. Privacy helps those who > help themselves to privacy. I think Mr. May was precisely correct in saying > that it is so much easier and simpler for one to rely on self privacy > insurance rather than government privacy insurance. Again, you both are correct, and perhaps I was overstating my position in regards to the TRW/etc. groups.. I have a tendancy to do so. Each of us has the responsibility to monitor the activities in our lives, both directly and indirectly. Whether this is watching our spending to make sure we do no overcharge, or encrypting mail to keep in secure, we need to be aware of what we are doing, and the reactions of others as a result of our actions. In this case, the action is spending money on credit, and the reaction is being monitored by credit agencies. My solution was to get rid of all the credit cards 4 years ago.. my credit history is trashed in part do to very low activity over the last 4 years, and of course, the side effect of maxing out 4 cards. -stepping off soapbox and looking for the next topic..- From wilcoxb at nag.cs.colorado.edu Wed Sep 6 17:20:55 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Wed, 6 Sep 95 17:20:55 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: <199509070020.SAA01751@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > There is no self defense argument where the purpose is not to prevent > physical harm. If this were a political philosophy list I would state that self-defense justification often extends to property (As I believe it should). Since this is a cryptography-and-social-changes-thereof list I will refrain... > People who go round drawing parallels to gun ownership and cryptography > ownership are simply playing into the governments hands. No! Stop! Don't say it! PLEASE go post this message to alt.security, talk.politics.guns and alt.fan.david-sternlight and keep it away from this list... Bryce (toss in alt.flame while you are at it...) signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta3 iQCVAwUBME46vvWZSllhfG25AQEX9QP9HpngGnwA1rSEo7knTJ8RalpK9HbZm0u/ SkO6blQCV8kqcYxN5uZTFefCQPjTakEaUv8YnWpHNGOfFIu8igNOGMTCTV6ptVEy rYKqupcycYXugN7XGdgQH2UNCUO2M59FpBC65nm4FB05ZUrwYyz0weeCkmxDTZHP 1FKRnjXpWrU= =b3yP -----END PGP SIGNATURE----- From weidai at eskimo.com Wed Sep 6 17:48:44 1995 From: weidai at eskimo.com (Wei Dai) Date: Wed, 6 Sep 95 17:48:44 PDT Subject: fast modular reduction Message-ID: During the Crypto' 95 Rump Session, Josh Benaloh of Microsoft Corp. presented a new modular reduction algorithm that he and I developed. It is faster than the Montgomery method by about 10 to 15%, and is more general and easier to understand. The central idea is that it is easy to reduce a number to an equivalent one that's just one "block" (machine word) longer than the modulus, by repeatedly subtracting off the highest block, and adding back something that's equivalent, but smaller. In the following pseudocode, B is the radix in which the numbers are represented (2^32 for a 32-bit machine), n is the length of modulus in blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 is the length of X, and Y is the result. 1. Y = X 2. For i from k down to n+1, repeat steps 3 and 4 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) Tricks can be used to eliminate step 4, and to reduce Y to n blocks using one single precision division, and n more single precision multiplications. The algorithm will hopefully be written up more completely soon. Wei Dai From mnorton at cavern.uark.edu Wed Sep 6 17:52:56 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 17:52:56 PDT Subject: Are booby-trapped computers legal? In-Reply-To: Message-ID: If the jury isn't persuaded betond reasonable doubt that you were in genuine apprehension of serious harm to yourself or your family--not your property--then you will be acquitted of using violence to repel an intruder into your home. Maybe not your south 40, but your home. Indeed, if the local prosecutor or US Atty believes, on the positive side, that your actions were reasonable, you probably won't even be charged. Now, that doesn't of itself make deadly force right, but as I'm just through with cleaning two shotguns (dove season here, going again Friday), I'm not going to argue the point too vigorously. I'd say the morality of such situations, leaving aside the legality, is extremely fact-intensive. Situational ethics? Excessive subjectivity? I think not--I think we can apply objective standards to each individual case, but it's fatuous to do so in advance. MacN On Tue, 5 Sep 1995, Timothy C. May wrote: > >I don't know what you call it but if nothing else it is ethicaly and moraly > >reprehinsible. > > Different strokes for different folks. Anyone entering my house unannounced > faces lethal response. I think of it as evolution in action, and doubt I > would lose any sleep over this. > > It has nothing to do with equating human life over property, it has to do > with defending one's property and (maybe) one's life. Here in California, > it is becoming more and more common for "home invasions" to be followed by > execution of all of the witnesses. (Read "The San Jose Mercury News" for > accounts of gang invasions in which all the residents in a home are lined > up and shot, excecution-style.) > > I won't get into a discussion of which states permit lethal force > responses, as this is a topic which even I think belongs in > talk.politics.guns or similar fora. > > Suffice it to say that most states allow lethal response under threatening > circumstances. > > --Tim May > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > > > From ravage at einstein.ssz.com Wed Sep 6 18:10:56 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 18:10:56 PDT Subject: e$ sites of interest Message-ID: <199509070116.UAA00143@einstein.ssz.com> Hi all, Found these in PC Week and thought I would pass them along... CARI - http://www. netresource.com/itp/cari.html Collect All Relevant Information, a transaction system that doesn't require live transmission of sensitive data. Cybercash Inc. - http://www.cybercash.com/ Secure transaction over the internet, using credit and cash payment systems. Digicash - http://www.digicash.com/ Electronic transaction products include ecash; find the links to ecash-centric 'cybershops'. First Virtual - http://www.fv.com/ Secure internet-based system that uses the WWW and email for digital payment transactions. Internet Banking - http://sfnb.com/wpaper.html White paper on electronic commerce NetChex - http://www.netchex.com/index.html Secure transactions over the internet, using a bank account debit system. Network Payment Mechanisms and Digital Cash - http://ganges.cs.tcd.ie/ mepeirce/project.html Overview of trands and techniques, with several useful links for additional information. From mnorton at cavern.uark.edu Wed Sep 6 18:11:26 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 18:11:26 PDT Subject: Are booby-trapped... [Detailed treatment] In-Reply-To: Message-ID: Thing about the Restatement (any of 'em) is that they must be read carefully, being especially wary of circularity. Note here that the actor would be privileged only to the extent he would be privileged, get it? under some other body of law not specifically referenced. So it all comes back to reasonable apprehension of bodily harm to yourself or your family (or guests, I suppose), in your home or similar place. MacN On Wed, 6 Sep 1995, Black Unicorn wrote: > > The basic rule today in most states resembles the restatement position: > > Section 85. Use of Mechanical Device Threatening Death or Serious > Bodily Injury. > > The actor is so far privileged to use such a device intended or likely > to cause serious bodily harm or death for the purpose of protecting his > land or chattels from intrusion that he is not liable for the serious > bodily harm or death thereby caused to an intruder whose intrusion is, > in fact, such that the actor, were he present, would be privileged to > prevent or terminate it by the intentional infliction of such harm. > [big snip of excellent research] From tcmay at got.net Wed Sep 6 18:18:52 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 18:18:52 PDT Subject: Collection of personal info Message-ID: At 12:07 AM 9/7/95, Rob Lowry wrote: >Again, you both are correct, and perhaps I was overstating my position in >regards to the TRW/etc. groups.. I have a tendancy to do so. Each of us >has the responsibility to monitor the activities in our lives, both ... You mentioned you're a newcomer to the list, so all is forgiven. Seriously, what you'll notice is that people (like me) will respond to arguments made, and, for obvious reasons, concentrate on the points of difference rather than the points of agreement. So, keep posting! --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From cman at communities.com Wed Sep 6 18:27:08 1995 From: cman at communities.com (Douglas Barnes) Date: Wed, 6 Sep 95 18:27:08 PDT Subject: fast modular reduction Message-ID: I was very distressed when Josh gave this presentation; apparently patents have been filed, etc., and someone from another company in Europe was claiming they'd _already_ patented it. What is the story here? From my pov, the performance increase doesn't justify the ramifications of dealing with yet another potentially surly patent holder (either Microsoft in your case, or whoever the irate European fellow was who claims to have already patented it.) From kensington at earthlink.net Wed Sep 6 18:31:17 1995 From: kensington at earthlink.net (Steven Calabro) Date: Wed, 6 Sep 95 18:31:17 PDT Subject: Symbols on the net :) Message-ID: <42ijlr$rff@mars.earthlink.net> If you know of any symbols or acronyms used on the net, please mail them to me. Thanks From mnorton at cavern.uark.edu Wed Sep 6 18:50:03 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 18:50:03 PDT Subject: Collection of personal info In-Reply-To: Message-ID: Tim and I have corresponded about this previously, and again he neglects the distinction between collection and storage, on the one hand, and retrival and dissemination, on the other. If you do the latter, your content better be accurate. That's the difference in Tim and TRW. So far.:) MacN On Wed, 6 Sep 1995, Rob Lowry wrote: > > Rob, I have entered this posting of yours into the "BlackNet Dossier > > Service" I operate. > > At least you notified me.. :) Something the TRW crew or others like them > do not do. > > > > If someone doesn't want their postings going into my 220 megabyte file of > > postings, they shouldn't send them to me. Or they should adopt a digital > > pseudonym, unlinkable to their True Name or any other nyms they may have. > > This is true.. I could adopt a nym, such as I use on my BBS, or when I am > doing other stuff on the net.. but it is difficult at best to get a new > set of credit cards, ID and so on with a new name/alias and still > maintain your own name. If it were possible to have an alias in real > life, as easy as it is to get one on the 'net that is, then I would most > certainly do so.. > > 'Frothmonger' > > From dsc at swcp.com Wed Sep 6 18:50:35 1995 From: dsc at swcp.com (Dar Scott) Date: Wed, 6 Sep 95 18:50:35 PDT Subject: e$ sites of interest Message-ID: Jim Choate wrote, >Found these in PC Week and thought I would pass them along... For me, new to this, I found NetBank's Netcash(tm) to be the most interesting even with its little built-in protection from those who spend money twice. NetBank's URL is this: http://www.teleport.com/~netcash/ It is listed with many others in >Network Payment Mechanisms and Digital Cash - http://ganges.cs.tcd.ie/ > mepeirce/project.html > > Overview of trands and techniques, with several useful links for > additional information. Dar (list newbie) =========================================================== Dar Scott Home phone: +1 505 299 9497 Dar Scott Consulting Voice: +1 505 299 5790 8637 Horacio Place NE Email: darscott at aol.com Albuquerque, NM 87111 dsc at swcp.com Fax: +1 505 898 6525 http://www.swcp.com/~correspo/DSC/DarScott.html =========================================================== From mfroomki at umiami.ir.miami.edu Wed Sep 6 18:56:28 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Wed, 6 Sep 95 18:56:28 PDT Subject: Collection of personal info In-Reply-To: Message-ID: As it happens I seem to be about to write about this stuff. Pointers to articles/data especially about distributed data sets and how people may link them up, would be very welcome... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (experimentally & erratically) http://viper.law.miami.edu/~mfroomki From rjc at clark.net Wed Sep 6 18:58:17 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 18:58:17 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509070157.VAA16973@clark.net> > > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) Is there a proof of correctness available for this algorithm? It looks almost like a Radix-B peasant division algorithm with some modifications. Is there an algorithmic analysis available? I also I think there is a bug in your description. Let k+1 = n+1 (e.g. the dividend is 1 more "block" than the modulus). Then i=n starting out, and we have 3. Y=Y - Y[n] * B^n + Y[n] * U * B^(n-n-1) [we have B^-1] I'm assuming this was unintended. How does this algorithm compare to computing the reciprocal via Newton's Formula, and then multiplying by the reciprocal using Karatsuba multiplication? While I was at IBM Watson I invented a modular reduction algorithm that saves 1/4 the number of multiplications required on average once you have the reciprocal computed. -Ray From rjc at clark.net Wed Sep 6 19:05:44 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 19:05:44 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509070205.WAA18771@clark.net> > > > I was very distressed when Josh gave this presentation; apparently > patents have been filed, etc., and someone from another company > in Europe was claiming they'd _already_ patented it. > > What is the story here? From my pov, the performance increase doesn't > justify the ramifications of dealing with yet another potentially > surly patent holder (either Microsoft in your case, or whoever the > irate European fellow was who claims to have already patented it.) I wish the damn patent offices of the world would get a clue. It used to be when someone found a quicker algorithm, it was published in a journal and sooner or later showed up in Knuth AoCP version x.y. Now, every single algorithm gets patented. At the rate its going now, "ComponentWare" of the future will mean the number of patent components you managed to license simultaneously. The worst patent being considered by the Patent Office right now is the dreaded Eolas patent which purports to have invented the concept of "embedded applications" in Web documents (e.g. Grail, Java, Safe-Tcl) and interprocess communication between web browsers and helper applications (e.g. NS-API/NC-API) The whole patent system needs to be abolished. -Ray From tcmay at got.net Wed Sep 6 19:11:12 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 19:11:12 PDT Subject: Collection of personal info Message-ID: At 1:49 AM 9/7/95, Mac Norton wrote: >Tim and I have corresponded about this previously, >and again he neglects the distinction between >collection and storage, on the one hand, and >retrival and dissemination, on the other. If you >do the latter, your content better be accurate. > >That's the difference in Tim and TRW. So far.:) I don't really disagree with Mac, at least practically speaking. (At a much deeper level, much deeper in terms of philosophy, I'm not even sure _disseminators_ of information have any real necessity to be correct. This is the issue of truth, reputation, etc. that we discuss so often. But, I admit that the legal system does not support my anarcho-capitalist extreme position, which is why I say I don't disagree with Mac, "practically speaking.") However, even if I were to start distributing the results of "Tim's BlackNet Dossier Service," I don't think there's any justification for people insisting that they have a right to "inspect" my records. I think the current U.S. law is not too far from my own views. The credit reporting agencies have an obvious interest in having accurate information--except for the folks in the Witness program--and will eventually correct errors. (Not everyone is happy with the speed, but this is life in a world of finite resources; and I acknowledge that there are pathological cases of incorrect identity, etc.) I still favor free market alternatives to top-down government "protection." And, lest anyone think I'm lapsing in my basic beliefs, I lean toward throwing out _all_ laws about libel, slander, and false information. After all, "what is truth?," to coin a phrase. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From mnorton at cavern.uark.edu Wed Sep 6 19:20:50 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 19:20:50 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Timothy C. May wrote: > I don't really disagree with Mac, at least practically speaking. > > (At a much deeper level, much deeper in terms of philosophy, I'm not even > sure _disseminators_ of information have any real necessity to be correct. > This is the issue of truth, reputation, etc. that we discuss so often. But, > I admit that the legal system does not support my anarcho-capitalist > extreme position, which is why I say I don't disagree with Mac, > "practically speaking.") Well, scratch me deeply enough, I'm not sure I'd disagree with Tim, "philosophically speaking." The problem is, as all the truly wise philosophers recognized, we must live in the world. And given the number of us who must do so, that entails rules. With that caveat, none of the below is insufferable to me. MacN > However, even if I were to start distributing the results of "Tim's > BlackNet Dossier Service," I don't think there's any justification for > people insisting that they have a right to "inspect" my records. > > I think the current U.S. law is not too far from my own views. The credit > reporting agencies have an obvious interest in having accurate > information--except for the folks in the Witness program--and will > eventually correct errors. (Not everyone is happy with the speed, but this > is life in a world of finite resources; and I acknowledge that there are > pathological cases of incorrect identity, etc.) > > I still favor free market alternatives to top-down government "protection." > > And, lest anyone think I'm lapsing in my basic beliefs, I lean toward > throwing out _all_ laws about libel, slander, and false information. After > all, "what is truth?," to coin a phrase. > > --Tim May > > > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^756839 | black markets, collapse of governments. > "National borders are just speed bumps on the information superhighway." > > > From ravage at einstein.ssz.com Wed Sep 6 19:21:55 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 19:21:55 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509070227.VAA00478@einstein.ssz.com> > > And, lest anyone think I'm lapsing in my basic beliefs, I lean toward > throwing out _all_ laws about libel, slander, and false information. After > all, "what is truth?," to coin a phrase. > > --Tim May > Truth is that which can be verified to be reproducable by indipendant and unbiased parties. All else is opinion. From jsimmons at goblin.punk.net Wed Sep 6 19:32:32 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Wed, 6 Sep 95 19:32:32 PDT Subject: University logging mail to anon.penet Message-ID: <199509070230.TAA24609@goblin.punk.net> This just came up locally, and I'd like to have some comments on it, especially from people who understand the law a lot better than I do: Our local University apparently has been logging ALL mail to anon.penet, including faculty, students, and off-campus users. They maintain such weak security that someone was able to "obtain" the logs and post them to a local usenet group, thus compromising everyone's "anonymous" identities. -- Jeff Simmons jsimmons at goblin.punk.net From damion.furi at the-matrix.com Wed Sep 6 19:52:01 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 19:52:01 PDT Subject: Collection of persona In-Reply-To: <8B09393.000504D43B.uuout@the-matrix.com> Message-ID: <8B094FC.000504D58B.uuout@the-matrix.com> RL|Beyond having the willies.. This is more than just scary, it feels like |rape when you think about it for awhile. Everything you buy, on credit, is |recorded and sold to someone who wants to know your secrets. Everytime |you make a banking transaction, someone is watching and compiling the |data. It's not just credit anymore. If you buy something at Radio Shack, even with cash, they want you to give all your info voluntarily and they _will_ give you flack if you don't cooperate (which can be short-circuited by threatening to cause a scene or by suggesting loudly that has lower prices). Anyway, most of what you're wanting to protect aren't secrets, at least in the sense of being sensitive material. It's our privacy, our solitude, and our peace of mind that's under attack. RL|Is there any legal recourse to get your name removed from the sellable list? |Or is it too late and we can not save even the vestiges of our privacy? There's a place in D.C. you can write to that will put a block on some lists, but not all (I don't have the address anymore). We're screwed. RL|Oh, but if only I had the 'hacker' skill to break into such a database.. |I have always been against the destruction of data.. but there are |exceptions... It wouldn't help and you would be jailed for nothing. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 133... From gimonca at mirage.skypoint.com Wed Sep 6 20:01:08 1995 From: gimonca at mirage.skypoint.com (Charles Gimon) Date: Wed, 6 Sep 95 20:01:08 PDT Subject: University logging mail to anon.penet (fwd) Message-ID: Forwarded message: > From toad.com!owner-cypherpunks Wed Sep 6 21:43:41 1995 > From: Jeff Simmons > Subject: University logging mail to anon.penet > > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. > punk.net is in San Luis Obispo. Since Skypoint carries a lot of regional groups, I can follow the issue on Usenet, in these groups: slo.unix,slo.general,slo.punks,alt.comp.acad-freedom.talk,comp .org.eff.talk Those of you who don't get the slo.* groups, you can probably see the original posts in comp.org.eff.talk or alt.comp.acad-freedom. The subject is "No subject". (I still chuckle when I see the group slo.sex ...) From rrothenb at ic.sunysb.edu Wed Sep 6 20:04:38 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 20:04:38 PDT Subject: Collection of personal information etc. etc. etc. In-Reply-To: <8B094FC.000504D58B.uuout@the-matrix.com> Message-ID: <199509070305.XAA18310@libws4.ic.sunysb.edu> > It's not just credit anymore. If you buy something at Radio > Shack, even with cash, they want you to give all your info > voluntarily and they _will_ give you flack if you don't > cooperate (which can be short-circuited by threatening to cause > a scene or by suggesting loudly that has lower > prices). Depends on the counter people. The local RS here the clerks don't care much about it and will enter a random number. A local Service Merchandise does the same thing, but they're pesky, so I make up silly names to test the wits of impatient teenage mutant cashiers. (They also used to have a computer where you enter your telno. and place orders to pick up at the desk... I don't think the system bills you automatically but the employees probably won't like it when you have them get 10 wieght sets out...) From rrothenb at ic.sunysb.edu Wed Sep 6 20:05:35 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 20:05:35 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: <199509070306.XAA18362@libws4.ic.sunysb.edu> So which university is this? > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. > > -- > Jeff Simmons jsimmons at goblin.punk.net > From jsimmons at goblin.punk.net Wed Sep 6 20:29:03 1995 From: jsimmons at goblin.punk.net (Jeff Simmons) Date: Wed, 6 Sep 95 20:29:03 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070306.XAA18362@libws4.ic.sunysb.edu> Message-ID: <199509070326.UAA24732@goblin.punk.net> > > > So which university is this? > > > This just came up locally, and I'd like to have some comments on it, > > especially from people who understand the law a lot better than I do: > > > > Our local University apparently has been logging ALL mail to anon.penet, > > including faculty, students, and off-campus users. > > > > They maintain such weak security that someone was able to "obtain" > > the logs and post them to a local usenet group, thus compromising > > everyone's "anonymous" identities. > > California State Polytechnic University, San Luis Obispo -- Jeff Simmons jsimmons at goblin.punk.net From mnorton at cavern.uark.edu Wed Sep 6 20:33:36 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Wed, 6 Sep 95 20:33:36 PDT Subject: Collection of personal info In-Reply-To: <199509070227.VAA00478@einstein.ssz.com> Message-ID: Doesn't make it true, in Tim's sense--just makes it verifiable. MacN On Wed, 6 Sep 1995, Jim Choate wrote: > Truth is that which can be verified to be reproducable by indipendant and > unbiased parties. All else is opinion. From dneal at usis.com Wed Sep 6 20:35:35 1995 From: dneal at usis.com (David Neal) Date: Wed, 6 Sep 95 20:35:35 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Timothy C. May wrote: > At 10:15 PM 9/6/95, Rob Lowry wrote: > > >Beyond having the willies.. This is more than just scary, it feels like > >rape when you think about it for awhile. Everything you buy, on credit, is > >recorded and sold to someone who wants to know your secrets. Everytime > >you make a banking transaction, someone is watching and compiling the > >data. > > > > If someone doesn't want their postings going into my 220 megabyte file of > postings, they shouldn't send them to me. Or they should adopt a digital > pseudonym, unlinkable to their True Name or any other nyms they may have. > > Things are much simpler and less stressful when you don't look to the law > to fix things. > Nor was I suggesting a legal solution (I know your comment was triggered by Rob's request for legal recourse) but instead suggesting that things are farther along than some people realize. Someone suggested a rational, non-hysterical approach to converting people. Perhaps. I certainly wrote a nice letter to the editor of a magazine which published a piece about electronic checking, and made sure to mention that e-cash would be preferable to some. On the other hand, The Gub'mint is certainly conducting a campaign overt and covert to throttle unlimited and uncontrolled use of cryptography. That combined with how politicized things are these days, it can be difficult to conduct a rational debate or in fact find anyone who wants to talk. Personally, I'm of the opinion that we need to a pre-emptive crypto strike. But just as the 'Privacy Card' has been debated here endlessly, so too reaching critical market mass w/a 'bump in the cord' product. David Neal - GNU Planet Aerospace 1-800-PLN-8-GNU Unix, Sybase and Networking consultant. "...you have a personal responsibility to be pro-active in the defense of your own civil liberties." - S. McCandlish From gjeffers at socketis.net Wed Sep 6 20:44:26 1995 From: gjeffers at socketis.net (Gary Jeffers) Date: Wed, 6 Sep 95 20:44:26 PDT Subject: ON OFF-TOPIC Message-ID: <199509070639.BAA00416@mail.socketis.net> ON OFF-TOPIC THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! CRYPTO CODERS SUPPLY THE MEANS! CONSPIRACY THEORISTS SUPPLY THE MOTIVATION! conspiracy theorist = alternative political theorist NOT= AP/ABC/CBS/NBC/CIA/FBI/U.S GOV'N./New York Times/Washington Post opinion moulders syndicate "extremist right-wing kook" = old fashioned American patriot Left term used often by left-wing extremist liberal statist kooks. The United States "Federal" Government - we'll be even more American without it. PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCK! BBBEEEAAATTTT STATE!  From rjc at clark.net Wed Sep 6 20:46:27 1995 From: rjc at clark.net (Ray Cromwell) Date: Wed, 6 Sep 95 20:46:27 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509070346.XAA14571@clark.net> Anyone ready to risk running a "Scientology .sig virus server"? Here's the idea. The CoS apparently freaks out and sues anyone who distributes CoS material, even those who quote small portions of it. In the same spirit of the "export-a-sig-PGP" system, why not break the CoS materials up into n pieces (each piece being 5-10 lines long) and let people request chunks from a server to put in this .sig? The assumption is, the Church can't sue everyone (legal funds being limited). I think I'd do it just to piss them off. To spread the risk around even more, I'd place the "piece server" on k different HTTP sites just so they can't raid them all. Even better would be to use a script on one master server to dynamically return HTTP redirects to k different URLs to the real servers. Another option is dynamic DNS. Finally, you could have the server run thru email via a chained anonymous return block. The result would be sent back thru a remailer chain. The nastiest thing I can think of is to get the CancelBot people to let a massive broadcast of CoS materials be sent to UseNet. Other options include servers which detect known CoS source addresses and provide "fake fronts" to them. (easily doable with CGI/CERN server and IDENT). Cypherpunks oughta be able to figure out something to show those idiots why their actions are ultimately futile. -Ray From mark at lochard.com.au Wed Sep 6 20:49:19 1995 From: mark at lochard.com.au (Mark) Date: Wed, 6 Sep 95 20:49:19 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: Message-ID: <199509062303.AA24688@junkers.lochard.com.au> >> This is the second or third time I've seen descriptions of such >> raids where cult (no, I'm not trying to be diplomatic) >> representatives were present and participating. Is this legal in >> Amsterdam? How about in the U.S.? Britain? >> >Probably. Amsterdam isn't exactly the wild west, and they didn't take the >computer equipment with them, they just inventoried everything so to have >something to sell when their claims prove valid. Which I doubt (shit, I >will be moving to this country in a couple of weeks...) The good news is xs4all were prepared for them and have mounted a publicity campaign against co$. co$ has withdrawn their complaint (though xs4all have not be _officially notified yet) in an attempt to patch up things but it's too late for co$ to save them from the wrath. xs4all has a lot of support in all facets of .nl life so co$ is going to have a bad time screwing with them. From what I learnt there will be a lot of noise RSN in the press. My personal view is co$ deserves all the flak they get. Mark mark at lochard.com.au The above opinions are rumoured to be mine. From unicorn at polaris.mindport.net Wed Sep 6 20:52:21 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Wed, 6 Sep 95 20:52:21 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: On Wed, 6 Sep 1995, Jeff Simmons wrote: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. Which University please? > > -- > Jeff Simmons jsimmons at goblin.punk.net > From damion.furi at the-matrix.com Wed Sep 6 20:59:29 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 20:59:29 PDT Subject: Collection of persona In-Reply-To: <8B094A8.000504D4D8.uuout@the-matrix.com> Message-ID: <8B0951B.000504D5AC.uuout@the-matrix.com> BU|In fact it's not difficult. It's quite simple to estlablish new identity |for the individual willing to risk the charges and consequences of |exposure. The basic impediment is time. Good credit doesn't come |overnight. The second impediment is tax evasion- which is less than |justifiable in the United States on the grounds of privacy. If you're |willing to be patient, and pay taxes on more than one name, its easy to |maintain several identities. A lot of "ifs" there. Not to mention the expense. BU|> If it were possible to have an alias in real |> life, as easy as it is to get one on the 'net that is, then I would most |> certainly do so.. BU|Which tells me how serious you really are about your privacy. You have |made a decision here about how much trouble privacy is worth to you, |which is "not much." And how many "real names" do you have off the net? BU|I hear people bitch about privacy endlessly. Privacy helps those who |help themselves to privacy. I think Mr. May was precisely correct in saying |that it is so much easier and simpler for one to rely on self privacy |insurance rather than government privacy insurance. Certainly. That doesn't mean that we're all going to jump up and maintain several aliases. Particularly when our beloved Uncle Sam is quite capable of deciding that it's for fraudulent purposes -- which makes it a felony. It would be simpler and easier to start another revolutionary war than follow your logic. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 133... From hayden at krypton.mankato.msus.edu Wed Sep 6 21:02:31 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 6 Sep 95 21:02:31 PDT Subject: University logging mail to anon.penet In-Reply-To: <199509070230.TAA24609@goblin.punk.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 6 Sep 1995, Jeff Simmons wrote: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. > > They maintain such weak security that someone was able to "obtain" > the logs and post them to a local usenet group, thus compromising > everyone's "anonymous" identities. I'd say that there are some serious ethical and legal concerns that should be addressed by the administration for keeping such logs... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBME5SwjokqlyVGmCFAQGuLQP/TA9F2Vf65o37Yq821zFfBB8HNekfdB6I PcmaRPHFzlgGfV2iSQm4sn0KHLddpX70ZrUaGM2uuJsYC1iwPagGOQR0Y51tjU7Y 1O+jBf3Pjsa64rox1Y5+7fQAnl4hD5Io13MtsosDC19kjPYuoJ33RHWF/uiHRT5N stRLLxwWjEo= =MQuw -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y++** ------END GEEK CODE BLOCK------ From Jaeson.M.Engle at dronf.org Wed Sep 6 21:06:09 1995 From: Jaeson.M.Engle at dronf.org (Jaeson Engle) Date: Wed, 6 Sep 95 21:06:09 PDT Subject: ULC Online Message-ID: Just in case anyone else wants to go ahead and get ordains in the ULC, http://ybi.com/ulc/ordain.html Online form for getting ordained. Jaeson -- Jaeson M. Engle http://www.dronf.org Coordinator of the Jourvian Group PGP Mail Encouraged -> jme.pub.key at dronf.org Project List -> programs at dronf.org From robl at on-ramp.ior.com Wed Sep 6 21:11:15 1995 From: robl at on-ramp.ior.com (Rob Lowry) Date: Wed, 6 Sep 95 21:11:15 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > Nor was I suggesting a legal solution (I know your comment > was triggered by Rob's request for legal recourse) but instead > suggesting that things are farther along than some people realize. Nor do I support additional rules/laws or regulations.. but if there are existing ones to screw with, use 'em.. Recently I had a bill turned over to collections from, of all places, the daycare we used to take our kids too.. we owe them about $1300 in their estimation. The reason we have not paid is due to 11 days of lost work due to head lice that they provided to my kids, plus they stopped serving breakfast which was in the contract we signed when enrolling the kids there.. I was notified by the collection co. about this submittal (now $1500 for some reason..) and by law, I can dispute this in writing, thus slowing the wheels of the collection monster horribly. I did so.. and for the last 4 months, they have been trying to prove I owe money.. I was asking if such a system exist for the release of your credit info.. and it appears that there is no safety mechanism in that monster. Rather than cry out for more laws to be twisted against us later, I agree that letting it happen, and using cash instead of credit, is the smart answer here. Someone care to point me at e-cash info? sounds interesting.. remember, I am new to the crypto scene and still think PGP is neato ;) From rsnyder at janet.advsys.com Wed Sep 6 21:53:31 1995 From: rsnyder at janet.advsys.com (Bob Snyder) Date: Wed, 6 Sep 95 21:53:31 PDT Subject: University logging mail to anon.penet In-Reply-To: Message-ID: <199509070454.AAA19936@janet.advsys.com> hayden at krypton.mankato.msus.edu said: > I'd say that there are some serious ethical and legal concerns that > should be addressed by the administration for keeping such logs... Ethical I would definately agree with. Legally, I'm not so sure of. The applicable law would appear to be the Electronic Communications Privacy Act of 1986. The law does allow administrators to see messages in the normal course of their job, as long as they don't reveal that information to a 3rd party (except law enforcement in the event of a criminal act) This protection is probably strongest with a company you purchase Internet Service from, probably lesser so with a University, since there is less obviously a customer/seller relationship, and almost non-existant with a business, since there isn't a customer relationship, and the systems are owner by the business. Bob From ravage at einstein.ssz.com Wed Sep 6 22:01:44 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 6 Sep 95 22:01:44 PDT Subject: Collection of personal info In-Reply-To: Message-ID: <199509070507.AAA01347@einstein.ssz.com> > > Doesn't make it true, in Tim's sense--just makes it verifiable. > > MacN > > On Wed, 6 Sep 1995, Jim Choate wrote: > > Truth is that which can be verified to be reproducable by indipendant and > > unbiased parties. All else is opinion. > What exactly is Tim's sense to you? Perhaps Tim could clarify more clearly what he means by 'truth'. To me it sounds like he is saying that there is some viewpoint that is absolute. I no more believe in absolute viewpoints than I believe in absolute coordinates. If it is the 'truth' what makes it unverifiable? If I can look at it and claim it isn't the truth (because I can't verify it) how does one know it is the truth then? What seperates this unverifiable truth from opinion (which is equally unverifiable by definition)? What is the litmus test? And how do we know the litmus test is true? (I see a circle coming up) For example, lets say that I have a accident with another motorist. We each tell our story but they are different (or the same for that matter). Which is true? I would hold neither. The incident as described by either of us is simply our recollection of happenstance, in other words our opinion of what occured. It is not what occured. The only truth that could be derived would be that an accident had occured. Why? Because we would have two bent cars that anyone who cared enough could verify. The truth is not some mighty sword we can wield to reveal some shrowded mystery. It is the realization that the world is a complicated place and we deal with incomplete facts (ie fog of war). From this meager litany of facts we try to derive some conclusion that allows us to control our environment. Truth is a mundane everyday sort of thing, not some magical force. The truth will not free you nor will it guarantee a better tomorrow. The whole argument breaks down to the simple question of whether it is possible to know anything absolutely. If it is possible to know something absolutely what else to call it but fact (and therefore true)? If it isn't a fact then it is either a lie (ie the inversion of truth) or else an opinion. I don't see how there can be any other division than these three. Another way to look at it is to say that if it involves faith it can't be truth. Truth can't be dependant on faith (ie observer). [Looking over this I realize that we are talking about a form of computability] From tcmay at got.net Wed Sep 6 22:46:01 1995 From: tcmay at got.net (Timothy C. May) Date: Wed, 6 Sep 95 22:46:01 PDT Subject: What is truth? Message-ID: At 5:07 AM 9/7/95, Jim Choate wrote: >> >> Doesn't make it true, in Tim's sense--just makes it verifiable. >> >> MacN >> >> On Wed, 6 Sep 1995, Jim Choate wrote: >> > Truth is that which can be verified to be reproducable by indipendant and >> > unbiased parties. All else is opinion. >> > >What exactly is Tim's sense to you? Perhaps Tim could clarify more clearly >what he means by 'truth'. To me it sounds like he is saying that there is >some viewpoint that is absolute. I no more believe in absolute viewpoints >than I believe in absolute coordinates. I promise to be mercifully brief. This is a subject that we could all go on and on about. I used the ironic "What is truth?," a la Pilate, to indicate some degree of ambiguity. How Jim concluded that I have some absolutist viewpoint from this simple line is unclear to me. In any case, I don't believe there are "independent and ubiased parties" who can determine what truth is. Not that there is no measure of truth. I am no solipsist, and I believe we have a much clearer view today of how things work than we had, say, 500 years ago. Courtesy of science and the core idea of falsifiability. As this view relates to government and law, it is that many things are best left outside the bounds of the law. The law stays out of most inter-family disputes, for example, unless violence or fraud of a major sort occurs. And the law stays out of confirming or refuting religious claims. If Preacher Bob says that praying to Baal will save one's soul, no law officer will step in and stop this "lie." As I like to put it, of the N different religions, at most _one_ of them is "true," and the other N - 1 are based on lies. So, if we are to "allow" religious freedom we must surely allow lies to be told. Q.E.D. Our liberal, Western society went through this debate a long time ago, and it was pretty much concluded that people could choose their own paths to hell without interference from others. That people were free to believe any damned fool idea they wanted to believe in. Somewhere along the line we've adopted the new view that government needs to correct all incorrect thoughts, needs to protect people from "hurtful" ideas and speech, and needs to determine what is true and what is not true. If you want more information on my views about truth, check out the work on "evolutionary epistemology," especially the writings of William Bartley and Karl Popper. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From rrothenb at ic.sunysb.edu Wed Sep 6 22:50:15 1995 From: rrothenb at ic.sunysb.edu (Deranged Mutant) Date: Wed, 6 Sep 95 22:50:15 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509070454.AAA19936@janet.advsys.com> Message-ID: <199509070542.BAA23214@libws4.ic.sunysb.edu> Bob Snyder wrote: > hayden at krypton.mankato.msus.edu said: > > I'd say that there are some serious ethical and legal concerns that > > should be addressed by the administration for keeping such logs... > > Ethical I would definately agree with. > > Legally, I'm not so sure of. The applicable law would appear to be the > Electronic Communications Privacy Act of 1986. The law does allow > administrators to see messages in the normal course of their job, as long as > they don't reveal that information to a 3rd party (except law enforcement in > the event of a criminal act) I'm no lawyer, but I believe that technically the ECPA allows them to view mail when it is part of maintenance, which could be in the "normal course of their job[s]" but I think it means that if they see mail while maintaining (ie, bounced msgs) it's Ok to read it but maintenance doesn't mean outright monitoring of mail. Then again, what does the ECPA say about monitoring message traffic? That's essentially what they are doing, and likely they will rationalize it as being to save their own skins. It also might be the work of a SysAdmin and the school administration would be entirely clueless about it. Another possibility is that a hacker (the same who got ahold of the file?) put in something to monitor it... (my knowledge of Unix is little, though...) > This protection is probably strongest with a company you purchase Internet > Service from, probably lesser so with a University, since there is less > obviously a customer/seller relationship, and almost non-existant with a > business, since there isn't a customer relationship, and the systems are owner > by the business. I've heard some nasty stories about boards and a couple of I-Net providers who charge for access but reserve the right to throw someone off the system without refund (it's often in the terms of many account applications) for various no-nos. Rob From damion.furi at the-matrix.com Wed Sep 6 22:51:21 1995 From: damion.furi at the-matrix.com (DAMION FURI) Date: Wed, 6 Sep 95 22:51:21 PDT Subject: Collection of persona In-Reply-To: <8B09569.000504D5D6.uuout@the-matrix.com> Message-ID: <8B0A00E.000504D665.uuout@the-matrix.com> DM|Depends on the counter people. The local RS here the clerks don't care |much about it and will enter a random number. I wish they would do that here. I've just about yanked a manager over the counter over it. |A local Service Merchandise |does the same thing, but they're pesky, so I make up silly names to test |the wits of impatient teenage mutant cashiers. (They also used to have |a computer where you enter your telno. and place orders to pick up at |the desk... I don't think the system bills you automatically but the |employees probably won't like it when you have them get 10 wieght sets |out...) I love it when the system has a flaw I can take a crowbar to. :----------:----------:----------:----------:----------:----------:----- : furi at the-matrix.com | pgp-public-key at demon.co.uk | LIVE LION ALERT : 2.6.2 1024/C1225CE1 | 38 11 7C 59 FB F3 7C C0 F7 E9 67 1F AF B8 2D 94 PGP: When it's none of their damned business. -- SPEED 1.40 [NR]: Evaluation day 134... From msprague at owens.ridgecrest.ca.us Wed Sep 6 22:54:30 1995 From: msprague at owens.ridgecrest.ca.us (M. F. Pat Sprague) Date: Wed, 6 Sep 95 22:54:30 PDT Subject: Diskreet Disk Help Needed Message-ID: <199509070555.WAA11056@owens.ridgecrest.ca.us> One of my Diskreet Disks has refused to open but will change size and password. Any suggestions?? From jirib at cs.monash.edu.au Wed Sep 6 23:03:18 1995 From: jirib at cs.monash.edu.au (Jiri Baum) Date: Wed, 6 Sep 95 23:03:18 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <199509070346.XAA14571@clark.net> Message-ID: <199509070600.QAA11675@molly.cs.monash.edu.au> -----BEGIN PGP SIGNED MESSAGE----- Hello Ray Cromwell and all other cypherpunks, > Anyone ready to risk running a "Scientology .sig virus server"? ... > In the same spirit of the "export-a-sig-PGP" system, why not break > the CoS materials up into n pieces (each piece being 5-10 lines long) ... I don't really follow the Co$ saga, but when I last looked it seemed as though six lines (one of them the title) are sufficient for them to be unhappy at you. If I remember correctly, those six lines said to go to the zoo to practice telepathy with animals... (No they didn't say *how*.) So I don't know whether the "export-PGP-sig" system will be any use. ... > To spread the risk around even more, I'd place the "piece server" > on k different HTTP sites just so they can't raid them all. Even > better would be to use a script on one master server to ... master server = single point of pressure > Cypherpunks oughta be able to figure out something to show those idiots > why their actions are ultimately futile. It always was, but do you have the money and the spirit to fight them? Jiri - -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBME6KSyxV6mvvBgf5AQFGTQQAhxXbnoS1EoxRGTHKAukZzRIYFGu++Zuq 2zywwlKSUdxFm9di914qembuEb8rGTwqUGagESjs3p2oZe9xKFHricSr0LFOeoSh Vx+mioL1hEaBMzKBrMNAD4OA7lPi7EEzeEFSb589TgNqH5DBvYxMwfWNXCe5I/A1 WjHU0YqtiwU= =gKJF -----END PGP SIGNATURE----- >: : >>: OT7-48 >: : >>: 1. Find some plants, trees, etc., and communicate to them >: : >>: individually until you know they received your communication. >: : >>: 2. Go to a zoo or a place with many types of life and communicate >: : >>: with each of them until you know the communication is >: : >>: received and, if possible, returned. From alt at iquest.net Wed Sep 6 23:21:56 1995 From: alt at iquest.net (Al Thompson) Date: Wed, 6 Sep 95 23:21:56 PDT Subject: Are booby-trapped computers legal? Message-ID: At 03:38 PM 9/6/95 -0400, hallam at w3.org wrote: >People who go round drawing parallels to gun ownership and cryptography >ownership are simply playing into the governments hands. Which of our rights would you have us surrender so as to not play into the government's hands? >Cryptography has net benefits to society. You would have a hard time proving that cryptography has more, or different "net benefits to society" than gun ownership does. >Most advocates of gun ownership tend to convince me of >little more than they are a danger to society. Regardless of their case they are >the biggest argument for gun control, and therfore poor advocates of their >cause. Statists say the same thing about crypto-advocates. Talking about keeping secrets, and discussing which methods are uncrackable by the government is not what a statist wants to hear - and neither is talk about the real reason behind the 2nd Amendment. From vznuri at netcom.com Wed Sep 6 23:30:51 1995 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 6 Sep 95 23:30:51 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: <199509052053.NAA01226@mycroft.rand.org> Message-ID: <199509070612.XAA16340@netcom8.netcom.com> J.G. on "proposed escrow techniques": >In order to help make most productive use of the limited time >available at the upcoming meeting and to better focus >deliberation, the following criteria are being distributed for >discussion purposes. Since it is important that final criteria >be clear, straightforward, consistent, and implementable, please >review these draft criteria and be prepared to discuss >how they may be refined and made more specific. could someone explain to me why the passive voice is being used in this proposal? who is proposing this criteria? there is a saying "he who appeases an alligator does so in hopes of being eaten last". J.G., where did this list of proposal items come from? from you? are you a private researcher? if so, how do you justify this list? I mean, I can imagine someone from the NSA coming up with something this specific and restrictive, but frankly I find it in rather poor taste for private, unaffiliated researchers trying to bargain with the NSA. there is a clear-cut right to encryption in a free society, and anything less is a compromise with totalitarianism IMHO. IMHO no genuine self-respecting cypherpunk would be involved in any kind of discussions involving government key escrow, unless to go as an agent provocateur. the whole issue lends an "aura of legitimacy" to an issue that has absolutely none. its like the Perl shirt-- as I have said many times, as long as people argue about the precise legality of the code, they are *losing* the battle with the NSA and playing into their hand and exactly the kind of paranoia over cryptography use they are trying to cultivate. --Vlad Nuri From an116512 at anon.penet.fi Wed Sep 6 23:54:39 1995 From: an116512 at anon.penet.fi (an116512 at anon.penet.fi) Date: Wed, 6 Sep 95 23:54:39 PDT Subject: not a flame please read and think about this Message-ID: <9509070626.AA07408@anon.penet.fi> why is it that half the people who post here work for the government or big companies that are doing governments bidding (rand.org (which is part of the the nsa!) att.com (makers of the clipper chip) mit (which onwns rsa) netscape etc etc) what makes me wonder isnt so much that theyre here but that they post socalled reasonable stuff that supports the the government line. like when these people report on what the nsa guy says at the crypto convention as if were supposed to take it seriously and these people who say clipper is good enough no back doors. and then everyone takes this crap seriously. obviously the government thinks there are some things we shouldnt think about ourselves. and then someone comes along and says theyve thought about it already and we should just go mind our own biz. arent we supposed to be cypherPUNKS? than why do we need these people to think for us? honest replies only please. i dont mean to flame but this really bothers me. we should maybe think about a closed list. ---------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. If you reply to this message, your message WILL be *automatically* anonymized and you are allocated an anon id. Read the help file to prevent this. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ravage at einstein.ssz.com Thu Sep 7 00:31:53 1995 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 7 Sep 95 00:31:53 PDT Subject: What is truth? In-Reply-To: Message-ID: <199509070729.CAA01800@einstein> > > I promise to be mercifully brief. This is a subject that we could all go on > and on about. I used the ironic "What is truth?," a la Pilate, to indicate > some degree of ambiguity. How Jim concluded that I have some absolutist > viewpoint from this simple line is unclear to me. > Actually from your statement I would conclude that you don't believe truth exists at all. That was the original in context intent of the quote you used. Ambiguity is like pregnancy, it is there or isn't. Bottem line being whether your position is that there is or isn't an absolute it falls to the same line of argument...faith. My personal opinion is that we are way to ignorant/stupid to ever answer the question. > In any case, I don't believe there are "independent and ubiased parties" > who can determine what truth is. Not that there is no measure of truth. I > am no solipsist, and I believe we have a much clearer view today of how > things work than we had, say, 500 years ago. Courtesy of science and the > core idea of falsifiability. > This is exactly the opinion of the great minds of their time as well. I suspect you are just as wrong as they were. If this isn't solipsism I don't know what is. We are no valid measurer of our ignorance. We are simply to close to see where the horizons truly are. The catch here is we will always be to close. The real issue is not whether there is an observer who can discern the truth but rather; is there a truth to discern in the first place? > > And the law stays out of confirming or refuting religious claims. If > Preacher Bob says that praying to Baal will save one's soul, no law officer > will step in and stop this "lie." As I like to put it, of the N different > religions, at most _one_ of them is "true," and the other N - 1 are based > on lies. So, if we are to "allow" religious freedom we must surely allow > lies to be told. Q.E.D. > You are confusing 'lie' and 'opinion'. No religion is true, they are based on faith and therefore unprovable. That which is unprovable is neither truth or lie, it simply is. > > Somewhere along the line we've adopted the new view that government needs > to correct all incorrect thoughts, needs to protect people from "hurtful" > ideas and speech, and needs to determine what is true and what is not true. > Who is this 'we' kimo-sabi? If this were true 'we' wouldn't even be having this discussion. As to it being a new idea, hardly. > "evolutionary epistemology," especially the writings of William Bartley and > Karl Popper. > Read some of them, believe they are as full of shit as all other philosophers when taken as a whole. While individual ideas that these folks have presented have quite a bit of merit as a whole not a single philosopher has ever produced a work that has really been ground shattering. You disagree? Then explain why no philosopher has managed to over shadow all the others? {And for those Christians out there who will invariably send me mail, Christianity is not the largest religion in the world, only in the US does it hold a numerical superiority.} The reason is quite simple and one of the main problems with philosophers and politicians. They keep making the same damn mistake, they assume that since it works for them it will work for anyone (and therefore everyone) else. This is an incorrect assumption. The real problem with philosophers and politicians is that at some point they start to believe their own press releases. Consider this, if 'truth' is so hard to define or observe why is there not a equaly biased discussion about 'lie'? Few people have a problem with the concept of a lie. We can argue blissfully for centuries over what truth is but if we question what a lie is we get termed pathological. What is it about human psychology that causes this? Take care. From rjc at clark.net Thu Sep 7 01:14:50 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 7 Sep 95 01:14:50 PDT Subject: fast modular reduction In-Reply-To: <199509070157.VAA16973@clark.net> Message-ID: <199509070811.EAA07559@clark.net> I wrote: > modifications. Is there an algorithmic analysis available? I also > I think there is a bug in your description. Let k+1 = n+1 > (e.g. the dividend is 1 more "block" than the modulus). Then > i=n starting out, and we have Upon a closer look, I see there's no mistake. The algorithm will never reach k=n because the loop stops at n+1. Anyway, I played around with the algorithm a little, and it's neat and easy to implement, but the speed increase is not worth the patent hassle (assuming there is a speed increase, I saw none) The algorithm is still basically O(n^2) if used in a modexp routine. It requires n^2 multiplications and additions. Whereas, a typical Karatsuba multiplication using a high precision reciprocal will only use 2*n^1.5 multiplications and 5*n^1.5/8 additions. (for n=64 which is a 2048-bit number being reduced, it's about 1/5 the multiplications, but 5 times the additions) Two other possible algorthms are: Let P(x) = sum(i=0 to n-1) a_i x^i be a multiprecision integer radix x. If m is a modulus, of length n/2, rewrite P(x) as sum(i=0 to n/2-1) a_i x^i + x^(n/2) (a_{n/2 + i} x^i) break the summation into two parts. Focus on the second term. (both terms are not equal, or one digit larger than the modulus) Perform modular reduction of the right hand polynomial using Horner's method x*(x*(x*...(x*a_i + a{i-i} mod m)mod m)mod m) Those internal mod m's can be done quickly with a 2-digit trial quotient estimation. It's still O(n^2), but might be quicker. Still another technique.. Rewrite P(x) (a_0 + a_2 x^2 + a_4 x^4 + ...) + x (a_1 + a_3 x^2 + a_5 x^4 + ...) [broken into two Polys with odd and even terms) Factor out x^2 out of each piece and write a_0 + ((a_2 + a_4 x^2 + a_6 x^4 + ...)*x^2) + x*(a_1 + x^2*(a_3 + a_5 x^2 + a_7 x^4 + ...) Now keep applying the recursive rule until the length of the poly pieces are the same or smaller than the modulus. Now, start evaluating from the inner layers. Multiply each piece by x^2 (two shifts), and take the mod. Sum the results, shifting one side by 1 (for the x factor). Shifts are free because an array representation yields a shift with a pointer movement. It looks kinda like the method for evaluating FFTs a little bit, but it's not. Just something off the top of my head just now. (I hereby place it in the public domain assuming it's worth anything, no patents please) I think with a clever implementation, you can trade some mults for more adds, but still use less additions than russian peasant. -Ray From Saitmacher at MSMDSTTF.frankfurt.hoechst-ag.d400.de Thu Sep 7 01:26:57 1995 From: Saitmacher at MSMDSTTF.frankfurt.hoechst-ag.d400.de (Saitmacher, Klaus, Dr., DyStar) Date: Thu, 7 Sep 95 01:26:57 PDT Subject: subscripe Message-ID: <000C8D27.MAI*/S=Saitmacher/OU=MSMDSTTF/O=FRANKFURT/PRMD=hoechst-ag/ADMD=dbp/C=de/@MHS> subscripe From greg at ideath.goldenbear.com Thu Sep 7 01:31:22 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 7 Sep 95 01:31:22 PDT Subject: University logging mail to anon.penet Message-ID: <199509070815.AA00296@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Jeff Simmons writes: > This just came up locally, and I'd like to have some comments on it, > especially from people who understand the law a lot better than I do: > > Our local University apparently has been logging ALL mail to anon.penet, > including faculty, students, and off-campus users. With respect to logging of student traffic, I'd look at the Family Education Rights Privacy Act ("Buckley Amendment", 20 USC 1232g) and the California analog to it (assuming one exists; Oregon's is located at OAR 571-20-005, et seq.). The release of information about individual students beyond "directory information" (e.g., name, dates of attendance, degrees granted, etc) is sharply limited without the consent of the student. Information about mail traffic sent and received is, IMHO, arguably (but not clearly) within "educational records" for FERPA purposes. To establish a Buckley Amendment violation (and I'm not saying there was one here) you'll still need to find a University employee to pin the disclosure on. If it's a University employee who posted them to the newsgroup, it's easy. If the University employee merely maintained those records in a place where an outsider was able to easily gain access to them, it seems like a bigger stretch. I had occasion to talk with a relatively high-level administrator in the University of Oregon's computer center some time ago and he explained that they've had to go to some trouble to make sure that gopher/WWW directories and other contemporary university computing practices don't fall afoul of the Buckley Amendment. Perhaps the powers that be at other places aren't quite so forward-thinking (or don't have the questionable benefit of being next door to a building full of law students with time on their hands). Perhaps an even longer stretch would be an argument that the practice of logging (and of keeping those logs in an insecure place) violates students (and others') right to privacy. Federal protection for a "right of privacy" is fickle, but California protects its citizens' right to privacy in its constitution. (I'm not an attorney (yet), don't live in California (right now) and consequently don't know much about CA law. So please think about this message as maybe a hint in (I hope) a useful direction, not necessarily the right answer. Feh.) This concrete issue seems like a good reminder of the implications of the way that we think about "cyberspace" and the things that happen when we use computers. If one thinks about a machine or a network as "public space", logging or reporting activities which happen there (e.g., Alice walks over to visit Bob, leaving footprints everyone can see in /var/adm/syslog) seems reasonable or at least not offensive, and it seems silly to talk about being angry because someone wrote down what everyone could see. But if we think about machines and networks as being private space, reporting on what Alice and Bob do seems tacky and rude at best, and horrifying (and likely to create liability) at the other end of the spectrum. As much as I dislike the "cyberspace" metaphor, its use or misuse has serious consequences. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME6qJH3YhjZY3fMNAQHiQgP9HjqkwOzMabzXXbUKp0W7c2MAn4na5X1X UPVY8p70abNVpPoVFGQTUpgBnv3hBy40n5RFD9pNM7c2UPwq0C8Tcir9TBr+xEH7 L7iQCjsqIK5F1lv66C5yMFu8wfiRF10hMhTJYthOa04dyP10HovT2QameGw+DZHJ og1t7owgcco= =D5PV -----END PGP SIGNATURE----- From perry at piermont.com Thu Sep 7 01:37:22 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 01:37:22 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: <199509070834.EAA04213@frankenstein.piermont.com> Was this really needed? Gary Jeffers writes: > ON OFF-TOPIC > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! From frissell at panix.com Thu Sep 7 02:49:55 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 02:49:55 PDT Subject: Collection of personal info In-Reply-To: <199509062144.RAA05718@cushing.bwh.harvard.edu> Message-ID: On Wed, 6 Sep 1995, Adam Shostack wrote: > No. But the interesting question is, what to do about it? > The answer in part, is personal anonymity through cash and avoiding US > IDs. But in the long run, thats broken. You can't have privacy for > 1000 people; they'll just toss us all in jail. I doubt if TRW will throw you in jail for avoiding their database. Last time I looked, it wasn't (very) illegal to avoid US IDs. DCF From frissell at panix.com Thu Sep 7 03:05:41 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 03:05:41 PDT Subject: cryptography eliminates lawyers? In-Reply-To: <199509062335.SAA02364@sam.neosoft.com> Message-ID: On Wed, 6 Sep 1995, Buford Terrell wrote: > How could crypto put lawyers out of business? People would still > have disagreements; plans would still go wrong; cars would still > crash. More important, transactions would still need to be > structured to carry out the desires of the parties while minimizing > risks. > > Good communications technology, including crypto, could make lawyering > more efficient, but I suspect the savings would be minimal. Well, if crypto reduces the role of government in human affairs, it will reduce work for lawyers. Telecoms will certainly break the professional monopoly of lawyers (and other professionals). DCF From futplex at pseudonym.com Thu Sep 7 03:27:43 1995 From: futplex at pseudonym.com (Futplex) Date: Thu, 7 Sep 95 03:27:43 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: <9509071027.AA15077@cs.umass.edu> I feel it's my civic duty to respond to these things, but there's nothing new here. NOISE. an116512 at anon.penet.fi writes: > why is it that half the > people who post here work for the government or big companies that are doing > governments bidding *sigh* This line gets trotted out every few months here, like clockwork. You should look for similar threads in the archives. Allow me to sum them up for you, meanwhile: who cares ? Perhaps it's because the government and big corporations have (surprise) flocks of people working for them. Your assertion that fully 50% of the posters to the list overtly work for such organizations is patently absurd, anyway. [...] > what makes me wonder isnt so much that theyre here but that they post > socalled reasonable stuff that supports the the government line. > like when these people report on what the nsa guy says at the crypto > convention as if were supposed to take it seriously What alternative do you propose ? Are we merely to chuckle and say, "Oh, those guys at the NSA are such kidders. As if they actually had any influence on public policy decisions in the U.S. What a hoot !" ? > and these people who say clipper is good enough no back doors. > and then everyone takes this crap seriously. Eh ? David Sternlight isn't openly on the list; whom do you have in mind ? > obviously the government thinks there are some things we shouldnt think > about ourselves. (Agreed) > and then someone comes along and says theyve thought about > it already and we should just go mind our own biz. arent we supposed to be > cypherPUNKS? than why do we need these people to think for us? Unless you can be more specific about this, I really have no idea to what and whom it refers. > honest replies only please. i dont mean to flame but this really bothers me. BTW, if not for this line I wouldn't even have bothered replying. > we should maybe think about a closed list. Feel free -- no-one is stopping you or anyone else from creating one. You could even announce it here. I'll still be here listening to Matt Blaze, Jim Gillogly, Derek Atkins, Jeff Weinstein, et al. But then again I've worked at a govt. lab too, so I guess I wouldn't be welcome on your list either. Darn. -Futplex From pfarrell at netcom.com Thu Sep 7 04:26:42 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 04:26:42 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <26714.pfarrell@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Here are my noted and remembered impressions from Wedensday's NIS&T conference on key escrow (aka GAK) export. Please note that there is a separate conference next week on creating a FIPS PUB standard for key escrow. That standard will be promulgated, just as GOSIP, POSIX and Clipper/Skipjack were promulgated. This export conference was separate from that FIPS standardization process. I got stuck in a construction traffic jam, and missed the introductory speaches. Perhaps one of the other c'punks can fill us all in on what I missed. The first item is that the export criteria will be changed. A small number of bits will be added to unescrowed crypto, and 64-bit escrow'd (GAK'd) systems will be allowed. They don't care which algorithm is used, DES, RC4, blowfish, etc. They care about key length. If it is short enough, it is exportable. The conference seemed to be an attempt to co-opt industry into agreeing that 64-bit GAK is much better than the current situation. After all, it would be too strong for a "hacker in France" to break it. When they opened the floor, there were a few comments/questions that indicated that not everyone was convinced that this was a good thing. I pointed out some graduate students don't consider "hacker" a compliment, and that I thought Damian did a great job breaking RC4-40. I also pointed out that it was broken again in 31 hours with a "bunch of commercial systems, Sun and Pentiums" with no need for suaercomputers. I then asked if the criteria were fixed, as setting criteria controls the result. The NIS&T approved board said that changes to the criteria was part of why the conference was being held. The next hour and a half was presentation from "industry." Essentially comments on the proposal. Nearly all of the spokesmen said that the criteria were flawed. Some said that they already had commercial products that met most of the real needs of the industry (key recovery) but they didn't meet the NIS&T/NSA "criteria." Probably the strongest was the condamnation by Robert Holleyman of the Business Software Alliance. Hollyman said that BSA represents firms such as Microsoft, Novell, Lotus, Sybase, SCO, Autodesk, and Intergraph. He said that current policy "directly threatens" the industry because of "The US Government's continuing refusal to adopt realistic export control policies." He went on and on. It was clear that his position is that the proposed policy is a mistake. After the presentations, there were more questions. I proposed one additional criteria (based on email that I received from the c'punks): How do we expire court approved access to encrypted data, so that once the court orders are over, the LEAs no longer have the ability to decrypt. The answer was that with clipper, special hardware is needed, and it goes away when the court order does. I asked how that model worked in a software only world. There were mumbled statements about adding it as a criteria. The conference then broke for lunch and breakout groups. The one I was in discussed criterias 5 and 6 of Topic 3, published in my URL http://www.isse.gmu.edu/~pfarrell/nistmeeting.html They are short enought to reproduce here. 5. The product shall be resistant to any alteration that would disable or circumvent the key escrow mechanism, to include being designed so that the key escrow mechanism cannot be disabled by a static patch, (i.e., the replacement of a block of code by a modified block). 6. The product shall not decrypt messages or files encrypted by non-escrowed products, including products whose key escrow mechanisms have been altered or disabled. After I commented that the person writing the notes has the ability to detirmine what was said, the folks from NSA and NIS&T asked me to take the notes. I love it; but I did try to be objective. In the middle of this discussion, a government-generated, but anonymnous paper was distributed. It had "Example Suggested Solutions." It suggeeted that source code not be available for products suitable for export. It also suggested other ideas, such as storing a checksum/hash and having the system "check the cryptographic code several times during its use." There was a strong reaction against these suggestions, not because they were bad ideas, but because the paper was delivered with no prior publication. This precluded any planned response to its ideas. We reworded #5 to say "want to Trust the Product." This means that it is untampered, works as expected, etc. We then hashed out ways to know this. The list ended up looking like: 1. is available only as object code 2. contains some "hash" function to check for modifications 3. contains some unique hash, with uniqueness based upon something like "site," "per copy" or "per release" 4. Contains policies against modification, such as liscense language against decompilation. 5. OS-related security, such as runs "protected mode" instead of as a wild DOS program. Of course, the software vendors went wild against "per copy" identifiers, saying it would add two orders of magnitude worth of problems to manufacturing. The items on the list were not "must have all of these" rather it was a pick-and-chose menu. We also required that the standard allow for technical innovation to keep up with the evolving state of the art. The discussion of #6 was more lively. We took a long time figuring out what it said. For instance, could ViaCrypt sell a product that was compatible with PGP 2.6.2 (non-escrowed) that also worked with the new escrowed ciphers? It seems to me, and a lot of other folks there, that such a product would be non-exportable. We simplified the criteria to: "right products won't talk to wrong products." with "right products" meaning those that are exportable, and wrong products being those that aren't, or are hacked, or ... We then developed "goals" including: 1. One version for sale worldwide 2. Allow development in the US 3. Domestic Law Enforcement Agencies want Escrowed (I almost wrote GAK :-) 4. Must interoperate with everything 5. Receiver can only decrypt if escrow agencies can decrypt. This leads to a bunch of issues and observations, including: a. Can goals 1, 2, and 4 be met simultaneously? There was a suggestion of a "friendly man-in-the-middle" who would receive a GAK'd conversation, and strip off the GAK parts, and reencrypt it, and retransmit it to a non-GAK user. Which leads to: b. Can we prohibit a friendly MITM? The big issue was: c. Startup compatibility. No one will buy products unless they have sales attractiveness. This means compatibility with existing systems. Yet the criteria #6 seems to say that approved products must refuse backwards compatibility. This was labeled a "non starter" by the group. The consensus was that companies can develop a substantial competitive advantage by developing off-shore and offering both escrowed encryption and compatibility with existing systems. There was a discussion of grandfathering in some technologies. This was to help interoperability. The conversation became fuzzy, Grandfather technologies included DES, 3-DES, IDEA, and long key RC4. One key idea was that it may make sense to allow software that encrypts with escrowed keys, but can also decrypt with any algorithm. This allows the LEA's to access outgoing messages, while allowing interoperability. The discussions frequently wandered to discuss the language of the criteria. The wording was considered simultaneously too subjective and impractical. For example, we considered the phrase "tamper resistant" to be preferable to the original "prevent tampering," because it is impossible to absolutly prevent modification to software. The issue of interoperability was raised repeatedly. It is critical that exportable products interoperate with other, existing export products. The last issue in the session was that the length of the key, 64-bits, was defined in criteria #1. There was no discussion at the conference on this criteria. It seems that the NIS&T and NSA folks believe that this is a closed topic. The folks in the session did not agree. They felt that 64-bits was not enough. Once the breakout session was over, the entire conference met together, and the "reporter" from each session reported their comments and findings. All breakout sessions had suggested changes. The group that discussed criteria #9 recommended removing it. The group that discussed criteria #2 (no multiple encryption) reported that industry was working on a general solution to the problem of key recovery, and that their solution would probably appear as quickly without the government's "help." Several groups identified that there are at least two separate problem domains: communications and data storage. Communications typically is short term, and has unique keys for each session. Data storage has far fewer keys that are used for long periods. Several speakers suggested that while communications keys were not suited to be escrowed, there was a large need for key recovery for data storage. There was no response from the government representatives to any of these points. One government speaker did say that there would be a Federal key escrow standard, period. After the combined session, there were more break-out sessions. In the one that I attended, the folks from National Semiconductor described their CAKE system. This is a smartcard/PCMCIA device that uses 2000+ bit public/private key encryption and signatures. They are hoping for export approval; it is necessary for the project to be viable. The system looks pretty interesting, but it too complicated to describe here. In short, random session keys are generated and signed with a Data Recovery Center's public key. The LEAs could then send encrypted session keys to the DRC, which would decrypt them, and return the unencrypted session keys which the LEA could then used to decrypt the messages. While this is a hardware system, its concepts could be transfered to a software implementation. One obvious problem is that NS' system doesn't meet criteria #8 (retuiring repeated involvement of the escrow agent), since it may require hundreds or thousands of session key decipherments. It also has a number of attractive features, such as never sending the private key anywhere, only the session key is escrowed. The general discussion showed concerns that in the international community, requiring government escrow may cause lose of valuable data, as some foriegn governments are not as trustworthy as the US. It was the consensus that requiring users to have 50 or more escrow centers was unworkable. Yet this could be required for large multinational companies working in 50 or more countries, if each required a local key escrow service. The NS model would allow both date stamping of session keys, and periodic rekeying. Either would satisfy my "unaccepted" Citeria #11, technical limits to the time that a court ordered decryption could be executed. There was a discussion of changing the criteria so that only the transmission of data was concerned with escrow. This would simplify the issue of multinational escrow. We did not resolve whether this would be sufficient or acceptable. Today, we will talk about suitable escrow agencies. Pat -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBME7WOLCsmOInW9opAQHbawP+PSC+9p7ll7yKTiwnkzrIf+aT/ZfuoCqj Fp6ZhykIoJQVF5YAEhz9O1t9FKOauo3baMDhaIvU4pUSm2b/hKlUFB8cwYr7KTjd MFGxTOG/D7blGuX6ZXbHlS5EkKeT1pDtfrd9GlnTKWHxfga/51ROWCG/33BWZxHR lyNLI07UPbo= =kFkC -----END PGP SIGNATURE----- Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From stripes at va.pubnix.com Thu Sep 7 05:58:29 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 7 Sep 95 05:58:29 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509070542.BAA23214@libws4.ic.sunysb.edu> Message-ID: In message <199509070542.BAA23214 at libws4.ic.sunysb.edu>, Deranged Mutant writes [...] >I've heard some nasty stories about boards and a couple of I-Net providers >who charge for access but reserve the right to throw someone off the system >without refund (it's often in the terms of many account applications) for >various no-nos. Alot do more or less that, but if you were an Internet Service Provider how would you deal with it? For example what if a customer started sending obscene material to people who didn't want it, and the recipents started to complain to you, or the goverment? If you (the ISP) don't have a service agreement that says you can disconnect the customer in that case you are in danger of getting sued by them if you cut them off. If you don't cut them off you are in danger of getting sued or shut down by the goverment. Even if we were in a more libertarian society you run the risk of being boycotted by potential customers (of corse the analagy breaks down somewhat, in a very libertarian society oyu might be able to run a profatable ISP selling to the very nich market of people who want to threten, harass, or generally make a nuicence of themselves). As a result are unlikely to find an ISP that doesn't have a set of no-no's. (and if you do they may not be in bisness for long) The best I think you can do is find an ISP that publishes their list of no-no's (like the one I work for UUNET - see any file in ftp://ftp.uu.net/uunet-info with "svc" in it's name and skip down to "AlterNet Terms and Conditions"), and seems to have a reasonable set of them, and last but not least make sure that they do at least refund any payment for service not recieved. For example UUNET (which I work for - but this is mostly irrelivant as this is a statment of the facts, not an oponion) publishes their terms and conditions in ftp://ftp.uu.net/uunet-info (look at any file with "svc" in it's name and skip down to "AlterNet Terms and Conditions"). As for reasonability I'll leave that up to you to decide. -- And no, I'm not speaking for UUNET Technologies, or anyone but myself. From stripes at va.pubnix.com Thu Sep 7 06:16:30 1995 From: stripes at va.pubnix.com (Josh M. Osborne) Date: Thu, 7 Sep 95 06:16:30 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <9509061938.AA02249@zorch.w3.org> Message-ID: In message <9509061938.AA02249 at zorch.w3.org>, hallam at w3.org writes: [...] >People who go round drawing parallels to gun ownership and cryptography >ownership are simply playing into the governments hands. That could well be. (that's a crypto relivant as this message gets - sorry) > Cryptography has net >benefits to society. Most advocates of gun ownership tend to convince me of >little more than they are a danger to society. Regardless of their case they a >re >the biggest argument for gun control, and therfore poor advocates of their >cause. [...] I'm sorry to see you say that, but rather then argue here I'll provide a pointer to a fine set of arguments "A Nation of Cowards" by Jeffrey R. Snyder (the "nation" it refers to is the USA, not the UK). Available via the web , enjoy or not. From derek at hagling.demon.co.uk Thu Sep 7 06:52:32 1995 From: derek at hagling.demon.co.uk (Derek Roth-Biester) Date: Thu, 7 Sep 95 06:52:32 PDT Subject: Cybersecurity Message-ID: <199509071329.JAA06512@panix.com> > >> "Cybersecurity" - an investigation into cryptography, the > >> Internet, civil rights, Phil Zimmermann, PGP (and should we be > >> permitted to use it?) and so forth. > >> [My wife] and I watched this program - she found it very informative - otherwise for me it wasn't anything new, other than to see Whitfield Diffie, Phil Zimmermann and some porn star Cyberella being interviewed about public/private key encryption. It was very much on the side of those seeking privacy, presenting the government (even in the UK they are looking at mandatory key escrow, but they haven't exactly told British subjects about it) as being underhand, sneaking around to find ways of removing the privacy of the individual. What they didn't say is that the debate is a moot point. The technology is out there and there ain't nothin' the guvmint can do about it. Derek From jamesd at echeque.com Thu Sep 7 06:57:16 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 06:57:16 PDT Subject: What is truth? Message-ID: <199509071356.GAA01805@blob.best.net> Crypto relevance: Absolutely none: At 10:57 PM 9/6/95 -0700, Timothy C. May wrote: > If you want more information on my views about truth, check out > the work on "evolutionary epistemology," especially the writings > of William Bartley and Karl Popper. Popper went off the deep end because he tried to justify science without relying on the principle of induction, or its equivalent, Bayesian probability. A hopeless endeavor, like the attempt of the behaviorists to describe behavior without reference to intention, desire, and knowledge. His reasoning leads logically to the polylogism of the fascists, an outcome he imagines he avoided, but in fact he merely rephrased in language that superficially sounds more favorable to science. Bayesian probability leads us to the conclusion that some scientific theories have a probability of truth that is exponentially close to unity. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jim at acm.org Thu Sep 7 07:06:42 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 7 Sep 95 07:06:42 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: <199509071406.HAA07763@mycroft.rand.org> > an116512 at anon.penet.fi writes: > like when these people report on > what the nsa guy says at the crypto convention as if were supposed to take it ... > honest replies only please. i dont mean to flame but this really bothers me. >we should maybe think about a closed list. Time to mark my calendar -- flamed on the same day by David Sternlight in alt.security.pgp for espousing cypherpunk ideals and by an anonymous person on C'punks for being a government stooge. I must be doing something right. 16 Halimath -- red letter day. Jim Gillogly Highday, 16 Halimath S.R. 1995, 14:05 From jamesd at echeque.com Thu Sep 7 07:36:21 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 07:36:21 PDT Subject: Growth of actions definded as crime. Which math formula? Message-ID: <199509071435.HAA04352@blob.best.net> At 12:29 PM 9/6/95 -0700, Timothy C. May wrote: > I've seen figures on the "linear feet" of regulations, and how they are > growing exponentially, but I don't recall the numbers. Something like the > total number of laws doubling every 10 years or so, but don't quote me on > this one. In addition one should also consider that most of these new crimes are deliberately written to be sweeping and vague so that they can be enforced in a selective and capricious manner: For example wetlands are deliberately defined in a way to give them considerable elbow room, indeed so much elbow room that much of death valley technically qualifies as wetlands. The wetlands law was written to make it easy for bureaucrats to win lawsuits, not to reflect common sense or basic sanity. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From bianco at itribe.net Thu Sep 7 07:46:24 1995 From: bianco at itribe.net (David J. Bianco) Date: Thu, 7 Sep 95 07:46:24 PDT Subject: Cryptography Technical Report Server (CTRS) needs submissions! Message-ID: <199509071442.KAA03274@gatekeeper.itribe.net> Earlier this week I posted a note bemoaning the lack of a good searchable repository for cryptography related technical reports. In short, I volunteered to develop, host and maintain such a system as a service to the rest of the Internet. The system is ready, now the fun part begins... The Cryptographic Technical Report Service needs *YOU*. Specifically, it needs your technical reports (or other technical documentation). In order for CTRS to become popular, it needs to have a useful amount of data to search, so I'm currently soliciting submissions for the database. Contributing to CTRS is pretty simple. Detailed information can be found at , but basically all that's required is to send a refer-format bibliographic entry which contains a URL pointing to the paper's real Net location. I'll index the entries (prettyprinting them, of course), and CTRS users will follow that URL if they want to retrieve the paper. If you don't have a URL, I'm willing to host as many papers as I have resources for. Full details can be found at the URL above, but please note that I'm only able to accept papers submitted by the authors (or copyright holder). If you'd like to know more about CTRS, you can check out it's beta version at ( for the SSL version). The database doesn't have much (anything) in it right now, so I'm relying totally on submissions in order to build the collection. I firmly believe that CTRS can provide a useful service to the cryptographic community, so I hope you will all consider contributing your reports to CTRS. If you have questions, please check out the CTRS FAQ . If you still have questions, feel free to contact me at the email address below. ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Suite 1700, World Trade Center | email: Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/ From danisch at ira.uka.de Thu Sep 7 08:00:41 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 7 Sep 95 08:00:41 PDT Subject: fast modular reduction (proof?) Message-ID: <9509071459.AA01801@elysion.iaks.ira.uka.de> > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) To do a proof I rewrite the algorithm: n = len(modulus) // modulus < B^n Y = X // obviously Y = X mod modulus K = B ^ (n+1) - U // U = B ^ (n+1) mod modulus, // therefore K = 0 mod modulus // furthermore K > 0 for (i=len(Y)-1 ; i>n ; i--) { F = B ^ (i-n-1) * K // F > 0 // F = 0 mod modulus Y -= Y[i] * F // Y shrinking, but // Y still the same mod modulus if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus } This shows that Y was shrinking, but is still equal to X mod modulus. To see whether Y really shrinks enough: Y = sum(i=0..len(Y)-1) Y[i] * B^i In the step Y = Y - Y[i] * B^i the highest block of Y is deleted (what could be done fast by reducing the length of Y). Now Y < B^i Afterwards the same value mod modulus is added to keep Y constant: Y = Y + Y[i] * U * B^(i-n-1). Y[i] Y[i]+1 <= B U < modulus < B^n , therefore U < B^n -> (Y[i]+1) * U < B * B^n = B^(n+1) -> Y[i] * U < B^(n+1) - U -> Y[i] * U * B^ (i-n-1 ) < F Therefore after doing the addition Y < B^i + F Check of the last step: 0 <= U < B^n therefore B^n < B^(n+1) - U <= B^(n+1) Therefore in every loop B^(i-1) < F <= B^i -> Y-F < B^i Partial Correctness: Y = X [ Y = X mod Y < B^len(X) ] K = B ^ (n+1) - U [ K = 0 mod B^n < K <= B^(n+1) ] for (i=len(X)-1 ; i>n ; i--) { [ Y = X mod , Y < B^(i+1) ] F = B ^ (i-n-1) * K [ F = 0 mod , B^(i-1) < F <= B^i ] [ 0 <= Y[i] < B ] [ Y[i] * F = 0 mod , 0 <= Y[i] * F < B^(i+1) ] [ Y >= Y[i] * B^i -> Y >= Y[i] * F ] Y -= Y[i] * F [ Y = X mod , Y < B^i + F (reason see above) , Y >= 0 ] if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus [ Y = X mod , Y >= 0 , Y < B^i ] } Last i was n+1, therefore Y = X mod , Y >= 0 , Y < B^(n+1) This is not enough, Y < B^n is requested. The loop can't be done once more because i-n-1 would become negative. k+1 was the length of X, and n the length of the modulus. You walk down from k to n+1 . In every loop you remove one block of the number. This means you have to do len(X)-len(modulus) loops. In the pseudocode you do only len(X)-len(modulus)-1 loops. One loop seems to be missing. This may be a result of confusion whether your Y starts with Y[0] or Y[1]. I do understand the algorithm as: n = len(modulus) U = B^n mod modulus K = B^n - U // = 0 mod modulus, 0 < K < B^n Y = X for(i=len(X)-1 ; i>= n ; i--) // squeeze Block i in Number Y { // Y < B ^ (i+1) F = B ^ ( i-n ) * K // F = 0 mod modulus Y -= Y[i] * F // subtract Y[i] * B^i, now Y < B ^ i // add the equivalent Y[i] * B^(i-n)*U <= F // now Y < B^i + F if ( Y >= B[i] ) Y -= F // now Y < B^i } Last i was n, therefore Y < B^n , Y = X mod modulus , but perhaps still Y >= modulus. Ok, algorithm understood and agreed (after modifying the loop counter). Any more agreement or disagreements? Hadmut From sandfort at crl.com Thu Sep 7 08:09:54 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 7 Sep 95 08:09:54 PDT Subject: not a flame please read and think about this In-Reply-To: <9509070626.AA07408@anon.penet.fi> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 7 Sep 1995 an116512 at anon.penet.fi wrote: > why is it that half the > people who post here work for the government or big companies that are doing > governments bidding (rand.org (which is part of the the nsa!) att.com (makers of the clipper chip) > mit (which onwns rsa) > netscape etc etc) I doubt the statistics and I don't see how mere employment with the above somehow disqualifies one for having a regard for privacy. In many cases, they have a much better grasp of the threat than the rest of us. > what makes me wonder isnt so much that theyre here but that they post socalled > reasonable stuff that supports the the government line. This is nonsense. Please give some examples of the sycophantic posts you claim supports "the government line." > like when these people report on > what the nsa guy says at the crypto convention as if were supposed to take it > seriously and these people who say clipper is good enough no back doors. > and then everyone takes this crap seriously. Who? When? To which "everyone" do you refer? > . . . arent we supposed to be > cypherPUNKS? What the hell is that supposed to mean? The name was given and accepted in jest. I'm not aware of any special PUNK qualifications. Please elucidate. > than why do we need these people to think for us? The Cypherpunks I know certainly don't; sorry to hear about you. Are you planning to show up at Saturday's anniversary meeting again, Larry? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From patrick at Verity.COM Thu Sep 7 08:11:36 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Thu, 7 Sep 95 08:11:36 PDT Subject: Scientology and police visit XS4ALL Amsterdam Message-ID: <9509071507.AA08037@cantina.verity.com> > My personal view is co$ deserves all the flak they get. I know who you're referring to by saying co$, but what do co$ mean? Co-DollarSign? Co-Dollar? Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From jamesd at echeque.com Thu Sep 7 08:22:03 1995 From: jamesd at echeque.com (James A. Donald) Date: Thu, 7 Sep 95 08:22:03 PDT Subject: cryptography eliminates lawyers? Message-ID: <199509071521.IAA07990@blob.best.net> At 06:05 AM 9/7/95 -0400, Duncan Frissell wrote: > Well, if crypto reduces the role of government in human affairs, it will > reduce work for lawyers. Telecoms will certainly break the professional > monopoly of lawyers (and other professionals). The functional equivalent of lawyers will still have a role. When an escrow agent allocates large chunks of money in some fashion, and somebody says X was bad, and X says that Y was bad, and the reputations are worth real money, we will need a public examination to determine what really happened. And if governments collapse entirely, and we get full bore anarchy, lawyers will have even more work because instead of a few reputations being worth large sums of cash, everyones reputation will be worth life and limb. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From trei at process.com Thu Sep 7 08:23:13 1995 From: trei at process.com (Peter Trei) Date: Thu, 7 Sep 95 08:23:13 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <9509071523.AA12261@toad.com> >The last issue in the session was that the length of the key, 64-bits, >was defined in criteria #1. There was no discussion at the conference on >this criteria. It seems that the NIS&T and NSA folks believe that this is a >closed topic. The folks in the session did not agree. They felt that 64-bits >was not enough. I hope this gets to you before the conference is over. I would REALLY like to hear the government response to the question: "If keys are escrowed, what purpose does a 64 bit limit serve?" Secondarily, I observe that this apparently precludes the use of OTP. Peter Trei ptrei at acm.org From danisch at ira.uka.de Thu Sep 7 08:32:59 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 7 Sep 95 08:32:59 PDT Subject: fast modular reduction (proof?) Message-ID: <9509071531.AA01869@elysion.iaks.ira.uka.de> -----BEGIN PGP SIGNED MESSAGE----- > In the following pseudocode, B is the radix in which the numbers are > represented (2^32 for a 32-bit machine), n is the length of modulus in > blocks, U is B^(n+1) mod the modulus, X is the number to be reduced, k+1 > is the length of X, and Y is the result. > > 1. Y = X > 2. For i from k down to n+1, repeat steps 3 and 4 > 3. Y = Y - Y[i] * B^i + Y[i] * U * B^(i-n-1) > 4. If Y >= B^i, then Y = Y - B^i + U * B^(i-n-1) To do a proof I rewrite the algorithm: n = len(modulus) // modulus < B^n Y = X // obviously Y = X mod modulus K = B ^ (n+1) - U // U = B ^ (n+1) mod modulus, // therefore K = 0 mod modulus // furthermore K > 0 for (i=len(Y)-1 ; i>n ; i--) { F = B ^ (i-n-1) * K // F > 0 // F = 0 mod modulus Y -= Y[i] * F // Y shrinking, but // Y still the same mod modulus if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus } This shows that Y was shrinking, but is still equal to X mod modulus. To see whether Y really shrinks enough: Y = sum(i=0..len(Y)-1) Y[i] * B^i In the step Y = Y - Y[i] * B^i the highest block of Y is deleted (what could be done fast by reducing the length of Y). Now Y < B^i Afterwards the same value mod modulus is added to keep Y constant: Y = Y + Y[i] * U * B^(i-n-1). Y[i] Y[i]+1 <= B U < modulus < B^n , therefore U < B^n -> (Y[i]+1) * U < B * B^n = B^(n+1) -> Y[i] * U < B^(n+1) - U -> Y[i] * U * B^ (i-n-1 ) < F Therefore after doing the addition Y < B^i + F Check of the last step: 0 <= U < B^n therefore B^n < B^(n+1) - U <= B^(n+1) Therefore in every loop B^(i-1) < F <= B^i -> Y-F < B^i Partial Correctness: Y = X [ Y = X mod Y < B^len(X) ] K = B ^ (n+1) - U [ K = 0 mod B^n < K <= B^(n+1) ] for (i=len(X)-1 ; i>n ; i--) { [ Y = X mod , Y < B^(i+1) ] F = B ^ (i-n-1) * K [ F = 0 mod , B^(i-1) < F <= B^i ] [ 0 <= Y[i] < B ] [ Y[i] * F = 0 mod , 0 <= Y[i] * F < B^(i+1) ] [ Y >= Y[i] * B^i -> Y >= Y[i] * F ] Y -= Y[i] * F [ Y = X mod , Y < B^i + F (reason see above) , Y >= 0 ] if ( Y >= B^i ) Y -= F // again shrinking, // still the same mod modulus [ Y = X mod , Y >= 0 , Y < B^i ] } Last i was n+1, therefore Y = X mod , Y >= 0 , Y < B^(n+1) This is not enough, Y < B^n is requested. The loop can't be done once more because i-n-1 would become negative. k+1 was the length of X, and n the length of the modulus. You walk down from k to n+1 . In every loop you remove one block of the number. This means you have to do len(X)-len(modulus) loops. In the pseudocode you do only len(X)-len(modulus)-1 loops. One loop seems to be missing. This may be a result of confusion whether your Y starts with Y[0] or Y[1]. I do understand the algorithm as: n = len(modulus) U = B^n mod modulus K = B^n - U // = 0 mod modulus, 0 < K < B^n Y = X for(i=len(X)-1 ; i>= n ; i--) // squeeze Block i in Number Y { // Y < B ^ (i+1) F = B ^ ( i-n ) * K // F = 0 mod modulus Y -= Y[i] * F // subtract Y[i] * B^i, now Y < B ^ i // add the equivalent Y[i] * B^(i-n)*U <= F // now Y < B^i + F if ( Y >= B[i] ) Y -= F // now Y < B^i } Last i was n, therefore Y < B^n , Y = X mod modulus , but perhaps still Y >= modulus. Ok, algorithm understood and agreed (after modifying the loop counter). Any more agreements or disagreements? Hadmut -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME8QImc1jG5vDiNxAQFREgQAiMWfgy3bZtPckCNToAvKP7A+JevlnrqG wJT6/111656nAZHDF5Htr2vwPEmiR522IvPKMG2MnOanMIRn2bgBYG3GECA3zlDo ZnXNT1OXdtZzv848WPryLVjSJrrVTX/PUN9d6LaTqLBP5pZXwAYkO5kLU6/WP6yL tF+fniXDZvk= =Ev0S -----END PGP SIGNATURE----- From frissell at panix.com Thu Sep 7 08:34:01 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 08:34:01 PDT Subject: Force Ratios Message-ID: <199509071447.KAA28579@panix.com> Wednesday night's ABC magazine program on Ruby Ridge was a great example of what TV can be but so rarely is. Lots of chopper shots of Ruby Ridge. Lots of hand held camera recreations and interviews with the Weavers and the sniper (face obscured because he has something to hide), etc. But the most interesting thing that this emphasized for me was the sort of modern information warfare issues as highlighted in the recent Economist Survey. Info war is war by other means (a little shooting, communications, publicity, and litigation) and look what happened at Ruby Ridge. The Feds deployed 400 "troopies", some armored personnel carriers, copters, executive jets, Hummers, and other hardware. On the other side were 3 adults and 4 children with some 14 personal weapons. The result. One Fed and two Weavers dead. A $3.1 million legal settlement, and continuing problems for the Feds. That smells like a bad defeat to me. They couldn't even kill 7 people with a 57 to 1 force ratio. In addition, the operation and the various investigations must have cost the Feds millions more. (What *do* the Fibbies have to pay for those Ninja Hoods?) And they lost. That suggests that the ability of The Great Enemy to overcome the sort of directed human activity of the frictionless markets we are building will be quite limited. DCF "Your Honor, the Defense will rest without calling any witnesses. No witnesses we could put on the stand could do as good a job setting forth the Defense case as the Government's witnesses have already done." -- Gerry Spence at the conclusion of the Government's case in US vs. Weaver. From liberty at gate.net Thu Sep 7 08:39:14 1995 From: liberty at gate.net (Jim Ray) Date: Thu, 7 Sep 95 08:39:14 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) Message-ID: <199509071535.LAA49458@tequesta.gate.net> -----BEGIN PGP SIGNED MESSAGE----- "Josh M. Osborne" writes: >Even if we were in a more libertarian society you run the risk of >being boycotted by potential customers (of corse the analagy breaks >down somewhat, in a very libertarian society oyu might be able to >run a profatable ISP selling to the very nich market of people who >want to threten, harass, or generally make a nuicence of themselves). > As the list's designated "very libertarian" advocate, I must object. Here is what you must sign to become a member of the Libertarian Party: "I hereby certify that I do not believe in or advocate the initiation of force as a means of achieving political or social goals." Libertarian Pledge required for membership. ___________________________. To "to threten, harass, or generally make a nuicence"[SIC] of himself, one must violate this pledge, and there would no-doubt still be legal results. This points up the difference between libertaria (not utopia) and anarchy. Anything _DOESN'T_ go in libertaria. If you see a victim, there's almost certainly a crime, and if someone chose to threaten, harass, etc. me, I would want it so. Of course, there are exceptions. For example: If I join a mailing list which sometimes "harasses" me due to insufficient spell-checking/proof-reading of certain posts, there might still be the common-law defense that Jim Ray "came to the nuisance," and therefore I am still not due any compensation. I can always unsubscribe, and some people probably wish I would. ;) [NOTE: IANAL!] JMR -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh iQCVAwUBME8RWm1lp8bpvW01AQHXVgP9GsUelVcy4BFo/qt+Gm2JqdaHOlGUAvnP eFWXXT7hhzuC5Lz7vdBOb7itNGVahOVmDWPZxAbGJd/sJtd7YAfn4I8uMCiFieXZ dG7atBLLB66tBcsLYq/gXABHg2Z+MMojTf8A5XXCdqCJl4KoeaVckOEnKjR6uoCE Q9WrJiykH8Y= =xdDV -----END PGP SIGNATURE----- Regards, Jim Ray "As sensitive and broad-minded humans, we must never allow ourselves to be in any way judgmental of the religious practices of other people, even when these people clearly are raving space loons." -- Dave Barry ------------------------------------------------------------------------ PGP key Fingerprint 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 Key id. # E9BD6D35 James M. Ray ------------------------------------------------------------------------ Support Phil! email zldf at clark.net or see http://www.netresponse.com/zldf ________________________________________________________________________ From hallam at w3.org Thu Sep 7 08:50:22 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 08:50:22 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: <9509071545.AA05172@zorch.w3.org> > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! Of course not, but I don't think that the 1776 result is up for review. This isn't about crypto nor about the social effects of crypto. Its just another looney conspiracy theory. Phill From bdavis at thepoint.net Thu Sep 7 08:55:48 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 08:55:48 PDT Subject: Zimmerman's statute In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Alan Westrope wrote: > On Fri, 01 Sep 1995, Michael Froomkin wrote: > > > I think he would have to be charged first. Have I missed something? > > PS when does the statute of limitations run out? > > June '96. Zimmermann and Dubois appeared on a local talk radio show > recently; a friend happened to catch the program, taped it, and played > excerpts at a Cypherpunks meeting. This date was mentioned by Phil Dubois. I wouldn't be so sure. There are lots of "creative" ways to, in effect, extend the statute. My personal sense is that DOJ eventually wants to get this over with, so presumably would not attempt to be so "creative." The "usual" statute of limitations for federal crimes is 5 years, but conspiracy, RICO, bank fraud, tax offenses, and no doubt others that don't occur to me right now, muddy the 5 year statute. Bank fraud, for example, has a 10 year statute. EBD From bdavis at thepoint.net Thu Sep 7 08:56:12 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 08:56:12 PDT Subject: GAK In-Reply-To: Message-ID: On Fri, 1 Sep 1995, Timothy C. May wrote: > At 10:56 PM 9/1/95, Buford Terrell wrote: > > >If you've ever watched Not_at_all_Funny Home Videos or any of the > >American Urinal school of tabloid television, you soon start feeling > >that the real threat to privacy is not the guvmint, but all of > >the yoyos with their little cam corders running around pointing them > >at people. > > > >Security cameras in ATMS and at airline ticket counters do more > >to threaten you privacy than do FIBBIE wiretaps, and PGP won't > >protect you from them. (and usually neither will the courts). > > I absolutely agree with this, though this doesn't mean I'll stop worrying > about the government's plans for key escrow (GAK), about limits on key > lengths, or about other efforts to thwart strong security. I, of course, know of the "dislike" of GAK here. I am curious to know, however, if the "dislike" is because government would have access under any circumstances or if the primary worry is that government will cheat and get access when most would agree that they shouldn't (either by the judge "cheating" or a TLA stealing it). In other words ... if it took agreement by a review board composed of non-LEA members of this list, would the escrow be acceptable?? EBD From ghio at cmu.edu Thu Sep 7 08:59:59 1995 From: ghio at cmu.edu (Matthew Ghio) Date: Thu, 7 Sep 95 08:59:59 PDT Subject: Another Son of Clipper discussion paper In-Reply-To: Message-ID: Mike McNally (m5 at dev.tivoli.com) wrote: : Lucky Green writes: : > Windows 95 is on a lot of people's hard drives. It is therefore public : > and available for every one's inspection. How many people do you know : > that have reverse engineered Windows 95. How many of those use a : > reverse engineered version. I'd venture it is zero out of zero. : : Problems with this analogy: : : 1) Windows 95 is somewhat bigger than your typical encryption : routine; : : 2) The factor of motivation isn't considered. If one is motivated enough to want source code to their operating system, then they are motivated enough to dump Windows and download Linux or BSD. The only reason to reverse-engineer Windows 95 is to produce applications which are able to interoperate with Windows software in an unintended manner, and the only reason to want to do this (instead of writing a version for an open platform) is because Windows is standard on many PCs. The same applies to GAK. There is no reason to hack it when you can just use PGP instead. The only reason to hack it would be if it became a standard. If we have to start hacking GAK applications, we've already lost to a degree. Thus our focus should be on making alternatives available instead of just attacking GAK. (Although I suppose you could show how to hack it, for the sake of making a political statement.) From hallam at w3.org Thu Sep 7 09:10:00 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 09:10:00 PDT Subject: Cybersecurity In-Reply-To: <199509071329.JAA06512@panix.com> Message-ID: <9509071605.AA05479@zorch.w3.org> >It was very much on the side of those seeking privacy, presenting >the government (even in the UK they are looking at mandatory key escrow, but >they haven't exactly told British subjects about it) as being underhand, >sneaking around to find ways of removing the privacy of the individual. The UK government looks at many things. Just because the US govt wants to do something daft and the UK wants to watch does not mean the UK wants to emulate it. The UK laabour party is opposed to key escrow "we do not accept the "clipper chip" argument". The Tories have less than half the level of popular support and are barely recognisable as a government. Phill From bdavis at thepoint.net Thu Sep 7 09:15:36 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 09:15:36 PDT Subject: NSA says Joe Sixpack won't buy crypto In-Reply-To: Message-ID: On Tue, 5 Sep 1995, Black Unicorn wrote: > On Mon, 4 Sep 1995, Jeff Simmons wrote: > > > > > Here's a prediction: within one year, we will see the advent of Micro$oft's > > "Not So Bad Privacy". It'll be a secret algorithm with either GAK done by > > Micro$oft itself, or a flat-out trap door. ANY communications with a > > Windoze box or network will have to use it, or loose the market. > > > It's here already. > It's called "lotus notes." > > > > About the > > same time, Justice will suddenly 'loose interest' in its various > > investigations of M$. Micro$oft will probably give it away for free as part > > of the Windows 95.702 upgrade. > > Wait a few months. Justice is boring of the investigation even now. I hope this doesn't mean the Department is switching to Microsoft Word! :-) (In fact, we're about to go to WP6.0 for Windows. And the 6.0 is not a typo.) > > -- > > Jeff Simmons jsimmons at goblin.punk.net EBD From frissell at panix.com Thu Sep 7 09:17:12 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 09:17:12 PDT Subject: Collection of personal info Message-ID: <199509071616.MAA04473@panix.com> At 09:20 PM 9/6/95 -0500, Mac Norton wrote: >Well, scratch me deeply enough, I'm not sure I'd disagree >with Tim, "philosophically speaking." The problem is, as >all the truly wise philosophers recognized, we must live >in the world. And given the number of us who must do so, >that entails rules. That's what so nice about the nets. You don't (won't) have to "live in the world" any more. The creation of consentual halucinations (virtual worlds) allows you to "change the world" at will. And once the interface improves... Actually, the creation of separate "spaces" that can only be entered with your (each person's) permission will have a big impact on life in the real world. DCF "If you don't want TRW to know what you're doing, lie." From mark at lenox.com Thu Sep 7 09:31:21 1995 From: mark at lenox.com (Mark Contois) Date: Thu, 7 Sep 95 09:31:21 PDT Subject: GAK In-Reply-To: Message-ID: <199509071628.MAA07681@tempest.lenox.com> > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? > > EBD Speaking for myself only, of course, mandatory key escrow under *any* circumstances is a Bad Thing. I don't want anyone to have my secret key/passphrase, even if 'anyone' consists of n respected cypherpunks. (How are we supposed to tell whether they're LE, anyway? I possess a high degree of confidence, for example, that Tim May is not an undercover spook. But that doesn't stop various tentacles^H^H^H^H^H^H^H^H^H anonymous posters from expressing assertions to the contrary.) If I *give* my key to an escrow agent, of course, that's a different story. ("Mr. Cheatem, in the event of my death or disappearance, please decrypt this file with the enclosed key and fax it to the Washington Post.") But I certainly don't want to allow my key to reside with an agent who could be forced to turn it over on the basis of a court order. Sorry if I'm repeating an earlier discussion. Mark -- Mark Contois * The Lenox Group * Boston, MA * http://www.lenox.com/~mark/ Finger for PGP public key * Stellar Crisis: http://www.lenox.com/games/sc Cypherpunks: Share and deploy ********* NSA: Go stick your head in a pig. From perry at piermont.com Thu Sep 7 09:34:06 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 09:34:06 PDT Subject: not a flame please read and think about this In-Reply-To: Message-ID: <199509071633.MAA04493@frankenstein.piermont.com> Sandy Sandfort writes: > On Thu, 7 Sep 1995 an116512 at anon.penet.fi wrote: > > > why is it that half the people who post here work for the > > government or big companies that are doing governments bidding > > (rand.org (which is part of the the nsa!) att.com (makers of the > > clipper chip) mit (which onwns rsa) netscape etc etc) > > I doubt the statistics and I don't see how mere employment with > the above somehow disqualifies one for having a regard for > privacy. anonymous idiot doesn't even have his facts right. VLSI and Mykotronix (sp?) make the EES chips. Rand doesn't do much NSA research (although there are other companies that do) and MIT doesn't have any real rights to RSA given the PKP agreements. In any case, who gives a damn? Perry From zinc at zifi.genetics.utah.edu Thu Sep 7 09:49:06 1995 From: zinc at zifi.genetics.utah.edu (zinc) Date: Thu, 7 Sep 95 09:49:06 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <9509071507.AA08037@cantina.verity.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 7 Sep 1995, Patrick Horgan wrote: > Date: Thu, 7 Sep 1995 08:07:39 -0700 > From: Patrick Horgan > To: cg at bofh.lake.de, mark at lochard.com.au > Cc: cypherpunks at toad.com > Subject: Re: Scientology and police visit XS4ALL Amsterdam > > > My personal view is co$ deserves all the flak they get. > > I know who you're referring to by saying co$, but what do co$ mean? > Co-DollarSign? Co-Dollar? > CO$ is _C_hurch _O_f _$_cientology L. Ronboy the telepath Hubbards biggest joke. - -pjf -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME8hqE3Qo/lG0AH5AQGFkAQAikXaF7nCJ99+XBONXKcvBTO7lMZn+wEZ l9+YZOI6QLZNY/f/HB5mOorwn340lgED0y/RjoT9ctoXwVW9bNSZZ68lQm7k72wO Ymz1NxHfwQRq8FNiUZnKmz+Wb/YHpAwGhvvPfocA+rLupdd9x/9BSm047RDgwgvX MVEx4B5C8wI= =ot1t -----END PGP SIGNATURE----- From tcmay at got.net Thu Sep 7 10:10:01 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:10:01 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: At 1:25 AM 9/4/95, Brian Davis wrote: >On Fri, 1 Sep 1995, Timothy C. May wrote: >> I absolutely agree with this, though this doesn't mean I'll stop worrying >> about the government's plans for key escrow (GAK), about limits on key >> lengths, or about other efforts to thwart strong security. > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? [I'm addressing the basic issue of key escrow, or what Carl Ellison calls "GAK" (Government Access to Keys), not the current debate in D.C. about using some form of key escrow for exportable crypto. The debate on key escrow is really about the crypto citizens will use, not what will be allowed to be exported.] Speaking for myself--though I think this captures the feelings of many--my objection to GAK is on *principle*: * No government can tell me what language I must communicate in and what language I must _not_ communicate in. David Sternlight has characterized this position as "childish," as the whinings of spoiled children who don't want to be told what to do. If so, then Thomas Jefferson was surely the biggest child of all, as he and his compatriots developed and used secret codes for communications. No doubt King George would have found GAK quite useful. No, the point is really about whether people may speak and write in the languages they wish, or be ordered to speak and write in ways the government can monitor, with or without the "speed bump" of key escrow and court orders to release the escrowed keys. (Ironically, I just heard about a case in Texas where a judge ordered a mother to stop speaking in Spanish to her child at home, calling it "child abuse." The implications of this are self-evident.) "Escrow" of communications keys, when commanded by the government, is no different than requiring that all locks have duplicate keys "escrowed" with the police, or that all curtains and window shades have a special "invisibility mode" that "law enforcement" can enable under certain circumstances. "Key escrow," or GAK, is to most of us equivalent to universal wiretapping. Why not tape-record all calls and "escrow" the result?. Why not mount surveillance cameras in homes and "escrow" the result? All are essentially equivalent. The pernicious nature of the "escrow" idea, which I have to admit is a new twist on the surveillance state that was not anticipated by Orwell, Brunner, or any of the other writers on this topic, is that it says that surveillance is not so bad after all, because the results of the escrow will not be looked at except when "justified." By whom? And by what conceivable right can the government tell me I may not use the communication system and language of my choice? I have no doubt that such key escrow, or recording of all calls, or surveillance cameras, with escrowed results, would "stop" some crimes. Maybe even some serious crimes, even horrific crimes. So what? In a free society, we don't tell people what language they may speak in, and with whom, nor did we place microphones and cameras in their presence, even if we "escrow" the results and promise not to look unless a judge or a review panel says it's OK. There are undoubtedly crimes that would be stopped if surveillance cameras were placed in many places, private and public, with "video escrow." Friends of mine are developing micropower, tiny, ultrawideband radio "localizers," that could be used by parents to keep track of children, pets, luggage, etc. I have long joked with them about "position escrow," where the government will mandate that all citizen-units wear these devices (or have them implanted) so that their positions can be monitored. Would an "escrow" system make it any less unacceptable? The arguments for "position escrow," once the technology becomes available (surely by 1998-9) are very similar to those being made for communications escrow. Lots of crimes would be solved, and even OJ might be convicted, if a court could order the "position escrow" files opened. So what? That's now what a free society is about. The basic principle is the issue. There are other problems with key escrow, involving such things as how persistent the access keys will be (will a court order reveal past communications not covered by the order?), who will have access, etc. These are the things the government _wants_ us to focus on, as these can probably be fixed by sufficiently elaborate protocols...sort of. But the core issue is not being addressed, the core issue of surveillance and the government's plan to order us to speak only in certain approved modes. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 10:22:39 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:22:39 PDT Subject: Crypto Anarchy and Virtual Communities Message-ID: At 4:15 PM 9/7/95, Duncan Frissell wrote: >At 09:20 PM 9/6/95 -0500, Mac Norton wrote: >>Well, scratch me deeply enough, I'm not sure I'd disagree >>with Tim, "philosophically speaking." The problem is, as >>all the truly wise philosophers recognized, we must live >>in the world. And given the number of us who must do so, >>that entails rules. > >That's what so nice about the nets. You don't (won't) have to "live in the >world" any more. The creation of consentual halucinations (virtual worlds) >allows you to "change the world" at will. > >And once the interface improves... > >Actually, the creation of separate "spaces" that can only be entered with >your (each person's) permission will have a big impact on life in the real >world. I of course agree strongly with Duncan. We don't often talk about this aspect, as it was all hashed-over a couple of years ago, and most newcomers to the list do not seem as interested as we were. (And, it has little to do with coding in C :-}) Those interested might want to look at the very long chapter on "Crypto Anarchy" in my Cyphernomicon, or my paper, "Crypto Anarchy and Virtual Communities." Or read "True Names" and "Snow Crash" and think about what happens when the stuff we talk about is added. (Hint: Hiro Protagonist would not be "vastly wealthy" in the Metaverse but poor in the Real World (tm).) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From iang at cory.EECS.Berkeley.EDU Thu Sep 7 10:24:15 1995 From: iang at cory.EECS.Berkeley.EDU (Ian Goldberg) Date: Thu, 7 Sep 95 10:24:15 PDT Subject: How to get to Saturday's meeting in SF? Message-ID: <199509071724.KAA00396@cory.EECS.Berkeley.EDU> I'd like to go to the meeting on Saturday in SF, but I need instructions on how to get there by public transit from the Berkeley campus. (Alternatively, is anyone going that may be able to give me a lift?) Thanks, - Ian From hkhenson at shell.portal.com Thu Sep 7 10:25:07 1995 From: hkhenson at shell.portal.com (H Keith Henson) Date: Thu, 7 Sep 95 10:25:07 PDT Subject: PGP key disclosure Message-ID: <199509071723.KAA02608@jobe.shell.portal.com> [included msg] i've been told that larry wollersheim refuses to give up his de-encryption key to Co$, and will go to jail before he does. this is ok to post. i can't post yet, due to technology transfer happening here at the usf.edu --------------------------------------m. council, human being Hell, if you understood everything I say, you'd council at luna.cas.usf.edu be me. -Miles Davis [end included msg] I am off cypherpunks at the moment, so if there are any followups to this, please send me email. Thanks, Keith Henson From tedwards at src.umd.edu Thu Sep 7 10:27:48 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 7 Sep 95 10:27:48 PDT Subject: ECPA (Was: University logging mail to anon.penet.fi) In-Reply-To: <199509071535.LAA49458@tequesta.gate.net> Message-ID: On Thu, 7 Sep 1995, Jim Ray wrote: > >Even if we were in a more libertarian society you run the risk of > >being boycotted by potential customers (of corse the analagy breaks > >down somewhat, in a very libertarian society oyu might be able to > >run a profatable ISP selling to the very nich market of people who > >want to threten, harass, or generally make a nuicence of themselves). > To "to threten, harass, or generally make a nuicence"[SIC] of himself, > one must violate this pledge, and there would no-doubt still be legal > results. Clearly threats of violence are not considered legal by most libertarians, including the Libertarian Party of the US. Furthermore, there is no reason why an ISP has to connect to another ISP. ISPs that do more harm than good may not be invitied to participate in major switiching centers. -Thomas From duncan at hasp.com Thu Sep 7 10:29:21 1995 From: duncan at hasp.com (Duncan J Watson) Date: Thu, 7 Sep 95 10:29:21 PDT Subject: GAK In-Reply-To: Message-ID: <9509071332.ZM124@titan.hasp.com> Brian, Your question is very hard to answer as poised. How is access granted? To whom? In what period of time?, etc. The details are very important here as this is a very detail-oriented list. Also the details of implementation are where you may find the objections. Many plans sound grand when loosely described but fail due to small details. My personal belief is that any mandatory key escrow system will be open to abuse by authority figures. A solidly implemented key escrow service operated by smart privacy oriented private firms would have benifit corperations and others engaged in cooperative development or other cooperative operations. Key escrow would keep the accountants and lawyers happy. Just my $0.02. djw On Sep 3, 9:25pm, Brian Davis wrote: > Subject: Re: GAK [stuff deleted] > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). > > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? > > EBD > >-- End of excerpt from Brian Davis -- Duncan J Watson Email:Duncan at hasp.com Tech Support Manager/Sys Admin Ph#: +1 212 564 5678 Aladdin Software Security Inc Fax#: +1 212 564 3377 :::finger Duncan at hasp.com for PGP key::: http://www.aks.com/ From tcmay at got.net Thu Sep 7 10:34:48 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:34:48 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: I wrote: .... made for communications escrow. Lots of crimes would be solved, and even OJ might be convicted, if a court could order the "position escrow" files opened. So what? That's now what a free society is about. .... This last line has a typo. What I meant to say was: "That's not what a free society is about." Normally I don't post minor corrections, but this one needs correcting. --Tim ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 10:55:19 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 10:55:19 PDT Subject: GAK Hacks Message-ID: At 3:43 PM 9/7/95, Matthew Ghio wrote: >The same applies to GAK. There is no reason to hack it when you can just >use PGP instead. The only reason to hack it would be if it became a >standard. If we have to start hacking GAK applications, we've already >lost to a degree. Thus our focus should be on making alternatives >available instead of just attacking GAK. (Although I suppose you could >show how to hack it, for the sake of making a political statement.) GAK Hacks! We did it for SSL, let's do it for GAK. Demonstrate that superencryption (encrypting within a GAK wrapper) defeats GAK. And other kinds of hacks, including releasing "damaged" (inoperative) versions of the proposed code (when it becomes available). Or releasing "work-alikes." Etc. Granted, the demonstrations will be less clear than breaking the 40-bit key was, partly because there is no clear-cut standard out there, and many aspects of GAK are still in flux. But it could still be a powerful example, an example "by direct demonstration," that government-mandated key escrow is problematic. (Of course, a sufficiently powerful or clear demonstration, picked up by the popular press the way the SSL challenge was, could also cause the government to tighten up the rules on GAK, such as--speculatively!!!!--adding "compliance audits" to the GAK laws.) But GAK Hacking could be an interesting project. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From pjm at ionia.engr.sgi.com Thu Sep 7 11:05:49 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 7 Sep 95 11:05:49 PDT Subject: GAK In-Reply-To: Message-ID: <199509071805.LAA12805@ionia.engr.sgi.com> -----BEGIN PGP SIGNED MESSAGE----- Brian Davis writes: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). Since you're sure to get a number of long responses to this question, I'll keep mine short. I don't want to give anyone my keys. I do not harm anyone by refusing to do so. Therefore, anyone using force to take my keys is acting immorally.* > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? No. I don't choose to give Louis Freeh my keys. I don't choose to give Brian Davis my keys. I don't choose to give Tim May my keys. Any use of force to compel me to yield my keys is unacceptable. Regards, Patrick May * Insert standard Objectivist and Libertarian arguments regarding morality, government, and force here. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBME80YO5Yg08fDKehAQEoqAP/QWcvU4xu4qQNw7S6RNPQ+zCmGzh+B/7r G/490EMOKifsraaDYmh0WRBJ7+2rr+sWuvwpnJzVhRPcR1Mhzz/ZbNjrIm5wFhDH /Yrkln3oZ8iIKgvvwrw75krBG511CHvHg0OudYsxuuP10pgQaT59uQF0bod1plY0 zpao6in3ZKI= =QxbQ -----END PGP SIGNATURE----- From pjm at ionia.engr.sgi.com Thu Sep 7 11:05:58 1995 From: pjm at ionia.engr.sgi.com (Patrick May) Date: Thu, 7 Sep 95 11:05:58 PDT Subject: GAK In-Reply-To: Message-ID: <199509071805.LAA12656@ionia.engr.sgi.com> Brian Davis writes: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). Since you're sure to get a number of long responses to this question, I'll keep mine short. I don't want to give anyone my keys. I do not harm anyone by refusing to do so. Therefore, anyone using force to take my keys is acting immorally.* > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? No. I don't choose to give Louis Freeh my keys. I don't choose to give Brian Davis my keys. I don't choose to give Tim May my keys. Any use of force to compel me to yield my keys is unacceptable. Regards, Patrick May * Insert standard Objectivist and Libertarian arguments regarding morality, government, and force here. From dmandl at panix.com Thu Sep 7 11:46:16 1995 From: dmandl at panix.com (dmandl at panix.com) Date: Thu, 7 Sep 95 11:46:16 PDT Subject: Collection of personal info In-Reply-To: <199509071616.MAA04473@panix.com> Message-ID: On Thu, 7 Sep 1995, Duncan Frissell wrote: > That's what so nice about the nets. You don't (won't) have to "live in the > world" any more. The creation of consentual halucinations (virtual worlds) > allows you to "change the world" at will. Goody. In this virtual world, we can also abolish all taxes, remove all restrictions on crypto use, or even get rid of the government altogether. I just hope I can find enough food there. > And once the interface improves... ...I won't have to deal with the inefficiencies of real sex, live music performances, or (non-virtual) world travel ever again. > Actually, the creation of separate "spaces" that can only be entered with > your (each person's) permission will have a big impact on life in the real > world. Yeah, it'll wipe it out. I've got to tell you, Duncan, this kind of rhetoric pushes me over to the luddite side more every day. No flame intended--just one man's opinion. --Dave. -- Dave Mandl dmandl at panix.com http://wfmu.org/~davem From tomservo at access.digex.net Thu Sep 7 11:48:09 1995 From: tomservo at access.digex.net (Scott Fabbri) Date: Thu, 7 Sep 95 11:48:09 PDT Subject: Force Ratios Message-ID: <199509071847.OAA08292@access5.digex.net> -----BEGIN PGP SIGNED MESSAGE----- > But the most interesting thing that this emphasized for me was the sort of > modern information warfare issues as highlighted in the recent Economist > Survey. Info war is war by other means (a little shooting, communications, > publicity, and litigation) and look what happened at Ruby Ridge. The Feds > deployed 400 "troopies", some armored personnel carriers, copters, executive > jets, Hummers, and other hardware. On the other side were 3 adults and 4 > children with some 14 personal weapons. > > The result. One Fed and two Weavers dead. A $3.1 million legal settlement, > and continuing problems for the Feds. That smells like a bad defeat to me. > They couldn't even kill 7 people with a 57 to 1 force ratio. Well. I think if killing the Weaver clan was the primary objective, they could have been much more direct. One plane, one bomb/missile, one pilot, with a 1:7 force ratio (1:2 if you don't count probable noncombatants). Or a SEAL team with tools to make it look like an "accident" (carbon monoxide, maybe? A propane explosion?). However, we generally frown on that kind of thing in our polite society. :-) If the Feds had really wanted to kill the Weavers, it'd probably be called "Ruby Crater" now. > In addition, the operation and the various investigations must have cost the > Feds millions more. (What *do* the Fibbies have to pay for those Ninja > Hoods?) And they lost. Murphy's Law applies everywhere. Most likely they really wanted to take Weaver and clan alive (and thought they could!), and the worst possible things happened. (Surprisingly enough, government TLAs know all about the concept of "bad press," and killing bystanders isn't SOP.) > That suggests that the ability of The Great Enemy to overcome the sort of > directed human activity of the frictionless markets we are building will be > quite limited. But they don't have to face you directly, just convince someone who allegedly represents you that a "law" is necessary to "save you from yourself" and to "keep our great country free and safe." Then you either play ball, or you wind up with a bunch of balaclava-clad guys in your bedroom one night, taking your computer and dragging you off. Maybe they don't get anything to convict you, but you still have to mount a costly defense. What a great system, eh? Just like the Founding Fathers imagined. - -- Scott Fabbri MSTie #31643 tomservo at access.digex.net "If I knew that a man was coming to my house with the conscious design of doing me good, I should run for my life." --Thoreau -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQB1AwUBME898OvEnOI8TfM9AQFLJQL9GV7+YWfPUtBKaF7qbny4KLz7DhxkSrEE TIhCVRiDmuoSnqsUFpM4i4yDQqEJK5lOnxm7mwYyPrKku8Z1JB7SPG5Koq/Vt/QZ UwOnYT0VRNydJVQpIWq7AgnBmIz2wRYe =uMqt -----END PGP SIGNATURE----- From jlasser at rwd.goucher.edu Thu Sep 7 12:12:59 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Thu, 7 Sep 95 12:12:59 PDT Subject: GAK In-Reply-To: Message-ID: On Sun, 3 Sep 1995, Brian Davis wrote: > I, of course, know of the "dislike" of GAK here. I am curious to know, > however, if the "dislike" is because government would have access under > any circumstances or if the primary worry is that government will cheat > and get access when most would agree that they shouldn't (either by the > judge "cheating" or a TLA stealing it). ...or "somebody else" (ie commercial competitor, personal or political rival, etc) paying off somebody to obtain it. I don't trust the gvm't to only get access when they should, either. > In other words ... if it took agreement by a review board composed of > non-LEA members of this list, would the escrow be acceptable?? Not necessarily; the members of the review board can be bribed, blackmailed, lied to, etc. I don't believe there's a competent review board available...nor do I think such a thing could be created. Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From rah at shipwright.com Thu Sep 7 12:24:56 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 7 Sep 95 12:24:56 PDT Subject: Industry Slams Gov's Encryption Export Plan Message-ID: --- begin forwarded text Mime-Version: 1.0 Date: Thu, 07 Sep 1995 07:15:48 From: James Rapp To: www-buyinfo at allegra.att.com, rpournel at hr.house.gov Subject: Industry Slams Gov's Encryption Export Plan I was at the 9/6 NIST session and this account is reasonably accurate. Even though a seemingly high percentage of attendees indicated displeasure with current Administration key escrow proposals, they seem hell bent on this path. Further, the sense was that industry representatives were basically invited as a simple window dressing maneuver. The engaging Whitfield Diffie of Sun Microsystems did an outstanding job of raising questions about the Administration's proposal. Today's session--"Desirable Characteristics for Key Escrow Agents." Jim Rapp, "give me more info" CyberStrategies Alexandria, Virginia Via Newsbytes, Kennedy Maize 9/6/95 12:00 a.m. WASHINGTON, D.C., -- The Clinton administration's new proposal on export controls onencryption in software got a tongue lashing from the software industry today. The administration's announcement of a so-called liberalization "suggests that the government is pursuing a 'son of Clipper' strategy that could lead to the mandatory use of government designed key escrow encryption," said Robert Holleyman, president of the Business Software Alliance. Speaking at a conference sponsored by the National Institute of Standards and Technology, Holleyman said the administration plan to allow export only if the encryption scheme involves key escrow reveals "a misunderstanding of the marketplace and unless significantly changed, will prevent key escrow encryption from ever being commercially adopted." The White House initiative, Holleyman said, "failed to provide immediate relief to software companies because it did nothing to liberalize export controls on generally available software employing non-key escrow encryption. "Each delay by the administration in permitting the export of software with strong encryption capabilities results in lost sales for American companies," said Holleyman. "Ironically, foreign software competitors, unconstrained by export controls, continue to fill this void, with more than 200 foreign encryption programs available from 21 countries." Under the new administration proposal, software companies that employ non-key escrow encryption would continue to be limited to a 40-bit key. Holleyman called for the administration to immediately permit 56-bit encryption without key escrow, which he said is the current world standard. Last year, the administration was pushing a hardware-software approach to encryption, called the Clipper chip, which would have employed government-designated escrow agents to hold keys. Law enforcement agencies would have been able to get access to the keys from the escrow agents. Of the administration proposal to loosen controls on key escrow encryption, Holleyman said that "the administration's inability to shake off the Clipper mind-set is effectively precluding the adoption of realistic criteria for commercial key recovery systems." Holleyman suggested that a workable system must include strong encryption where users -- in the US and elsewhere -- are able to specify the key holder. Current administration policy, Holleyman said, is jeopardizing the "future of the global information infrastructure and electronic commerce. Instead of paving the roads, the administration has left in place roadblocks on the information highway." --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell >>>>Phree Phil: Email: zldf at clark.net http://www.netresponse.com/zldf <<<<< From aba at dcs.exeter.ac.uk Thu Sep 7 12:42:21 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Thu, 7 Sep 95 12:42:21 PDT Subject: GAK Hacks Message-ID: <8921.9509071941@exe.dcs.exeter.ac.uk> Tim May writes on cpunks: > We did it for SSL, let's do it for GAK. > > Demonstrate that superencryption (encrypting within a GAK wrapper) defeats > GAK. And other kinds of hacks, including releasing "damaged" (inoperative) > versions of the proposed code (when it becomes available). I was just drooling over the fun to be had if and when this crap goes through. Surely a very fun thing to do. A new legit hobby for all those games crackers out there. (Hmm maybe not so legit, micro$oft has non- reverse engineering clauses on their stuff, but that doesn't stop anyone, and there's always remailers). One of their requirements was resistance to static patches, as someone else pointed out that is just not possible in software, if some gets really bored they can at worst disassemble the entire thing, and re-write it from scratch without any silly GAK stuff, or with a row of 00s where the escrowed key goes. > Or releasing "work-alikes." Etc. > > Granted, the demonstrations will be less clear than breaking the 40-bit key > was, partly because there is no clear-cut standard out there, and many > aspects of GAK are still in flux. > > But it could still be a powerful example, an example "by direct > demonstration," that government-mandated key escrow is problematic. > > (Of course, a sufficiently powerful or clear demonstration, picked up by > the popular press the way the SSL challenge was, could also cause the > government to tighten up the rules on GAK, such > as--speculatively!!!!--adding "compliance audits" to the GAK laws.) So the question is what do you prefer: 40 bits only or 64 bits which can be broken? Is it worth sabotaging what is essentially an impossible task open to having the GAK element hacked out? It would be much more fun if they'd agree to no limits on key sizes, and GAK. What happens if the result of the talks which Pat Farrell kindly described is that it is impossible? What is their next move? We've had "voluntary" hard-ware key-escrow, and it got chucked out by widespread derision of the idea, now the same in software. Which direction does the next phased attack come from? > But GAK Hacking could be an interesting project. indeed. Adam From baldwin at RSA.COM Thu Sep 7 12:51:50 1995 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Thu, 7 Sep 95 12:51:50 PDT Subject: Commercial Speech over Internet product Message-ID: <9508078105.AA810503582@snail.rsa.com> Here's an article about a commercial company that is doing speech over the Internet. Maybe someone would like to help them add encryption. --Bob Baldwin, speaking for myself only. ------------------------ TrueSpeech Player enables real-time audio over Internet SANTA CLARA, CALIFORNIA, U.S.A., 1995 SEP 1 (NB) -- DSP Group Inc. (NASDAQ:DSPG) announced a new Windows product, TrueSpeech Player, that is freely available on the Internet. The TrueSpeech Player enables TrueSpeech- encoded speech to be played in real-time over the Internet. Kurt Magdanz, director of business development at DSP, told Newsbytes, "The TrueSpeech Player utilizes the TrueSpeech compression technology bundled in Microsoft's Windows 95 and Windows NT. True Speech is a very high quality algorithm which compresses speech. TrueSpeech Player allows users to decompress TrueSpeech in real time." With the TrueSpeech compression algorithm, speech is communicated in real- time over standard telephone lines to computers capable of communicating at data rates of 14.4kbps (kilobits per second) or above, Newsbytes was told. Because the TrueSpeech Player converts compressed speech data in real-time, World Wide Web site visitors have access to high-quality speech over the Internet in real time, said Magdanz. "The TrueSpeech Player is our first step in enabling high-quality speech communication in real-time over the Internet," said Yuval Cohen, vice president of business development with the DSP Group. "World Wide Web site and content developers can immediately begin developing TrueSpeech Player- compatible content without paying fees." "Content developers who wish to create TrueSpeech Player-compatible speech content should visit our World Wide Web site for detailed instructions on how to use this new product," said Cohen. DSP Group is currently developing an advanced TrueSpeech Server software package which will offer content developers tools, interaction with the TrueSpeech Player to enable advanced features, live broadcasting capability and enhanced server control with diagnostics, said Magdanz. The TrueSpeech Player can be downloaded freely from DSP Group's World Wide Web site, http://www.dspg.com . DSP is headquartered in Santa Clara, California. (Richard Bowers/19950831/Press Contact: Kurt Magdanz, DSP, 408- 986-4300) From pfarrell at netcom.com Thu Sep 7 13:02:32 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 13:02:32 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509071959.MAA11919@netcom3.netcom.com> >"If keys are escrowed, what purpose does a 64 bit limit serve?" This question was asked, it seems like a zillion times, but probably no more than four or five times. It is a bit of a belt and suspenders idea. But it also shows how scared they are about real encryption. It is clear that this meeting is a shame. Everyone in industry says it won't be marketable. The Govies say it will be great. What they really want is to force weak crypto on the US by forcing the vendors to make a weak product "for export" when all the vendors say that they have to have _only one_ version. If they have one version, and it is weak, we are safe from drug dealers, pedophiles and terrorists. (BTW, I'm used that phrase yesterday, so it should be in the Federal register's offical record.) >Secondarily, I observe that this apparently precludes the use of OTP. No, they don't care about the cipher, only the key length, But with a 64bit, GAK'd key, you can't say much without repeating the P, and that makes it a TTP or a FTP (two time pad, or four time pad) which isn't very useful. You probably can gzip "attack at dawn" to 64 bits, but not much more. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrellA Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer Z~v :$ From cman at communities.com Thu Sep 7 13:10:00 1995 From: cman at communities.com (Douglas Barnes) Date: Thu, 7 Sep 95 13:10:00 PDT Subject: GAK Message-ID: One good (non-cypherpunk) argument against GAK is that it concentrates a very large quantity of valuable keys in a few places, where they become an extremely attractive target for government or corporate espionage. You could compare this to the function served by banks, but banks tend to notice fairly quickly when money is missing. Compromising keys doesn't involve removing anything, or throw the books out of balance; they just get copied. The compromise is only revealed if they are used clumsily. Note that a few million keys would fit very easily on even a low-end DAT tape (easily hidden in a pack of cigarettes). From trei at process.com Thu Sep 7 13:42:48 1995 From: trei at process.com (Peter Trei) Date: Thu, 7 Sep 95 13:42:48 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <9509072042.AA20013@toad.com> > >"If keys are escrowed, what purpose does a 64 bit limit serve?" > This question was asked, it seems like a zillion times, but > probably no more than four or five times. > It is a bit of a belt and suspenders idea. But it also shows how > scared they are about real encryption. Is there an actual quote - did an identifiable government person actually use the 'belt and suspenders' line? This is getting to the point where journalists could have something to hang a story on. I think we can infer from this that the USG has, or soon expects to have, the ability to brute 64 bits of key. > It is clear that this meeting is a shame. Everyone in industry ^^^^^^^^ A shame certainly, but I suspect you meant 'sham' (not a spelling flame, the difference in meaning is important). > Pat > Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From frissell at panix.com Thu Sep 7 13:47:08 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 13:47:08 PDT Subject: Collection of personal info Message-ID: <199509072046.QAA26704@panix.com> At 02:46 PM 9/7/95 -0400, dmandl at panix.com wrote: >> And once the interface improves... > >...I won't have to deal with the inefficiencies of real sex, live >music performances, or (non-virtual) world travel ever again. > >> Actually, the creation of separate "spaces" that can only be entered with >> your (each person's) permission will have a big impact on life in the real >> world. Dave. Sorry you didn't catch the implied change of tone in the above. I meant to show a switch from Space Cadet rhetoric about the nets to a more realistic view. >> And once the interface improves... >> Actually, the creation of separate "spaces" that can only be entered with >> your (each person's) permission These separate spaces won't wipe out the Real World (used with permission) but they will influence it as a form of private property that is self enforcing neither dependent on force for protection nor capable of being penetrated by force. This is a BIG THING. You can't live in it yet but you will certainly be able to trade digital goods and services there and stash digital goods (work product, databases, etc.). Having a place that is under your exclusive control has enormous practical and psychological implications. Think of the change that occurred when peasants came to be able to own land. Cyberspace contains spaces that can be cheaply created, individually owned, and free of confiscation. And since the bulk of the wealth of OECD countries is non-physical (consisting of various forms of ownership rights and "choses in action") that wealth can be protected cryptographically. >I've got to tell you, Duncan, this kind of rhetoric pushes me over to >the luddite side more every day. > >No flame intended--just one man's opinion. Don't you like the idea of a "place" that's yours alone? It's not dangerous (to you). It increases your choices. Your power. DCF "You don't have to be nice to nation states you meet on the way up if you're not coming back down." From alanh at infi.net Thu Sep 7 13:52:40 1995 From: alanh at infi.net (Alan Horowitz) Date: Thu, 7 Sep 95 13:52:40 PDT Subject: Are booby-trapped computers legal? In-Reply-To: <199509060419.XAA04296@einstein.ssz.com> Message-ID: I am pretty sure that it is lawful to use deadly force to protect property, in New Mexico. From tytso at MIT.EDU Thu Sep 7 15:25:19 1995 From: tytso at MIT.EDU (Theodore Ts'o) Date: Thu, 7 Sep 95 15:25:19 PDT Subject: Kerberos v5's experience with ASN.1 In-Reply-To: <9509071925.AA17839@toad.com> Message-ID: <9509072225.AA26823@dcl.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- To: Cypherpunks Lite Date: Sat, 2 Sep 1995 13:55:38 -0400 From: jis at mit.edu (Jeffrey I. Schiller) However, the problem with ASN.1 isn't its waste of space (which actually isn't that bad for a mechanism for encoding arbitrary objects). While I won't argue about the rest of Jeff's note about the use of ASN.1 being a mistake, I do want to point out that certain ASN.1 types are in fact very wasteful of space. Most notable of these is the ASN.1 Generalized Time --- which encodes the a timestamp in ASCII. ASN.1 GeneralizedTime therefore requires 17 bytes to encode, an over four-fold increase in the amount of space needed to store a time, compared with a 4 byte representation of "number of seconds since 1970". This is deadly in a protocol which has to store lots of timestamps, which is the case in Kerberos V5. We could have gotten around this problem by merely storing an integer whenever we needed to store a timestamp, instead of using the ASN.1 abstract type. Then it would have only taken 6 bytes (ASN.1 adds a 2-byte overhead for each object which you store). - Ted -----BEGIN PGP SIGNATURE----- Version: 2.6.1 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBME9xO0QVcM1Ga0KJAQGiQwQAhSu4WpeVZ+hsN+o+NvWMwP8JK0GojhuI vWE1M3iIZttz4iMEbsziZ1KzWlkFTL8AKVWkzDAZ8t5lNMis9qObCfaQPQkKTLwJ UV20GjebckOzFx7Rp9OPDDI536cepvcjFN0cQkWtmiW2KP04TU9zr4caD4cfozDJ XYGZavYmpBQ= =9YUm -----END PGP SIGNATURE----- From terrell at sam.neosoft.com Thu Sep 7 15:52:29 1995 From: terrell at sam.neosoft.com (Buford Terrell) Date: Thu, 7 Sep 95 15:52:29 PDT Subject: GAK Message-ID: <199509072302.SAA02407@sam.neosoft.com> >Date: Sun, 3 Sep 1995 21:25:26 -0400 (EDT) >From: Brian Davis >Subject: Re: GAK >On Fri, 1 Sep 1995, Timothy C. May wrote: > >> At 10:56 PM 9/1/95, Buford Terrell wrote: >> >> >If you've ever watched Not_at_all_Funny Home Videos or any of the >> >American Urinal school of tabloid television, you soon start feeling >> >that the real threat to privacy is not the guvmint, but all of >> >the yoyos with their little cam corders running around pointing them >> >at people. >> > >> >Security cameras in ATMS and at airline ticket counters do more >> >to threaten you privacy than do FIBBIE wiretaps, and PGP won't >> >protect you from them. (and usually neither will the courts). >> >> I absolutely agree with this, though this doesn't mean I'll stop worrying >> about the government's plans for key escrow (GAK), about limits on key >> lengths, or about other efforts to thwart strong security. > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? > >EBD > In my case, it's simply a matter of principle: the government has no right to know what I'm saying. Search warrants may allow them to get to "things" that I have, but the First and Fifth amendments make words sacred. If the government can eavesdrop on my conversation, then my speech is no longer free. A review board consisting of cypherpunks has no more right to listen to my private conversations than does the FBI, so I would not agree to that proposal either. --buford From cme at TIS.COM Thu Sep 7 16:09:15 1995 From: cme at TIS.COM (Carl Ellison) Date: Thu, 7 Sep 95 16:09:15 PDT Subject: ASN.1 and Kerberos version 5 In-Reply-To: <199509071800.LAA20586@comsec.com> Message-ID: <9509072233.AA03587@tis.com> >Date: Sat, 2 Sep 1995 13:55:38 -0400 >From: jis at mit.edu (Jeffrey I. Schiller) >I'll say it. I was the person who pushed for the use of ASN.1 in Kerberos >version 5. I had this disease at the time that made me think that ASN.1 was >a good idea. I got better, unfortunately we have been living with the >results of my braino for quite some time now... poor Ted. Jeff, I'm collecting lists of ASN.1 problems as well as better solutions. If you'd care to contribute.... Otherwise, I'll post the results when they're firmed up. I got some *great* material from Burt Kaliski at the P1363 meeting and that needs to be folded in, so I know it's not soup yet. - Carl From weidai at eskimo.com Thu Sep 7 16:47:38 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 7 Sep 95 16:47:38 PDT Subject: fast modular reduction In-Reply-To: <199509070811.EAA07559@clark.net> Message-ID: > Anyway, I played around with the algorithm a little, and it's neat > and easy to implement, but the speed increase is not worth > the patent hassle (assuming there is a speed increase, I saw none) > > The algorithm is still basically O(n^2) if used in a modexp > routine. It requires n^2 multiplications and additions. Whereas, > a typical Karatsuba multiplication using a high precision > reciprocal will only use 2*n^1.5 multiplications and 5*n^1.5/8 > additions. (for n=64 which is a 2048-bit number being reduced, > it's about 1/5 the multiplications, but 5 times the additions) I agree with you that the patent hassle is probably not worth the speed increase. If I came up with the algorithm by myself and on my own time, I certainly would not have filed a patent for it, but that wasn't the case. I also agree that the patent system should be abolished, but there is nothing I can do about that either. The speed increase does exist over Montgomery's modular reduction because it uses n*n multiplications and 1 division compared to n*(n+1) multiplications, and the pre- and post-calculations are much simpler. Division using Karatsuba multiplication does seem to have a better asymptote, but is probably slower for most practical lengths. Both Lenstra's LIP and Lacy's CryptLib use Montgomery for modular reduction. The numbers you give are a bit off. Assuming a 32-bit machine, n=64 implies a 2048-bit modulus, and a 4096-bit number to be reduced. Also, Karatsuba should use 1/3 (2*64^1.58 / 64^2) the multiplications rather than 1/5. Wei Dai From hallam at w3.org Thu Sep 7 17:14:46 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 17:14:46 PDT Subject: GAK Hacks In-Reply-To: <8921.9509071941@exe.dcs.exeter.ac.uk> Message-ID: <9509080010.AA06896@zorch.w3.org> >One of their requirements was resistance to static patches, as someone >else pointed out that is just not possible in software, if some gets >really bored they can at worst disassemble the entire thing, and >re-write it from scratch without any silly GAK stuff, or with a row of >00s where the escrowed key goes. I think I would prefer the escrowed key to a row of 00's, if someone wanted to use decode the message they could just use the all 00's key :-) Phill From starrd at iia2.org Thu Sep 7 17:27:16 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:27:16 PDT Subject: Collection of personal info In-Reply-To: Message-ID: On Wed, 6 Sep 1995, Rob Lowry wrote: > I am new to the crypto scene and still think PGP is neato ;) Welcome, you will learn a lot of great material here, and yes it is neato. I just wish it came pre-installed with WinDoze... ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From dr261 at cleveland.Freenet.Edu Thu Sep 7 17:32:47 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 17:32:47 PDT Subject: Collection of personal info Message-ID: <199509080005.UAA26943@kanga.INS.CWRU.Edu> >letting it happen, and using cash instead of credit, is the smart answer I'm somewhat surprized at how much of an issue this is. The federal government prints up nice green paper for us to pay for things with. It's annonymous (to a large extent), univerally accepted (most of the time), fairly untracably (unless you really want to), easily available, doesn't collect interest, free to use, etc. No one is forcing anyone to use credit cards, etc.. Then again, being a kid, I have never bought anything with anything other than cash on the spot... -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From starrd at iia2.org Thu Sep 7 17:33:13 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:33:13 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070639.BAA00416@mail.socketis.net> Message-ID: On Wed, 6 Sep 1995, Gary Jeffers wrote: > Date: Wed, 06 Sep 1995 22:42:42 -0500 > From: Gary Jeffers > To: cypherpunks at toad.com > Subject: ON OFF-TOPIC > > ON OFF-TOPIC > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! > > > CRYPTO CODERS SUPPLY THE MEANS! > CONSPIRACY THEORISTS SUPPLY THE MOTIVATION! > > > conspiracy theorist = alternative political theorist > NOT= AP/ABC/CBS/NBC/CIA/FBI/U.S GOV'N./New York Times/Washington Post > opinion moulders syndicate > > "extremist right-wing kook" = old fashioned American patriot > Left term used often by left-wing extremist liberal statist kooks. > > The United States "Federal" Government - we'll be even more American > without it. > > > > PUSH EM BACK! PUSH EM BACK! > WWWAAAYYYY BBBAAACCCK! > BBBEEEAAATTTT STATE! >  > So true my friend, I have been saying this for years. Glad to find another patriot here. BTW, I love your cheer! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From starrd at iia2.org Thu Sep 7 17:41:47 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:41:47 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509070834.EAA04213@frankenstein.piermont.com> Message-ID: On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > Was this really needed? Yes, it is my bet that there are some patriots in this list. The desire to protect one's privacy is a very "patriot" thiung to want to do. CyPherpunks appears to be a lot of peole who are against big brothert government, and quite probably for restoring the constitution...am I right? > > Gary Jeffers writes: > > ON OFF-TOPIC > > > > THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY! > ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From mnorton at cavern.uark.edu Thu Sep 7 17:42:17 1995 From: mnorton at cavern.uark.edu (Mac Norton) Date: Thu, 7 Sep 95 17:42:17 PDT Subject: Collection of personal info In-Reply-To: Message-ID: a sonewhat similar system does exist, also unser federal statute, for credit reporting agencies. YMMV MacN On Wed, 6 Sep 1995, Rob Lowry wrote: > > > Nor was I suggesting a legal solution (I know your comment > > was triggered by Rob's request for legal recourse) but instead > > suggesting that things are farther along than some people realize. > > Nor do I support additional rules/laws or regulations.. but if there are > existing ones to screw with, use 'em.. > Recently I had a bill turned over to collections from, of all places, the > daycare we used to take our kids too.. we owe them about $1300 in their > estimation. The reason we have not paid is due to 11 days of lost work > due to head lice that they provided to my kids, plus they stopped serving > breakfast which was in the contract we signed when enrolling the kids there.. > I was notified by the collection co. about this submittal (now $1500 for > some reason..) and by law, I can dispute this in writing, thus slowing > the wheels of the collection monster horribly. I did so.. and for the > last 4 months, they have been trying to prove I owe money.. I was asking > if such a system exist for the release of your credit info.. and it > appears that there is no safety mechanism in that monster. Rather than > cry out for more laws to be twisted against us later, I agree that > letting it happen, and using cash instead of credit, is the smart answer > here. > > Someone care to point me at e-cash info? sounds interesting.. remember, > I am new to the crypto scene and still think PGP is neato ;) > > > From rjc at clark.net Thu Sep 7 17:49:09 1995 From: rjc at clark.net (Ray Cromwell) Date: Thu, 7 Sep 95 17:49:09 PDT Subject: fast modular reduction In-Reply-To: Message-ID: <199509080048.UAA19561@clark.net> > > The numbers you give are a bit off. Assuming a 32-bit machine, > n=64 implies a 2048-bit modulus, and a 4096-bit number to be reduced. > Also, Karatsuba should use 1/3 (2*64^1.58 / 64^2) the multiplications > rather than 1/5. The n=64 implies two 2048-bit numbers are being multiplied. The 2048-bit number comes from the fact that in a typical crypto app, modexp will be reducing numbers as large as the modulus squared which runs 2048-bits for a 1024-bit modulus. The reciprocal is 1 block bigger than the number to be reduced. Hence, you are dealing with multiplying about two 2048-bit numbers. But since we only care about the "fractional" part of the result, we can safely throw away half the computation and only compute half the Karatsuba recursion tree. (the number before the decimal point is the quotient) Then, to determine the final remainder, we simply multiply by the modulus again, throwing away non-significant computation again. There is a normal n^2 method for reducing via reciprocal that only uses 1/4 the number of ops as the obvious technique. Your right about the 1/3 vs 1/5, I dunno where the 5 came from, must have been a typo in my calcs. The problem with Karatsuba is that it's hard to implement efficiently. Temporary ints should be kept to a minimum and be preallocated. The combine step requires 1 store, and 5 additions, of multiprecision integers. The split step requires no copying if you use pointer manipulation, and instead of shifting, don't add in place, but add "with shift" to the destination. Most of the implementations I've seen do too much copying and shifting. Given that some modern processors have efficient hardware multiply, it might not be worth all the trouble to trade mults for adds. If a processor has an efficient hardware FFT, it might even be worthwhile to use the FFT multiply method. Do you have a ref for the Montgomery method? I'm unfamilar with the name, I wonder if it's something I've seen before under a different label. Check out Schonhage's book "Fast Algorithms" They've implemented all the asymtotic algorithms efficiently and gathered performance data. I corresponded with Schonhage's grad student and he told me that Karatsuba wins for n>=8, which I find difficult to see, when it takes about n=32 for my own implementation (not optimized) to break even. -Ray From tcmay at got.net Thu Sep 7 17:50:22 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 17:50:22 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: At 7:59 PM 9/7/95, Pat Farrell wrote: >>"If keys are escrowed, what purpose does a 64 bit limit serve?" > >This question was asked, it seems like a zillion times, but >probably no more than four or five times. > >It is a bit of a belt and suspenders idea. But it also shows how >scared they are about real encryption. > >It is clear that this meeting is a shame. Everyone in industry ^^^^^ Sham? Or shame? Or, likely, both? Your account of the meeting merely confirms my worst fears. But don't they say the Chinese character for "crisis" also means "opportunity"? (Sort of the way the English word "oversight" has two very different and opposite meanings.) --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Thu Sep 7 17:55:55 1995 From: jya at pipeline.com (John Young) Date: Thu, 7 Sep 95 17:55:55 PDT Subject: Key Escrow Papers Message-ID: <199509080055.UAA27687@pipe4.nyc.pipeline.com> We have scanned several of the handouts at the NIST Key Escrow Issues Meeting of September 6 (not present Sept 7). Perhaps someone, Pat Farrell or another, would be willing to make them available on a homepage or ftp site. If so we will send them over. If nobody volunteers we will send them by our puny e-mail contraption. Here's what we have ready to send: 1. The outlines of meeting topics of Raymond Kammer of NIST and Michael Nelson of the White House. (7kb) 2. Discussion Paper No. 4, "Example Potential Solutions for the Draft Export Criteria for Software Key Escrow Encryption," which offers example solutions for each of the ten criteria. (7kb) 3. The Business Software Alliance's dissenting blast at the government's key escrow proposal and export limit. This paper was loudly applauded. (19kb) 4. Trusted Informations Systems's "Thoughts on the NIST Escrow Issues Meeting Discussion Papers." (27kb in 2 parts) 5. TECSEC Incorporated's "Private Escrow Key Management: A Method and its Issues." (13kb) 6. Dorothy Denning's "Comments on Draft Criteria for Software Key Escrow Exportability" and "Comments on Issues for Key Escrow Agents." (8kb) Two other papers will be scanned later: 7. National Semiconductor's "Commercial Cryptography Ideas for Success" (9 pp. of large type) This contains graphics of the CAKE program and a "Proposed NIST Escrow Certificate Heirarchy" which cannot be easily distributed by us, so we offer this by fax. 8. TECSEC's "The Merger of Technology and Cryptographic Key Management" (6 pp.). Note 1: It was Michael Nelson of the White House who said that the reason to maintain the 64-bit limit for export was because the key escrow methodology had not yet been proven reliable and that the security agencies insisted on the relatively weak system in case key escrow failed. Note 2: At the B-2 breakout session there was strong debate on a proposal for a "Criteria Zero": Before addressing any of the details of Criteria 3, 4 and 9 as presented to us, Group B-2 registers its view that export under general license of strong encryption should not require key escrow. A vote on the proposal was 7 yes, 7 no and 13 absentions. It was not reported to the plenary session. From perry at piermont.com Thu Sep 7 17:57:56 1995 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 7 Sep 95 17:57:56 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: <199509080057.UAA05313@frankenstein.piermont.com> starrd writes: > On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > > > Was this really needed? > > Yes, it is my bet that there are some patriots in this list. Pardon, but I don't care. There are also several socialists on this list. Shall I help them out by posting a long tract on the labor theory of value? There are several religious christians here. Shall we begin to discuss the divinity of Jesus? There are also some Jews here -- we could have a bunch of religious debates, and the atheists could kick in some mud, too. There are lots of folks here who wear shoes -- perhaps we could discuss the merits of different brands. > The desire > to protect one's privacy is a very "patriot" thiung to want to do. But this isn't a list for "patriot"s. > CyPherpunks appears to be a lot of peole who are against big brothert > government, and quite probably for restoring the constitution...am I right? Cypherpunks is a list for people interested in cryptography and its impact on privacy, law, society, etc. It is not a list for people to discuss libertarianism, socialism, constitutionalism, whether the president has just flown over you ranch in a black helicopter, whether the CIA was responsible for brainwashing your pet rat Algernon, whether David Koresh was the messiah, or how many members of the Federal Protective Service it takes to change a paper shredder. There are lots of places to discuss these topics on the net. There is only Cypherpunks for discussing the overall impact of cryptography on society, and this is a fairly good place to discuss crypto algorithms and the like because it is (amazingly) fairly high s/n compared to, say, sci.crypt. Please help out by not polluting one of the few places to discuss these issues with stuff you can talk about anywhere. Perry From starrd at iia2.org Thu Sep 7 17:58:43 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 17:58:43 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <199509070600.QAA11675@molly.cs.monash.edu.au> Message-ID: On Thu, 7 Sep 1995, Jiri Baum wrote: > > >: : >>: OT7-48 > >: : >>: 1. Find some plants, trees, etc., and communicate to them > >: : >>: individually until you know they received your communication. > >: : >>: 2. Go to a zoo or a place with many types of life and communicate > >: : >>: with each of them until you know the communication is > >: : >>: received and, if possible, returned. > I gotta read more of this drivil! ROTFL! ROTFL!!! No wonder they dont want it out! They look like tey belong in the funny-farm....Have you ever seen those cute uniforms they wear? [really! Hollywood california, I have *been* to their "church"] especially the girls, reminds me of school-uniforms, but they are all so grown up [yum!] but with the minds of a moron....[see above drivil they read] I know this is somewhat off-topic, but I just *had* to say it! ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From ghio at c2.org Thu Sep 7 18:02:47 1995 From: ghio at c2.org (Matthew Ghio) Date: Thu, 7 Sep 95 18:02:47 PDT Subject: Commercial Speech over Internet product In-Reply-To: <9508078105.AA810503582@snail.rsa.com> Message-ID: > Here's an article about a commercial company that is doing speech >over the Internet. Maybe someone would like to help them add encryption. > --Bob Baldwin, speaking for myself only. The program is a sound-listening extention for web-browsers. There is really no use for crypto because it's only processing information which is already public. From starrd at iia2.org Thu Sep 7 18:09:02 1995 From: starrd at iia2.org (starrd) Date: Thu, 7 Sep 95 18:09:02 PDT Subject: ON OFF-TOPIC In-Reply-To: <199509080057.UAA05313@frankenstein.piermont.com> Message-ID: On Thu, 7 Sep 1995, Perry E. Metzger wrote: > Date: Thu, 07 Sep 1995 20:57:32 -0400 > From: Perry E. Metzger > To: starrd > Cc: cypherpunks at toad.com > Subject: Re: ON OFF-TOPIC > > > starrd writes: > > On Thu, 7 Sep 1995, Perry E. Metzger wrote: > > > > > > Was this really needed? > > > > Yes, it is my bet that there are some patriots in this list. > > Pardon, but I don't care. There are also several socialists on this > list. Shall I help them out by posting a long tract on the labor > theory of value? There are several religious christians here. Shall we > begin to discuss the divinity of Jesus? There are also some Jews here > -- we could have a bunch of religious debates, and the atheists could > kick in some mud, too. There are lots of folks here who wear shoes -- > perhaps we could discuss the merits of different brands. > Nope. but the patriots & the cyPHerpunks share a common goal, and belief that it is none of the government's business what we think or want to share with our computers. > > The desire > > to protect one's privacy is a very "patriot" thiung to want to do. > > But this isn't a list for "patriot"s. Yes it is. This list is for anyone who wants to preserve their privacy, but I do understand what you really meant. :-^) > > CyPherpunks appears to be a lot of peole who are against big brother > > government, and quite probably for restoring the constitution...am I right? > > Cypherpunks is a list for people interested in cryptography and its > impact on privacy, law, society, etc. It is not a list for people to > discuss libertarianism, socialism, constitutionalism, whether the > president has just flown over you ranch in a black helicopter, whether > the CIA was responsible for brainwashing your pet rat Algernon, > whether David Koresh was the messiah, or how many members of the > Federal Protective Service it takes to change a paper shredder. Agreed > > There are lots of places to discuss these topics on the net. There is > only Cypherpunks for discussing the overall impact of cryptography on > society, and this is a fairly good place to discuss crypto algorithms > and the like because it is (amazingly) fairly high s/n compared to, > say, sci.crypt. Please help out by not polluting one of the few places > to discuss these issues with stuff you can talk about anywhere. Again, I agree with you Perry. In fact on a crypto-note [is that a word?] I would enjoy some discussion on SecDrv 1.4....anyone wanna take about it v. PGP? [is it as secure as PGP?] ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From tcmay at got.net Thu Sep 7 18:09:40 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 18:09:40 PDT Subject: Legality of Cash Transactions Message-ID: At 12:05 AM 9/8/95, Tobin T Fricke wrote: >>letting it happen, and using cash instead of credit, is the smart answer > >I'm somewhat surprized at how much of an issue this is. The >federal government prints up nice green paper for us to pay for >things with. It's annonymous (to a large extent), univerally >accepted (most of the time), fairly untracably (unless you >really want to), easily available, doesn't collect interest, >free to use, etc. No one is forcing anyone to use credit >cards, etc.. Then again, being a kid, I have never bought >anything with anything other than cash on the spot... I agree with what I think your sentiment is, but bear in mind that "cash transactions" are in fact limited by various laws and regulations about reporting cash payments. Try buying a car with cash, especially a car costing over $10,000. Black Unicorn posted an account a while back (sometime last year) of his efforts to pay cash for a new car. The restrictions on cash are mostly oriented toward ostensibly stopping "drug profits" from being used to buy expensive items. The usual cash figure that invokes special laws is $10,000, with "structuring" of sub-$10K cash transfers an additional issue. I foresee more restrictions coming, not fewer. Several of us have written extensively on this subject. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From pfarrell at netcom.com Thu Sep 7 18:18:20 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 18:18:20 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <76629.pfarrell@netcom.com> "Peter Trei" writes: > I think we can infer from this that the USG has, or soon expects to have, > the ability to brute 64 bits of key. That is what I heard (implied) too. If not today, in a reasonably foreseeable future. Remember, this is not an issue today, only weirdos such as the c'punks care today. The govies move slowly. They are setting the stage for tomorrow. >> It is clear that this meeting is a shame. Everyone in industry > A shame certainly, but I suspect you meant 'sham' (not a spelling flame, > the difference in meaning is important). Sorry for the typo, yes, I meant sham, fake, theater, all smoke and mirrors, nothing sincere, etc. See reference to "stage" above. All typos are mine. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From sdw at lig.net Thu Sep 7 18:49:37 1995 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 7 Sep 95 18:49:37 PDT Subject: Commercial Speech over Internet product In-Reply-To: Message-ID: > > Here's an article about a commercial company that is doing speech > >over the Internet. Maybe someone would like to help them add encryption. > > --Bob Baldwin, speaking for myself only. > > The program is a sound-listening extention for web-browsers. There is > really no use for crypto because it's only processing information which > is already public. That's not necessarily true: I could setup a web server to only listen to a socket that a local ssh socket proxy could connect to. Restrict the ssh session for a particular key to only allow connection to that one socket. Then the connecting party would need ssh running with socket proxy near(er) their client system and the public key. Assuming that you have a Unix workstation with audio listening software or a nearby PC it would be easy to setup. Internet/Web accessible RSA protected, session encrypted voice mail. Now if someone would just port ssh to the PC as a selective Winsock wedge... (I'd love an example of Winsock wedge code (A la Surfwatch)!!!) I have a neighbor that develops one of the commercial TCP/IP stacks, so it's quite possible I could convince him to help. With things like ssh, it's already very easy to create secure tunnels. It wouldn't be too tough to modify a proxy to use ssh style connections if an initial connection was found to be encrypted (or a key was cached for a URL). Of course, IPsec is coming... sdw -- Stephen D. Williams 25Feb1965 VW,OH (FBI ID) sdw at lig.net http://www.lig.net/sdw Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011 OO/Unix/Comm/NN ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95 From doug at Eng.Auburn.EDU Thu Sep 7 19:05:07 1995 From: doug at Eng.Auburn.EDU (Doug Hughes) Date: Thu, 7 Sep 95 19:05:07 PDT Subject: Notes from NIS&T Key Escrow Export conference. In-Reply-To: <76629.pfarrell@netcom.com> Message-ID: On Thu, 7 Sep 1995, Pat Farrell wrote: > > >> It is clear that this meeting is a shame. Everyone in industry > > A shame certainly, but I suspect you meant 'sham' (not a spelling flame, > > the difference in meaning is important). > > Sorry for the typo, yes, I meant sham, fake, theater, all smoke and > mirrors, nothing sincere, etc. See reference to "stage" above. > > In this context, I think burlesque fits remarkably well. ;) (Brings to mind a bunch of cross-dressors doing big theatre numbers in exotic costumes) ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug at eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that" From unicorn at polaris.mindport.net Thu Sep 7 19:12:32 1995 From: unicorn at polaris.mindport.net (Black Unicorn) Date: Thu, 7 Sep 95 19:12:32 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Duncan Frissell wrote: > > > On Wed, 6 Sep 1995, Buford Terrell wrote: > > > How could crypto put lawyers out of business? People would still > > have disagreements; plans would still go wrong; cars would still > > crash. More important, transactions would still need to be > > structured to carry out the desires of the parties while minimizing > > risks. > > > > Good communications technology, including crypto, could make lawyering > > more efficient, but I suspect the savings would be minimal. > > Well, if crypto reduces the role of government in human affairs, it will > reduce work for lawyers. This first, I see.... Telecoms will certainly break the professional > monopoly of lawyers (and other professionals). This I don't. How do you mean exactly? > > DCF > From hallam at w3.org Thu Sep 7 19:17:10 1995 From: hallam at w3.org (hallam at w3.org) Date: Thu, 7 Sep 95 19:17:10 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: <9509080216.AA07325@zorch.w3.org> >Nope. but the patriots & the cyPHerpunks share a common goal, and belief >that it is none of the government's business what we think or want to >share with our computers. Poor you, the only major political party to come out with a pro crypto statement is a socialist party. The problem is currently with the right wing, right wing democrats such as Clinton and practically all the Republicans. Crypto is outsi]de the left right debate which centers on ecconomic goals, whether to help the poor or the rich. The crypto debate is on the authoritarian/libertarian axis which is orthogonal. Geroge Orwell was a socialist, John Stuart Mill a Liberal, both had very anti-authoritarian views which used to be known as libertarian. If you want a debate on how to convince the authoritarians then perhaps you will get some interest. Trying to make crypto control out to be a left/right or pro/anti gun control issue is no more relevant than the pro/anti abortion debate. Phill From robl at on-ramp.ior.com Thu Sep 7 19:33:40 1995 From: robl at on-ramp.ior.com (Rob L) Date: Thu, 7 Sep 95 19:33:40 PDT Subject: Collection of personal info In-Reply-To: Message-ID: > > Welcome, you will learn a lot of great material here, and yes it is > neato. I just wish it came pre-installed with WinDoze... Don't worry, as soon as it becomes polically correct, and MS can find a way to make $$ on it, it will be rammed down our throats in WinDoze.. :) From robl at on-ramp.ior.com Thu Sep 7 19:40:22 1995 From: robl at on-ramp.ior.com (Rob L) Date: Thu, 7 Sep 95 19:40:22 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: > > > > Was this really needed? > > Yes, it is my bet that there are some patriots in this list. The desire > to protect one's privacy is a very "patriot" thiung to want to do. > CyPherpunks appears to be a lot of peole who are against big brothert > government, and quite probably for restoring the constitution...am I right? I am one as well.. being pro-2nd amendment, and pro-1st.. and learning lots about the fight to protect them. Unlike some of the non-US readers in this list, I can see the clear connection between the 1st and 2nd amendment attacks.. if one falls, the other does as well. Both are slowly being whittled away to nothing (i.e. you can have only certain 'assault-style' guns, and you can only be guaranteed certain types of free speech) RobL From pfarrell at netcom.com Thu Sep 7 19:52:19 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 7 Sep 95 19:52:19 PDT Subject: Key Escrow Papers Message-ID: <81288.pfarrell@netcom.com> John Young writes: > Perhaps someone, Pat Farrell or another, would be willing > to make them available on a homepage or ftp site. If so we > will send them over. I will gladly put up any nist-meeting papers, comments, drafts, etc. on my webpage. Please send them to me. (pfarrell at netcom.com) I am even willing to type in some, but that is known to cause typos, as I can't type, and even spellcheckers can't tell real words such as 'sham' from 'shame' Right now, I'm pretty down on the two days, but lets keep the information flowing. Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include From don at cs.byu.edu Thu Sep 7 19:58:18 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Thu, 7 Sep 95 19:58:18 PDT Subject: Announce: Web of Trust Ring Message-ID: <199509071832.MAA00480@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- WEB OF TRUST KEYRING GENERATION PROJECT I have completed my project to make a condensed version of the keyserver PGP keyrings, containing only the "web of trust" inter-related keys. My methods were rather crude, and unfortunately only extracted those people who have signed someone (already on the list) else's key. That means that people who are well connected on the web of trust are included, while those people who only receive signatures from well-connected people are not included. The keyfile is approximately 1 megabyte, as opposed to 5-6 in the keyservers. Building it required 12 successive passes to the MIT keyring, each requiring 4-6 hours on my poor 386. I also made a subsequent pass using the UNIMI keyring. To seed the list I used warlord at mit.edu (Uh Derek? Hello??) and those keynumbers that cpunks mailed me. (Unfortunately some people sent only their key blocks, which I didn't use. Also, my server "lost" mail _twice_ due to "disk crash" while I was collecting key numbers.) I assume that requiring 13 passes means that the longest possible chain with a single connection (not necessarily a trust connection) to one of the seed keys is 12 keys. All included keys are exactly as they are on keyservers. The keyring can be trivially validated as much as possibly simply by validating one of the well-connected keys, like the ones that come with PGP. Warning: not responsible for assigning trust levels for all those people. That's your job. Have fun. Why did I do this: 1) Because I wanted to. 2) Because I really had nothing better to do with my CPU time. 3) wait, wait, ok for reals: 1) Because I want a web of trust keyring for myself, and that big old 5+ meg clunker keyfile is tooooo slow to use. 2) Because I feel that a DNS-style keyserver would not suit many web-of-trust activities that I wanted the keyring for, IE: pgp aware tools like news and mail readers for on-the-fly validation. 3) Because I feel that a system like this would encourage strengthening the web-of-trust, ie, trusting the KEYS. The current system has a lot of disjointed keys (uh, 4 meg worth I guess, eh?) which I found myself trusting simply because they were on the Keyservers. While this facilitates creation of a stable nym(*), real or not, I found myself even trying to justify to others trusting a key simply because it was on a keyserver. * = I agree with Bill Steward that we are a bit obsessed on True Names(tm) bit. I understand when Someone(tm) like Derek Atkins wants to see a True Name ID card(tm), but I'm sympathetic to having Nym signing, with the problem to overcome being simply the man-in-the-middle thwarting. Updates: Currently I am not really planning to do much in the way of updates to this, unless people actually are interested in updates. To be frank, this keyring is what I'm dropping into my own PGP, other than that it's not too exciting. If you get a copy, please tell me what you think of the project. The location is ftp to bert.cs.byu.edu, pub/donring.pgp. Unfortunately I don't know if you can tack that together as a ftp:// address. If you do, try ~ftp/pub/donring.pgp for good measure. I have suggested in the past that keyserver software could be modified to update the web of trust (using a keyfile such as mine for a base) instead of accepting just any key. I am not capable of making such modifications to the keyserver program, nor do I know of a keyserver operator who is willing to run such a system. A "for real" web of trust keyserver would want to fully expand my keyring by adding what I left out - those keys who are signed by included keys, but are not themselves included because they were not a seed and have not signed an included key. Having coded that, an update system that checks for a relation to a already-included key would be trivial. A second issue is that "The Web" of trust depends on the keys used to seed it. It's very possible that many of unimi's (for example) key file (500k bigger than MIT) keys do not have signatures connecting them to the people who came out with PGP, but have a robust web of trust none the less. Unless the project can obtain a seed which connects to that web, none of it is included. However, as I stated, that is a fact which will _encourage_ people to seek each other out for key signing. I suppose I could also make a list of the keyring generation script, if anyone actually wanted to ftp it. It would take between 15 and 35 hours to run on a 386 Linux box such as mine, mere hours on a big, fast box. There is really no need for it except to regenerate the keyring, for paranoia purposes or other reasons. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME6dqsLa+QKZS485AQFiBwL/boAb6BOdvcVHVyV+rGRmMTNk8iibcXvX kdngbRLrBEc2r4pJkuNpDvT2M/GmmGEGYxiAXKV9LDmWa7RLnCicjidP1RJVcu+3 xtVeO9PF+4ZecgEUJl4j6JdPEE52guOr =nm0W -----END PGP SIGNATURE----- fRee cRyPTo! jOin the hUnt or BE tHe PrEY PGP key - http://bert.cs.byu.edu/~don or PubKey servers (0x994b8f39) June 7&14, 1995: 1st amendment repealed. Death threats ALWAYS pgp signed * This user insured by the Smith, Wesson, & Zimmermann insurance company * From modemac at netcom.com Thu Sep 7 20:15:52 1995 From: modemac at netcom.com (Modemac) Date: Thu, 7 Sep 95 20:15:52 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <199509080312.UAA03808@netcom15.netcom.com> News Flash! According to an informed source, the so-called "church" of Scientology is trying to force Larry Wollersheim to give them his de-encryption code for PGP. Larry Wollersheim is the director of FACTNet, a Colorado BBS that specializes in distributing information about religious cults - especially the Church of Scientology. Scientologists raided FACTNet recently and seized its hardware and records recently, in a case that has spread news of the Scientology wars all over the Internet. Scientology has been in possession of Larry Wollersheim's computer records for quite a while now - at least three weeks, I believe. They have been scanning it for what they claim to be "copyright violations." Yet, their list of scanning criteria also includes a list of 34 names of their critics and enemies, including a famous Netizen named "Rogue Agent." Yet it seems that despite all their efforts to get what they want, they can't break PGP - so they have to force Wollersheim to reveal the key. Mr. Wollersheim has stated that he will go to jail before he reveals his encryption key. Please forward this note to all interested parties. Call this one: BIG WIN FOR PGP! For more information on Scientology's war against the Internet, read the many Web pages set up to cover the story. My own page, an "Introduction to Scientology," is: http://www.tiac.net/users/modemac/cos.html It includes a link to the FACTNet Web page, as well as Ron Newman's famous Web page: "The Church of Scientology vs. the Net." From tcmay at got.net Thu Sep 7 20:26:22 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 20:26:22 PDT Subject: Correction about who opposes crypto regulations.... Message-ID: At 2:16 AM 9/8/95, hallam at w3.org wrote: >>Nope. but the patriots & the cyPHerpunks share a common goal, and belief >>that it is none of the government's business what we think or want to >>share with our computers. > >Poor you, the only major political party to come out with a pro crypto >statement >is a socialist party. On the contrary, the Libertarian Party has come out strongly in favor of cryptography and privacy, and they are consistently either #3 or #4 in popularity. (I believe Peace and Freedom is usually #4 and LP is usually #3.) Their home page (http://www.access.digex.net/~lphq/lphq.html) says: "The LPHQ is the center of activities of the Libertarian Party, the third largest political party in the U.S. We stand for individual liberty, both in terms of personal and financial freedom." It is impossible to argue that the Libertarian Party is opposed in any way to the right to encrypt, and their 1994 platform makes this clear: "We oppose all proposed regulations of civilian research on encryption methods. We also oppose government classification of such research or requirements that deciphering methods be disclosed to the government." I point this out not to argue in favor of the LP here, but to correct a seriously incorrect statement. --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From tcmay at got.net Thu Sep 7 20:31:29 1995 From: tcmay at got.net (Timothy C. May) Date: Thu, 7 Sep 95 20:31:29 PDT Subject: Shams and Shame Message-ID: At 2:34 AM 9/8/95, Pat Farrell wrote: >I am even willing to type in some, but that is known to cause typos, >as I can't type, and even spellcheckers can't tell real words >such as 'sham' from 'shame' Yeah, it's a real sham you can't spel. --Tin May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Thu Sep 7 20:40:09 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 7 Sep 95 20:40:09 PDT Subject: cryptography eliminates lawyers? In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Black Unicorn wrote: > Telecoms will certainly break the professional > > monopoly of lawyers (and other professionals). > > This I don't. How do you mean exactly? Licensing requires the ability to outlaw unlicensed transactions. Since the Net trumps censorship and allows consultations at a distance, it cracks licensing, DCF From dr261 at cleveland.Freenet.Edu Thu Sep 7 21:06:29 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 21:06:29 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509080406.AAA25183@kanga.INS.CWRU.Edu> >I hope this gets to you before the conference is over. I would REALLY >like to hear the government response to the question: >"If keys are escrowed, what purpose does a 64 bit limit serve?" I thought that Bruce Schneier (sp?) had a good point at DefCon: (something like:) "The US Government thinks that there is a type of criminal smart enough to use encryption and dumb enough to use encryption provided by the US Government..."(lots of applause). I think that is a good point. Of course, if all non-escrowed encryption techniques were made illegal, then the criminals would just have another broken law under their belt if they used strong encryption. After all, an outlaw is an outlaw because he has broken laws, so what sense does it make to make more laws for him to break? Hmph. Also, semi unrelated: How do the copyright, pornography, and California Penal Code 502.7 laws fit in with the first ammendment? [Please send a cc: of any replies to dr261 at cleveland.freenet.edu because I am no longer on cypherpunks )-: I can't handle the mail volume any longer now that I have homework to do.. ] -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From joelm at eskimo.com Thu Sep 7 21:29:12 1995 From: joelm at eskimo.com (Joel McNamara) Date: Thu, 7 Sep 95 21:29:12 PDT Subject: NIST Escrow Papers - Now Web Available Message-ID: <199509080429.VAA22176@mail.eskimo.com> Several of the scanned hand-outs (courtesy of John Young) for the NIST September 5 workshop on key escrow are now available on my Web page: http://www.eskimo.com/~joelm Papers include: The outlines of meeting topics of Raymond Kammer of NIST and Michael Nelson of the White House. (KAMMER.TXT - 7kb) Discussion Paper No. 4, "Example Potential Solutions for the Draft Export Criteria for Software Key Escrow Encryption," which offers example solutions for each of the ten criteria. (CRITERIA.TXT - 7kb) The Business Software Alliance's dissenting blast at the government's key escrow proposal and export limit. This paper was loudly applauded. (BSA.TXT - 19kb) Trusted Informations Systems's "Thoughts on the NIST Escrow Issues Meeting Discussion Papers." (TIS.TXT - 27kb) TECSEC Incorporated's "Private Escrow Key Management: A Method and its Issues." (TECSEC.TXT - 13kb) Dorothy Denning's "Comments on Draft Criteria for Software Key Escrow Exportability" and "Comments on Issues for Key Escrow Agents." (DENNING.TXT - 8kb) From yihchun at u.washington.edu Thu Sep 7 21:38:04 1995 From: yihchun at u.washington.edu (Yih-Chun Hu) Date: Thu, 7 Sep 95 21:38:04 PDT Subject: ON OFF-TOPIC In-Reply-To: <9509080216.AA07325@zorch.w3.org> Message-ID: On Thu, 7 Sep 1995 hallam at w3.org wrote: > > >Nope. but the patriots & the cyPHerpunks share a common goal, and belief > >that it is none of the government's business what we think or want to > >share with our computers. > > Poor you, the only major political party to come out with a pro crypto statement > is a socialist party. I think the libertarian position is inherently pro-crypto. Besides, the French are socialist, and well, as far as crypto goes... > > The problem is currently with the right wing, right wing democrats such as > Clinton and practically all the Republicans. > Whatever. Clinton proposed crypto, some democrat wrote the electronic decency act. (In fact Gingrich was against it) > If you want a debate on how to convince the authoritarians then perhaps you will > get some interest. Trying to make crypto control out to be a left/right or > pro/anti gun control issue is no more relevant than the pro/anti abortion > debate. I think that to some extent it is very relavant to gun control in that both can be abused and that both help the law-abiding citizen do things. +---- Yih-Chun Hu (finger:yihchun at cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun at cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun at u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+ From rsalz at osf.org Thu Sep 7 21:38:16 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 7 Sep 95 21:38:16 PDT Subject: Usenix symposium on crypto applications Message-ID: <9509080437.AA08201@sulphur.osf.org> Newsgroups: comp.org.usenix,comp.org.uniforum,comp.org.sug,comp.unix.admin,comp.unix.large,comp.org.decus,comp.security.unix Path: paperboy.osf.org!bone.think.com!blanket.mitre.org!agate!spool.mu.edu!howland.reston.ans.net!tank.news.pipex.net!pipex!in2.uu.net!usenix!toni >From: toni at usenix.org (Toni Veglia) Subject: 6th USENIX UNIX Security Symposium - Call-for-Papers Message-ID: Reply-To: toni at usenix.org (Toni Veglia) Organization: USENIX Association, Berkeley, CA Date: Wed, 6 Sep 1995 19:25:37 GMT Lines: 218 Xref: paperboy.osf.org comp.org.usenix:3623 comp.org.uniforum:20 comp.org.sug:940 comp.unix.admin:33851 comp.unix.large:1699 comp.org.decus:6147 comp.security.unix:19702 Announcement and Preliminary Call for Papers 6th USENIX UNIX Security Symposium Focusing on Applications of Cryptography July 22-25, 1996 Fairmont Hotel San Jose, California Sponsored by the USENIX Association, the UNIX and Advanced Computing Systems Professional and Technical Association Co-sponsored by UniForum (pending) In cooperation with: The Computer Emergency Response Team (CERT), and IFIP WG 11.4 Important Dates Dates for Refereed Paper Submissions Extended abstracts due: Mar 19, 1996 Program Committee decisions made: Apr 15, 1996 Camera-ready final papers due: June 10, 1996 Registration Materials Available: End April 1996 Program Committee Program Chair: Greg Rose, Sterling Software. Fred Avolio, Trusted Information Systems, Inc. Steve Bellovin, AT&T Bell Laboratories Brent Chapman, Great Circle Associates Diane Coe, Mitre Ed DeHart, CERT Dan Geer, Open Market Inc. Peter Gutmann, University of Auckland Kent Landfield, Sterling Software Clifford Neuman, Information Sciences Institute Avi Rubin, Bellcore Eugene Spafford, COAST Laboratory, Purdue University Ken van Wyk, Defense Information Systems Agency Karen Worstell, The Boeing Company Readers: Matt Bishop, U.C. Davis; Phil Karn, Qualcomm Overview The goal of this symposium is to bring together security and cryptography practitioners, researchers, system administrators, systems programmers, and others with an interest in applying cryptography, network and computer security, and especially the area where these overlap. The focus on applications of cryptography is intended to attract papers in the fields of electronic commerce and information processing, as well as security. Please note that papers about new cryptographic algorithms are not solicited; however new applications are. This will be a four day single track symposium with tutorials, refereed and technical presentations, and panel discussions. Tutorials will take place the first two days followed by two days of technical sessions. Tutorials July 22-23 Tutorials for both technical staff and managers will provide immediately useful, practical information on topics such as local and network security precautions, what cryptography can and cannot do, security mechanisms and policies, firewalls and monitoring systems. Technical Sessions July 24-25 In addition to the keynote presentation, the technical program includes refereed papers and invited talks. There may be panel sessions. There will be Birds-of-a-Feather sessions and Works-in- Progress Reports on two evenings. You are invited to make suggestions to the program committee via email . Papers that have been formally reviewed and accepted will be presented during the symposium and published in the symposium proceedings. Proceedings of the symposium will be published by USENIX and will be provided free to technical session attendees; additional copies will be available for purchase from USENIX. Symposium Topics Presentations are being solicited in areas including but not limited to: *Anonymous transactions *Applications of cryptographic techniques *Attacks against secure networks/machines *Cryptanalysis and codebreaking as attacks *Cryptographic tools *Electronic commerce security *Firewalls and firewall toolkits *Legislative and legal issues *Case studies *Computer misuse and anomaly detection *File and File system security *Network security *Security and system management *Security in heterogeneous environments *Security incident investigation and response *Security tools *User/system authentication *Penetration testing *Malicious code analysis Note that this symposium is not about new codes or ciphers, or cryptanalysis for its own sake. How to Submit a Refereed Paper Submissions must be received by Mar 19, 1996. Authors are encouraged to submit an extended abstract which discusses key ideas and demonstrates the structure of the finished paper. Extended abstracts should be 3-5 pages long (about 1500-2500 words), not counting references and figures. The body of the extended abstract should be in complete paragraphs. The object of an extended abstract is to convince the reviewers that a good paper and presentation will result. Full papers can be submitted if they are complete in advance of the date. Full papers should be 8 to 15 typeset pages. Authors will be notified of acceptance on April 15, 1996. All submissions will be judged on originality, relevance, and correctness. Each accepted submission will be assigned a member of the program committee to act as its shepherd through the preparation of the final paper. The assigned member will act as a conduit for feedback from the committee to the authors. Camera-ready final papers are due June 10, 1996. Please accompany each submission by a cover letter stating the paper title and authors along with the name of the person who will act as the contact to the program committee. Please include a surface mail address, daytime and evening phone number, and, if available, an email address and fax number for the contact person. If you would like to receive detailed guidelines for submission and examples of extended abstracts, you may send email to: securityauthors at usenix.org or telephone the USENIX Association office at +1 510 528 8649. The UNIX Security Symposium, like most conferences and journals, requires that papers not be submitted simultaneously to another conference or publication and that submitted papers not be previously or subsequently published elsewhere. Papers accompanied by "non-disclosure agreement" forms are not acceptable and will be returned to the author(s) unread. All submissions are held in the highest confidentiality prior to publication in the Proceedings, both as a matter of policy and in accord with the U.S. Copyright Act of 1976. Where To Submit Please send one copy of an extended abstract or a full paper to the program committee via each of two, for reliability, of the following methods. All submissions will be acknowledged. o Preferred Method: email (Postscript or ASCII) to: securitypapers at usenix.org o Alternate Method: postal delivery to Security Symposium USENIX 2560 Ninth St., Ste. #215 Berkeley CA 94710 U.S.A. Phone: +1 510 528 8649 o Fax: +1 510 548 5738 Registration Materials Materials containing all details of the technical and tutorial programs, registration fees and forms, and hotel information will be available at the end of April 1996. If you wish to receive the registration materials, please contact USENIX at: USENIX Conference Office 22672 Lambert Street, Suite 613 Lake Forest, CA USA 92630 +1 714 588 8649; Fax: +1 714 588 9706 email: conference at usenix.org Information can also be found under the USENIX Association WWW page URL: http://www.usenix.org From don at cs.byu.edu Thu Sep 7 21:47:47 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Thu, 7 Sep 95 21:47:47 PDT Subject: Ring: Server problem Message-ID: <199509072022.OAA00701@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- AAAAAAAAAAAKKKKKKKKK My server has had problems with both incoming ftp and rz. Not only is it very flakey, but they've mis-applied a timeout lately, meaning I have to press a key every 10 minutes during ftp or the process gets killed. Oh, and they did that just before becoming very busy. I delayed announcing my keyring until I could physically transfer the keyring by disk. After getting mail reporting it being corrupted, I had to delete it. It's possible that when I mounted my disk, it could have defaulted into an ascii conversion. I am currently trying to uuencode the entire file and mail it to myself from my local machine. (Heh) If that fails, the keyring will unfortunately not be available until tomorrow, when I can physically transfer it. Sorry for the delay. Don -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME9UYcLa+QKZS485AQFiAAL/bOEgCAeQVPfIzaU3fbRzowK+Wh+lwgaY TY/O9DssheM34qbQcaM3qx9/7Gv4J+kamvhNOgNPhInsQ9ZATKFFtfbPTKimH/jm dP6g51WxbhdQV6mUdXoPT1z1yFAUPEiL =HaPy -----END PGP SIGNATURE----- From nobody at REPLAY.COM Thu Sep 7 21:50:51 1995 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 7 Sep 95 21:50:51 PDT Subject: GAK In-Reply-To: Message-ID: <199509080450.GAA29735@utopia.hacktic.nl> In article , bdavis at thepoint.net (Brian Davis) wrote: >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). Speaking only for myself, I would resist government access to my data or property. Court orderd warrant or not. I firmly believe that the majority of "lawful" acts the goverment in its various incarnations commits every day is in violation of not only the US Constitution, but of the natural rights given to me as part of my humanity. I therefore hold that I have right, if not the duty, to resists these acts in anyway possible, upto and including the use of lethal force. The number of citizens who share this opininon are growing every day. --anon, due to the denoucement of the Bill of Rights by the criminals in high office. From bdavis at thepoint.net Thu Sep 7 22:00:47 1995 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 7 Sep 95 22:00:47 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Yih-Chun Hu wrote: > On Thu, 7 Sep 1995 hallam at w3.org wrote: > > Whatever. Clinton proposed crypto, some democrat wrote the electronic ^^^^^^^^^^^^^^^^^^^^^^^ Sorry. Clipper precedes Clinton. > decency act. (In fact Gingrich was against it) EBD From dr261 at cleveland.Freenet.Edu Thu Sep 7 22:46:38 1995 From: dr261 at cleveland.Freenet.Edu (Tobin T Fricke) Date: Thu, 7 Sep 95 22:46:38 PDT Subject: Magazine / Goodbye Message-ID: <199509080546.BAA27342@kanga.INS.CWRU.Edu> Hello, everyone.. I am posting this to let everyone know that I am starting a semitechnical magazine titled _The_Carrier_Wave_. It will be published every two months to begin with, and hopefully monthly if I receive enough material. I am requesting articles, columns, news, bits, etc.. Whenever anything -interesting- happens, I'd appreciate it if someone could write a long or short blurb about it and forward it to me. Events, meetings, tradeshows, milestones, new algorithms... Stories about PGP, Clipper, etc... Use this to get the word out. If someone could run a "Cryptography Column" or "CryptoNews" or a Cypherpunks column, that would be great... If you are interested, please send me mail at dr261 at cleveland.freenet.edu.. Also note, I have unsubscribed to Cypherpunks because I will be very busy lately and an overflowing mailbox is undesirable. Thanks! !!! -- Tobin Fricke (aka LightRay) The Digital Forest BBS (714)586-6142 dr261 at kanga.ins.cwru.edu KE6WHF Amateur Radio, 1:103/925 fido From jlasser at rwd.goucher.edu Thu Sep 7 23:31:04 1995 From: jlasser at rwd.goucher.edu (Jon Lasser) Date: Thu, 7 Sep 95 23:31:04 PDT Subject: ON OFF-TOPIC In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Yih-Chun Hu wrote: > > The problem is currently with the right wing, right wing democrats such as > > Clinton and practically all the Republicans. > > > > Whatever. Clinton proposed crypto, some democrat wrote the electronic > decency act. (In fact Gingrich was against it) Well, Gingrich SAID he was against it. But he hedged even on that, and he certainly didn't DO anything about his opposition to it, unlike his actions with regard to things he truly supports. Jon ------------------------------------------------------------------------------ Jon Lasser (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key. From wilcoxb at nag.cs.colorado.edu Thu Sep 7 23:35:23 1995 From: wilcoxb at nag.cs.colorado.edu (Bryce Wilcox) Date: Thu, 7 Sep 95 23:35:23 PDT Subject: Announce: Web of Trust Ring In-Reply-To: <199509071832.MAA00480@wero.byu.edu> Message-ID: <199509080635.AAA01087@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- > WEB OF TRUST KEYRING GENERATION PROJECT > > I have completed my project to make a condensed version of the keyserver > PGP keyrings, containing only the "web of trust" inter-related keys. My > methods were rather crude, and unfortunately only extracted those people > who have signed someone (already on the list) else's key. That means that > people who are well connected on the web of trust are included, while > those people who only receive signatures from well-connected people are > not included. A very interesting project! Can you give us some data like how many is the maximum number of hops necessary to connect two people on the WoT? (I am aware that one wouldn't want to trust such a connection, and that PGP doesn't actually allow you to do so for hops > 2...) (P.S. I guess "12" based on the number of passes necessary. That seems like a really high number to me...) Are any obvious pseudonyms in? (I would guess not.) I wonder what sorts of statistical analyses could be done on this WoT? Is it fairly evenly spread out or are the noticeably larger "clumps" of mutual signatures? How many keys *are* there in this (subset of the) WoT? Here's a question: for two randomly selected members of your WoT, how many signatures would a Man In The Middle have to fake in order to isolate the one member from the other? Thanks for this, Don. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox at colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Bryce's Auto-PGP v1.0beta3 iQCVAwUBME/kDPWZSllhfG25AQHGFAQApDoogEs7Dv8+ncQYAR7NUStvL2acs9x3 j5aEeF/GpA6kKZD/Rw6FO5vqCXol/fJ0oGgwgTBPzJAF2ZfUQ6P1KQJweAebDuNs 2JlBjEkTpaDgQ6PwPFwzEr02nP06wE0mF5ssdDvd2LcIbVdDY2XB7jyXh4+AC1fP +lRujkScF0M= =/ef6 -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Fri Sep 8 00:00:48 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 00:00:48 PDT Subject: Notes from NIS&T Key Escrow Export conference. Message-ID: <199509080700.AAA23137@ix3.ix.netcom.com> At 11:26 AM 9/7/95 -6, Peter Trei wrote: >"If keys are escrowed, what purpose does a 64 bit limit serve?" A 64 bit limit serves lots of purposes, like letting the NSA crack stuff; I suspect escrow is being used as an excuse to get big vendors to standardize on wimpy 64-bit crypto as much as anything else. >Secondarily, I observe that this apparently precludes the use of OTP. Not to the devious (though the devious may not be able to get export approval) After all, you could escrow a _lot_ of 32-bit OTPs :-) (yeah, I know, the requirement that you identify which escrowed key is being used makes that less than useful, unless the final standard comes out with clear, unambiguous language which fails to cover all cases and can therefore be abused - that's one problem with the current "ask the NSA" rule.) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From starrd at iia2.org Fri Sep 8 00:10:47 1995 From: starrd at iia2.org (starrd) Date: Fri, 8 Sep 95 00:10:47 PDT Subject: Scientology and police visit XS4ALL Amsterdam In-Reply-To: <9509071507.AA08037@cantina.verity.com> Message-ID: On Thu, 7 Sep 1995, Patrick Horgan wrote: > I know who you're referring to by saying co$, but what do co$ mean? > Co-DollarSign? Co-Dollar? > Church of $cientology [the $ replacing the S because their true goal is profit, not help] ||||||||||||email address: starrd at iia2.org or starrd at cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK----- From hal9001 at panix.com Fri Sep 8 00:12:11 1995 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Fri, 8 Sep 95 00:12:11 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: At 10:22 9/7/95, Timothy C. May wrote: >(Ironically, I just heard about a case in Texas where a judge ordered a >mother to stop speaking in Spanish to her child at home, calling it "child >abuse." The implications of this are self-evident.) You have the facts slightly wrong. The order was no to stop talking Spanish and to use English but only to Not use Spanish EXCLUSIVELY but to also use English (so as to allow the Child to Grow up in a Bilingual Environment). Waiting until the child was old enough to go to school would put the Child at a disadvantage in learning English since the window of Chance for Language Skill Pickup would have closed. From don at cs.byu.edu Fri Sep 8 00:26:07 1995 From: don at cs.byu.edu (don at cs.byu.edu) Date: Fri, 8 Sep 95 00:26:07 PDT Subject: Announce: Web of Trust Ring Message-ID: <199509072300.RAA00742@wero.byu.edu> -----BEGIN PGP SIGNED MESSAGE----- First: after mailing myself the file in 16k chunks... the ring is up, and intact. The only difference from what the original was supposed to be is that both of my keys are now assigned a trust of unknown instead of undefined. *shrug* From: Bryce Wilcox >A very interesting project! Can you give us some data like how many is the >maximum number of hops necessary to connect two people on the WoT? (I am >aware that one wouldn't want to trust such a connection, and that PGP >doesn't actually allow you to do so for hops > 2...) My original message details the brute-force approach I took, and the imperfections that it intails. If everybody who signed a key recieved a signature back from the same person, the ring I generated really would be "The" WoT. (I don't mean to center on "my ring" versus local WoTs that people have, but I centered around Warlord, Zimmermann, and Jeff S., and seeing as how those happen to be keys that come with PGP, that's where I'd imagine most people would start looking.) Unfortunately, there are a lot of nobodies included just because they signed someone elses key. For the same reason, someone who was signed by a well-known key, but didn't sign back, and didn't sign anybody elses key who was included, didn't make it to the ring. Imperfections aside, the ring is 4.5 meg smaller than the unimi keyring, which makes it Pretty Good[tm]. (ha ha) I forgot to mention it before, but this keyring is most accurately described as a keyring full of some of the people who are more relevant to the Web of Trust than lots of the people who aren't in the keyring. PGP lets you define how many levels of trust you want. Due to the way in which the ring was constructed, I'd guess that the longest chain could not be longer than 6-8 keys. >(P.S. I guess "12" based on the number of passes necessary. That seems >like a really high number to me...) No kidding. I ran the program with high priority most of the time, but I was doing on my home 386... Hence the 4-6 hour runtimes per pass. >Are any obvious pseudonyms in? (I would guess not.) YEEEEEEESSSSSSS, there are. (Hint: check for @whitehouse.gov) >I wonder what sorts of statistical analyses could be done on this WoT? It's still full of _nobodies_ who only got in because they signed a known key of someone they never met and mailed it to a keyserver. Unfortunately, I don't have the technical abilities to check for mutual signatures, or only include keys that are signed by someone already in the WoT. That's _my_ expert statistical analysis... >Is it fairly evenly spread out or are the noticeably larger "clumps" of >mutual signatures? How many keys *are* there in this (subset of the) WoT? There's a couple people that have half a zillion sigs. Many people have signed someone else's key but have noone else's sig on their own. >Here's a question: for two randomly selected members of your WoT, how many >signatures would a Man In The Middle have to fake in order to isolate >the one member from the other? If we talk about the WoT instead of the WoN (web of nobodies) then I would guess faking 2-3 specific (attacker-chosen) people would cut off a good share of the keys, 4-5 for many more, and about 500 (ok, maybe only 15-25) for some of the well connected people. For jargon's sake we can call those the Dial-up, the ISDN and the T3 people respectively. >Thanks for this, Don. :) - -Don the Dialup -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBME95P8La+QKZS485AQHmHQMAs0UXaSan5PWDfppPU1WCNuz7eiXgpxeS Y+2vHc1ZofT+Mq99Y2+aMgZGPasowQ/zdLIf4mNLZR1QNEf7eUf9wCLXY2fH5REw t4uwpvRlz9TkkaUbwSmW+kBXept8H7WE =8kPL -----END PGP SIGNATURE----- From goedel at tezcat.com Fri Sep 8 02:06:18 1995 From: goedel at tezcat.com (Dietrich J. Kappe) Date: Fri, 8 Sep 95 02:06:18 PDT Subject: Why Key Escrow (GAK) is So Bad Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >At 10:22 9/7/95, Timothy C. May wrote: >>(Ironically, I just heard about a case in Texas where a judge ordered a >>mother to stop speaking in Spanish to her child at home, calling it "child >>abuse." The implications of this are self-evident.) > >You have the facts slightly wrong. The order was no to stop talking Spanish >and to use English but only to Not use Spanish EXCLUSIVELY but to also use >English (so as to allow the Child to Grow up in a Bilingual Environment). >Waiting until the child was old enough to go to school would put the Child >at a disadvantage in learning English since the window of Chance for >Language Skill Pickup would have closed. (drifting wildly off topic...) Consider me exhibit A that speaking only German in the home until age 17 does not diminish ones language skills. In fact, (drifting...) it was only until I began speaking English to the exclusion of German that my language skills began to decline. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMFAVMnIf3YegbdiBAQGHEQJWLnmpNDvyxYnj92AB+nQXcR3ys0TorYVQ EoIAJAi+hyARme8291R7Ky6PeCdGNXOlEVpdVchh2MO/rpgI/Zn1OwjaPMpFrFZd 1ph7 =M/sp -----END PGP SIGNATURE----- Dietrich J. Kappe | Red Planet http://www.redweb.com/ Red Planet, L.L.C.| "Chess Space" /chess 1-800-RED 0 WEB | "MS Access Products" /cobre Web Publishing | PGP Public Key /goedel/key.txt From alano at teleport.com Fri Sep 8 02:10:18 1995 From: alano at teleport.com (Alan Olsen) Date: Fri, 8 Sep 95 02:10:18 PDT Subject: Key Escrow Papers via FTP Message-ID: <199509080910.CAA04960@desiree.teleport.com> The papers on Key Escrow scanned by John Young are available for FTP from: ftp://ftp.teleport.com/pub/users/alano/nist.zip They have been seperated into seperate text files (7 in all). I will have an HTML version available from my web page soon. (I am in the process of converting the text to something HTMLlike.) Comments/flames/etc can be sent my way, to John Young (jya at pipeline.com) and/or to /dev/null (davenull at netscape.com). Enjoy! | Visualize whirled keys | alano at teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | | From frissell at panix.com Fri Sep 8 03:30:45 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 8 Sep 95 03:30:45 PDT Subject: Legality of Cash Transactions In-Reply-To: Message-ID: On Thu, 7 Sep 1995, Timothy C. May wrote: > Try buying a car with cash, especially a car costing over $10,000. > > Black Unicorn posted an account a while back (sometime last year) of his > efforts to pay cash for a new car. It occurred to me that the four cars I've bought in my life have been paid for in cash. Of course my taste for 10-year-old cars makes it easier to keep the price under $10,000. Indeed, I think the most I've ever paid was less than $3100. DCF "Too bad for Packwood he didn't hack two people to death with a knife. He might have gotten off." From pfarrell at netcom.com Fri Sep 8 03:33:25 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 8 Sep 95 03:33:25 PDT Subject: NIST notes available Message-ID: <199509081030.DAA06056@netcom3.netcom.com> Thanks to John Young, I have placed the test of the handouts from Wedensday's and Thursday's meetings on my Nist pages. url: http://www.isse.gmu.edu/~pfarrell/nistmeeting.html It is my belief that this meeting was a staged presentation. Nearly every industry representative said that this was a fatally flawed idea. It was "a non-starter." The government representatives said that they heard the comments, but insisted on proceeding. The most depressing presentation was Thursday morning, made by a high level Dept of Justice flack. I'll have to dig out my notes, his name was Geoff G... He presented the usual drug dealer, pedophile and terrorist line, and added corrupt government officials. He pretended to talk about foriegn bad guys. Nearly all were domestic. He clearly wants weak GAK so that he can decrypt anything domestically that he wants. It is clear to me that the government intends that industry provide crippled encryption "for export" with the never stated expectation that since industry has repeatedly said that they want only one version of products, capable of being sold worldwide, that Domestic products will be crippled. It is equally clear from representatives of IBM, Compaq, DEC, Lotus, and others that I talked to, that crypto product development will simply move offshore. Ireland, Israel, and Germany already have significant experience in developing commercial software. It is depressing to hear our Commerce department chasing technology and jobs overseas. GAK is bad enough. Weak GAK makes me gag. Pat Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From asgaard at sos.sll.se Fri Sep 8 03:43:12 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 8 Sep 95 03:43:12 PDT Subject: (changed) Criminals and Crypto In-Reply-To: <199509080406.AAA25183@kanga.INS.CWRU.Edu> Message-ID: Tobin T Fricke wrote: > I think that is a good point. Of course, if all non-escrowed > encryption techniques were made illegal, then the criminals would > just have another broken law under their belt if they used > strong encryption. After all, an outlaw is an outlaw because > he has broken laws, so what sense does it make to make more > laws for him to break? Hmph. Exactly. As someone recently pointed out, the practical result would only be to define a new class of single-crime criminals (cypherpunks/cyphercriminals). In my .se perspective this is emphasized by our penalty system. In the foreseeable future (10 years?) they would never get away with a harsher penalty for using un-GAKed crypto than a moderate fine. To 'real' criminals, who usually don't have open assets to forfeit (and the current praxis is then to forget about it after a few years) and no reputation as law-abiders to defend, it would be a joke, of course. Mats From danisch at ira.uka.de Fri Sep 8 05:09:39 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 8 Sep 95 05:09:39 PDT Subject: fast modular reduction (proof?) Message-ID: <9509081207.AA02681@elysion.iaks.ira.uka.de> Oops, sorry for sending it twice. After the first mail I got an error message which said the mail wasn't delivered because it contained control characters. I thought the first mail didn't go out. Hadmut :-( From paul.elliott at hrnowl.lonestar.org Fri Sep 8 05:50:40 1995 From: paul.elliott at hrnowl.lonestar.org (Paul Elliott) Date: Fri, 8 Sep 95 05:50:40 PDT Subject: Cypher Rant II: Why Private Cryptography should not be regulated. Message-ID: <30502bf1.flight@flight.hrnowl.lonestar.org> -----BEGIN PGP SIGNED MESSAGE----- CypherRant V2: Reasons why private cryptography should not be regulated. Paul Elliott is solely responsible for this document. Please distribute widely. FBI director Freeh has been going around pushing his stupid plans for cryptography regulation. Usually, these plans take the form of some kind of mandatory key escrow. Mandatory key escrow schemes are requirements that encryption keys be given to government agencies with the promise that the keys will not be used without a warrant. Now let me give some reasons why Freeh's requests should be ignored. 1) It is unconstitutional! a) First amendment. Electronic communications are a form of speech and the cryptography regulations try to regulate this speech to a form the government understands. Congress shall make NO LAW ....or abridging the freedom of speech or of the press; ... They really meant it! b) Second amendment. Cryptography is arms. Even U.S. government ITAR regulations admit this. Therefore cryptography is protected by Second amendment. c) Ninth & tenth amendments. Article I section 8 does not give congress the power to tell us what computer software we can run on our computers. Therefore that power remains with us, and we should be able to run whatever cryptography software we want the displeasure of congress not withstanding. d) The power to search, if a warrant exists, which is mentioned by the fourth amendment, does not grant the government the right to succeed in finding what the it is looking for. In other words the power to search, is not a power to guarantee a successful search. It is not a power to require citizens to run their lives in such a manner that any government search will be successful. For more information on this, see the following World Wide Web url: http://www.clark.net/pub/cme/html/avss.html Since all Senators and Congressmen take an oath to preserve and defend the constitution of the U.S., this should be the end of the argument. However, watching some of the stupid laws that have come out of congress in past years, tells me I should supplement the above with additional argument. I am not a lawyer and I am not trying to be one. I have no opinion as to whether private cryptography regulations will be found unconstitutional. There are a number of cases where out courts have made decisions which do great violence to the plain meaning of the text of our constitution. Knowing what the courts will actually do is the business of lawyers. Understanding the constitution so that one may know what the courts should do should be the business of every citizen. 2) The excellent NRA argument "when guns are outlawed only outlaws will have guns" applies with equal force to cryptography! Professional criminals will circumvent with ease any government regulations on cryptography. Billions of bytes travel the internet yearly. The techniques of steganography make it absolutely trivial for any motivated person to conceal any encrypted messages. The Big Brother cryptography regulations will affect only ordinary citizens. 3) Cryptography is already in use by legitimate business. Any government regulation of cryptography will probably cost huge amounts of money for software and hardware costs for existing systems to be changed to a form that the government approves. The existing ITAR regulations probably cost the U.S. economy large amounts of money because U.S. companies can not market cryptography software internationally. For information, see: http://www.eff.org/pub/Crypto/ITAR_export/tis_walker_export_101293_hr.testimony By discouraging private cryptography, the ITAR regulations probably enables a large amount of computer crime since it makes it difficult for people to protect themselves. The ITAR regulations have not and can not prevented strong cryptography from making it outside the U.S. How many tons of cocaine illegally enter the U.S. every year? Yet the government ITAR regulations propose to regulate the export of software that can fit in a shirt pocket, or travel by wire concealed with billions of bytes of data that leave the U.S. every year. It is time for the U.S. government to start living in the real world! According to an article in the August 17, 1995 Wall Street Journal, ITAR regulations have required Netscape to use inferior encryption methods in the international version of its World Wide WeB browser software. This inferior encryption method has actually been broken by a French Hacker! Because of its computational intensity, this weakness in the encryption method does not represent an immediate danger. However as more powerful computers continue to develop, this and similar vulnerabilities will present a danger for those who wish to use the internet for commerce. For more information, see: http://pauillac.inria.fr/~doligez/ssl/ 4) These regulations make it impossible for an individual to have greater privacy than the U.S. government. The Adlrich Ames case makes it clear that the U.S. is incompetent to keep a secret. 5) The proposed regulations require the American people trust the government, but on the contrary, the government should be required to trust the American people. Recent news stories (Waco ect.) make it clear that it is common for government agents to lie to get a search warrants. Government should be viewed as George Washington did as "a fearful servant and a dangerous master". A recent poll conducted by the Americans Talk Issue Foundation said 76% of the people questioned responded that they rarely or never trust "government to do what is right". This mistrust is well founded. At the same time as administration sources were saying that key escrow schemes would remain voluntary, FBI, NSA, and DOJ experts were saying that the schemes must be made mandatory if they were to be at all effective. If the government is willing to lie to establish a key escrow key system, what makes us believe that the government will not lie when applying for warrants to use that system? For more information on this, see: http://www.efh.org/pgp/fbilie.html If any key escrow system is adopted, the secret FISA court will undoubtedly be given the power to issue warrants for decryption keys. The FISA court has granted over 7,500 wiretap requests in complete secrecy with only one refusal. The secrecy of this court creates a great opportunity for abuse. If the court is lied to, the lie is not exposed, because the people with an interest in exposing the lie do not know the lie exists. If the court grants legally unwarranted warrants, there is no one to appeal or to try to stop the practice, because no one knows about the problem. For information, see: http://MediaFilter.org/MFF/CAQ/caq53.court.html 6) It is too humiliating to require a free people to participate in the establishment of their own surveillance prisons. This is what key escrow requires. Consider the words of our revolutionary heritage: Those who would sacrifice essential freedoms for temporary safety deserve neither. Benjamin Franklin If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you; and may posterity forget that ye were our countrymen. Samuel Adams Do you think that these men would approve the government's key escrow requests? This information can also be found at the following url: http://www.efh.org/pgp/rant.html - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMFA5K/BUQYbUhJh5AQGOjAP+OyDEtAJGL32S8IK+HGAfaOTkpCI18SCL QvSTaknPd5J2m+yzamGD88Z2YJKwW1M+2GgqGqsclCpI+KCvSp2Z9h1KXWT6ANGR MXTuK3fjVmlvp5lqZAwHb133qL97e60MIq+5lK26FPaGzBCr7ckPMF0cvM+mm4dW dyc1uuXaZg0= =bVzd -----END PGP SIGNATURE----- From mfroomki at umiami.ir.miami.edu Fri Sep 8 06:39:02 1995 From: mfroomki at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 8 Sep 95 06:39:02 PDT Subject: Cypher Rant II: Why Private Cryptography should not be regulated. In-Reply-To: <30502bf1.flight@flight.hrnowl.lonestar.org> Message-ID: forgive me for the advertisement, but I *am* a lawyer, and I think this well-intentioned rant gets some stuff wrong. If you want to know why I think this, visit my homepage and follow the link to my Clipper paper. Please note the homepage is a bit mobile right now; this address is temporary, but the next one should be stable. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki at umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See (soon to move to its real home): http://www.law.miami.edu/~mfroomki From pfarrell at netcom.com Fri Sep 8 06:39:12 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 8 Sep 95 06:39:12 PDT Subject: Day 2, nist GAK meeting Message-ID: <199509081336.GAA16190@netcom3.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Fri, 8 Sep 1995 09:32:43 -0400 (EDT) From: "Pat Farrell" To: cypherpunks at toad.com Cc: BCc: Subject: Day 2 NIST meeting notes X-NUPop-Charset: IBM 8-Bit Thursday's GAK Export meeting started with reports from the prior afternoon's breakout meetings. I reported on the session I was in, saying what I posted to the list yesterday (about National Semi's product, etc.) The other breakout groups reported their problems with the criteria, again asking that #9 be dropped, longer, keys, etc. The presentation for Group "A" was different. It was a speach. It asked that the process be stopped to let industry develop market-driven solutions. It was greeted by applause from the vendors and privacy advocates, with no reaction from the government representatives. Randy Williams of Commerce, and Dan Cook of State, described the current export approval process. Lots of talk of jurisdictions and types of liscenses. I quickly got lost in the jargon. The moderator wisecracked that the official language of the session was English. You couldn't tell from some of the exchanges. They were questioned on import restrictions. Both Williams and Cook said that there are no import restrictions into the US. They also pointed out that Treasury, not State or Commerce, has jurisdiction over imports. An engineer from Compaq asked a question: He said that his company buys liscenses to software, and bundles it as "value added" to their systems. They are interested in bundling in security features. He asked if his computers would then be subject to export restrictions. The answer was yes. He asked if he could purchase security software overseas and import it. The answer was again yes. He asked if he could install that software on his computers, again yes. And export the computers, NO. They didn't even seem to think that this was illogical. So Commerce, State, and the rest of the government are activly encouraging the development of competing software industries in Israel, Germany and other counrties. I hate to think what they'd do if they tried to hurt US industry. And interesting tidbit came up after the session. In an offline conversation, the topic of "personal use export" came up. A reliable source said that revised regulations are being developed, and will, be avaialble soon. I explicitly asked if this meant "PGP on a notebook computer" and was told, Yes, that will be allowed; with the usual rules that it can't be for export, you can't be attempting to sell it, etc. Personal use, carry out and carry back. The "source" was asked if they had read Matt Blaze's personal use disaster story. The name didn't ring a bell, but the story was well know and considered a nightmare. Penny Brummitt of NSA was to talk about Clipper's key escrow agents, but called in sick. I didn't catch the name of the replacement. He talked about Clipper's process, not as an example of what will be required for GAK agents, but as an "existance proof" that some agents can be found. The essence was that Clipper escrow facilities are strong, and staffed with people cleared to the "Secret" level. They also tosed out the phrase "US Person" in regard to the corporate entity that is responsible for the contract. Geoff Greiveldinger, of the US Department of Justice, gave a frequently inaudible recounting of the evils of strong encryption in the war on D, P, & T, and also corrupt mayors. He was very personable. He also sounded like a fascist. Throughout the meeting, all sides tried to have a civil discussion, even though we disagreed. It was impossible to stay civil through his drivel. Ruby Ridge and Furman had been unmentionable up until his speach. Mr. Greiveldinger said that acceptable escrow agents will be in the US. This caused considerable concern among vendors trying to sell in the International market. Dan Weitzer of CDT (the EFF spinoff) gave a short, rousing speach. It was a call to arms. He said that since NIS&T was ignoring the consistant input from industry to stop this silly and stupid GAK, that we need to immediately contact our congresscritters. Ken Mendelsen [sic?] of TIS gave a great speach. He suggested that the critera for escrow agents be the same as the form to export tanks and other munitions. Then he showed the one page form used by State. He argued that legislative solutions to the escrow agent approval process will take too long and kill the effort. I'll try to get copies of his presentation. F.W. Gerbracht, Jr a VP Merril Lynch, represented the Securities Industry Association. He said that they are willing to work with the government, but they need long keys, strong ciphers, and international escrow agents. He used the phrase "unlimited algorithms and keyspace" as a requirement. They also need buy in from their regulators, and presented a long list of SEC, CFT, NYSE, NASDealers, and 50 state regulators, all who have to sign off. Nanette DiTosto of Bankers Trust gave a short, to the point presentation. She said that BT has a commercial key escrow service, but that was not what she wanted to get accross. She said that multinational banks demand strong encryption and non-US escrow agents. And that they would settle for nothing less. A speaker from VTW gave a nice presentation. VTW is something like voter's telecommunications watch. They have a mailing list, at listproc at vtw.org. He said that escrow was doomed to failure. That there is no middle ground. I'll try to get his slides too. Jack Wack of TECSEC gave a pitch for his shrinkwrapped product. He said it is exportable now, they've jumped through all the hoops. He also gave a great crack from his son. It want roughly like: "Dad, if you own the data before you encrypt it, how come the government says you don't own it after you encrypt it?" It brought down the house. (if someone has a more accurate quote, please let me have a copy). Professor Hoffman of George Washington gave a great speach. He listed the Al Gore to Maria Cantwell letter's criteria, as a matrix. He then filled in the matrix with the Export GAK's criteria. It was painfully obvious that the NIST/NSA propsal didn't come close. He recommended that they focus closly on the Gore criteria, and come up with an approach that meets all the the criteria. While I planned on staying for the remainder of the meeting, a crisis came up at my day job. I can't say I was looking forward to more, a day and a half was enough for me, and I wasn't the only person leaving early. Attendance was down visibly Thursday relative to the first day Pat -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMFBGEbCsmOInW9opAQEfQgP+P/P0MRGe3EOElzM0UPQy+xce0XGe3wex gfQdTrGWhL+FbYt/7taj6jgtcRg9zih1yQ3W+kN/VUXY9J4I1b6dw+j0sb6MkCjT pShnflDI5OPQmmUq9KZlmy50u2yXuBqfWSdXd9NypjDsh7XDrWIqvqIcuT1cc/di quNZ3u7aymw= =oJC7 -----END PGP SIGNATURE----- p.s. please let me know if this one's pgp sig is better than yesterday's Pat Farrell grad student http://www.isse.gmu.edu/students/pfarrell Infor. Systems and Software Engineering, George Mason University, Fairfax, VA PGP key available via finger or request #include standard.disclaimer From akjoele at shiva.ee.siue.edu Fri Sep 8 07:12:45 1995 From: akjoele at shiva.ee.siue.edu (Arve Kjoelen) Date: Fri, 8 Sep 95 07:12:45 PDT Subject: ON OFF-TOPIC Message-ID: <199509081412.JAA05507@shiva.ee.siue.edu> On Thu, 7 Sep 1995 yihchun at saul3.u.washington.edu wrote: > > Poor you, the only major political party to come out with a pro crypto > > statement is a socialist party. >I think the libertarian position is inherently pro-crypto. >Besides, the French are socialist, and well, as far as crypto goes... Wrong! First of all, Jacques Chiraq (French President) and the majority of the French parliament are conservatives. Secondly, a statement like "the French are Socialist" is a (untrue) generalization. You are probably thinking of Francois Mitterand ("socialist"), who became French President in the 80's, and the first French Socialist President ever. Chiraq, by the way, is the genius behind the recommencement of Nuclear testing in French Polynesia "Test them in France if there's no risk of radioactive leakage" -Arve Kjoelen Southern Illinois University at Edwardsville From cme at TIS.COM Fri Sep 8 07:27:03 1995 From: cme at TIS.COM (Carl Ellison) Date: Fri, 8 Sep 95 07:27:03 PDT Subject: Jimmy Upton's T-shirt (NIST's 9/6-7/95 meetings) Message-ID: <9509081402.AA09452@tis.com> The meetings included break-out groups, each of which had a moderator (mine was from NSA -- were they all?) and each of which had a recorder who would then report to the entire assembled group. Jimmy was a recorder once -- one of the last to report on the second day. Nearly every person speaking from industry started his remarks with the same disclaimer: My comments on these criteria should not be taken as an endorsement of the concept of key escrow Jimmy Upton, rather than start his report with that disclaimer, suggested that perhaps we should have T-shirts made for conference attendees stating: "My comments on these criteria...." The crowd broke up in laughter and applause. Speaking of applause -- the assembled audience was relatively passive through most of the presentation -- but whenever someone expressed opposition to the whole concept of GAK, the entire auditorium applauded. Specifically -- I was sitting near the civil liberties group (ACLU, EPIC, VTW, ...) and they applauded but it came from all over the auditorium. There were some who didn't -- the gov't folks, a few industry folks, .... - Carl P.S. I've put a few additions on my home page, in response to this meeting. +--------------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ From nobody at REPLAY.COM Fri Sep 8 07:35:28 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 8 Sep 95 07:35:28 PDT Subject: Cryptography Global Challenges Message-ID: <199509081435.QAA06954@utopia.hacktic.nl> International Cryptography Institute 1995 Global Challenges Thursday-Friday September 21-22, 1995 Presented by The National Intellectual Property Law Institute 1815 Pennsylvania Ave., N.W. Washington, D.C. 20006 202-842-4800 Fax: (202) 296-4098 President James P. Chandler Emeritus Professor of Law _______________________________________________________ The International Cryptography Institute will address the cryptography challenges associated with meeting the information protection needs of users and the law enforcement and national security needs of nations. Topics to be covered include national and international cryptography policies and regulations, international requirements and approaches, commercial cryptography, privacy and trust, key escrow encryption, busines requirements, law enforcement requirements, and the use of cryptography with electronic payments. _______________________________________________________ Keynote Speaker FBI Director Louis J. Freeh _______________________________________________________ Program September 21, 1995 8:30-9:00 Welcome and Opening Remarks James Chandler, President, National Intellectual Property Law Institute Dorothy E. Denning, Chair of Program David Kahn, Visiting Historian, National Security Agency, U. S. 9:00-9:40 Cryptography in Business M. Blake Greenlee, U.S. 9:40-10:20 Commercial Use of Cryptography Nick Mansfield, Shell International, The Netherlands 10:20-10:50 Break 10:50-11:20 Computer Industry Position on Privacy and Trust in an Information Society Yves Le Roux, Digital Equipment Corporation, France 11:20-12:00 The International Cryptography Experiment and Worldwide Cryptographic Products Survey David Balenson, Trusted Information Systems, Inc., U.S. 12:00-12:30 Export Controls on Encryption Software Ira Rubenstein, Microsoft Corp., U.S. 12:30-2:00 Lunch with Keynote Louis J. Freeh, Director, Federal Bureau of Investigation 2:00-3:00 Cryptography and the Information Society: Recent Developments in the European Union David J. Gould, Cabinet Office, UK 3:00-3:30 Encryption Policy and Technology in Japan Mitsuru Iwamura, The Bank of Japan, Japan 3:30-3:50 Break 3:50-4:30 Towards an Australian Policy on Encryption Peter Ford, Attomey General's Department, Australia 4:30-5:00 New National Encryption Policies and Regulations in Russia Anatoly Ledbeder, LAN Crypto Ltd., Russia 5:00-6:00 International Regulation of Cryptography: An Update James Chandler, National Intellectual Property Law Institute, US. 5:30-6:30 Reception _______________________________________________________ September 22 8:30-9:20 U.S. Government Cryptography Policy Michael R. Nelson, Office of Science and Technology Policy, US. Ronald D. Lee, National Security Agency, US. 9:20-10:10 Law Enforcement Requirements for Encryption William E. Baugh, Jr., Edward L. Allen, Michael D. Gilmore, Federal Bureau of Investigation, US. 10:10-10:40 Break 10:40-11:20 Intemational Key Escrow Encryption Dorothy E. Denning, Georgetown University, US. 11:20-12:00 Transnational Key Escrow Henry H. Perritt, Jr., Villanova University School of Law, US. 12:00-1:30 Lunch 1:30-3:00 Commercial and International Key Escrow Stewart A. Baker, Steptoe & Johnson, US., moderator Stephen T. Walker, Trusted Information Systerns, Inc, US. Frank Sudia, Bankers Trust Company, US. Carmi Gressel and Itai Dror Fortress U & T Ltd., Israel 3:00-3:20 Break 3:20-4:00 Billing and Paying Over the Internet Dan Schutzer, Citibank, US. _______________________________________________________ Faculty Faculty Chair Dr Dorothy Denning Mr. Edward L. Allen Supervisory Special Agent Federal Bureau of Investigation Mr. Stewart Abercrombie Baker Partner Steptoe & Johnson Mr. David Balenson Senior Computer Scientist Trusted Information Systems, Inc. Mr. Wllliam E. Baugh, Jr. Assistant Director, Information Resources Division Dr. Ernest F. Brickell Vice President Bankers Trust Electronic Commerce c/o Sandia National Labs Applied Math Dept. Prof. James Chandler President National Intellectual Property Law Institute Dr. Dorothy E. Denning Professor Computer Science Department Georgetown University Mr. Peter Ford First Assistant Secretary, Security Division Attorney General's Department Australia Mr. Louis J. Freeh, Director Federal Bureau of Investigation Mr. Michael D. Gilmore Supervisory Special Agent Federal Bureau of Investigation Engineering Research Facility Mr. David J. Gould Under Secretary of State Overseas and Defence Secretariat Cabinet Office, London Mr. M. Blake Greenlee M. Blake Greenlee Associates. Ltd. Dr. Carmi Gressel Engineering Manager Fortress U & T, Ltd. Israel Mr. David Kahn Visiting Historian National Security Agency, and author, "The Codebreakers" Dr. Anotoly Lebedev President LAN Crypto, Ltd. Russia Mr. Mitsuru Iwamura Chief Manager Institute for Monetary and Economic Studies The Bank of Japan Mr. Ronald D. Lee General Counsel National Security Agency Mr. Yves Le Roux Central Engineering, Security Program Digital Equipment Corp. France Mr. Nick Mansfield Shell International Petroleum Mattschappij B.V. The Hague The Netherlands Mr. Michael R. Nelson Special Assistant, Information Technology White House Office of Science and Technology Policy Old Executive Office Building. Washington DC 20506 Mr. Henry H. Perritt, Jr. Professor of Law Villanova University School of Law Villanova, PA 19085 Mr. Ira Rubinstein Senior Corporate Attorney Microsoft Corp Redmond, WA 98052 Dr. Dan Schutzer Vice President Citibank Dr. Frank Sudia Vice President BT Electronics Commerce Bankers Trust Co., New York Mr. Stephen T. Walker President Trusted Information Systems, Inc. _______________________________________________________ Location and Fees ICI '95 will be held at the National Intellectual Property Law Institute, 1815 Pennsylvania Ave., Washington, DC, third floor. Registration is $695 before September 1 and $795 thereafter ($395/495 for U.S. Government). Payment includes all conference materials, two lunches, and a cocktail reception. Cancellations Fees: All registration is subject to a $50 fee. Tuition will not be refunded if notice of cancellation is received after September 1. 1995, but a substitute attendee may be sent. Postmarks will not be considered in determining timeliness of receipt. Hotel Accommodations: A limited block of rooms has been reserved at the Wyndam Bristol. However, registrants must make their own hotel reservations and indicate that they are attending the International Cryptography Institute 1995. Room reservations may be made by calling or writing the Wyndam Bristol Hotel, 2430 Pennsylvania Ave.. N.W. Washington, D.C. 20006 (202) 955-6000. CLE Credit: CLE credit in mandatory states will be applied for as requested. _______________________________________________________ Course Registration Form Name: Organization: Address: Phone: Fee: General US. Gov't Before 9/1/95 $695 $395 After 9/1/95 $795 $495 Payment (check one) Check payable to The National Intellectual Property Law Institute _______ Master Card ________VISA Card # Expiration Date: Signature: Registration by Fax: 800-304-MIND Phone: 800-301-MIND 202-296 4098 202-842-48000 Mail Registration with payment to: The National Intellectual Property Law Institute 1815 Pennsylvania Ave., NW, Suite 300 Washington, DC 20006 _______________________________________________________ From perry at piermont.com Fri Sep 8 07:55:26 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 8 Sep 95 07:55:26 PDT Subject: Darren Reed: Re: NSA and the Internet. Message-ID: <199509081455.KAA07149@frankenstein.piermont.com> Forwarded from com-priv. Anyone out there have information they can use to confirm or deny any of this? .pm ------- Forwarded Message From: Darren Reed Subject: Re: NSA and the Internet. To: com-priv at lists.psi.com Date: Fri, 8 Sep 1995 17:36:11 +1000 (EST) Now that I've got it next to me... > I was reading a journal recently which mentioned the NSA were taking > an active role in monitoring the network at key points, such as FIX > East and West and MAE East and West. Can anyone comment on this (if > they're allows :) ? [...] To name some more names mentioned as being NAPs under surveillance: Pennsauken, NJ (Sprint); Chicago (AmeriTech/Bell Comms. Research); San Francisco, CA (Pacific Bell); CIX, CA (San Jose); SWAB, North Virginia (Bell Atlantic). There is a rather worrying quote in the article about NASA capturing data for the NSA. The column closes with a comparison to a case where the NSA was almost prosecuted by the US Justice Dept. in the '70s for anti-Vietnam War group surveillence. The article appeared in "Computer Fraud & Security", June 1995. American editor is: Charles Cresson Wood information Integrity Investments Sausalito, CA, USA The article in question, titled "Puzzle Palaze Conducting Internet Surveillance" is by Wayne Madsen of Virginia. No Internet E-mail address listed for either of the American contriubtors mentioned above. darren ------- End of Forwarded Message From remailer at bi-node.zerberus.de Fri Sep 8 08:14:53 1995 From: remailer at bi-node.zerberus.de (Ford Prefect) Date: Fri, 8 Sep 95 08:14:53 PDT Subject: No Subject Message-ID: NY Times, Sept 8, 1995. Intel Wins Contract to Develop World's Fastest Supercomputer By Lawrence M. Fisher San Francisco, Sept. 7 -- The Intel Corporation said today that it had won a a contract from the Department of Energy to develop what it called the world's fastest supercomputer. The machine, to be built at an estimated cost of $45 million, would use 9,000 of Intel's forthcoming P6 microprocessors linked in a configuration known as massively parallel. In recent years, massively parallel computers using thousands of relatively inexpensive off-the-shelf chips have stolen the performance lead from traditional supercomputers like those made famous by Cray Research Inc., which use far fewer, but far more powerful processors. Intel said its new supercomputer would be the first to achieve the goal of calculating more than a trillion floating-point operations a second, known as a teraflop. The machine, to be kept at Sandia National Laboratories In Albuquerque, N.M., would be used by Department of Energy scientists to study a variety of complex problems, foremost among them nuclear weapons safety. "President Clinton is committed to ending underground nuclear testing," Victor Reis, Assistant Secretary for Energy Programs, said in a statement. "Computer simulation will be a principal means for insuring the safety, reliability and effectiveness of the U.S. nuclear deterrent. We are embarking on a 10-year program to advance the state of high performance computing to meet national security objectives," he said. ... ------ From rsalz at osf.org Fri Sep 8 08:25:37 1995 From: rsalz at osf.org (Rich Salz) Date: Fri, 8 Sep 95 08:25:37 PDT Subject: Darren Reed: Re: NSA and the Internet. Message-ID: <9509081524.AA09579@sulphur.osf.org> I stopped reading com-priv a year+ ago. One of the "gadflies" back then (name escapes me -- one of the journalists, I think, but not Gordon Cook) said that at least the NJ NAP was moved at the last minute. He had proof of that. I don't remember that he had proof that it was moved at NSA request, although that was his claim. /r$ From patrick at Verity.COM Fri Sep 8 08:43:59 1995 From: patrick at Verity.COM (Patrick Horgan) Date: Fri, 8 Sep 95 08:43:59 PDT Subject: No Subject Message-ID: <9509081540.AA08797@cantina.verity.com> How much you want to bet that a first copy goes to virginia? Patrick > > NY Times, Sept 8, 1995. > > > Intel Wins Contract to Develop World's Fastest > Supercomputer > > By Lawrence M. Fisher > > > San Francisco, Sept. 7 -- The Intel Corporation said > today that it had won a a contract from the Department of > Energy to develop what it called the world's fastest > supercomputer. > > > The machine, to be built at an estimated cost of $45 > million, would use 9,000 of Intel's forthcoming P6 > microprocessors linked in a configuration known as > massively parallel. In recent years, massively parallel > computers using thousands of relatively inexpensive > off-the-shelf chips have stolen the performance lead from > traditional supercomputers like those made famous by Cray > Research Inc., which use far fewer, but far more powerful > processors. > > > Intel said its new supercomputer would be the first to > achieve the goal of calculating more than a trillion > floating-point operations a second, known as a teraflop. > The machine, to be kept at Sandia National Laboratories > In Albuquerque, N.M., would be used by Department of > Energy scientists to study a variety of complex problems, > foremost among them nuclear weapons safety. > > > "President Clinton is committed to ending underground > nuclear testing," Victor Reis, Assistant Secretary for > Energy Programs, said in a statement. "Computer > simulation will be a principal means for insuring the > safety, reliability and effectiveness of the U.S. nuclear > deterrent. We are embarking on a 10-year program to > advance the state of high performance computing to meet > national security objectives," he said. ... > > > ------ > > > _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick at verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/ From perry at piermont.com Fri Sep 8 08:51:30 1995 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 8 Sep 95 08:51:30 PDT Subject: No Subject In-Reply-To: <9509081540.AA08797@cantina.verity.com> Message-ID: <199509081551.LAA07222@frankenstein.piermont.com> Patrick Horgan writes: > How much you want to bet that a first copy goes to virginia? I'm not sure that the NSA actually would want machines on that scale these days. Its probably a lot more economical to throw your money into lots of much smaller machines and occassionally link them up via networks. Unlike physics simulation problems, most crypto problems don't involve tight communication between the parallel processors, so the extra expense that the high speed buses represent would end up being a waste. Perry From stewarts at ix.netcom.com Fri Sep 8 09:11:00 1995 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 8 Sep 95 09:11:00 PDT Subject: [NOISE] Re: Are booby-trapped computers legal? Message-ID: <199509081610.JAA08664@ix5.ix.netcom.com> At 04:52 PM 9/7/95 -0400, you wrote: >I am pretty sure that it is lawful to use deadly force to protect >property, in New Mexico. It's legal everywhere in the US - just some places make you contract out the dirty work to guys in blue suits... I agree with Sandy's comment that it makes much more sense to have any boobytraps designed to destroy data, rather than kill intruders. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #--- From hfinney at shell.portal.com Fri Sep 8 09:12:45 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 8 Sep 95 09:12:45 PDT Subject: GAK Hacks Message-ID: <199509081611.JAA05733@jobe.shell.portal.com> It is interesting to see that the proposed solutions to avoiding GAK hacks (URL:http://www.eskimo.com/~joelm/criteria.txt) largely revolve around certificate restrictions. Only keys signed with certificates from accepted escrow agencies can be used, and there is a "root certificate" used to authorize new escrow agencies. This is similar to some of the restrictions in the widely used Netscape web browser. It only accepts certificates from a limited number of agencies (actually only one which is public, the RSA spinoff VeriSign). This limitation is not based on escrow approval as in the GAK papers, but it ends up with something of the same results: interoperability with Netscape is only possible if you go through approved channels. And supposedly VeriSign does not make it too easy to get a certificate if you are not a straight-arrow corporate type. Maybe it would be good practice for a future GAK hack to try fixing these problems with Netscape. I could see two possibilities. One would be to create a patcher which would let you change the set of certificate authorities accepted by the browser. Currently the browser accepts at least one (an internal Netscape test CA) which is not needed by end users. Maybe its public key could be statically overwritten by the patch program with the public key of the replacement CA. This sounds simple and safe. The patch program can confirm that the data being changed matches the test CA. Another idea would be to patch the browser to emit full 128 bit SSL rather than the crippled 40 bit SSL it currently creates. This would be trickier as it requires code changes, but they may not be as bad as it seems. The 40 bit SSL is actually calculated as 128 bits internally. Then 88 bits are sent in the clear. We would need to skip sending those 88 bits, and also change the transmitted bytes which encode which encryption is being used. This shouldn't be too bad as it mostly would eliminate code or change some static values. The one thing I am unsure of is whether the 40 bit version sends the entire 128 bit SSL key in the RSA encrypted data (88 bits of which would be redundant, also being sent in the clear) or whether it sends only the 40 bits RSA encrypted. If the latter it would be somewhat more work to do the patch because now a larger value will have to be packed into the RSA record. If it is sending the 128 bits all the time then the patch would be much easier. This second patch is more advantageous for end users as it allows them to have strong encryption rather than the weak 40 bits which we have been breaking. The first would be a more direct demonstration of the difficulties of using certificate restrictions to limit functionality. The criteria.txt paper suggests checksumming the cryptographic routines to prevent patches like this, but generally I think such checksums can be defeated pretty easily. I doubt that Netscape currently has any such thing, though. Netscape says they will allow some form of user specification of certificates in a future version of the browser, but they have been saying this for quite some time and still it is not here. Hal From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 09:16:08 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 09:16:08 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <9509081615.AA03382@ch1d157nwk> Modemac writes: > Yet it seems that despite all their efforts to get what they want, > they can't break PGP - so they have to force Wollersheim to reveal > the key. > Mr. Wollersheim has stated that he will go to jail before he reveals > his encryption key. [...snip...] > Call this one: BIG WIN FOR PGP! Could this be it? The test case for forced key disclosure? The Scientologists seem very determined and already have a grudge against Wollersheim (according to a web page I saw Co$ owes him several million from a settlement). Has Co$ filed against Wollersheim over this yet? If this does go to court and forcing Wollersheim to reveal the key becomes a central issue, is this the test case "we" want? Is this a "BIG WIN FOR PGP!" or not? I can think of worse cases for this to come up in. I.E. a four horseman case. Here the party seeking forced disclosure of the key (Co$) is presumably already held in low esteem by much of the public (IMHO). I suppose how this will play in the media, if at all, depends on what the "church" thinks Wollersheim has hidden in his encrypted data files. It seems that the US media hasn't picked up much on the Scientology debacle yet... or am i wrong? andrew From trollins at hns.com Fri Sep 8 09:22:24 1995 From: trollins at hns.com (Tom Rollins) Date: Fri, 8 Sep 95 09:22:24 PDT Subject: Scientology tries to break PGP - and fails? In-Reply-To: <199509080312.UAA03808@netcom15.netcom.com> Message-ID: <9509081620.AA19816@dcn92.hns.com> > > News Flash! > > According to an informed source, the so-called "church" of Scientology is > trying to force Larry Wollersheim to give them his de-encryption code for > PGP. > > Larry Wollersheim is the director of FACTNet, a Colorado BBS that > specializes in distributing information about religious cults - > especially the Church of Scientology. Scientologists raided FACTNet > recently and seized its hardware and records recently, in a case that has > spread news of the Scientology wars all over the Internet. > > Scientology has been in possession of Larry Wollersheim's computer > records for quite a while now - at least three weeks, I believe. They > have been scanning it for what they claim to be "copyright violations." > Yet, their list of scanning criteria also includes a list of 34 names of > their critics and enemies, including a famous Netizen named "Rogue Agent." > > Yet it seems that despite all their efforts to get what they want, they > can't break PGP - so they have to force Wollersheim to reveal the key. > > Mr. Wollersheim has stated that he will go to jail before he reveals his > encryption key. > > Please forward this note to all interested parties. > > Call this one: BIG WIN FOR PGP! > > For more information on Scientology's war against the Internet, read the > many Web pages set up to cover the story. My own page, an "Introduction > to Scientology," is: > > http://www.tiac.net/users/modemac/cos.html > > It includes a link to the FACTNet Web page, as well as Ron Newman's > famous Web page: "The Church of Scientology vs. the Net." > I took a look at the FACTNet web page. There is a file encrypted with PGP using the "-c" option. They are asking for people to help guess the Pass Phrase. Why would anyone bother if they had no clue that the file contained anything 'interesting'. If this is the file that the Co$ is trying to crack, then what the is being asked for is a pass phrase that can be handed to the Co$ that will pass the PGP valid key check and still not decrypt the data to anything usefull. If Larry Wollersheim does have the valid key. It would be a simpler process to know what fake key to use and work it backwards through the MD5 to arrive at an ascii string to produce the fake key. Too bad this wouldn't be plausable for the secret ring. Perhaps PGP needs an option to specify the key in Hex and make the process easy. From nobody at REPLAY.COM Fri Sep 8 09:48:43 1995 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 8 Sep 95 09:48:43 PDT Subject: Info Warthogs Message-ID: <199509081648.SAA08525@utopia.hacktic.nl> Future Information Warfare Study Available San Francisco, Sept. 6, 1995 -- Computer Security Institute's "Special Report on Information Warfare" describes how war might be fought in the 21st century. The report will appear in the fall issue of the Computer Security Journal, but is available now on request. Patrice Rapalus, director of Computer Security Institute (CSI), told Newsbytes, "In recent weeks, mass media organizations such as Time Magazine, the Washington Post, and National Public Radio have done stories on information warfare. This report is a timely, comprehensive and practical study on information warfare and its impact on our future." The report defines information warfare in contrast to simple computer crime, "A computer crime is an act that violates a law. It could be specifically targeted. It could be isolated, or it could be one element of an overall plan of attack. The conduct of information warfare, in contrast, is never random or isolated (and may not even violate a law). The term implies a concerted effort to utilize information as a weapon with which to wage war, whether on an actual battlefield or in economic, political, or social arenas." Four aspects of information warfare are listed in the report: the electronic battlefield; infrastructure attacks; industrial espionage; and personal privacy attacks. "It is important to understand that the term 'information warfare' originated in the military and in its purest sense refers to the grim and dangerous business of real...country shattering war," says the report. Computer Security Institute is located in San Francisco, California, and is a wholly owned subsidiary of Miller Freeman Publishing. Miller Freeman publishes over fifty trade magazines including Dr. Dobbs Journal, Unix Review, and LAN Magazine. Computer Security Institute publishes, along with random studies like the "Special Report on Information Warfare," a monthly newsletter, a semi-annual Journal, an annual Buyers Guide, and a on-line bulletin board. To obtain an advance copy of "Special Report on Information Warfare," call 415-905-2310. ------ "Snooper" Software Digs Into Computers San Francisco, Sept. 6, 1995 -- Vias & Associates Inc. said it has introduced a new version of its "Snooper" system information utility. The author of the software said it is called Snooper because the program "snoops" around the computer to report its configuration and operating characteristics. John Vias of Vias & Associates said his company's program goes farther than other system information programs, including Microsoft's MSD (Microsoft System Detection), which is included in higher versions of the company's DOS operating systems. "I think Snooper is about the most accurate system information utility you can get," he said. "People say it's easy to use. It takes just one keystroke to go from the main screen to any other screen. It also has a built-in editor for 'autoexec' and 'config' files." In all, Snooper can detect more than 150 details about a person's computer, including CMOS settings, hard drive type and capacity, any installed Micro Channel cards, fax-modems, memory types and amount available to the user, and video memory and type. Snooper is targeted to all markets, Vias officials said, including the average user, network administrators, consultants, and technicians. In the provided documentation is a wish list regarding new features for future versions of Snooper, including brand detection of additional non-Intel central processing units (CPUs), detection of local bus cards and tapes, and the ability to differentiate among different types of hard drives. Although Snooper can run in either DOS or Windows, Vias said the program works best in the DOS environment. In Windows, some of the software's reports must be disabled. In addition, some of the test results may be in error or unpredictable. Snooper requires an IBM PC or 100% compatible machine, with at least 256 kilobytes (KB) of RAM, a DOS with version 3.1 or higher, and some kind of video card. Snooper retails for around $39, and is available as both a full version and as shareware. Vias also said he is working hard on a Windows 95 version of Snooper. When tested the software on a Windows 95 machine running in DOS mode, no problems were experienced. But running it in Windows mode made the program very unpredictable. ------- UK - PCMCIA Encryption Card Introduced London, Sept. 5, 1995 -- PPCP, a PCMCIA (Personal Computer Memory Card International Association) specialist, has begun shipping the Session Key, a PCMCIA Type II card from SCI Canada. According to John Nolan, the company's managing director, the card allows users to encrypt data on their PC hard disk, as well as across serial port linked devices, such as modems, using the DES algorithm. DES stands for Data Encryption Standard, a US-originated high security encryption system that is virtually unbreakable. According to Nolan, the Session Key allows users to protect their data on a selective basis. "Many of the competing systems out there are only capable of encrypting the user's entire hard disk. That obviously protects the user's data, but if you forget your password, you have serious problems," he explained. "With the Session Key card, you create a new drive, the 'D' drive, to store the encrypted data. The card also allows data to be transmitted by modem in DES format. That allows a user maximum flexibility," he said. When used to encrypt data on a user's hard disk, once the Session Key is removed from the PCMCIA slot, all data on the disk that is encrypted is protected against unauthorized access. The encrypted data cannot be read or used without reinserting the UKP349 card. Nolan said that SCI has developed a second-generation version of the Session Key, which will be available later this year. "That version will use RSA encryption techniques, as well Triple DES and a whole host of other encryption systems," he said. One of the problems with encryption devices like the Session Key is the fact that the US Government currently bans the export of certain types of encryption technologies, as well as restricts the sale of many technologies to "known parties." According to Nolan, this approval system can cause the company a few administrative problems. "We need to find out who is the actual end-user and pass their details back to SCI. My understanding is that the vetting is then carried out at a government level in Canada or the US," he said. He added that, apart from a short delay, typically a week or so before the card can be shipped to the customer, there is usually no problem. Reader Contact: PPCP, tel +44-181-893-2277, fax +44-181-893-1182, Internet e-mail 100302.1470 at compuserve.com/PPCP950905/PHOTO) ------ From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 09:55:01 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 09:55:01 PDT Subject: Scientology tries to break PGP - and fails? Message-ID: <9509081654.AA03407@ch1d157nwk> Tom Rollins writes: > If this is the file that the Co$ is trying to crack, then what the > is being asked for is a pass phrase that can be handed to the Co$ > that will pass the PGP valid key check and still not decrypt the > data to anything usefull. Well, I don't have the PGP 'conventional' encryption format memorized, but there is probably a constant after the IV that is prepended to the data. The constant is used to determine if the key is correct. Since the conventional encryption runs in CFB mode and there is a full block of random IV at the beginning of the file, it is extremely unlikely that a key could be found that would properly decrypt only the first two blocks while leaving the rest unreadable... > If Larry Wollersheim does have the valid key. It would be a simpler > process to know what fake key to use and work it backwards through > the MD5 to arrive at an ascii string to produce the fake key. Not really. Even if you could find an IDEA key that would produce the desired output it would be hard to find a passphrase that would produce that key when hashed. One of the properties of one-way hash functions is that it is difficult to find a plaintext that produces a given hash. Hence the term 'one-way'.... Even if you did find a passphrase (which, if MD5 is strong, would require something like 2^64 operations), it would likely be long, have 8-bit chars, and would be impossible to type in. It would be tough to convince anyone that it was the real passphrase. andrew From Andrew.Spring at ping.be Fri Sep 8 10:02:18 1995 From: Andrew.Spring at ping.be (Andrew Spring) Date: Fri, 8 Sep 95 10:02:18 PDT Subject: GAK Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Brian Davis Wrote: > >I, of course, know of the "dislike" of GAK here. I am curious to know, >however, if the "dislike" is because government would have access under >any circumstances or if the primary worry is that government will cheat >and get access when most would agree that they shouldn't (either by the >judge "cheating" or a TLA stealing it). > >In other words ... if it took agreement by a review board composed of >non-LEA members of this list, would the escrow be acceptable?? > Looking at it simply as a cryptosystem, I'd have to vote no, since the security of the system can be "easily" (in a cryptographic sense) compromised. I feel safer knowing my privacy is protected by the laws of mathematics, instead of the laws of the USA. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBME9jIs3xoLPBSgtxAQEndAf/V9hJEyMIHe6/h2UmEWT4KH81Y/HuBHZr kuiHIRNFRGgsYKFIk72YGBltZvbPeWcX15RmGB6DO+91ecfmRMplW14RYAQyPpcx AGC3rQ966hZ/mRHRi7Ygtw1tbRKgbDAaNzx468TRZGwl2LxexpbxzOZoy2kMR18M +Kj6sLahlQxyTO6jx26uoj5uqmfdnxFAfjUDWAjLyhjH5x7XzqpJHQHKSFGIsdKY X1tw7IPPDUElXJkdx0aVMhOFwEen3XGm3qrx/kJRmnG7Q9WoAHE5xqOLSAHyYImd PaUT63Uzgop7euL4FROHqrIrlh70IPiWCk7t7OEwT8CS3MbbL/WgjQ== =hYy7 -----END PGP SIGNATURE----- From bdolan at use.usit.net Fri Sep 8 10:05:26 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Fri, 8 Sep 95 10:05:26 PDT Subject: Hacking banking (fwd) Message-ID: ---------- Forwarded message ---------- Date: Fri, 8 Sep 95 15:21:00 UTC From: d.wiesner at genie.geis.com Subject: Hacking banking An interesting article appeared on Page B1 of the 9/7/95 San Francisco Examiner. Titled "Keystroke Cops," it discusses the FBI's new cyberswat team. In the midst of a routine discussion of whether law enforcement needs to keep up with cyberspace criminals, the following intriguing quote appeared. "Already, Fuentes said, federal authorities in New York are investigating whether programmers hired to write software for a financial institution may have left a 'back door' open in the program, one through which money may have been diverted to foreign bank accounts." Does anyone know what this federal investigation in New York is about? How about copying this note around and seeing what people can find out? David Wiesner ---- My pleasure, Dave. bd From andrew_loewenstern at il.us.swissbank.com Fri Sep 8 10:05:58 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 8 Sep 95 10:05:58 PDT Subject: GAK Hacks Message-ID: <9509081705.AA03422@ch1d157nwk> Hal writes: > One would be to create a patcher which would let you change the > set of certificate authorities accepted by the browser. Currently > the browser accepts at least one (an internal Netscape test CA) > which is not needed by end users. Maybe its public key could be > statically overwritten by the patch program with the public key of > the replacement CA. This sounds simple and safe. The patch program > can confirm that the data being changed matches the test CA. This is an excellent idea, assuming the new CA's key will fit in the same amount of space or less than the test CA. How big is the test key? Of course, Netscape could decide to remove the test CA certificate from future versions of the browser. However, you could probably replace the Verisign certificate with your CA certificate and then have your CA sign the Verisign certificate so the browser can still use both. :-) > This second patch is more advantageous for end users as it allows > them to have strong encryption rather than the weak 40 bits which > we have been breaking. The first would be a more direct demonstration > of the difficulties of using certificate restrictions to limit > functionality. I don't think this is necessary as domestic versions of Netscape have already been exported and are available on non-U.S. FTP sites... > The criteria.txt paper suggests checksumming the cryptographic > routines to prevent patches like this, but generally I think such > checksums can be defeated pretty easily. I doubt that Netscape > currently has any such thing, though. It only makes it harder to patch. Anyone with a clue knows that there is no such software-only protection that can't be defeated. Even hardware/software dongle type protection can be defeated by altering the software to not check. andrew From frissell at panix.com Fri Sep 8 10:22:19 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 8 Sep 95 10:22:19 PDT Subject: Car rentals, Driver's Licenses, Ecash, & Net Access Message-ID: <199509081721.NAA00705@panix.com> Lucky Green's reply to someone else motivated me to comment: >>Suppose you have acquired a million dollars worth of legal, above-board >>DigiCash dollars and you want to surreptitiously transfer this wealth to a >>below-board friend. Your friend creates a temporary anonymous account at an >>understanding bank. Y > >Won't work. Ecash, except as used for frequent flyer like points, will >exist in only *one* world wide e$ currency, issued by a single entity >composed of various major banks and subject to US laws. Getting Ecash >accounts will therefore be subject to the same legal requirements that >apply to normal US checking accounts. For the holiday weekend, I rented a car at a major agency in the state where I usually sleep. To secure the rental, I presented a driver's license from another state and a secured VISA card. The agency presented me with a car bearing the license plates of a Southern state far away from the rental location. In the past, this agency (one of the majors BTW) had given me a car registered in yet another Southern state for a week's rental bearing a registration that expired halfway through that week. No problems in any case. Interestingly enough, the agency refuses to rent to local citizens of the state where it is located and where I often sleep. My posession of a "foreign" DL makes it easier for me to rent cars. Money and imagination overcomes many of the "social control" aspects of licensing and registration requirements. Now what this all has to do with transaction controls is the following. It is suggested that governments and private parties will cooperate in imposing absolute restrictions on people's ability to complete "unlicensed" transactions. Thus it is suggested that driving, posession of a motor vehicle, working for pay, having a bank account, having a phone account, having a net account can all be rigidly controlled. We've all read the stories about the DMV and how various states are pulling licenses for child support arrears, tax evasion, overdue library books, etc. The Feds have proposed a National SS# Database that would have to be consulted before the 60 Million people who annually change jobs would be allowed to do so. And it is easy to imagine that additional restrictions would soon be placed on job changes. After all, we don't want deadbeat dad-tax evading-library book hoarders working in this country, do we? Likewise the Bank Secrecy Act of 1970, et seq was supposed to end anonymous bank accounts. And a lot of the recent porn on the nets agitation has involved attacks on anonymity. Suggestions have been made for licensing net access. Finally, electronic check proposals are supposed to be traceable because those who open accounts will be identified. The readers of this list can apply what they already know about the difficulty involved in restricting net access to the analysis of these other existing and proposed restrictions. The problem with the theory of transaction blocking is that it requires millions of potential sellers of goods, services, and jobs around the world to turn away customers. Something that most people are unwilling to do. Thus, if some entity tries to control net access by restricting it to "licensed" users --- a real legal problem in the US BTW --- all that you have to do is open an account somewhere else on earth and dial out to it or use a connection via an X25 network. All the Great Enemy can do is make you spend a little more money. Eventually of course, encrypted untraceable TCP/IP sessions will be possible and domestic ISPs could -- without risk --- offer "encrypted only" pipes out to the nets. "Once you get there it's up to you what you do but we don't/can't know about it." Note that soon, millions of people will have high-speed, cable-based, full-time net access. These people will be one mouse click away from being a full-service ISP. Stick the ISP in a Box BSD CD-ROM in the drive and double-click on setup.exe. If the CD-ROM is produced by the right parties, it will automatically support encrypted TCP/IP. These millions of ISPs can offer net-access accounts right away and add dial up later for the neighbors if they feel like it. It is the vast number of vendors and the cheapness of the connection that makes it so hard to control net access. The computer and telecoms revolution has the same effect on banking and other services to which the authorities hope to block access. Thus cheap telecoms, computing power, and well-developed electronic funds transfer systems are easily turned into free banking. We all know that every node/user on the net is a potential gateway to another network (potentially of great siz