From abostick at netcom.com Thu Feb 1 00:50:12 1996 From: abostick at netcom.com (Alan Bostick) Date: Thu, 1 Feb 1996 16:50:12 +0800 Subject: NOISE: Re: The FV Problem = A Press Problem In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article , tcmay at got.net (Timothy C. May) wrote: > Interesting term, similar to Chomsky's "Manufacturing Consent" (which > obviously must've come later...). Wow, that was fast! Only two days in the FV FUD flamewar, and already someone said "Chomsky". Alan "Still holding out for 'Hitler'" Bostick - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick at netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMQ++kOVevBgtmhnpAQExSgL9FmliH59XZQdJYtSg1Ysfh2q80N8fjkuB HEAbSdf24I6m4mcaIVJPq2El/nCnrGazImBWjt85bjnNLr1w7nEafW7PTPXeU4hH NQpB6rPz1gaZC9LmWTSIULU8qYcSNgBn =6F2e -----END PGP SIGNATURE----- From msaraiva at marktest.pt Thu Feb 1 01:22:30 1996 From: msaraiva at marktest.pt (Miguel Saraiva) Date: Thu, 1 Feb 1996 17:22:30 +0800 Subject: Netscape encrypted email!! Message-ID: <01BAEFC3.C50F85E0@leon.marktest.pt> I believe the new microsoft exchange (from msdn level 3 ) also has some sort of security built in. Haven't tried yet. (It needs (?) Exchange Server for it ) >> * Integrated email - Netscape Navigator 2.0 offers full-featured and rich >> email capabilities, allowing you to both read and send secure email >> messages without launching an external email application. >I downloaded it and checked it out. But it was not clear how to use this >secure email - so it may lack something yet in user friendlyness, or I may >have just missed it. Anyway, it should be much easier to use than PGP. >Are we all going to switch to Netscape for email? Is anyone using this? >Want to tell us how? > -- -- -> Leon : Miguel Angelo Saraiva : msaraiva at marktest.pt <- -- -- -- Vince From perry at piermont.com Thu Feb 1 02:58:39 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 1 Feb 1996 18:58:39 +0800 Subject: Two bits, Four Bits, ETC In-Reply-To: <199601301853.KAA13801@well.com> Message-ID: <199601311558.KAA05088@jekyll.piermont.com> Brian D Williams writes: > Excellent point Bill! Lets not forget that IBM owns Lotus Notes, be > sure to include that in your bashing. They caved in on Lucifer > after all. ;) Lucifer isn't stronger than DES, so it wasn't a cave in. An understanding of differential cryptanalysis makes all the difference... From rishab at dxm.org Thu Feb 1 03:01:49 1996 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Thu, 1 Feb 1996 19:01:49 +0800 Subject: FV's blatant double standards Message-ID: <9601311619.AA00825@toad.com> I only just managed to go through my mail backlog and read Simson Garfinkel's original Mercury News article. I was appalled by FV's double standards in evaluating security risks. Both First Virtual and real-time transaction models (without encryption, or with it e.g. Netscape) require that the recipient not be compromised. FV relies on e-mail (domain names); Netscape relies on IP addresses. IP addresses are much harder to intercept than domain names (which can be hijacked - see my earlier posts). This essentially means that while e-mail can be mis-routed, IP packets can't. Additionally, plaintext e-mail as well as IP traffic can often be sniffed along the way. FV demonstrated, through it's "card sharp" or whatever, that real-time transactions are vulnerable to sniffers on the recipient's own machine. Of course. We all knew that. But the mistake is to assume that FV isn't _equally_ vulnerable to that threat. If you can write a trojan that will somehow get privileged access to my machine, trap my keystrokes, and identify my credit card number, you can certainly write one that will, sitting on my machine: "intercept the user's electronic mail, read the confirmation message from First Virtual's computers, and send out a fraudulent reply" (to quote from Simson's article). Simson further quotes FV's Lee Stein: "A single user can be targeted, Stein said, but ''it is very difficult. . . . There are too many packets moving . . . to too many different machines.''" - which is of course equally true for real-time Netscape transactions. Simply put, if there's a program sitting on your computer with privileged access, it can read your mail, hide it from you, and reply, as easily as it can read your keystrokes. Even simpler: if there's a privileged program on your machine, NOTHING IS SECURE - not SSL, not FV, not plaintext credit cards, not PGP, NOTHING. This is old hat, and FV has shown nothing new with its one-sided stunt; the only reason there has been little hype recently about card-sniffing trojans is that trojans and viruses and the rest of their ilk have being dying of exposure in the media, ever since the Internet Worm grabbed headlines years ago. Rishab From take at imasy.or.jp Thu Feb 1 03:18:30 1996 From: take at imasy.or.jp (Hayashi_Tsuyoshi) Date: Thu, 1 Feb 1996 19:18:30 +0800 Subject: PGP commercial usage Message-ID: <199601311439.XAA08161@tasogare.imasy.or.jp> At 0:43 PM 96.1.31 +0000, Dave Roberts wrote: >I have read and reread the documentation that is included with the PGP >distribution (although my copy is over a year old now), and am still >trying to work out if commercial use of 2.6ui is allowed outside the USA. > >Could someone elaborate for me, or perhaps point me to some up to date >reference documentation. Few days ago I found good page for it. http://www.ifi.uio.no/pgp/FAQ.shtml#License This page said that: + Can I use PGP 2.6.3i for commercial purposes? + + Yes, you can, but you need to buy a separate license for the IDEA algorithm used in + PGP. (RSA is not patented outside the US, so you don't need a license for this + algorithm.) IDEA licenses can be purchased from Ascom Systec AG in Switzerland. + (The licensing of the IDEA algorithm was formerly administrated by Ascom Tech, but + this responsibility has been transferred to Ascom Systec. Please, do not contact + Ascom Tech about this matter!) The fee is charged on a per-user basis as follows: # Sorry, this is about 2.6.3i, not 2.6ui. P.S. Now I'm studying MacPGP... - Tsuyoshi Hayashi --- hayashi at scs.sony.co.jp is no longer valid. --- Please update to take at imasy.or.jp From frissell at panix.com Thu Feb 1 03:36:31 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Feb 1996 19:36:31 +0800 Subject: France to push for international net legislation Message-ID: <2.2.32.19960201111157.009bffd4@panix.com> At 11:27 PM 1/31/96 -0800, sameer wrote: >> I guess Declan M. won't be visting France or any of the other EU countries >> any time soon! > > That reminds me of a question-- > > If, for example, Germany decides that my company is in >violation of their laws for mirroring the Zundelsite, will they send >us a letter saying that, so we know not to go to Germany? Don't worry. If you actually *read* the Zundsite materials, you find out that the guy who was busted in Denmark and sent to Germany just jumped bail and is in Florida. No prob. The German penal system is a joke. DCF From jwz at netscape.com Thu Feb 1 03:38:09 1996 From: jwz at netscape.com (Jamie Zawinski) Date: Thu, 1 Feb 1996 19:38:09 +0800 Subject: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) In-Reply-To: <310E0EBE.30FD3BCC@netscape.com> Message-ID: <31109E96.4276446A@netscape.com> Jeff Weinstein wrote: > > I think that you are misinterpreting the intent of Jamie's posting, > but I will let him defend himself. Well I'm not particularly interested in arguing about this further (and I suspect this is true of most people reading this too :-)) but my point was: Nathaniel and crew have implemented the easy part (a tiny fraction) of a program which would successfully capture some large number of credit card numbers. Nathaniel thinks that what I'm characterizing as a tiny fraction of the work (the keyboard sniffer and pattern recogniser) is *most* of the work, and "demonstrates" the attack. I said that they have demonstrated nothing without some proof that combining this with an infection vector would yield the desired result, because I don't think that infecting some vast number of credit-card-using computers is any small task; whereas, Nathaniel says (or at least strongly implies) that it's trivial (or so close to trivial that it can be taken as a given.) Nathaniel said: > As I see it, we have implemented every part of the attack that we can > implement without doing anything that is either unethical or illegal. It's far from clear that you need to do something unethical or illegal to prove that coupling it with an infection vector would be effective. For example, you would no doubt agree that evesdropping on some unsuspecting user's transaction on an exportably-crippled SSL connection would be immoral. But it wasn't necessary to do anything immoral to demonstrate conclusively that such an attack was possible. It just required a little creativity, and a lack of handwaving. > Is it your position that no systematic flaw in your security is real > until someone has actually broken it? Of course not. You don't have to actually break it to show that it's possible. Of course, you *do* have to show the likelyhood of success and effort required to pull it off as well before it's interesting at all, whether it's theoretically possible or not. == Jamie From pg at viaweb.com Thu Feb 1 05:39:24 1996 From: pg at viaweb.com (Paul Graham) Date: Thu, 1 Feb 1996 21:39:24 +0800 Subject: your bogus post Message-ID: <199601302249.RAA06492@tintin.uun.org> marketing works, and companies have to use it to stay profitable. I would not mind if fv made bogus claims in their press releases. People expect that in press releases. But I think that they should keep their press releases on their web site, where we can ignore them, instead of disguising them as "discoveries" in netnews. So, what do you think of their product? No client or potential client of our online mall has ever asked us to implement fv payment. Everyone seems happy with credit cards. I think that the people at fv could see what was happening, and this ill-considered post was a desparate attempt to make everyone take fv seriously. In my case it had the opposite effect. -- pg From eli at cs.cmu.edu Thu Feb 1 05:43:29 1996 From: eli at cs.cmu.edu (Eli Brandt) Date: Thu, 1 Feb 1996 21:43:29 +0800 Subject: Apology and clarification In-Reply-To: <+cmu.andrew.internet.cyclists+0l3TCU200UfA00z5cl@andrew.cmu.edu> Message-ID: In a nutshell: FUD Virtual's press release glosses over the hard part of the attack -- distribution and collection. Yes, the credit-card system is broken as designed, but that's already reflected in its cost structure. The proposed attack will never make up a significant fraction of credit-card fraud. You know, FV should put out a press release warning that all encryption-based payment systems are insecure, due to the threat of the proposed "Chinese-lottery virus". Bet you could get the Times to print it... In article <+cmu.andrew.internet.cyclists+0l3TCU200UfA00z5cl at andrew.cmu.edu>, Nathaniel Borenstein wrote: >When you put all four of these together, you have an attack that IS new, >in the sense that nobody we know of has ever mentioned it before, Who would bother? Ask yourself if you'd have been quite so excited about this "new attack" if you were just Nat Borenstein, private citizen, with no financial interest in a competing technology. >and which could in fact be used by a single criminal, with only a few >weeks of programming, to tracelessly steal MILLIONS of credit cards, >if software-encrypted credit-card schemes ever caught on. You wave your hands and say that "consumer machines are insecure", but I don't think you have any conception of what it would take to get your trojan onto "MILLIONS" of machines. There is no historical precedent for such an attack (no, Ping-Pong and Stoned don't make the cut). Your suggestions of such things as rogue GIF viewers aren't even in the ballpark. What fraction of the victims will expose their credit card numbers? what fraction will notice your trojan and warn against it? The ratio has to be very, very large. >and get them back to the program's author by non-traceable >mechanisms. I didn't see the part where you explain how this works, either. >If not, I think it's worth noting that this fact was previously >completely unknown to the bankers and businessmen who are putting >large sums of money at risk on the net. The only way to get the >message to those communities is with a very visible public >announcement of the kind you saw yesterday. You wouldn't have shot your reputation so badly if you weren't so damned disingenuous about the whole thing. Paragraphs like the above really irritate me. -- Eli Brandt eli+ at cs.cmu.edu From declan+ at CMU.EDU Thu Feb 1 06:01:26 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 1 Feb 1996 22:01:26 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" In-Reply-To: <199602011002.CAA25917@infinity.c2.org> Message-ID: Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about D.. by Just Rich at c2.org > I disagree. It is clear to me that there is absolutely no cloud hanging > over us. If any German court tried to press charges against me for > posting Zendel's materials, they'd be laughed across the Argonne. Most > mainstream Jewish groups *love* me right now. > > I find it curious, and I am beginning to get a little annoyed, that my > name is rarely mentioned, though I set up the first mirror, and Declan got > the files from me. So you're getting pissy that you're not The Only Zundel Mirror. Big fucking deal. Get over it. The more the better. I find it telling that you wrote me mail demanding that I alter my web pages to your satisfaction or you'll smear me in the press, since your web site (you informed me) is going to be featured in the next issue of TIME, Internet World, and the San Francisco Chronicle. Hey, guy, kudos to you. Glad to hear it. Smear the fuck away. > I am very annoyed that Declan has not responded to repeated requests to > remove the cleartext "Stanford University" from the parts of his Web site > that mention me. Of course the stanford.edu, or at least net 36.190, will > remain in the URL, but there is no reason that the link text could not say > "Rich Graves' mirror." First Declan sent me mail saying he would respect > my wishes, but he didn't. Let's get the facts right and ignore Rich's distortions. I wrote: "I'll honor your wishes and take your full name off." I did *not* write that I'd take Stanford's name off the pages. I did take your full name off, as I said I would. The point of mentioning universities by name is to point out that to restrict web access to a university site, Germany will have to cut of *all* web access to that university. (Or at least to that hostname.) (BTW, I did give you credit for supplying much of the Zundelschtuff: http://www.cs.cmu.edu/~declan/Not_By_Me_Not_My_Views/censorship.html) > Then a friend of mine reminded Declan of my > request, and Declan responded with abuse. Your friend, Haggai Kupermintz, sent me unsolicited email demanding to know why I didn't act on a request that was sent earlier that day. I have better things to do than leap on every demand I get, so I flamed him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If you don't want to be "abused," don't send me demands in unsolicited email. (I'm glad for the sake of other "abusers" at Stanford that your school's speech code was struck down by a California court last year.) > Declan wants me to believe that this disclaimer is enough: > > "Please note that the > existence of a web site at any particular institution does not > in any way imply endorsement. Universities and businesses > do not take responsibility for what their community members > or customers place online." > > This is clearly untrue when the person in question is a staff member, as I > am. Were I still a student, then I could more legitimately say that I'm a > student at Stanford, and that I have the academic freedom to post whatever > I want; but as someone who now merely works for a living at Stanford, I do > whatever I want by the (very) good graces of my (very good) employer. I don't follow. In what way is that disclaimer untrue? You *do* represent Stanford? The concept of academic freedom doesn't apply to staff members? If that's true, you do have a point. > > In Declan's case, I suspect France wants him for the Mitterand book and > > France doesn't want anyone for the Mitterand book, which was not, in > fact, criminally banned. It was censured, not censored, in a civil trial. > Declan is distorting the facts to suit his ego as Mr. Anti-Censorship. I've never claimed to be Mr. Anti-Censorship. I've been trying my best to resist certain specific censorship attempts for the last few years, and I've even met with some limited success. Does the ego good and all. > I find this breast-beating hype embarrassing and dishonest, and I am > seriously beginning to regret giving the Zundel files to Declan. Had I > known what he was going to do with them, and how he was going to behave, I > would have retained closer control. Oh, spare me. You posted to cypherpunks that the files were available via AFS, so I snagged them. You didn't "give" them to me any more than I "gave" people the Zundelhausenfiles if they FTP 'em from my account. How can you "retain closer control" over files that are publicly available on the web? You can make them more difficult to get, I suppose, but I think that defeats the purpose and is a simply fascist thing to do -- if the purpose is to make them available anyway. Hell, your files were out-of-date, so I had to go back to the Zundelsite anyway. > One mirror site was enough. The German providers would not have blocked > stanford.edu had it remained the only mirror site. The President of > Stanford, Gerhard Casper, is a recognized constitutional scholar from > Germany. The Stanford Provost, Condoleezza Rice, was one of the two or > three people most responsible for the Bush Administration's policy > towards German Unification. Dozens of Stanford students have studied in > Berlin. One mirror site may have had a limited effect, but more mirror sites have a more significant effect. The press likes a local angle, and local mirrors are giving them just that. I put a reporter from the Boston Globe in touch with the UMass mirror operator, and a reporter from the Philadelphia Inquirer in touch with the University of Pennyslvania mirror operator. I'd love to see mirrors in every major city for greater coverage in every major paper. If you don't understand that concept, you don't understand the way the media works. > Had they blocked stanford.edu, or had they gotten through to Stanford and > somehow gotten Stanford to force me to take down the pages, then we would > have set up more mirrors. I would have started, and maybe stopped, > by setting up mirrors on c2.org and netcom.com. Graduated response. As I've told you in email, I disagree. This is the first time a Western government has tried to do something like this, and a strong (not a mild or "graduated") response is necessary. If there were just one mirror, I can see the German prosecutors cutting off access to that one too. Sure, we can put up more and more, but if the German government starts along the path of blocking sites one-by-one, it may be difficult for them to back down, and we're faced with a pitched battle. That's why a strong initial showing is necessary, to demonstrate to them the futility of censoring the Internet. So Rich, answer me this: "What articulable and demonstrable harm have additional mirror sites done, besides hurt your ego?" > This is ludicrous. I expect better from you. I'm a big fan of Tim's, and I think that while he may have been jesting, his comments have a serious undertone. I don't really expect to be locked up for the rest of my life in a German cellblock, but harassment at entry/exit points is possible. Perhaps probable, given that other "distributors" of Neo-Nazi spew have experienced just that. > Ernst Zundel is a lying Nazi asshole who wants you to believe that there > is a Global Jewish Conspiracy to censor him. Fuck him. Yep, exactly. The more you know about Mr. "UFOs in Antarctica," the better you can do the job. > Declan, if you don't fix up your page the way I want it by morning (please > not that you have three more hours of morning than I do), I will post a > modified (spell-checked) version of this note on my Web page, to > alt.censorship, and to your "fight-censorship" mailing list. Please send me in private email (or post it here if you really want) exactly what you want me to change. Rich, by now I suspect you've seen this joke, but what the hell: Q: What's a left-wing firing squad? A: Everyone stands in a circle and shoots at each other -Declan From weidai at eskimo.com Thu Feb 1 06:02:32 1996 From: weidai at eskimo.com (Wei Dai) Date: Thu, 1 Feb 1996 22:02:32 +0800 Subject: Revisitting Blum-Macali "digital signatures" In-Reply-To: <199601291842.NAA27974@metlab1.my.mtu.edu> Message-ID: On Mon, 29 Jan 1996, Paul E. Campbell wrote: > There was some discussion on Usenet a while back about doing "digital > signatures" with the Blum-Macali public key method. > > Briefly, Blum-Macali relies on the BBS generator to generate a "one-time pad". > And the pad can be reversed by taking repeated square roots on the random > number seed (assuming you know the factorization) to get back to the starting > seed. > > So, the author suggested that one calculate a digest of the message, call it > D. > > Then the author suggested that one calculate D^(1/2), as per the Blum-Micali > method. > > Then he goes on to do the signature check by checking whether or not > > D^2 == X^4 > > where X is the "signature". > > I understand that there is some sign ambiguity involved in calculating square > roots mod B where B is a Blum integer (that causes 4 possible roots). And > that's the source of ambiguity problems in Rabin digital signatures, but if > the Blum-Micali public key method works, then this sign ambiguity shouldn't > exist (because they define a SPECIFIC root to use), and the method can be > simplified to simply calculating D^(1/2) and the check is simply D==X^2. > > What am I missing here? Let me see if I understand you correctly. The scheme you describe says to calculate X=(D^2)^(1/4) as the signature and check D^2==X^4 for verification. You are wondering why you can't just calculate Y=D^(1/2) as the signature and check D==Y^2 for verification. The problem here is that some D's don't have square roots. For a Blum integer n, only 1/4 of the numbers between 1 and n-1 have square roots mod n (they are called quadratic residues mod n). For a D that is a quadratic residue, the X and Y above are equal. But for a D that is not a quadratic residue, Y can't be calculated. X can still be calculated in this case, but X^2 != D. Wei Dai From ponder at mail.irm.state.fl.us Thu Feb 1 06:04:30 1996 From: ponder at mail.irm.state.fl.us (pj ponder) Date: Thu, 1 Feb 1996 22:04:30 +0800 Subject: Visa & MC Std Message-ID: <199602011325.AA30614@mail.irm.state.fl.us> just heard this on NPR Friday am on the east coast of NA. http://www.nytimes.com/library/cyber/week/0201internet-safety.html February 1, 1996 Group to Unveil Industry Standard for Electronic Payments ---------------------------------------------------------------------- Forum Join a discussion on Computers and Society: On-Line Economics. ---------------------------------------------------------------------- By JOHN MARKOFF AN FRANCISCO -- Hoping to remove a major impediment to credit card transactions over the Internet, a business group led by Mastercard International and Visa International plans to announce an industry-standard technology Thursday for protecting the security of electronic payments. The new technical standard brings together previously warring camps -- one led by the giant Microsoft Corp., the other by an Internet software upstart, Netscape Communications Corp. The standard, which industry executives expect to go into commercial use before the end of the year, is intended to give merchants of goods and services in cyberspace the convenience of a single, universally employed means for protecting the privacy of on-line credit card transactions. And for customers, the new technology promises a much higher level of security for electronic purchases than has previously been available on the Internet. The new approach "is more secure than the system in use in the physical world in which you give your card to a waiter in the restaurant," said Mark Greene, vice president for electronic payments for the Internet division of IBM, which is one of the companies endorsing the new standard. To the extent that the end of this technology face-off gives a lift to electronic commerce, Netscape can only benefit, since it is the provider of the leading software used for "browsing" the Internet's World Wide Web and for conducting on-line transactions on the Web. Netscape is already on a financial roll, announcing fourth-quarter revenue Wednesday that was nearly double the level of the previous quarter and profits that exceeded analysts' expectations. "This will make it a lot easier for consumers to buy and sell things electronically," said Taher Elgamal, chief scientist of Netscape. "We won't have to face the issue of competing standards." Netscape will be working to incorporate the new technology into its Navigator Web-browsing software. Microsoft, in turn, will be adding the technology to its Explorer software, which competes with Netscape's Web browser. The software standard, called Secure Electronic Transactions, or SET, will permit a user to send a credit card account numbers to a merchant in a scrambled form. The scrambled number is supposed to be unintelligible to electronic eavesdroppers and thieves -- and even to the merchants receiving the payment. But a special code is supposed to enable the merchant to check electronically and automatically with the bank that issued the credit card to make sure that it is a valid card number and that the customer is the authorized user of the card. The number-scrambling part of the system is based on a well-known and widely used national software standard known as the Data Encryption Standard. Besides being added to Netscape's and Microsoft's Web browser, the SET technology would need to be incorporated into Internet server computers -- the machines that function as storage terminals and gateways that individual users' computers interact with on the global computing network. Testing of SET will begin this spring, according to Dick Lonergan, executive vice president of Visa, who said that commercial service was expected to begin late this year. Currently, many powerful types of encryption technology are barred from export because the government fears that foreign enemies or terrorists may be able to conspire electronically. But the new credit card security standard will not be subject to such strictures, its developers said, because it is designed to protect only financial information -- not electronic messages or other types of computer documents. In addition to Mastercard, Visa, IBM, Microsoft and Netscape, the other big organizations endorsing the new SET standard include GTE Corp. and Science Applications International Corp., a technology and military consulting business. Two other backers include Terisa Systems Inc. and Verisign Inc., both Silicon Valley companies that have developed some of the underlying technology for the SET standard. Last September, Microsoft and Visa together proposed a security standard known as Secure Transaction Technology, which would have competed directly with a system being developed by a group led by Mastercard, IBM and Netscape. Shortly afterwards, however, Visa and Mastercard -- the two largest credit card associations -- said publicly that they would pursue a single standard to avoid forcing merchants and consumers to choose between competing technologies. "We took the best of both technologies," said Edward Hogan, senior vice president for electronic commerce at Mastercard International. "There was a blip in the road, but both associations realized that their memberships wanted a single standard." Home | Sections | Contents | Search | Forums | Help Copyright 1996 The New York Times Company ---------------------------------------------------------------------- From dm at amsterdam.lcs.mit.edu Thu Feb 1 06:18:44 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Thu, 1 Feb 1996 22:18:44 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: <310E7DAE@hamachi> Message-ID: <199602010938.EAA20003@amsterdam.lcs.mit.edu> > Changing the subject doesn't change the point. Your announcement implies > that users are liable, and that is incorrect. This is misleading, and in > my view, reprehensible. This was the point of my post. The fact that > the fraud is traceable when detected should have been self evident. I think there is an even stronger point to be made. We can be relatively sure that VISA is not going to go out of business any time soon. On the other hand, if an E-mail intercepting virus lost FV tons of money, FV might conceivably go belly up sticking their customers with the bill. With FV, there might indeed be a risk to the user. David From dm at amsterdam.lcs.mit.edu Thu Feb 1 06:18:51 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Thu, 1 Feb 1996 22:18:51 +0800 Subject: Domain hijacking, InterNIC loopholes In-Reply-To: <9601301819.AA00964@toad.com> Message-ID: <199602010926.EAA19923@amsterdam.lcs.mit.edu> I don't think Domain hijacking is a terribly big threat. First of all, the modification process insn't fully automated. Second of all, it takes several weeks for the changes to go through. Before the changes go through, the internic sends out mail to a bunch of people, including all previous administrators and administrators of all domains which contain old or new nameservers. Thus, I'd say the domain modification process is slightly more secure than First Virtual :-) :-) :-). It relies on the security of the network routers and existing nameservers, and requires one or more active attacks or viruses to defeat. Probably your best is to wait for as many as possible of the relevant sysadmins to go on vacation, and then mail-bomb them rest so hard they end up not reading all of their real E-mail. Then again, there's always the possibility that the domain administrator knows how to use procmail... David From declan+ at CMU.EDU Thu Feb 1 06:20:04 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 1 Feb 1996 22:20:04 +0800 Subject: Declan appearing on "Europe's Most Wanted" In-Reply-To: Message-ID: <0l4AOdC00YUrE1PsVc@andrew.cmu.edu> Excerpts from internet.cypherpunks: 1-Feb-96 Declan appearing on "Europe.. by Timothy C. May at got.net > The situation with Declan, Sameer, Duncan, and others, is even less clear. > Things are moving much faster now that the Net is the means of > distribution. I was of course half-joking about Declan visiting Europe, but > surely France could decide to throw the book at him, and any EU country he > entered (such as Ireland, judging from his name) could hold him at their > entry point and ship him off to France to "set an example." Tim, you really know how to scare a fellow with this Subject: line this early in the morning! My take on the situation, from cyberia and WELL discussions, is that if a book is banned under French law, it may be difficult to sue for copyright violations. (Intuitively, this sorta makes sense. If you are *unable* to sell it, what damages are there?) Also, international law would require that the copyright holder sue in my local U.S. court. I have not heard from either the publisher or author, even though French ISPs have linked to my page and it's been getting a decent amount of traffic. Interestingly, almost all the comments I've received have been positive -- only two negative responses, including one email bombing attempt. I would be interested to know what the publisher and author's perspectives are on this. Reports from France indicate that the publisher, Plon, is *not* going to sue the guy who first put it online. > In Declan's case, I suspect France wants him for the Mitterand book and > Germany wants him for the Zundelsite mirrors. The lesser European countries > will of course follow their leads. I'm not too worried about France, but I'm having second thoughts about Germany. Let's just say I'm not planning a vacation there anytime soon. :) > Seriously, Declan, I admire what you've done, but I hope you don't plan to > leave the U.S. for Europe anytime soon. Thanks, Tim. I haven't actually spoken to my attorney (the former head of the local ACLU) about this, and perhaps I should have. *sigh* He'll probably yell at me for getting involved in yet another controversy... -Declan From jimbell at pacifier.com Thu Feb 1 06:27:27 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 1 Feb 1996 22:27:27 +0800 Subject: Time codes for PCs (fromn German Banking) Message-ID: At 11:42 PM 1/29/96 +0100, JR at ROCK.CNB.UAM.ES wrote: >From: SMTP%"jimbell at pacifier.com" 27-JAN-1996 03:43:05.83 > >>A peripheral I've long wanted to see, commonly available: ACCURATE time, >>broadcast to the millisecond/microsecond/nanosecond, available from sources >>as varied as TV VIR's, FM subcarriers, and other sources, available as an >>easy input (via a peripheral card) to a computer. >> > Yup! Do you think it is really possible? If I remember well >speed of light is 300.000 Km/s. That means that light takes around >1 ms. to cover 300 Km. If you use a satellite, antenna, whatever >to broadcast a timing signal, the accuracy will depend on when >do you receive it, and that in turn on your distance from the >source. I am well aware of the facts you indicate, and many more of which you aren't even aware. But one of the functions (in fact, the basic, intended one) of GPS is to locate, as precisely as possible, the exact location of the receiver. Thus, time delays can be compensated to the accuracy of the location fix, at the very least. If we assume 100 meters error, max, that's about 300 nsec error. (GPS receivers AUTOMATICALLY compensate for such delays!) >>I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, >>and had the foresight to install it with its computer interface option. >>(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, >>containing "exact" time.) >> > Just remember that the best you can get would be microseconds if >you're in a 300 meter radius, or milliseconds on a 300 Km. And possibly >nanoseconds at 0.3 m. Well, this clock doesn't pretend to be better than about 5-10 milliseconds even in signal-locked condition. However, there is a dipswitch on the bottom of the unit, settable in 500 mile increments, from Boulder, Colorado. 500 miles corresponds to 3 milliseconds. Clearly this was a good device when made, but has obviously been supplanted by at least a factor of 1000 by GPS. > Then remains the cypherpunk part on all this: how can you >trust the *signal* your receptor receives? How do you know no one is >interferring it or sending an inaccurate or false one? Simple answer: You don't. More complicated answer: Most such devices don't merely input the time signal, but they use an accurate internal clock to maintain good time when signals go away. In fact, the best units "discipline" the local oscillator, either actually changing its frequency or at least following its errors over time. The result is that sudden errors would be noticed. A good TCXO is stable to well better than 1 ppm. > And that on a broadcast system. A system owned by someone who >you may not trust (say a private TV channel, radio or satellite). So >you may want to have several sources, and to be able to verify that >the signals you receive all come from their respective sources. Well, since "everybody" in one locale can receive a particular (local) TV channel, one solution might be to compare time with respect to the beginning of a particular scan line.. You may not trust the signal, but you know its a signal that "everybody" receives. There may be no other provision for adding time to it, but a relatively low accuracy crystal oscillator could identify particular frames, etc. > Yum! a nice problem to think about. One factor is that you >wouldn't expect changes in public sources used by sensible systems >since those could not pass unnoticed and might raise big protests. >But you still have the MITM attack to consider... From rich at c2.org Thu Feb 1 06:28:55 1996 From: rich at c2.org (Just Rich) Date: Thu, 1 Feb 1996 22:28:55 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" Message-ID: <199602011002.CAA25917@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- OK, I didn't want to sow dissension in the ranks, but this is just too much, and Declan has not given a satisfactory response to direct email. On Thu, 1 Feb 1996, Timothy C. May wrote: > At 7:27 AM 2/1/96, sameer wrote: > >> I guess Declan M. won't be visting France or any of the other EU > >> countries any time soon! > > > > That reminds me of a question-- > > > > If, for example, Germany decides that my company is in > >violation of their laws for mirroring the Zundelsite, will they send > >us a letter saying that, so we know not to go to Germany? > > The Nebraska-based neo-Nazi publisher who was picked up in Denmark and > extradited to Germany pretty much knew his actions were illegal in Germany, > but I doubt (sheer speculation on my part) he had ever been formally > notified that an arrest warrant had been issued by Germany and could be > exercised in Denmark. > > The situation with Declan, Sameer, Duncan, and others, is even less clear. I disagree. It is clear to me that there is absolutely no cloud hanging over us. If any German court tried to press charges against me for posting Zendel's materials, they'd be laughed across the Argonne. Most mainstream Jewish groups *love* me right now. I find it curious, and I am beginning to get a little annoyed, that my name is rarely mentioned, though I set up the first mirror, and Declan got the files from me. I am very annoyed that Declan has not responded to repeated requests to remove the cleartext "Stanford University" from the parts of his Web site that mention me. Of course the stanford.edu, or at least net 36.190, will remain in the URL, but there is no reason that the link text could not say "Rich Graves' mirror." First Declan sent me mail saying he would respect my wishes, but he didn't. Then a friend of mine reminded Declan of my request, and Declan responded with abuse. I do not object to the cleartext "Stanford University" because anyone is pressuring me to remove the page. Far from it; almost every personal response has been positive, and the student newspaper, at www-daily.stanford.edu, is going to run a positive story tomorrow or the next day. Rather, I object simply because I do not represent Stanford University, and it is an intellectually dishonest abuse of power to suggest in any way that I do. Declan wants me to believe that this disclaimer is enough: "Please note that the existence of a web site at any particular institution does not in any way imply endorsement. Universities and businesses do not take responsibility for what their community members or customers place online." This is clearly untrue when the person in question is a staff member, as I am. Were I still a student, then I could more legitimately say that I'm a student at Stanford, and that I have the academic freedom to post whatever I want; but as someone who now merely works for a living at Stanford, I do whatever I want by the (very) good graces of my (very good) employer. Should we have forced Marianne to state her affiliation for the TV cameras last Saturday? > Things are moving much faster now that the Net is the means of > distribution. Yes, far too fast. Otherwise good people aren't thinking about what they're doing in their glee to "fight censorship." > I was of course half-joking about Declan visiting Europe, but > surely France could decide to throw the book at him, and any EU country he > entered (such as Ireland, judging from his name) could hold him at their > entry point and ship him off to France to "set an example." Bullshit. > I suspect the U.S. never officially notified that Monterrey, Mexico alleged > drug dealer that he was wanted in the U.S., and as other kidnappings of > foreigners have shown, the U.S. feels it unnecessary to formally announce > to foreigners that they may be arrested in the U.S. (or kidnapped into the > U.S.). Thus, I strongly suspect that France will not bother to notify > Declan or Sameer or any of us that they face arrest in France (or > affiliated EU countries). > > In Declan's case, I suspect France wants him for the Mitterand book and France doesn't want anyone for the Mitterand book, which was not, in fact, criminally banned. It was censured, not censored, in a civil trial. Declan is distorting the facts to suit his ego as Mr. Anti-Censorship. I find this breast-beating hype embarrassing and dishonest, and I am seriously beginning to regret giving the Zundel files to Declan. Had I known what he was going to do with them, and how he was going to behave, I would have retained closer control. One mirror site was enough. The German providers would not have blocked stanford.edu had it remained the only mirror site. The President of Stanford, Gerhard Casper, is a recognized constitutional scholar from Germany. The Stanford Provost, Condoleezza Rice, was one of the two or three people most responsible for the Bush Administration's policy towards German Unification. Dozens of Stanford students have studied in Berlin. Had they blocked stanford.edu, or had they gotten through to Stanford and somehow gotten Stanford to force me to take down the pages, then we would have set up more mirrors. I would have started, and maybe stopped, by setting up mirrors on c2.org and netcom.com. Graduated response. Germany has in fact blocked no sites beyond webcom.com. I have the patience to wait a week for the German political authorities to wake up and smell the bratwurst. Declan is himself becoming a sort of revisionist, loose with the facts. > Germany wants him for the Zundelsite mirrors. The lesser European countries > will of course follow their leads. This is ludicrous. I expect better from you. > Seriously, Declan, I admire what you've done, but I hope you don't plan to > leave the U.S. for Europe anytime soon. This is paranoid bullshit. Most of the Jewish organizations I have talked to grudgingly applaud the Zundelsite mirrors. Some actively applaud them. The Wiesenthal Center, of course, is "different." They haven't answered email, and I haven't had time to call them. Censorship is dying, destroyed by truth. Please don't spoil the party with this paranoid bullshit. Ernst Zundel is a lying Nazi asshole who wants you to believe that there is a Global Jewish Conspiracy to censor him. Fuck him. Declan, if you don't fix up your page the way I want it by morning (please not that you have three more hours of morning than I do), I will post a modified (spell-checked) version of this note on my Web page, to alt.censorship, and to your "fight-censorship" mailing list. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMRCMdY3DXUbM57SdAQGBVgP8DOOtrKoV5bBDEICmRSlokkn91KnKdXXS 231Qv5mEWrrin9Jf8Zj80Zl/gTX/8J08s40v0vQUHi9G8It1hpzAFKz5k8lFZdTW dbcSyRMDwXz8pHvNxiGyQShZOIs1m/rnO7Z0iiuA0Y9r1+nBqeu1rQSeIyriBFUw UfWqjk8iWdk= =cODd -----END PGP SIGNATURE----- From jsw at netscape.com Thu Feb 1 06:30:38 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 1 Feb 1996 22:30:38 +0800 Subject: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards) In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net> Message-ID: <311088AC.2891@netscape.com> Nathaniel Borenstein wrote: > I should also apologize for the fact that I couldn't resist in pointing > out lots of little problems with your proposed attack, and that I'm > responding to your plan in the order you described it. This means that > we don't get to the really major flaw in your strategy towards the end, > so what comes at first will seem like nitpicking. No problem. This is how we find flaws and make systems stronger. > Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F.. > Jeff Weinstein at netscape. (2739*) > > > It would not be much harder than the demonstrated keyboard attack > > to create a hacked version of winsock that would implement an > > attack against First Virtual. If the attacker had a list of web > > pages that accept FV payments it would be very easy to collect > > the ID numbers. > > A list of stores? First of all, this attack is already amazingly > focused. Our DLL to implement the attack on credit cards is 16K, and > doesn't need to target any specific buyers, sellers, or programs. The > more complex the attack & the bigger the software, the more likely it is > to be noticed. But this is just a minor nit. Read on. A gigabyte drive has lots of corners to hide stuff. A list of the top 1000 first virtual sites would not be very large. On a windows system it could be hidden in the c:\windows\system directory, where a 100k file with an unintelligible name would not seem unusual. > > There is no need to attack the large datastream > > of keyboard input when the search can be easily narrowed. Since > > FV doesn't use encryption the attack could easily be implemented > > in winsock, making it independent of any client software. > > What's really funny (to me, at least) here and in a lot of other aspects > of the cypherpunk reaction to FV is the continuing assumption that the > choice of FV vs encryption is an either/or thing. Combine FV's Virtual > PIN mechanism with transport encryption and you've indiputably got > something that's a LOT safer than just using credit cards with > encryption, and a bit safer than our current system, too. But I know, > the correct focus here is FV's current system. So read on. > > At this point in your attack, you skip a step: You don't explain how > you correlate the FV ID to email address. This means that your attack > will ONLY work for systems where the user is always using the same PC to > web browse and read his mail. In practice, even if this is true 99% of > the time, the remaining 1% would probably cause your attack to be > detected pretty quickly if deployed on a large, automated scale. But, > for the sake of argument, let's imagine that it's true 100% of the time. > Read on. You would not send the FV ID to the "bad guys" until you saw a complete FV transaction take place. You remember the ID when you see it, but only send it after seeing the e-mail verification message. > > A version > > that infected the win95 IP stack could be quite effective. The list > > of FV accepting sites would be easily obtainable via a query of > > altavista. Since the infected system is on the internet and has > > to periodically send its results to the attacker, it could download > > an updated list of FV pages at the same time. > > Seems to me your "not much harder" claim is starting to break down here, > with an automated virus spreading itself all over the net and > downloading lists from altavista weekly. And the amount of net traffic > you're generating may make this attack a lot more quickly detected than > ours. (In fact, I imagine that if the folks at AltaVista or Lycos noted > thousands of identical searches focused on merchants accepting First > Virtual, they'd probably contact us, more out of concern for their own > load management than anything else.) But still, read on -- we're > finally coming to the good part. I guess I didn't explain this well enough. The attacker would do a single altavista query, and then broadcast it via some existing mechanism over the net. Weekly postings to some low volume junk newsgroup would do the trick. > > Attacking the e-mail verification step of the FV system could also > > be accomplished via a hacked winsock. A bit of POP3 aware code > > in the winsock could intercept the verification messages and keep > > the e-mail client from ever seeing them. It could automatically > > generate "Yes" responses for all such messages. > > OK, so you're only interested in POP3 mail tools? That's wonderful, but > there's also systems that use IMAP, systems that use raw SMTP to locally > resident message stores, and many odder things. There's also people who > get their mail through AOL, Compuserve, Prodigy, etc. There's people > who live on a PC or Mac, but who read mail on a UNIX system (e.g. many > Delphi and Netcom users). So I only get half or a third of the millions of people conducting commerce over the internet. If this stuff ever really takes off that will be plenty. > You're not going to catch all of them. Moreover, even if you say > "that's fine, we only need some of them", your attack is now dead in the > water. Why? Because you have no way of telling, in your attack virus, > what kind of technology is going to be used to read mail. This means > that your attack will inevitably, and quickly, hit some people who DO > receive the mail. Our fraud department will be quickly notified (when > the user answers "fraud" to our query, a human sees it right away) and > we'll be off to the races, collecting clues. It will be work tracking > it down, but we'll have a good shot in identifying the attack and > producing a program that helps users spot it on their system (the moral > equivalent of an anti-viral program) in less time than it would take you > to even suspect that the attack FV outlined had taken place in the world > of software-encrypted credit cards. It should be quite easy to determine what protocol a user uses to read their mail from within winsock. If we want to limit it to pop3 users, we could just keep track of connections to port 110. As noted before, if they don't use pop we don't target them. > Your attack would be caught by us relatively quickly because our model > is based not on a single fail-safe piece of security software, but on > *process* security. The overall process is multifaceted, with many > checks and balances. What if, for example, I go to someone else's > machine and use their web browser to buy something using MY First > Virtual ID? Your attack will capture my ID and allow you to try to use > it, but the email confirmation will go elsewhere, quite possibly to an > uninfected machine. When reproduced on a mass scale, this kind of thing > will be noticed pretty fast. In contrast, credit cards are a one-way > payment mechanism -- the number (and sometimes some other info typed in > close proximity) is basically all you need. Just steal that without > getting noticed and the crime is done. With the explosive growth of internet connected PCs, I think that the number of people who "surf" and read e-mail on different machines is dwindling rapidly. I am happy to skip those old guard of the internet and concentrate on the newbies who only have one computer and one account. > > I believe that FV is just as vulnerable to these types of > > attacks as any of the encryption based credit card schemes, if > > not more so. The thing that really protects FV is that it can > > only be used to buy bit, not real goods, and the bad guys don't > > generally care about stealing bits. This is also what makes FV > > not generally useful to people who want to shop over the internet. > > Actually, you're a bit behind the times. We removed that restriction > from our system a couple of months ago. There still aren't many people > using our system for physical goods, mostly because of our 91-day fund > holding period, but we have gotten the green light from our financial > partners to waive that for qualified, established merchants, once we > make a few technical changes behind the scenes. > > The fact is that our original restriction against physical goods was > never designed to protect against fraud. Rather, it was a conscious > attempt to do two things: 1) bound the risk our bank perceived in being > the first bank ever to explicitly agree to handle an Internet-based > payment system (this was mid-1994, remember), and 2) to focus the > attention of our prospective users on the situations that were in fact > reasonably well-suited to an economic model in which consumers had the > explicit option of refusing payment. Some of our sellers very quickly > realized that no matter what we said, it was straightforward to use our > system for physical goods, shipping them only after the consumer said > "yes", and we eventually changed our terms and conditions to reflect > that reality. The 91 day hold, on the other hand, WAS designed to > protect against fraud -- from the *merchant* side, which is why we have > no qualms about waiving it for qualified merchants. Well this means that an attack against First Virtual would be more interesting. > Now, actually, I want to commend you. This is as close as I've ever > seen anyone come to constructing a plausible automated attack on FV. > The IP stack is a very clever attack vector, and I honestly can't claim > to have anticipated it. However, I do think that the flaw in your > approach reinforces my belief in the importance of multi-layered > defenses. In fact, a multi-layered security strategy is the ONLY > defense against vulnerabilities you haven't thought of yet. That's the > real reason why ANY scheme based on one-way instruments like credit card > numbers is particularly hard to make secure. -- Nathaniel I still think that someone could construct an attack against the current FV system using the techniques I've described. It would be more complicated to construct than the keyboard attack but that has been proven time and again not to be a barrier. Someone who could construct the Morris worm or the year ago IP spoofing attacks could do it. I think that you may have to rethink some of your assumptions that were valid back when you designed the system, but are no longer given the current growth and changing demographics of the internet. I'd really like to see some effort spent on closing some of the more gaping holes in the underlying systems. Why should it be so easy for one program to snoop on the keystrokes directed to another? Why should it be so easy for a program downloaded from the net to patch a part of the operating system? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jsw at netscape.com Thu Feb 1 06:36:17 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 1 Feb 1996 22:36:17 +0800 Subject: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) In-Reply-To: <310E0EBE.30FD3BCC@netscape.com> Message-ID: <31108BA5.30BB@netscape.com> Nathaniel Borenstein wrote: > > Excerpts from mail.cypherpunks: 30-Jan-96 Re: Apology and clarification > Jamie Zawinski at netscape. (4170*) > > > Nathaniel Borenstein wrote: > > > > > > What we at FV have done is to demonstrate how easy it is to develop an > > > FULLY AUTOMATED attack that undermines the security of all > > > software-based credit card commerce schemes. > > > You have done no such thing. You have written *one component* of that > > attack, and the easiest part of it at that. > > > Combine it with a virus, or self-replicating worm, and demonstrate that > > it is immune to all known virus checkers, and *then* you will have > > spoken the truth when you say you have "demonstrated" anything. > > This is a particularly fascinating reaction, Jamie. As I see it, we > have implemented every part of the attack that we can implement without > doing anything that is either unethical or illegal. Is it your position > that no systematic flaw in your security is real until someone has > actually broken it? > > Actually, that position would in fact be quite consistent with your > company's earlier implicit assertion that 40-bit encryption was > sufficient (for international consumers) until somebody actually broke > it, even though everyone who understood cryptography already knew > otherwise. Actually that position would in fact be quite inconsistent with our more recent actions. For example we have implemented blinding code to protect against Paul Kocher's timing attack, even though it has not been demonstrated against any real world system. I think that you are misinterpreting the intent of Jamie's posting, but I will let him defend himself. I just wanted to say that the company takes security problems very seriously, even if there has not been an active exploit. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From rishab at best.com Thu Feb 1 07:03:45 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Thu, 1 Feb 1996 23:03:45 +0800 Subject: Declan appearing on "Europe's Most Wanted" In-Reply-To: Message-ID: <199602011430.GAA11531@shellx.best.com> > Seriously, Declan, I admire what you've done, but I hope you don't plan to > leave the U.S. for Europe anytime soon. > > --Tim I guess this sort of thing does involve extradition rules. For example, Sweden has a Nazi party, which would offend Germans, who can, I'm sure, see them on TV leave alone on the Net. Sweden's Information (or something) Ministry has said that by law anyone can start a party, but if the Nazis due something illegal (such as killing people, or threatening them) the courts will handle it. And Norway is not even _in_ the EU. Rishab From olbon at dynetics.com Thu Feb 1 07:12:51 1996 From: olbon at dynetics.com (Clay Olbon II) Date: Thu, 1 Feb 1996 23:12:51 +0800 Subject: Visa & MC Std Message-ID: At 8:25 AM 2/1/96, pj ponder wrote (much elided): >AN FRANCISCO -- Hoping to remove a major impediment to credit card >transactions over the Internet, a business group led by Mastercard >International >and Visa International plans to announce an industry-standard technology >Thursday for protecting the security of electronic payments. ... > >The software standard, called Secure Electronic Transactions, or SET, >will permit a user to send a credit card account numbers to a merchant >in a scrambled >form. > >The scrambled number is supposed to be unintelligible to electronic >eavesdroppers and thieves -- and even to the merchants receiving the >payment. > >But a special code is supposed to enable the merchant to check >electronically and automatically with the bank that issued the credit >card to make sure that it is a >valid card number and that the customer is the authorized user of the >card. The number-scrambling part of the system is based on a well-known >and widely used >national software standard known as the Data Encryption Standard. ---------------- A few psueudorandom points regarding this post: First, it seems silly to implement a separate standard that only works for the credit card number. What about the privacy of the rest of the info (what I am ordering, how much, etc.). Can (or will) this be layered with Netscape's SSL? How is this to be implemented? It sounds like the merchants will just pass the encrypted number to the credit card company. If this is the case, key management could become an issue. I suppose this could easily be implemented using public key crypto, but only DES was mentioned. If only DES is used and everyone uses the same DES key, that would be a valuable key to break! How about a MITM attack. Get the encrypted credit card #, and change the purchase amount, delivery info, etc if that is not encrypted. If there is anyone on the list with more info on this, I would love to hear it (heopfully we will hear something from Netscape, since they are quoted in the article). From what I know so far, it seems like a poor compromise. --------------------------------------------------------------------------- Clay Olbon II | olbon at dynetics.com Systems Engineer | ph: (810) 589-9930 fax 9934 Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html 550 Stephenson Hwy | PGP262 public key: finger olbon at mgr.dynetics.com Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0 "To escape the evil curse, you must quote a bible verse; thou shalt not ... Doooh" - Homer (Simpson, not the other one) --------------------------------------------------------------------------- From frissell at panix.com Thu Feb 1 07:16:34 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 1 Feb 1996 23:16:34 +0800 Subject: Let a Thousand Zundsites Bloom Message-ID: <2.2.32.19960201142442.006ee22c@panix.com> I'm sure that Rich vs Declan is exciting but I have to agree with Declan that the more Zundsites the merrier. It rarely pays to be subtle with nation states. They don't have good information processing capabilities. It helps to really hit them over the head with things. It also means more to the public if you can say "Sure the Germans banned this site but we put up a dozen copies within a few hours." It is this casual ability to defeat nation states that is the significance of the net and should be emphasized. DCF "Few Generals have ever lost a battle because they brought too many troops." From declan+ at CMU.EDU Thu Feb 1 07:18:57 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Thu, 1 Feb 1996 23:18:57 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most In-Reply-To: Message-ID: Forwarded from another mailing list. (Charles is a journalist/author...) ---------- Forwarded message begins here ---------- Date: Thu, 1 Feb 1996 09:11:19 -0500 (EST) From: Charles Platt Subject: Out of Control Rich Graves' suggestion that Declan is "out of control" is interesting. Perhaps Rich merely meant that Declan made a mistake but the subtext suggests that Declan should be in some sense marching in step, following a consensus, obeying a policy. I don't like the smell of this. In my experience, having read MUCH literature from revisionists and from organizations such as Wiesenthal and ADL, it is IMPOSSIBLE for anyone to adopt an independent or middle path without raising the wrath of those on both sides of Jewish issues. I also suggest that public statements, especially from ADL/Wiesenthal, cannot be taken at face value. For instance: > * The ADL is tracking racist sites, but the goal is to expose them and > educate the public. Anyone who believes that this is the totality of ADL activities and intentions is simply unaware of the history of the ADL. I have personally witnessed an ADL representative trying to recruit hackers to paralyze a BBS where white-supremacist materials were stored. And this I think is just the tip of the iceberg. From nobody at REPLAY.COM Thu Feb 1 07:49:20 1996 From: nobody at REPLAY.COM (Anonymous) Date: Thu, 1 Feb 1996 23:49:20 +0800 Subject: Message-ID: <199601311713.MAA12059@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMQ+jNCoZzwIn1bdtAQEgAwF+LRiwIlumqj6P2/pft8804Cbbttz3R7yL Pwd44+uUTk1SxJZePCt7O1jReYfDohTB =Ii6p -----END PGP SIGNATURE----- From rishab at best.com Thu Feb 1 08:01:19 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Fri, 2 Feb 1996 00:01:19 +0800 Subject: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards) In-Reply-To: <311088AC.2891@netscape.com> Message-ID: <199602011518.HAA22905@shellx.best.com> Jeff Weinstein wrote: > I think that you may have to rethink some of your assumptions that > were valid back when you designed the system, but are no longer given > the current growth and changing demographics of the internet. This is all getting unnecessarily complicated. As I pointed out in another post ("FV's blatant double standards") NO SYSTEM FOR SECURITY IS SAFE when one allows for recipient compromise, i.e. privileged access to a recipient's system by a malicious program. > I'd really like to see some effort spent on closing some of the more > gaping holes in the underlying systems. Why should it be so easy > for one program to snoop on the keystrokes directed to another? Easy or difficult is not the point. In DOS it's possible for any program, in Unix only for those with root access. Security fails when it is not possible to make a distinctionbetween a program that _should_ have access and one that _shouldn't_. Anyone who's tried to teach novice DOS users what to do when one of those anti-virus TSR tools complains that something is doing something it shouldn't will know how hard it is for _users_ to guard themselves. > Why should it be so easy for a program downloaded from the net > to patch a part of the operating system? I would think that most viruses are transmitted by floppy disk, even now, or by programs _intentionally_ downloaded and _intended_ to patch the OS (such as a screen blanker). The possibility of mass net-based creepy-crawlies has been remote due to the uniquely multi-platform nature if Internet protocols; they're Unix-based, but end-users have PCs. Only metaplatforms such as Java, perlCCI, Telescript could change this. Rishab ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From nsb at nsb.fv.com Thu Feb 1 08:12:57 1996 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 2 Feb 1996 00:12:57 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: Message-ID: Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. zinc at zifi.genetics.utah. (3361*) > this program is not specific to credit card numbers. it sounds like > it could have just as easily been written to watch for a login: or > password: prompt and then record everything entered after that. Yeah, but the real payoff is in the automated theft of items of value, such as credit cards. Since that's the real payoff for criminals, it's also one of the biggest practical risks to watch for. > the point is not that this can be done, the point is that users need > tools that would check for programs like this running on their > system. is fv making a 'fix' available? i would imagine a 'fix' > would be a program that would look for tsr type programs (or inits on > a mac) that do this sort of thing. That's why we've used terms like "fatal flaw" that have led to charges of overinflated rhetoric, but the truth is that THERE IS NO GENERAL WAY TO PREVENT THIS. Our program only uses standard OS hooks. There's no way to distinguish a general program of this type from a legitimate screen saver, keyboard macro package, etc. We could easily write a program that detects our demonstration program, but would good would that do? It wouldn't detect a malicious program using a similar approach. You can detect the last known attack, but not the next attack. That's why we say it is a fatal flaw for software-encrypted credit card numbers. I believe it truly is. > this is the sort of thing that crypto can help with. there should be > a site that PGP signs the programs available from their site. these > signed programs will have been testing on the appropriate system and > verified to be free of small malicious programs such as the one you > describe. alternatively, the author themselves could PGP sign the app > (this is already done) and this would be what users should d/l. Do you really believe that the average Internet consumer can be trained never to download any software before performing such checks? Do you really believe that the average Internet consumer can be trained in the proper management of his crypto keys that will make such a check meaningful? With nearly 100,000 paying customers, we're seeing first-hand what the average Internet consumer is like. We have seen customers who complain (seriously!) that they get so lost in our web pages that they have to reboot their machines. You want to explain key management to these people? > it's disapointing to see the spin put on this by fv. instead of > going with scare tactics, they could encourage PGP signatures and suggest > solutions to this problem like the ones i mentioned above. in fact, > fv could even volunteer to help set up a site where all software has > been tested and signed by someone who has had their PGP key signed by > fv, sort of an expansion of the web of trust. I'm very big on PGP signatures. In fact, the next major change scheduled in our commerce system functionality will be the addition of PGP signatures to the messages that FV sends to its merchants, which are A) the ones most worth forging, B) sent to merchants, who are more likely to be able to check them properly than consumers, and C) dependent on the integrity of only one party's keys (FV's), which will be changed VERY frequently. I don't think that a software repository site of the kind you mention will provide enough security to make credit cards on the desktop safe. It will certainly, however, make the people who use it safer than they would be without it. Having said that, I will that add we'd *love* to help set up a site like that, but we don't have deep pockets to simply fund it ourselves (yet). We'd be very interested in working with others, signing keys, providing some expertise, and so on. What you're really talking about here is an "underwriters lab" of the net. The big question is: who will pay for it? My guess is that you really have to end up having people subscribe to the site, and they'll need a safe way to pay for it. That's what we've been working on all along. -- Nathaniel From sai at comp.vuw.ac.nz Thu Feb 1 08:16:41 1996 From: sai at comp.vuw.ac.nz (Simon McAuliffe) Date: Fri, 2 Feb 1996 00:16:41 +0800 Subject: Apology and clarification Message-ID: <199601302254.LAA00347@caesar.sans.vuw.ac.nz> For those that are sick of this thread (as I am), I apologize in advance for throwing another log on the fire. I just can't help trying to get through... Nathaniel Borenstein writes: > First of all, I believe that I owe the cypherpunk community an > apology for an error in judgement on my part. The message that I [...] > Our approach combines the following four known problems into a > fatal attack: > > 1) Consumer machines are insecure and easily compromised. > 2) Keyboard sniffers are easy to write. > 3) Credit card numbers are self-identifying (they have check digits) > and can easily be extracted from a huge stream of input data. > 4) Once intercepted, small amounts of information (e.g. a cc #) > may be distributed completely tracelessly over the Internet. > > When you put all four of these together, you have an attack that > IS new, in the sense that nobody we know of has ever mentioned it > before, and which could in fact be used by a single criminal, with > only a few weeks of programming, to tracelessly steal MILLIONS of > credit cards, if software-encrypted credit-card schemes ever caught > on. You're right, the four problems you mention are known and have been for a long time, and have also been used in attacks. What you don't seem to understand is that the overall attack from the combination of these isn't new either. In many ways a credit card number, name and expiry date form a password. It's a password that the bank accepts to allow money transfers in much the same way as a computer accepts a password to allow information transfers. On this very list (amongst other places), there has been discussion of trojans and viruses for grabbing passwords, and of methods of determining what is a password and what isn't a password. In the same way you can decide if a number is a credit card number, there are heuristics you can use to determine if a user is entering a password, though often it may require more than just monitoring keystrokes. To collect expiry dates and names for credit cards, monitoring additional side information may also be useful. So I see no fundamental difference between the two, credit card numbers _are_ passwords. I myself have used precisely this technique many years ago, as I'm sure many others here have, to demonstrate security problems. The only difference is the heuristic for determining what constitutes a password in the domain you're snooping. What's more, the methods in existence before your post can be and have been built in viruses which are considerably more prolific than a trojan. Not only is your attack not new, it is less powerful that some similar attacks that predated yours. Implying credit card numbers are more valuable than passwords is dubious. There are organisations that could lose millions of dollars if their password security was compromised, but it's hard to say the same for credit cards. In this country, although I don't know about yours, I'm not even liable if somebody steals my credit card and uses it. I would consider a "credit card password" as a lesser commodity than a password for giving access to an entire computer system. [...] > So here's the factual claim, to be proven or disproven: One good > programmer, in less than a month, can write a program that will > spread itself around the net, collect an unlimited number of credit > card numbers, and get them back to the program's author by > non-traceable mechanisms. Does anyone on this list doubt that > this is true? If so, I'd like to know the flaw in my thinking, -- > I am *not* too proud to withdraw any claims that aren't true. If > not, I think it's worth noting that this fact was previously > completely unknown to the bankers and businessmen who are putting > large sums of money at risk on the net. The only way to get the > message to those communities is with a very visible public > announcement of the kind you saw yesterday. Of course this is a threat, I don't think _anybody_ will deny that, but this is not a new threat. True, the attack may not have been known to businesspeople and bankers, but there are many others areas of security they also know nothing about. Trying to claim an old invention as your own just looks like hype, PR and lies, not to mention showing a lack of knowledge which could do the reverse from what you set out to achieve. It is certainly a Good Thing for the public to know about the potential for various types of snooping, but surely it could be done in some way which doesn't make it look like you invented it. I don't think anybody here objects to the attack itself, but rather the claims you made about it and the way you communicated it. --- E-mail: sai at comp.vuw.ac.nz/sai at kauri.vuw.ac.nz +64 4 233 9427 PGP Fingerprint: 65 5B B4 6C CB 6A 65 F1 01 91 B9 FE 34 23 99 D3 PGP Key by mail, finger or from http://www.vuw.ac.nz/~sai/pgp-key.html From alanh at infi.net Thu Feb 1 08:20:49 1996 From: alanh at infi.net (Alan Horowitz) Date: Fri, 2 Feb 1996 00:20:49 +0800 Subject: Escrowing Viewing and Reading Habits with the Governmen In-Reply-To: <01I0OF2L9QGAA0UO1J@mbcl.rutgers.edu> Message-ID: > from a library's user. Thus, when I made one and got it back from the CIA's > lending library (yes, they have one), they didn't know who I was... > fortunately, given the book in question. "Petty Officer Smith, route this CP intercept over to Langley Internal Security" From sameer at c2.org Thu Feb 1 08:22:56 1996 From: sameer at c2.org (sameer) Date: Fri, 2 Feb 1996 00:22:56 +0800 Subject: France to push for international net legislation In-Reply-To: Message-ID: <199602010728.XAA09493@infinity.c2.org> > I guess Declan M. won't be visting France or any of the other EU countries > any time soon! That reminds me of a question-- If, for example, Germany decides that my company is in violation of their laws for mirroring the Zundelsite, will they send us a letter saying that, so we know not to go to Germany? -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer at c2.org From mixmaster at alpha.c2.org Thu Feb 1 08:24:37 1996 From: mixmaster at alpha.c2.org (Anonymous) Date: Fri, 2 Feb 1996 00:24:37 +0800 Subject: NoneUnix swapfile security issues... Message-ID: <199602010730.XAA09785@infinity.c2.org> I'm working on a unix application where I want to store a key in memory and don't want it to get written out to a swap file. If the key is in any of the application's memory pages, it could be swapped out at any time, and potentially left in the swap file when the computer is turned off. But, what if the program creates a pipe() and writes the key into it, then reads the key out when necessary? A pipe has a 4K buffer, but that buffer is in the kernel's memory, not in the application's pages. Could a kernel buffer get written out to a swapfile? From tcmay at got.net Thu Feb 1 08:25:18 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 2 Feb 1996 00:25:18 +0800 Subject: Declan appearing on "Europe's Most Wanted" Message-ID: At 7:27 AM 2/1/96, sameer wrote: >> I guess Declan M. won't be visting France or any of the other EU countries >> any time soon! > > That reminds me of a question-- > > If, for example, Germany decides that my company is in >violation of their laws for mirroring the Zundelsite, will they send >us a letter saying that, so we know not to go to Germany? The Nebraska-based neo-Nazi publisher who was picked up in Denmark and extradited to Germany pretty much knew his actions were illegal in Germany, but I doubt (sheer speculation on my part) he had ever been formally notified that an arrest warrant had been issued by Germany and could be exercised in Denmark. The situation with Declan, Sameer, Duncan, and others, is even less clear. Things are moving much faster now that the Net is the means of distribution. I was of course half-joking about Declan visiting Europe, but surely France could decide to throw the book at him, and any EU country he entered (such as Ireland, judging from his name) could hold him at their entry point and ship him off to France to "set an example." I suspect the U.S. never officially notified that Monterrey, Mexico alleged drug dealer that he was wanted in the U.S., and as other kidnappings of foreigners have shown, the U.S. feels it unnecessary to formally announce to foreigners that they may be arrested in the U.S. (or kidnapped into the U.S.). Thus, I strongly suspect that France will not bother to notify Declan or Sameer or any of us that they face arrest in France (or affiliated EU countries). In Declan's case, I suspect France wants him for the Mitterand book and Germany wants him for the Zundelsite mirrors. The lesser European countries will of course follow their leads. Seriously, Declan, I admire what you've done, but I hope you don't plan to leave the U.S. for Europe anytime soon. --Tim Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pjp at wane-leon-mail.scri.fsu.edu Thu Feb 1 08:55:25 1996 From: pjp at wane-leon-mail.scri.fsu.edu (PJ Ponder) Date: Fri, 2 Feb 1996 00:55:25 +0800 Subject: Visa and MC announce Thursday Message-ID: sorry about screwing up the day of the week, today is really *Thursday*, not Friday. . . . first post of the day, & so forth. My earlier message: From: ponder at mail.irm.state.fl.us (pj ponder) To: cypherpunks at toad.com Subject: Visa & MC Std Sender: owner-cypherpunks at toad.com just heard this on NPR Friday ^^^^^^ am on the east coast of NA. http://www.nytimes.com/library/cyber/week/0201internet-safety.html February 1, 1996 Group to Unveil Industry Standard for Electronic Payments p.s. went right out and bought the NY Times and the WSJ, but they didn't have any more info than what is on the nytimes.com server. [return to signal mode] From hauke at supra.kodak.com Thu Feb 1 09:00:03 1996 From: hauke at supra.kodak.com (Ron Hauke x75966 ins 114225) Date: Fri, 2 Feb 1996 01:00:03 +0800 Subject: No Subject Message-ID: <9602011608.AA00654@supra.Kodak.COM> unscribe cypherpunks at toad.com From tallpaul at pipeline.com Thu Feb 1 09:01:52 1996 From: tallpaul at pipeline.com (tallpaul) Date: Fri, 2 Feb 1996 01:01:52 +0800 Subject: The FV Problem = A Press Problem Message-ID: <199602011625.LAA17577@pipe8.nyc.pipeline.com> At 6:42 PM 1/30/96, Jonathan Rochkind wrote: >I'd say _all_ news, not just software news, is P.R. controlled, these days. >You can largely hold Edward L. Bernays, the "father of public relations" >(who just died last year) responsible for that--or the societal conditions >that allowed Bernays to do his thing. Bernays developed expertise in >"engineering of consent" turned the news into a commercialized and On January 13, 1996 I had the lead article in _Computer underground Digest_ (Volume 8, Issue 04) on the CyberAngels and how they were patrolling cyberspace against the Four Horsemen types. Rockland is certainly welcome to tell the cypherpunks list the press release(s) from which I wrote this "public relations." cc Tim May, CAF founder, chief technical officer, and media relations specialist From jirib at sweeney.cs.monash.edu.au Thu Feb 1 09:16:30 1996 From: jirib at sweeney.cs.monash.edu.au (Jiri Baum) Date: Fri, 2 Feb 1996 01:16:30 +0800 Subject: Lotus, NSA sing in same key In-Reply-To: <2.2.32.19960123150421.0067c0c0@arn.net> Message-ID: <199601300655.RAA08590@sweeney.cs.monash.edu.au> Hello cypherpunks at toad.com and "David K. Merriman" DKM wrote [reformatted]: > Article of that title in Jan 22 issue of EE Times: ... > the encrypted data. Foreign hackers will find the encrypted messages as > difficult to decrypt as a message with a 64-bit RSA key, ... ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ Wow! Jiri -- If you want an answer, please mail to . On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) From ses at tipper.oit.unc.edu Thu Feb 1 09:16:43 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 2 Feb 1996 01:16:43 +0800 Subject: short FV question Message-ID: When my CTS plays up like it has this past week, I use a Dragon dictate Voice Recognition system. Since I' Not actually touching a keyboard, does this make me secure? Simon ---- RSA - The Canadian For Butt From nsb at nsb.fv.com Thu Feb 1 09:27:24 1996 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 2 Feb 1996 01:27:24 +0800 Subject: I hate over-hyped claims Message-ID: Perception in some quarters to the contrary, I am very averse to over-hyped claims, and I would therefore like to publicly acknowledge a factual error in my previous announcement. I wrote: > The only known Internet-based solution that does not require such > hardware is the First Virtual Internet Payment system, details of which > are available at http://www.fv.com. This is not quite true, and I should have known better, but I forgot about the one other example I'd heard of. I should have said: > The only known Internet-based solutions that do not require such > hardware are the First Virtual Internet Payment system, details of which > are available at http://www.fv.com, and the GC Tech system, described at > http://www.gctec.com/. I apologize to the good folks at GC Tech for this unfortunate mistake. They are our competitors, but that does not mean we intended to make any false or misleading claims about them. I stand by all my other claims. -- Nathaniel -------- Nathaniel Borenstein Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq at nsb.fv.com From jpp at software.net Thu Feb 1 09:39:54 1996 From: jpp at software.net (John Pettitt) Date: Fri, 2 Feb 1996 01:39:54 +0800 Subject: VISA /MC Press release Message-ID: <2.2.32.19960201171228.00ccae34@mail.software.net> 10:20 PR Visa And Mastercard Combine Security Specifications For Card Transactions On The Internet Into One Standard Companies: X.MST X.VSA Move Expected to Accelerate Development of Electronic Commerce and Bolster Consumer Confidence in the Security of Cyberspace Transactions PURCHASE, N.Y. & SAN FRANCISCO, Feb. 1 /PRNewswire/ -- Addressing consumer concerns about making purchases on the Internet, MasterCard International and Visa International joined together today to announce a technical standard for safeguarding payment card purchases made over open networks such as the Internet. Prior to this effort, Visa and MasterCard were pursuing separate specifications. The new specification, called Secure Electronic Transactions (SET), represents the successful convergence of those individual efforts. A single standard means that consumers and merchants will be able to conduct bankcard transactions in cyberspace as securely and easily as they do in retail stores today. The associations expect to publish SET on their World Wide Web sites in mid-February. Following a comment period, the joint specification is scheduled to be ready for testing in the second quarter of 1996. Visa and MasterCard expect that banks will be able to offer secure bankcard services via the Internet to their cardholders in the fourth quarter 1996. Participants in this effort with MasterCard and Visa are: GTE, IBM, Microsoft, Netscape Communications Corp., SAIC, Terisa Systems and Verisign. Also, SET will be based on specially developed encryption technology from RSA Data Security. "This is the first step in making cyberspace an attractive venture for banks and merchants. A single standard limits unnecessary costs and builds the business case for doing business on the Internet," said Edmund Jensen, president and CEO of Visa International. "Further, our work with MasterCard demonstrates our unwavering commitment to address the needs of our member financial institutions and their merchants and cardholders." H. Eugene Lockhart, CEO of MasterCard, said: "MasterCard has viewed one standard for secure card purchases on the Internet as a critical catalyst for electronic commerce because it bolsters consumer confidence in the security of the electronic marketplace. A single standard has always been our objective because it is in the best interests of not only consumers, but also merchants and financial institutions worldwide. We are glad to work with Visa and all of the technology partners to craft SET. This action means that consumers will be able to use their bankcards to conduct transactions in cyberspace as securely and easily as they use cards in retail stores today." The card associations will separately test SET with consumers, merchants and financial institutions. A joint interoperability test will be conducted after the individual tests to ensure SET, where necessary, operates as smoothly as the point-of-sale system used today. Upon conclusion of the tests, an updated version of the specification will be published for software providers. MasterCard's Web address is http://www.mastercard.com. Visa's Web address is http://www.visa.com. MasterCard International Incorporated is a global payments company that provides consumer credit, debit and other payment products in partnership with 22,000 member financial institutions worldwide. MasterCard's family of brands, MasterCard, Maestro and Cirrus, represent approximately 300 million cards in circulation, and over 13 million acceptance locations, including 243,000 MasterCard/Cirrus ATMs worldwide. MasterCard's pioneering work in the areas of transaction processing and delivery systems continues to revolutionize the way consumers pay for goods and services. Headquartered in the San Francisco Bay Area, Visa is the world's largest payment system. It plays a pivotal role in developing and implementing new technologies that benefit its 19,000 member financial institutions and their cardholders, businesses, governments and the global economy. Visa's 442 million cards are accepted by more than 12.2 million merchants worldwide. Visa/PLUS is the largest global ATM network. /CONTACT: David Melancon of Visa International, 415-432-2427; or Dorea Smith of MasterCard International, 914-249-1421/ 10:00 EST John Pettitt, jpp at software.net VP Engineering, CyberSource Corporation, 415 473 3065 "Technology is a way of organizing the universe so that man doesn't have to experience it." - Max Frisch From frissell at panix.com Thu Feb 1 09:41:31 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 2 Feb 1996 01:41:31 +0800 Subject: Anonymous Interview Message-ID: <2.2.32.19960201170657.006d9ebc@panix.com> "Anonymous" the author(s) of "Primary Colors" (the Clinton Campaign novel) conducted an interview with a Time Magazine writer using his/her/their agent's online account. A demonstration that borrowed accounts can overcome account ID control attempts. DCF From erc at dal1820.computek.net Thu Feb 1 09:57:14 1996 From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin) Date: Fri, 2 Feb 1996 01:57:14 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: <310D9904.4487@netscape.com> Message-ID: <199601300416.XAA23931@dal1820.computek.net> > > >It's considerably more than that. Please read on. > > > > No, Nathaniel, it is not. You watch keystrokes and record the ones you're > > interested in. This technique has interesting possibilities, but all your > > PR screaming won't make it anything more than what it is. > > > > How interesting are these possibilities? It's hard to say. > > I'll bet they could get a patent on it... There's probably some > money to be made with that approach. Oh, shit. Don't give them any ideas ;) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/digital pager 800/558-3408 SkyPager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi "Past the wounds of childhood, past the fallen dreams and the broken families, through the hurt and the loss and the agony only the night ever hears, is a waiting soul. Patient, permanent, abundant, it opens its infinite heart and asks only one thing of you ... 'Remember who it is you really are.'" -- "Losing Your Mind", Karen Alexander and Rick Boyes From jwz at netscape.com Thu Feb 1 09:57:27 1996 From: jwz at netscape.com (Jamie Zawinski) Date: Fri, 2 Feb 1996 01:57:27 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: <9601300006.AA15845@sulphur.osf.org> Message-ID: <310D9904.4487@netscape.com> Rich Salz wrote: > > >It's considerably more than that. Please read on. > > No, Nathaniel, it is not. You watch keystrokes and record the ones you're > interested in. This technique has interesting possibilities, but all your > PR screaming won't make it anything more than what it is. > > How interesting are these possibilities? It's hard to say. I'll bet they could get a patent on it... There's probably some money to be made with that approach. == Jamie From futplex at pseudonym.com Thu Feb 1 09:59:49 1996 From: futplex at pseudonym.com (Futplex) Date: Fri, 2 Feb 1996 01:59:49 +0800 Subject: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling) In-Reply-To: <199601300335.WAA20456@dal1820.computek.net> Message-ID: <199601300412.XAA23037@opine.cs.umass.edu> -----BEGIN PGP SIGNED MESSAGE----- (sorry, no discussion of FV or pleasant coffee aromas in this message) Tim Philp writes: > I have been wondering about the possibility of using a JAVA applet to do > keyboard sniffing. As I am not familiar with this language, does anyone > know if this would be possible? If you are running a broken or Trojan interpreter or class loader, then you're probably sunk regardless, because it can execute whatever deleterious code it wishes. (I say "probably" because I suppose you might have some separate watchdog program monitoring the actions of the interpreter. But ultimately that's just part of an infinite regress: the watchdog could also be compromised, etc. ad infinitum.) The I/O class libraries don't offer calls anywhere near as deep as the hardware keyboard interrupts. About all you can do is read a byte or a line of input, as in any common programming language, but that's different than surreptitiously reading bits when they are read as input by some other program. I don't see how you could build a keyboard sniffer in Java unless you could somehow trick the interpreter into feeding an input stream to an additional process. Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops up an innocuous dialog box and asks you to enter some sensitive piece of information, then sends it off somewhere. About all it takes to write that is a modicum of skill in user interface design. You could write it in any programming language, but in Java it may be particularly effective, since people may come to expect to be prompted for sensitive info over the net by Java apps. Maybe the Java folks who just left Sun decided to seize the opportunity ;> Futplex -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQ2afinaAKQPVHDZAQFfkAf/SKDoP6D8BvbBPBScMTS5t51k6n4uI9KJ AcmIFxheQzpWcJd0qh1Vo2OClHmgWWUbekWsNcC9vfWPMqcQTju+DFc+/ncbg7PQ F4dTgRm2pIVs70lsTd8hFaAauAagqmuEzyhYXv3XGT/gdMuSOJ/z84cp/yK0VpdQ N0UpsONTjarx9DIvun14x8UU77SqXgvOz0F/n309TiLkVYSNBsUzk7ub6hdk4Q1a ay/8rP6m7ZqpFTWXKGmPjUne7gfX0VmJPcePB5d9hr585e/0oCgCWHg40kfUJnOs MRrj7ot86yGEVEdR3ykmEo5XoFD1WxuvXpdDq5EwR3QvtNyTfMh/Ew== =1j5R -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Thu Feb 1 10:01:14 1996 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Fri, 2 Feb 1996 02:01:14 +0800 Subject: "German service cuts Net access" (to Santa Cruz) In-Reply-To: <4ejdoq$ppt@jyusenkyou.cs.jhu.edu> Message-ID: arromdee at jyusenkyou.cs.jhu.edu (Ken Arromdee) writes: > >Is it constitutionally protected in US to knowingly hurt other > >people's feelings and to trample on graves????? > > Yes. Free speech for the nonoffensive is not free speech at all. A couple of years ago I'd probably howl about the hypocricy of one of Serdar's chief censors daring to utter the words "free speech" in public, but this time I simply laughed for a few minutes. Thanks, Ken. ObCP: I've been encouraging the descandants of Serdar to make use of cpunk remailers. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From erc at dal1820.computek.net Thu Feb 1 10:04:23 1996 From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin) Date: Fri, 2 Feb 1996 02:04:23 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: Message-ID: <199601300255.VAA17086@dal1820.computek.net> [general back-patting hysterical text elided] > Our basic approach was to write a computer program that runs undetected > while it monitors your computer system. A sophisticated version of such > a program can intercept and analyze every keystroke, mouse-click, and > even messages sent to your screen, but all we needed was the keystrokes. > Selectively intercepted information can be immediately and secretly > transmitted via Internet protocols, or stored for later use. "Sophisticated"? Any first-year comp sci student could do the same. Hooking into the keyboard interrupt is child's play. Reading the display memory is even easier. Who is this guy trying to bullshit, anyway? > First Virtual's research team has built and demonstrated a particular > implementation of such a program, which only watches for credit card > numbers. Whenever you type a credit card number into your computer -- > even if you are talking to "secure" encryption software -- it captures > your card number. Our program doesn't do anything harmful with your > credit card number, but merely announces that it has captured it. A > malicious program of this type could quietly transmit your credit card > number to criminals without your knowledge. > > The underlying problem is that the desktop -- the consumer's computer -- > is not secure. There is no way of ensuring that all software installed No shit. > on the consumer's machine can be trusted. Given this fact, it is unwise > to trust ANY software such as a "secure" browser, because malicious > software could have easily been interposed between the user and the > trusted software. Uh-huh. So, no one should ever use a computer ever again, if this nonsense is to be believed... > The bottom line for consumers is that, on personal computers, Oh? So non-personal computers are secure? > INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY. We have OH-MY-GOD-PLEASE-FIRST-VIRTUAL-SAVE-ME-FROM-MY-EVIL-COMPUTER-AND-MAKE-THE- NET-SAFE-FOR-ONLY-YOUR-PRODUCTS!! > dramatically proven that security ends the moment you type sensitive The only thing that this post "dramatically proves" is that the poster is an idiot. Double for his company. Even LD was never this stupid. > information into your computer. The vulnerability lies in the fact that > information must travel from your keyboard, into your computer's > operating system, and then to your "secure" application. It can be > easily intercepted along the way. > > This kind of insecurity is very frightening, and has implications far Oh, yeah, please save me from my evil computer. Give me a break. > In short, credit card numbers are an almost perfect example of how NOT > to design a payment instrument for an insecure public computer network > such as the Internet. Unless, of course, you use *our* products, services, etc. > DETAILS: HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS > > First Virtual's demonstration credit-card interception program, once > installed, observes every keystroke that you type, watching for credit > card numbers. It recognizes credit card numbers with almost perfect > accuracy, because credit card numbers are specifically designed to match > a simple, self-identifying pattern, including a check digit. Our > program is even smart about punctuation and simple editing functions, so > that nearly any credit card number that you type into your computer is > immediately recognized as such by this program. So what? Any first-year comp sci student could do the same. > First Virtual's intent is to educate the public, certainly not to > endanger it. For that reason, our program incorporates four important > precautions intended to prevent any possibility of harm: First Virtual's apparant "intent" is to scare the public and panic people into believing that they, and only they, have some sort of "magic bullet" that will save us all from Evil Computer Geniuses. Just another scam to try and make money off of unsuspecting people by trying to scare them to death. Just another version of the "Good Times Virus". > It is frankly difficult to overstate the severity of the problem > demonstrated by our program. A clever criminal could use viral It is frankly difficult to overstate the idiocy of this post. > First Virtual believes that the flaw we have uncovered is fatal. In the > foreseeable future, all commerce schemes based on software encryption of > credit cards on the desktop are completely vulnerable to this sort of > attack. And the sky is falling, too... > The basic problem is that software encryption of credit cards is > predicated on the notion of "trusted software". On the consumer > computing platforms, however, general purpose operating system > functionality makes it unwise to assume too strong a level of trust in > such software. No operating system with anything less than > military-grade security (B2) is likely to be safe from an attack such as > this one. Nonsense. This also implies that Windows, MS-DOS, NT, etc., are all some sort of "insecure platform" and they are presumably infected from the start. I suppose that when Bill Gates picks himself up off the floor from laughing, he just might send his lawyers after you. Maybe. > This does not mean that Internet commerce is dead. Any scheme that is > not based on self-identifying one-way financial instruments such as > credit cards will be essentially unaffected by this problem. Moreover, > even credit cards may be made safe on the Internet using one of two > approaches: secure hardware add-ons and the First Virtual approach. Gee, why did I know this was coming? > There's simply no other way to keep credit cards safe on the net. The > program we have demonstrated completely undermines the security of all > known programs that claim to handle credit card numbers safely on the > Internet. With a Windows program? I guess it runs on every known platform, under every known OS. My, that *is* one hell of a program... I guess I'd better stop using my linux box .. it could've been infected with the "FV Windows Virus" ... hehehe -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 214/993-3935 voicemail/digital pager 800/558-3408 SkyPager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi "Past the wounds of childhood, past the fallen dreams and the broken families, through the hurt and the loss and the agony only the night ever hears, is a waiting soul. Patient, permanent, abundant, it opens its infinite heart and asks only one thing of you ... 'Remember who it is you really are.'" -- "Losing Your Mind", Karen Alexander and Rick Boyes From abostick at netcom.com Thu Feb 1 10:10:48 1996 From: abostick at netcom.com (Alan Bostick) Date: Fri, 2 Feb 1996 02:10:48 +0800 Subject: NOISE Re: Page one, NY Times, 29 January 1996 In-Reply-To: <199601292207.RAA25259@nsa.tempo.att.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199601292207.RAA25259 at nsa.tempo.att.com>, Matt Blaze wrote: > One of those microscopic bottom-of-page-one ads from John Young: > "BOYCOTT ESPIONAGE-ENABLED SOFTWARE", with phone number and email > address to contact for more information. What? No cutesy six-character code (BOY_cot) for the respondent's subject line? ;-) > > I'd be curious as to what the response has been like. Me, too. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick at netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMRA8r+VevBgtmhnpAQHz3AL+NjA48B5ivbhWYwSCW34PnZR/e/GU9J4O FdqHpktvBW9Gok0J48IRfRNDi2UKgo8JbGv7bkNsFxa/xocpbD8KVneXKMpk5leM VjeqO2plAys9L6qoAzM7D4TfHr7Ade5O =UuUU -----END PGP SIGNATURE----- From tcmay at got.net Thu Feb 1 10:11:47 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 2 Feb 1996 02:11:47 +0800 Subject: Unscribe Message-ID: At 1:34 AM 2/2/96, Ewout Meij wrote: >unscribe cypherpunks at toad.com ^^^^^^^^ > >unscribe emeij at pi.net ^^^^^^^^ > >There is a theory which states that if ever anyone discovers exactly >what the Universe is for and why it is here, it will instantly >disappear and be replaced by something even more bizarre and >inexplicable. There is a theory which states that the correct way to unsubscribe from mailing lists is defined by the mailing list charter and principles, and that sending misspelled "unscribe" messages to the wrong place, and including "unscribe" messages intended for other lists, is bizarre and inexplicable. --TCM P.S. to Ewout: Send a message to "majordomo at toad.com" with a body message consisting only of "unsubscribe cypherpunks". Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jk at digit.ee Thu Feb 1 10:14:51 1996 From: jk at digit.ee (Jyri Kaljundi) Date: Fri, 2 Feb 1996 02:14:51 +0800 Subject: new release of apache-ssl In-Reply-To: <199601310936.BAA27103@infinity.c2.org> Message-ID: On Wed, 31 Jan 1996, sameer wrote: > Apache-SSL 0.4.4 will soon be on the ftp site, and commercial > licensees may request upgrades from apachessl at c2.org. If someone put's this up on some European ftp site, please tell us. Right now only version 0.4.2 is available on utopia.hacktic.nl and ftp.funet.fi. Juri Kaljundi, DigiMarket jk at digit.ee From dlv at bwalk.dm.com Thu Feb 1 10:16:15 1996 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Fri, 2 Feb 1996 02:16:15 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit In-Reply-To: <9601300015.AA15891@sulphur.osf.org> Message-ID: Rich Salz writes: > >There are many ways to spread it besides a virus. Zillions of 'em. And > > There are zillions (what, more than one thousand?) ways to get someone > to run a random piece of software that will capture their keystrokes? > > I don't believe you. Name six. I think I'll go on a tangent: Many, many, many years ago, when I was a little kid, I wrote several "cool" games that I uploaded to various BBS's. The games kept track of high scores and saved them in a file. At that time there were a few popular BBS programs for PC DOS (Fido, PC Board, RBBS, et al) which stored their passwords in fairly standard locations. When the games saved the high scores, they also looked in these standard locations. Invariably, when I downloaded the same games a few days later, I would discover that the BBS's sysops played the game, and made the archive with their high scores available for downloading. ObCrypto: the high scores were encrypted together with the shell passwords. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From bplib at wat.hookup.net Thu Feb 1 10:19:42 1996 From: bplib at wat.hookup.net (Tim Philp) Date: Fri, 2 Feb 1996 02:19:42 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit In-Reply-To: <9601300015.AA15891@sulphur.osf.org> Message-ID: On Mon, 29 Jan 1996, Rich Salz wrote: > >There are many ways to spread it besides a virus. Zillions of 'em. And > > There are zillions (what, more than one thousand?) ways to get someone > to run a random piece of software that will capture their keystrokes? Not wishing to get in the middle of this controversy, I have been wondering about the possibility of using a JAVA applet to do keyboard sniffing. As I am not familiar with this language, does anyone know if this would be possible? Regards, Tim Philp From schneier at winternet.com Thu Feb 1 10:19:52 1996 From: schneier at winternet.com (Bruce Schneier) Date: Fri, 2 Feb 1996 02:19:52 +0800 Subject: RC2 code on sci.crypt Message-ID: <199601300312.VAA06064@parka> For those not paying attention, there is RC2 code on sci.crypt. RSADSI is acting as if it is real, and will publish some legal posturing about it real soon now. Bruce ************************************************************************** * Bruce Schneier APPLIED CRYPTOGRAPHY, 2nd EDITION is * Counterpane Systems available. For info on a 15% * schneier at counterpane.com discount offer, send me e-mail. ************************************************************************** From Andrew_Barrett at checkfree.com Thu Feb 1 10:20:00 1996 From: Andrew_Barrett at checkfree.com (Andrew Barrett/CheckFree Corporation) Date: Fri, 2 Feb 1996 02:20:00 +0800 Subject: Japanese Firm Announces E-cash Implementation Message-ID: <9602012054.AA3141@6thstreetcheckfree.com> Multimedia Business Analyst via Individual Inc. : NTT has developed a secure electronic cash system for smart cards and Internet-based transactions, reports Reuter. Using very secure encryption algorithms, the system allows users to transfer cash from their bank accounts to smart cards after verification by the issuing bank. NTT researcher Mikio Suzuki said the Japanese telecom operator plans to begin trials of the system with a number of major city banks in the near future. These are expected to include Fuji Bank and Sakura Bank. From markm at voicenet.com Thu Feb 1 10:20:21 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 2 Feb 1996 02:20:21 +0800 Subject: digital signatures and "meaning" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Digital signatures can have many different uses and meanings. The most popular application of digital signatures is proof of authorship. A person signs something when he claims that he wrote it and if the signature is invalid, the message must have been altered. However, digital signatures are used for many other applications. Typical applications include timestamping, digital cash, and validating a document or statement. The problem with these applications is that there must be some way to distinguish and timestamp signature from a proof of authorship. There are several different ways to do this: - Make all digital signatures prove proof of authorship. Someone would include the text of the document he wants to sign and put a message saying at the end such as: "This document existed on such and such date" or, in the case of digital cash, "This coin was blinded and signed by the bank using standard protocols." - Append some kind of electronic tag to the message that represents a certain kind of authorization. This is identical to the previous method except it relies more on protocols. - Specify the type of signing that is to be done with a key. This could be included in the text of the user-ID field of the public key in a PGP-like program. It could also be done by extending a key generation and management protocol to include a tag on the key itself specifying what this key is to be used for. There are advantages and disadvantages to each of these. The first has the advantage that it requires no protocol modification but relies on "legaleese." The second method does require that protocols be slightly modified, but these modifications could be made by just pre-processing and post-processing the message with another program. However, this is more limited than the first method because it essentially uses "canned" messages. The final method relies on either no modification to the crypto program used or a non-trivial modification. Personally, I tend to think that anything that uses a standardized protocol is a Good Thing. This is why I think that the second and third methods listed above would work better than the first. Comments? - --Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 PGP: Because sometimes, a _Captain Midnight_ decoder ring simply isn't enough. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMQ1agLZc+sv5siulAQFKtwP/Xs7gOm1vP2FeDJDjahymYbMum3JrFqh0 VKXrkjmlh42ygX9y2sLfivN7DMsAGIF86NRaW67x0LD2uPuBl00KyvC18bqEPfiF kMbvOZv96xL4fBssheRR7F4YH/oaASxCagxuAkIqBxi9uEzAppNloxMYHy87w0kY h+48n+YH3D0= =QTZp -----END PGP SIGNATURE----- From nsb at nsb.fv.com Thu Feb 1 10:20:30 1996 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 2 Feb 1996 02:20:30 +0800 Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards In-Reply-To: Message-ID: Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. zinc at zifi.genetics.utah. (1368*) > so what? fv has a keyboard sniffer... It's considerably more than that. Please read on. > for what it's worth, this sort of program could easily be used to get > info more important than credit card numbers. passphrases and > passwords of all kinds could be obtained leading to broken accts or > worthless cryptography. Yes, but I think you've missed the main point, probably because we haven't made it clear enough. What's unique about credit card numbers is that they're very small amounts of data, self-identifying, and of direct financial value as a one-way financial instrument (i.e. with no confirmation process). The attack we've outlined -- and partially demonstrated -- is based on the combination of several known flaws: -- It's easy to put malicious software on consumer machines -- It's easy to monitor keystrokes -- It's trivial to detect credit card numbers in larger data streams -- It's easy to disseminate small amounts of information tracelessly We don't claim to have "discovered" any of these flaws. However, when you combine these known flaws, you have something new: a plan for stealing MILLIONS of credit card numbers without a trace. That's the new threat, and we think it's very real. The other kinds of information you mention are certainly all vulnerable to keyboard-sniffer attacks. But the unique aspects of credit card numbers make them particularly vulnerable to large scale automated theft by this kind of attack. I don't know of any other kind of sensitive information that is as easily recognized and as worthwhile to steal. Do you? > additionally, this hardly has anything to do with netscape. this is not > a 'bug' in netscape. You're right, and I feel very bad about the fact that the article in the Merc made it sound like this was specifically targeting Netscape. While it's true that we submitted this to Netscape's "bugs bounty" program -- which is probably what created the Netscape angle in the story -- we really weren't targeting Netscape at all. We consider this flaw to be a very serious "design bug" in the whole software-encryption-of-credit-cards approach to Internet commerce. Netscape is just one of several companies that have gone down this path, but we think it's a very dangerous path, and one that Netscape, as a vendor of web browsers and servers, can do quite well without. it's a malicious program. No, ours is a demonstration program, not a malicious program. Our program never installs itself automatically, always puts up an icon when it's running, never does anything bad when it intecepts your credit card number, and is easy to un-install. However, it demonstrates a technique that could be used by a malicious program to do some very nasty things. > the only way to prevent > malicious programs from causing you problems is to know what your > computer is doing; what it's loading when you boot and what data it sends through your phone lines when you're online. This is fine for you & me. But Internet commerce has to work for the hundreds of millions of non-technical consumers who are swarming onto the Internet. If someone emails them a program that purports to show them pretty pictures (dirty movies?) for free, how many of them will stop to try to make sure that this program isn't going to do something malicious in the process? The bottom line is that the consumer platform is never going to be a very safe place, so commerce mechanisms shouldn't assume that it is. We may not like that fact, but it's true nonetheless. -- Nathaniel From m5 at dev.tivoli.com Thu Feb 1 10:40:34 1996 From: m5 at dev.tivoli.com (Mike McNally) Date: Fri, 2 Feb 1996 02:40:34 +0800 Subject: Tivoli In-Reply-To: <199602011802.NAA24147@pipe3.nyc.pipeline.com> Message-ID: <9602011810.AA18227@alpha> John Young writes: > Is it fair to assume that it's your Tivoli that's in the NYT > and WSJ today, bought by IBM? Yes, it is. It was a big surprise (like, absolutely nobody knew what was going on except for two or three VP's, and the CEO) (and I guess the board, of course, but they mostly don't hang out around here anyway). Lots of ex-IBMers sorta freaked a little, but I think everybody's happy. > If so, congrats on never again having to sell your body for > everlasting fame and glory. Uhh, well, I might have to sell myself a little... But thanks very much. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * I want more, I want more, m5 at tivoli.com * m101 at io.com * I want more, I want more ... *_______________________________ From rsalz at osf.org Thu Feb 1 11:05:37 1996 From: rsalz at osf.org (Rich Salz) Date: Fri, 2 Feb 1996 03:05:37 +0800 Subject: Lotus Notes Message-ID: <9601310353.AA19147@sulphur.osf.org> Thanks for the explanation -- in all my discussion with RSA and explanation to our lawyers I was thinking strictly API. Your quote of the RSAREF license says they won't refuse anythign reasonable, and one would be hard-pressed to say that changing keysize for something already not exportable isn't reasonable. I'll have to read our license when I get to work tomorrow. /r$ From jim at SmallWorks.COM Thu Feb 1 11:18:45 1996 From: jim at SmallWorks.COM (Jim Thompson) Date: Fri, 2 Feb 1996 03:18:45 +0800 Subject: Tivoli In-Reply-To: <199602011802.NAA24147@pipe3.nyc.pipeline.com> Message-ID: <9602011244.ZM1060@butthead.smallworks.com> Its the same Tivoli, (my spouse works there as well). Jim From ses at tipper.oit.unc.edu Thu Feb 1 11:27:26 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 2 Feb 1996 03:27:26 +0800 Subject: The Boys From Brazil - thoughts on cloning Nazi servers Message-ID: I've tried to stay out of this thread, as it is mostly off topic, but I do have one suggestion to people setting up clones of the zundel site. There's a fine line between defending someones freedom of speech, and actively promoting that speech. The reason these mirrors have been set up is to counter the restriction on access to the original site that has been put in place by Deutche Telecom; however, in addition to defeating this restriction, this approach also makes the material more widely available than it was previously, which could be seen as crossing the line between defence of free speech, and active promotion. One approach that would stop this line being crossed would be to configure the clone servers to only allow access to sites in Germany affected by the original restriction. This compromise defends freedom of speech, but does not give the site any wider promulgation than it would have had had no government restrictions been emplaced. Simon From vingun at rgalex.com Thu Feb 1 11:35:41 1996 From: vingun at rgalex.com (Vincent S. Gunville) Date: Fri, 2 Feb 1996 03:35:41 +0800 Subject: GTE and Cylink ATM Crypto In-Reply-To: <199602010340.EAA16216@utopia.hacktic.nl> Message-ID: <31110DCA.2218@rgalex.com> Anonymous wrote: > > GTE & Cylink Team On Encryption For ATM > > Washington, D.C., 31 January 1996 -- During a press > conference last night at Comnet, GTE and Cylink unveiled > InfoGuard 100, a jointly developed offering billed as the > first encryption system able to work with ATM > (asynchronous transfer mode). > > InfoGuard 100 is meant to provide the security needed to > induce business and government to use ATM public > networks, said Michael M. Guzelian, GTE's marketing > director for broadband systems, speaking at the press > conference. > > GTE is the number one provider of encryption to the > federal government, while Cylink holds a 70 percent share > of the commercial encryption market, according to Kamy > Kavianian, senior product marketing manager at Cylink for > SecureWAN. > > GTE and Cylink will also jointly market the new ATM > encryption system. "The deal (for InfoGuard 100) is > mutually exclusive, but we don't know anyone else who can > do it," noted Jeff Callo, Cylink's director of business > development. > > InfoGuard consists of two main components, according to > the officials. An ATM adapter from GTE provides ATM > interfaces and cell processing and control functions. > > Cylink's CIDEC-VHS contributes "high-speed data > encryption and decryption," in addition to physical > security and "full automated key functions." > > Kavianian told the journalists that InfoGuard 100 is > based on DES encryption. Users of InfoGuard will foil > "key exhaustion," a method used for breaking encryption > codes, if they "change their codes frequently," Guzelian > added. > > Essentially, CIDEC-VHS has turned out to be "the first > encryption method fast enough to keep up with ATM," > Guzelian maintained. > > The agreement between Cylink and GTE represents "an > excellent example of coopetition," Callo said. > > -- -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= |Vincent S. Gunville |Robbins-Gioia |209 Madison St Email vingun at rgalex.com |Alexandria, Va 22309 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From usura at utopia.hacktic.nl Thu Feb 1 11:38:46 1996 From: usura at utopia.hacktic.nl (Alex de Joode) Date: Fri, 2 Feb 1996 03:38:46 +0800 Subject: Unscribe Message-ID: <199602011859.TAA15481@utopia.hacktic.nl> TCM sez: : At 1:34 AM 2/2/96, Ewout Meij wrote: : >unscribe cypherpunks at toad.com : ^^^^^^^^ : > : >unscribe emeij at pi.net : ^^^^^^^^ : > : >There is a theory which states that if ever anyone discovers exactly : >what the Universe is for and why it is here, it will instantly : >disappear and be replaced by something even more bizarre and : >inexplicable. : There is a theory which states that the correct way to unsubscribe from : mailing lists is defined by the mailing list charter and principles, and : that sending misspelled "unscribe" messages to the wrong place, and : including "unscribe" messages intended for other lists, is bizarre and : inexplicable. : --TCM [pi.net] 'Planet Internet' is the dutch equivalent of AOL. -AJ- From ravage at ssz.com Thu Feb 1 11:53:49 1996 From: ravage at ssz.com (Jim Choate) Date: Fri, 2 Feb 1996 03:53:49 +0800 Subject: The Boys From Brazil - thoughts on cloning Nazi servers (fwd) Message-ID: <199602011937.NAA00214@einstein.ssz.com> Forwarded message: > Date: Thu, 1 Feb 1996 10:49:19 -0800 (PST) > From: Simon Spero > Subject: The Boys From Brazil - thoughts on cloning Nazi servers > > There's a fine line between defending someones freedom of speech, and > actively promoting that speech. The reason these mirrors have been set up > is to counter the restriction on access to the original site that has > been put in place by Deutche Telecom; however, in addition to defeating > this restriction, this approach also makes the material more widely > available than it was previously, which could be seen as crossing the > line between defence of free speech, and active promotion. > I would counter and say that there is no distinction between free speech and promoting said speech. How does one say one party has the right to make a statement and a second party does not have the right to agree? The whole point of freedom of speech is to prevent limitations on distribution of information (aka speech, writting, source code, executables, video, audio tapes, etc.). Even use of these materials (ie running a virus) would not violate either the spirit or the letter of the law unless it harmed another person or somehow took advantage of their property (physical or intellectual) without their prior consent. Jim Choate CyberTects ravage at ssz.com From dm at amsterdam.lcs.mit.edu Thu Feb 1 12:11:59 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Fri, 2 Feb 1996 04:11:59 +0800 Subject: Domain registration Message-ID: <199602011939.OAA23286@amsterdam.lcs.mit.edu> Well, several people have told me it is possible to get response times of 8 hours on domain registration requests. The last MODIFY request I sent in was in mid January. They sent back an autoreply telling me they were still working on modify requests from the third week in december, and then didn't change my domain until last week. (The inaddr.arpa modify request was considerably faster, however.) Maybe they just don't like me, or maybe they have very very recently automated the process. At any rate, I stand corrected. David From jonathon at pobox.com Thu Feb 1 12:16:47 1996 From: jonathon at pobox.com (Jonathon Fletcher) Date: Fri, 2 Feb 1996 04:16:47 +0800 Subject: cypher-list noise levels Message-ID: <199601310201.VAA26901@pobox.com> Hi, Can someone on the PGPdomo cypher-list tell me how good the signal to noise ratio currently is, and how good the content is. I've not signed up, but I'm tempted to try and get away from the noise on here recently. -Jon -- Jonathon Fletcher From pmonta at qualcomm.com Thu Feb 1 12:18:03 1996 From: pmonta at qualcomm.com (Peter Monta) Date: Fri, 2 Feb 1996 04:18:03 +0800 Subject: Crypto-smart-card startup Inside Technologies Message-ID: <199601310830.AAA06778@mage.qualcomm.com> There's an article in the January 29 _EE Times_ about a French cryptographic-smart-card startup called Inside Technologies. Tidbits: ..."In public-key cryptography, 512-bit keys are typical and already vulnerable. So we are looking at 640-bit-long keys supported by a scalable design." ..."Users want their own, custom algorithms, which can be downloaded at the time of use". ..."The CLU [cryptographic logic unit] will operate at a higher clock frequency than the RISC---60 MHz, in our design---yielding 640-bit RSA decrypt in less than 50 ms". The article goes on to say that they plan to both manufacture smart cards, presumably for ecash and communications, and license the design at the macrocell level, possibly for use in embedded systems like mass storage. By my count, six European companies mentioned, zero American. Cheers, Peter Monta pmonta at qualcomm.com Qualcomm, Inc./Globalstar From dlv at bwalk.dm.com Thu Feb 1 12:20:36 1996 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Fri, 2 Feb 1996 04:20:36 +0800 Subject: Downsizing the NSA In-Reply-To: Message-ID: A semiparanoid thought struck me: Maybe the NSA doesn't these extra 20K people, they just don't want them to go out into the industry and build crypto for the outside world. So they continue to pay them salaries and have them do nothing useful. This would be kind of analogous to how when Russia no longer needed so many nuclear scientists, the U.S. helped create "make work" jobs for them, just so they wouldn't go to work for the likes of Iraq. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dm at amsterdam.lcs.mit.edu Thu Feb 1 12:29:37 1996 From: dm at amsterdam.lcs.mit.edu (David Mazieres) Date: Fri, 2 Feb 1996 04:29:37 +0800 Subject: CONTEST: Name That Program! In-Reply-To: Message-ID: <199601301030.FAA03072@amsterdam.lcs.mit.edu> In article Nathaniel Borenstein writes: > As you may have read in my previous message, First Virtual has developed > and demonstrated a program that completely undermines all known schemes > for using software-encrypted credit cards on the Internet. More details > are avialable at http://www.fv.com/ccdanger. You are a liar. Your program does not undermine all known schemes for transmitting software-encrypted credit cards on the internet. You have no way of obtaining my credit card number, because I will not run your software. Furthermore, because I use a Unix-like operating system (specifically OpenBSD) which I re-build from source code every week or so, you would need to hack my compiler to keep mis-compiling itself and compromise my kernel or netstat, ps, etc, for which you would need to be root. The first virtual protocol seems to have some real weeknesses. However, I do not feel like wading through all the pages of text to figure out what is going on. I challenge you to post a concise description of the protocol, using syntax such as: A -> B: {ID, xxx, ...}_Ks With short descriptions where necessary. If you do, I'm sure we can rip your protocol to shreds (which is why you won't). David From ses at tipper.oit.unc.edu Thu Feb 1 12:30:11 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 2 Feb 1996 04:30:11 +0800 Subject: The Boys From Brazil - thoughts on cloning Nazi servers (fwd) In-Reply-To: <199602011937.NAA00214@einstein.ssz.com> Message-ID: On Thu, 1 Feb 1996, Jim Choate wrote: > > I would counter and say that there is no distinction between free speech and > promoting said speech. How does one say one party has the right to make a > statement and a second party does not have the right to agree? The whole > point of freedom of speech is to prevent limitations on distribution of > information (aka speech, writting, source code, executables, video, audio > tapes, etc.). Even use of these materials (ie running a virus) would not I think you missed my point (run on sentences do that :). To give one of the standard illustrations; I've written a short story, and the evil mind-control freaks at Analog and IASFM refuse to publish it with the flimsy excuse of it being crap and written in crayon. You are not required to send me millions of dollars so I can publish it myself. Howevr, if I did raise the millions of dollars, and TPTB tried to stop me from publishing, there would be an obligation to fight that censorship by permitting me to publish. Freedom of speech means that it other peoples speech shouldn't be censored; however there is no obligation for anyone to fund or lend other support towards that speech. This situation is somewhat complicated in that in order to fight the censorship, the mirror sites must 're-publish' the material; however as a side effect they are also publishing the material in a prominent way to people whose access has not been censored. From ravage at ssz.com Thu Feb 1 12:36:03 1996 From: ravage at ssz.com (Jim Choate) Date: Fri, 2 Feb 1996 04:36:03 +0800 Subject: Freedom of speech question... Message-ID: <199602012012.OAA00279@einstein.ssz.com> It is a commenly held belief that shouting 'fire' in a crowded theatre is a crime because of the potential for harm to persons and property. It is one of the most commen examples given for limiting freedom of speech even though the Constitution says "Congress shall make no law...". This view is proposed as a equaly valid rationale for limiting crypto, virus technology, drugs, etc. My question to the list is would it be a crime if you were alone in the theatre? If you developed a virus and didn't distribute it would that be a crime? If you give it to one person is it a crime? How about if you give it to millions? How many people must know a fact, posses source code or executable. In short, does freedom of speech rest on how many people are aware of your expression? My position is that if you answer in the affermative then you are basicaly stating there is no freedom of speech. It should be perfectly permissible to shout 'fire' in a theatre filled to the brim. If anyone takes you seriously and is harmed then you should be liable for the damage. Your right to shout 'fire' is not relevant. If you accept the premise then what you are buying into is preemptive justice, in short judging somebody guilty by what they might do, not what they have done. If this is permitted then we have a serious problem in that anyperson is therefore guilty of whatever crime is desired. From jimbell at pacifier.com Thu Feb 1 12:59:38 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 2 Feb 1996 04:59:38 +0800 Subject: Crypto-smart-card startup Inside Technologies Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 09:41 PM 1/31/96 -0800, Peter Monta wrote: >jim bell writes: > >> > [ Inside Technologies ] >> > ..."In public-key cryptography, 512-bit keys are typical and >> > already vulnerable. So we are looking at 640-bit-long keys >> > supported by a scalable design." >> >> This kind of thing disgusts me. We already know 512-bit keys are weak. As >> I recall, I was told that 512 bit keys could be cracked in 20,000 >> MIPS-years. If the ballpark formula holds that adding 10 bits doubles the >> security, that merely means that 640 bits is 2**(128/10) or 8000 times >> strong. While obviously better than 512, it is not ENOUGH better to make me >> confident that this is a long-term secure length. 768 or 1024 bits should >> be considered the minimum. A deliberate design of 640 bits makes it look >> like it's intended to be crackable in 5-10 years, much as DES was suspected >> of a similar design decision in limiting its keylength to 56 bits. > >But the "scalable design" presumably means the hardware can deal >with a variety of modulus lengths. As you say, they would be >short-sighted to make a fixed choice. I hope you're right about this. But there's something to keep in mind. Let's suppose that in 10 years 640 bits are "easily" cracked. Anybody with the storage (money) to keep all these messages will have the power to sort through everything you said in 1996, '10 years later.' Who has the money to even store these messages, as well as the inclination? You guessed it, the government. I realize that it is arguable that this would be possible, no matter what keylength is chosen. True, someday 1024-bit keys might be easily cracked, but that will probably be 30-50 years from now, not 10. In other words, "stretching" the technology today on the "encrypt" side makes storing these messages far less attractive, meaning that the government will have less motivation to do it, and will not be able to make the effort pay off for a few more decades. I would like to see laws: 1. Prohibiting the government from storing encrypted messages it can't currently decrypt for over, say, a couple of years. 1a. Prohibiting any USE by the government of such messages obtained and stored by other entities, including individuals and private corporations, without the express permission of the sender AND receiver of the message. 2. Prohibiting the government from even ATTEMPTING to decrypt a domestically-obtained encrypted message, without a warrant which is simultaneously given to the source of the message: In other words, alerting him to the government's interest. This is just a start. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMREY2/qHVDBboB2dAQGZdgP+MjIK02fU6iysN77g1aWb1gx9bzDrZoh4 ePWmd9RRD3gnzYOSIng5dRCxEpT+0Cqe4cFQEqbD6GhHlfNOKwkTU/LAfhvOdKpo QJ9t93Af3aCaLtFmtXyj1Ce20GNqkp7qqP5DLKjYSEH/bR64aTA0pfZ70aes/8C1 w1AYLdvglXA= =p+3A -----END PGP SIGNATURE----- From ses at tipper.oit.unc.edu Thu Feb 1 13:02:06 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 2 Feb 1996 05:02:06 +0800 Subject: Crypto-smart-card startup Inside Technologies In-Reply-To: Message-ID: One other little point about 640 bit rsa; there's no way I'd ever buy an RSA accellerator tuned for 640, for one very simple reason. Most of the important keys I want an acellerator for are 1024 bits or longer - C/As, SETT banks, etc. I want to be able to clear 20 PKOPs per second without impacting the main CPUS; if I need to buy a busful of these babies they'd better be damn cheap and be available with duplicate keys... Simon From m1tca00 at FRB.GOV Thu Feb 1 13:03:43 1996 From: m1tca00 at FRB.GOV (Thomas C. Allard) Date: Fri, 2 Feb 1996 05:03:43 +0800 Subject: American Banker article on First Virtual Message-ID: <9602012019.AA23304@bksmp2.FRB.GOV> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From llurch at networking.stanford.edu Thu Feb 1 13:43:39 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 2 Feb 1996 05:43:39 +0800 Subject: Comision del EC contra el racismo en la red (Re: CRAX Mix Rax) In-Reply-To: <199602010519.GAA19612@utopia.hacktic.nl> Message-ID: Dude, while these subject lines are very quaint, given the level of traffic, I would really appreciate more descriptive subject headings. You may use any official UN language that can be written in 8-bit characters. On Thu, 1 Feb 1996, Anonymous wrote: > European Commission Moves To Stamp Out Racism On Internet > > Burssels, 31 Jan 1996 -- The European Commission (EC) has > formed a pan-European group to "encourage the mixing of > people of different cultures" from both inside and > outside Europe. I knew Euro-Disneyland was going to catch on some time. > According to EC officials, the first task of the > Consultative Commission on Racism and Xenophobia (CRAX), Geez, so that wasn't a joke. > as it is called, will be to investigate and, using legal > means, stamp out the current wave of racism on the > Internet. OK, then maybe it is a joke. > In a prepared statement, CRAX said that it hopes that the > EC "will take all needed measures to prevent the Internet > from becoming a vehicle for the incitement of racist > hatred." Prevent? How about "Band-Aid?" Recall that in many cases, Band-Aids actually promote infection by providing a dark, humid place for growth. > As reported previously, the "Thule Network" first came > to the public's attention when the January, 1994, issue > of Chip magazine (a popular computer monthly in Germany) > claimed to have unearthed eight Thule BBSs. > > According to Chip magazine at the time, "The (Thule) > network distributes information on demonstrations and > invitations to meetings, addresses for contacting parties > and groups, and it reviews and offers books and > magazines. One of the mail-boxes contained instructions > for producing military explosives and letter bombs. A > great deal of space is taken up by 'political > discussions' among the users." Um, OK. So force these people above ground, and they will need to restrict their activities to political discussions. > Thule is Norse or Viking terminology for "top of the > world." The Thule Network's name actually derives from > the small, elitist 1920s movement which was considered to > be the Nazi vanguard. Read: a bunch of stupid thugs who don't want to be seen in daylight. > Thule movement leaders included > Rudolf Hess. Some BBSs on the Thule network have names > such as "Wolf Box" and "Resistance," while many Internet > messages are signed by people calling themselves "The > Wolf," among other names. What's the matter? Their mothers didn't like them or something? Just try holding a debate with a person with a handle like that. The audience would just crack up. -rich From master at internexus.net Thu Feb 1 13:43:43 1996 From: master at internexus.net (Laszlo Vecsey) Date: Fri, 2 Feb 1996 05:43:43 +0800 Subject: DSN Message-ID: Anyone heard of DSN? I think thats the right order of the initials... ... its supposedly the only crypto-hardware solution for protecting an entire network on the Internet. You put one of these $5,000 units at one end of a lan, and another one somewhere else on the Internet, and the company gaurantees secure, encrypted transmissions. The TCP/IP headers and data are mangled, encrypted, etc. It uses 512bit keys and I was just wondering how the authentication is done. Does anyone have any specs on these units? Supposedly it does not require a 3rd party entity to verify that the two units are both valid, when determining the initial public/key pairs. Perhaps there is hardcoded data in the units that is used to verify this? The company supposedly has some proprierty method ... how can we be sure this expensive unit can do its job if information on the encryption has not been released. Is there any freeware software solution that has been put through more of a torture test, and proven to work? It seems to be the best approach would be to put such a program on a server that is acting as the gateway/firewall on each network. (define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(> a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if (null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((= 0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n)))) "SGI and Linux both run Motif and X11. They both compile c++ cleanly (using gnu g++). They're the same!" From emeij at pi.net Thu Feb 1 14:39:32 1996 From: emeij at pi.net (Ewout Meij) Date: Fri, 2 Feb 1996 06:39:32 +0800 Subject: Unscribe Message-ID: unscribe cypherpunks at toad.com unscribe emeij at pi.net There is a theory which states that if ever anyone discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another which states that this has already happened on 02/01/96 From baldwin at RSA.COM Thu Feb 1 15:01:28 1996 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Fri, 2 Feb 1996 07:01:28 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <9601018232.AA823213189@snail.rsa.com> WARNING NOTICE It has recently come to the attention of RSA Data Security, Inc. that certain of its confidential and proprietary source code has been misappropriated and disclosed. Despite such unauthorized use and disclosure, RSA Data Security reserves all intellectual property rights in such source code under applicable law, including without limitation trade secret and copyright protection. In particular, RSA Data Security's RC2 (TM) symmetric block cipher source code has been illegally misappropriated and published. Please be advised that these acts, as well as any retransmission or use of this source code, is a violation of trade secret, copyright and various other state and federal laws. Any person or entity that acquires, discloses or uses this information without authorization or license to do so from RSA Data Security, Inc. is in violation of such laws and subject to applicable criminal and civil penalties, which may include monetary and punitive damages, payment of RSA's attorneys fees and other equitable relief. RSA Data Security considers misappropriation of its intellectual property to be most serious. Not only is this act a violation of law, but its publication is yet another abuse of the Internet. RSA has begun an investigation and will proceed with appropriate action against anyone found to have violated its intellectual property rights. Anyone having information about the misappropriation identified above is encouraged to contact RSA directly. From mpd at netcom.com Thu Feb 1 15:13:56 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 2 Feb 1996 07:13:56 +0800 Subject: The Boys From Brazil - cloning Nazi servers Message-ID: <199602012239.OAA04660@netcom2.netcom.com> ses at tipper.oit.unc.edu (Simon Spero) writes: > There's a fine line between defending someones freedom of > speech, and actively promoting that speech. The reason these > mirrors have been set up is to counter the restriction on > access to the original site that has been put in place by > Deutche Telecom; however, in addition to defeating this > restriction, this approach also makes the material more > widely available than it was previously, which could be seen > as crossing the line between defence of free speech, and > active promotion. I think you have to look at the balance between two things. First, there is the effect of making the material more widely available and publicized than it was prior to the attempted censorship. This effect is definitely real. Indeed, prior to a few days ago, I wouldn't have known a Zundelsite from a hole in the ground. Second, however, is the unprecedented opportunity for people running mirrors to guarantee that large numbers of the public will encounter said material for the first time enveloped within their chosen "context wrapper." Now it is well known that the crafty art of propaganda rarely consists of deliberate falsehoods, like "yellow rain" or "spy dust". It mostly consists of making sure one is in complete control of the circumstances in which potentially damaging information is disclosed. The opportunity to present Mr. Zundel's views brightly gift-wrapped in paper bearing the legend - "Here are the offensive views of a hate-mongering Nazi whose victims are supporting his right to be heard" - is worth more than a thousand press releases denouncing Mr. Zundel by the anti-defamation brigade. I would expect that it is this second effect which predominates, and therefore the proliferation of mirror sites is in fact a victory for Mr. Zundel's detractors, and not a promotion of Mr. Zundel's views. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From syshtg at gsusgi2.Gsu.EDU Thu Feb 1 15:20:30 1996 From: syshtg at gsusgi2.Gsu.EDU (Tom Gillman) Date: Fri, 2 Feb 1996 07:20:30 +0800 Subject: The Boys From Brazil - thoughts on cloning Nazi servers (fwd) In-Reply-To: Message-ID: <199602012236.RAA17176@gsusgi2.Gsu.EDU> Simon Spero wrote: > Freedom of speech means that it other peoples speech shouldn't be > censored; however there is no obligation for anyone to fund or lend other > support towards that speech. This situation is somewhat complicated in > that in order to fight the censorship, the mirror sites must > 're-publish' the material; however as a side effect they are also > publishing the material in a prominent way to people whose access has > not been censored. > Is voluntarily offering support funding or lending? I never thought so. I'm also unsure that web pages can be considered publishing in this partic- ular sense. Certainly files put up on anonymous ftp cannot be considered to be publishing. I would also dispute your use of the term 'prominent'. How does making them available make them any more prominent than they were to begin with? Censorship doesn't work. It doesn't stop people from believing in a point of view. In fact, it only strengthens that point by making them martyrs. The only combat to offensive thoughts or speech is more speech. When you show their viewpoints to be a fallacy, they will slink away. Censorship is a dull, poisoned, double-edged blade. It doesn't cut cleanly, and the wound that it creates festers and makes the entire body sick. It's also a blade that cuts both ways. If you're not careful, you might get cut yourself. Oh, and BTW, before anybody asks: Yes, I am the sysadmin at the site where Joe Bunkley (We call him Racist Boy) has his web site. I personally despise his views, and might cheerfully cause him pain, given the opportunity. But I won't...because he has just as much right to believe the way he does as any of the rest of us do. Of course, the decision ultimately rests in the hands of those who have far more power than I do. Tom -- Tom Gillman, Unix/AIX Systems Weenie |"Personally, I have always found the Wells Computer Center-Ga. State Univ. |First Amendment to be a little irksome (404) 651-4503 syshtg at gsusgi2.gsu.edu |and a nuisance" Patrick A. Townson, I'm not allowed to have an opinion. |moderator, comp.dcom.telecom key to UNIX: echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc From tedwards at Glue.umd.edu Thu Feb 1 16:08:33 1996 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Fri, 2 Feb 1996 08:08:33 +0800 Subject: Prediction about new credit card number scheme Message-ID: >By JOHN MARKOFF AN FRANCISCO -- >Hoping to remove a major impediment to credit card transactions over the >Internet, a business group led by Mastercard International and Visa >International plans to announce an industry-standard technology Thursday >for protecting the security of electronic payments. My prediction about the new CC standard: it will be a mistake if they don't pass on the details to cypherpunks. BTW - are any micropayment schemes reving up to commerciality yet??? -Thomas From llurch at networking.stanford.edu Thu Feb 1 16:08:35 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 2 Feb 1996 08:08:35 +0800 Subject: Copyright fight against unauthorized racist "Zundelsite" mirrors (was Re: INTERNET FREE SPEECH WEB SITE !) (fwd) Message-ID: FYA. ---------- Forwarded message ---------- Date: Thu, 1 Feb 1996 15:09:07 -0800 (PST) From: Rich Graves To: "E. Zundel" Cc: "Declan B. McCullagh" , Blake D Mills IV , fight-censorship+ at andrew.cmu.edu, sameer at c2.org, lmccarth at cs.umass.edu, llurch at networking.stanford.edu, webmaster at nizkor.almanac.bc.ca, webmaster at wiesenthal.com Newgroups: alt.censorship, comp.org.eff.talk, alt.revisionism, misc.int-property, misc.legal Subject: Copyright fight against unauthorized racist "Zundelsite" mirrors (was Re: INTERNET FREE SPEECH WEB SITE !) -----BEGIN PGP SIGNED MESSAGE----- Declan: Please take down the "build your own Zundelsite" files immediately, because it appears that they are being used improperly. Surely you do not want to violate Mr. Zundel's copyright. Ingrid/Zundel: I am pleased to hear that you do not agree with Mr. Bunkley's use of your materials. You should pursue legal action against Mr. Bunkley for copyright infringement. I think an injunction and a seizure of assets might be in order. I'm serious. Think about it. Please let us know which of the mirror sites linked by Declan are authorized. I know mine and Declan's were, and I assume that you approve of the partial IHR mirror. Because so many unblocked mirror sites currently exist, I have restricted access to my mirror to stanford.edu and a few other places. A limited number of closely controlled mirrors is certainly in your interest, because then it wold be much easier for you to update them. For example, your lack of control leads to the perception that well after Nizkor responded to your call for open debate, you have still not acknowledged their response. You look like a bunch of liars claiming that Nizkor won't answer you. Surely this is not what you want. - -rich On Thu, 1 Feb 1996, E. Zundel wrote: > Rich, > > all I can say is: Oh, my God! > > I know Rich Bunkley, but only be name and only from a few days ago. He > wrote us a very nice letter and wanted some additional information. We > promised it to him, but I don't know if it has even been sent. > > All I can add is that a few days ago Ernst put an editorial online that > explained where he stood with this kind of stuff. It is on our English > News page. I don't have time to do anything more except to send you the > HTML form, but you will see that we do not condone what Joe Bunkley is > doing. > > Here is the editorial: > > January 25, 1996 >

> >

Hate on the Internet

>

(Ernst Zundel)

>
> > The last few weeks have seen a number of new "skin head" and other fringe > group web pages appear on the Internet. I have at first watched with > dismay and now with horror how crude, vicious and disgusting cartoons > appear on some of these web pages, and how others openly promote an uncouth > and barbaric form of verbal and symbolic violence. >

> At first I thought that the electronic "counter measures" agencies of our > opponents had put up these sites to deliberately give Revisionists, > racialists and National Socialists a bad name. The timing seemed to > coincide with the Simon Wiesenthal Center's censorship efforts, as > elaborated on in the Front Page New York Times article January 10. The > censors claim they want to ban "pornography" and "hate groups" from the Net > - and what easier way to do that than to point to vulgar, smutty, uncouth > web sites? >

> Censors are appealing to Internet providers and servers to adopt a > "responsible citizens of the community" standard and to keep smut and hate > from the curious eyes of the impressionable young net surfers. We all know > that the United States Congress is currently working on just such > legislation, (H.R. 1555 / S. 652), as is the Canadian government and > undoubtedly other governments around the world. Germany's ban of > Compuserve is a perfect example. This is a very dangerous development for > all freedom-loving people. >

> I have felt uncomfortable in publicly defending the free speech rights of > Internet pornographers in the CompuServe controversy of late December and > early January, for I abhor pornography. Nevertheless, others abhor my > Revisionist viewpoint and I would be loath to let them censor me. Now I am > even more uncomfortable with the "Hate pages" of so-called "Right Wingers" > or "Skin Head" groups on the Internet and their foul language and vicious > cartoons of certain racial minorities. >

> Let me state unequivocally: I condemn and abhor this kind of material - in > print and on the Net. As a German person, whose ethnic group has been > negatively stereotyped since 1914 in thousands of vicious cartoons > depicting my people as Neanderthal brutes goose-stepping over other > people's rights while shouting "Heil Kaiser!" or "Heil Fuhrer!" I am > particularly sensitive to this issue. I have collected stacks and stacks > of these anti-German cartoons, and I dislike intensely how they distort my > ethnic group, particularly the World War II generation that spilled its > blood to stop the Marxist New World Order that is now strangling freedom > the world over with censorship measures like "Hate Laws." >

> Therefore, I appeal to all the web page owners or web masters, particularly > those who supposedly espouse Aryan ideals or views, as well as to those who > participate in various "alt.revisionism"-type news groups, to clean up > their acts, to behave like true Aryans who have a long and proud tradition > of being builders of civilization and inheritors of a great culture - and > to stop this anarchistic, selfish and childish Hollywood-induced behavior. > Look at yourselves and at your work! Every time you write or talk, your > mind if not your soul goes on parade. Nietzsche once wrote: ". . . There > is filth at the bottom of their souls; and it is worse if this filth still > has something of the spirit in it. . . !" >

> Haters who produce hate cartoons, hate literature, hate lines and hate web > sites are what our enemies have defined us to be. Up to now it was > self-serving enemy propaganda. Why hand them the "proof" with those > disgusting images? Why legitimize their past propaganda slogans and give > them their very own weapons on a silver platter or computer screen? You > are playing right into the censors' hands. Grow up! It's time to grow up, > wake up, and act responsibly! >

> Yes, to be an Aryan is a responsibility and also a privilege. It imposes > certain codes of behavior and ethics as well as morals on all those who > claim to be "Champions of White Rights" or Aryan causes. The struggle for > survival is on. This is no time or place for a handful of imbalanced > people, lacking self-control and self-esteem, to lay claim to "leadership" > roles because they can scrape the money together for a web site. > > Some of you bemoan the lack of public support by our own people - > financially and politically. Why are you surprised when decent white > people want nothing to do with you after they see what you do, and what you > say and write? I am disgusted that I have to spell out what ought to be > perfectly obvious to normal, decent poeple. >

> The struggle to protect the majority rights or White rights in the United > States and Canada - and, for that matter, in many other so-called > "democratic" countries - is not fought in order to have license to hate and > abuse people of other races but in order to love your own kind, to protect > them, to cherish them, and to assure their future in a world where white > people are already a minuscule minority and an endangered species. I am > shocked that people don't think before they act. I am shocked and > disgusted that grown men would not have more self-control and foresight. >

> Anybody wanting to link to the Zundelsite who has hateful material on their > site does not have my approval. That's final. This is my line I draw > today in the sand. >

> Ernst Zundel > > > > > > > > > > > >-----BEGIN PGP SIGNED MESSAGE----- > > > >In article <4ep2he$msc at sphinx.Gsu.EDU>, the well-known Neo-Nazi (in the > >strictest sense of the word) gs02jwb at panther.Gsu.EDU (Joe Bunkley) > >writes: > > > >>Hello Folks, > >> I have established a brand new page on my web site. It's called: > >> > >> "ERNST ZUNDEL AND THE WORLD WIDE FREE SPEECH CAMPAIGN" > >> located at: > >> http://www2.gsu.edu/~gs02jwb/zundel.ind > > > >I recognize and encourage your right to speak freely, and I will link to > >your page. However, the only thing "new" about this site is the addition > >of more obvious lies claiming that Mr. Zundel is being censored in any > >meaningful way. > > > >I *demand* that you add a link to my site, which as you know and as Mr. > >Ernst Zundel's own press release clearly states, was the first. I will > >continue to maintain Mr. Zundel's files in place and unmodified as long as > >you and Zundel continue to make spurious claims of censorship, you worm. > > > >Lies written in ink can never disguise facts written in blood. - Lu Xun > > > >>If you look closely, you'll find that the REAL net censors have something > >>in common. This very tight knit group will deny it and will call you a > >>"Hater" if you recognize this fundamental truth. Are we going to let > >>this small group of people run the Internet like they do the news and > >>entertainment media in North America and Europe. Let me tell you, they > >>are sure going to try! Only your vigilance for truth, justice, and > >>freedom of speech and expression will stop this cabbal. Shine the light > >>of truth and facts upon them. Like a fungus, their doctrines of hatred > >>and domination cannot thrive in an environment of truth. These sick > >>puppies need us to stand up to their Orwellian schemes. Only by > >>following a truly evil doctrine of hatred for several thousand years do > >>they maintain the audacity that they are CHOSEN to rule the world. > > > >Exactly. Let's put these white supremacist assholes like Joe Bunkley in > >their place. > > > >> You see folks, your idealism and principles of fair play simply > >>get in the way of their ultimate success. Expressing your ideas freely > >>on the Internet has infuriated them. How dare you disagree with they who > >>are CHOSEN only in their own sick minds! This whole Internet and World > >>Wide Web just ain't working out like they planned. You see, the Internet > >>is supposed to FACILITATE the creation of a ONE WORLD GOVERNMENT. The > >>inherent nature of Cyberspace has taken us in an opposite direction > >>entirely! It facilitates autonomy, freedom, and individual expression. > >>Heck, Cyberspace is actually lessening their clutches upon your world and > >>environment. > > > >This is what cypherpunks have known for years, you Nazi bastard. > > > >It has nothing to do with you, freak. > > > >In a truly free society, you will only be laughed at. > > > >Only our strict adherence to the most cherished tenets of freedom is what > >allows people like us to tolerate people like you. > > > >> The shocking truth is being learned: WE DON'T NEED THEM; BUT > >>THEY DESPERATELY NEED US. Yes, they are paracites. With our > >>magnanimity, they may one day get over their trans-millennial delusion of > >>ruling the world. We can help them get over their sickness - but only > >>when they RECOGNIZE and ADMIT they have one big bugger of a problem. > >>That is the hardest thing for a CHOSEN ONE to do. It contradicts all the > >>poison these sick puppies have been led to believe about themselves. > >>With courage and vigilance, we can lead them to the light once they admit > >>their sickness. > > > >Exactly. Joe Bunkley, please tell us The Fourteen Words. > > > >>14words+14words+14words+14words+14words+14words+14words+14words+14words+14 > >>14 14 > >>14 FOURTEEN WORDS ! | I am sincerely yours, 14 > >>14 "We must secure the existence of our | Joe Bunkley 14 > >>14 People, and a future for White children."| gs02jwb at panther.gsu.edu 14 > >>14 14 > >>14 The Coming Fall Of The American Empire 14 > >>14 http://www2.gsu.edu/~gs02jwb 14 > >>14 14 > >>14words+14words+14words+14words+14words+14words+14words+14words+14words+14 > > > >Oh. I see that you did. Goodie. > > > >- -rich > > > >-----BEGIN PGP SIGNATURE----- > >Version: 2.6.2 > > > >iQCVAwUBMREteo3DXUbM57SdAQFKQwP+KHHvwVDp5QYGeQKUsuAW80PAufN1+ybK > >iFglKGsu5khfhP+5shwo8vAwtiH9tKEOxHob/pA6e9RU/Ktn0OW+zBQFflS9y1ee > >vPHELAN/DxihU7Wv4gAYsZW9fjC0KJbvzx8XYu7MA1po7pudMzue0bUpmoV0y/VB > >tzDmW59FLRs= > >=iYAQ > >-----END PGP SIGNATURE----- > > ***** Revisionism is the great intellectual adventure at the end of the > Twentieth Century. > > ***** Revisionismus ist das grosse intellektuelle Abenteuer am Ende des > Zwanzigsten Jahrhunderts. > > http://www.webcom.com/ezundel/english -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMRFG1I3DXUbM57SdAQHrAwP/UTeg5XvpVrRQ8QYaaMCbOxG7TqP7KjLo A1Q0AmBPHWkBIUDXHyRPQGMrBXDIGrZ4Brj0pv4e1aTR5qxTkLoNEajcX9Z6yhSe nmRL6tF669369mDX/s6WvcNzBtGIQL4B5eg3UEP0Y2FWuUWjTiBOXLX2hCpRX++X R4Mf300rIGA= =BA6j -----END PGP SIGNATURE----- From hua at chromatic.com Thu Feb 1 16:51:54 1996 From: hua at chromatic.com (Ernest Hua) Date: Fri, 2 Feb 1996 08:51:54 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI In-Reply-To: Message-ID: <199602020011.QAA24870@chromatic.com> > > WARNING NOTICE > > > > It has recently come to the attention of RSA Data > > Security, Inc. that certain of its confidential and > > proprietary source code has been misappropriated and > > disclosed. Despite such unauthorized use and disclosure, > > RSA Data Security reserves all intellectual property rights > > in such source code under applicable law, including without > > limitation trade secret and copyright protection. In > > Well, now we know it really was RC2. > > Is there a law-knowing type out there who can tell us what's going on > legally? As I understand things, RSA is just bullshitting here. When > something has 'trade secret' status, the only people with legal obligations > toward it are those with contractual obligations to RSA--you can only > enforce 'trade secrets' through contractual obligations, non-disclosure and > confidentiality agreements, etc. Once something has been disclosed, as I > understand it, people without contractual obligations in regards to it are > free to do whatever they want to it--trade secret status of RC2 has nothing > to do with me, who has no contractual obligations to RSA regarding RC2. > (Unless the license agreement for RSAref could be stretched to apply > somehow, but I don't think so). Uh ... wait ... better check on the stupid Scientology cases because they did win some small battles regarding what they considered trade secrets. Did they win that on copyright basis or trade secret basis? There must be some case history here. Ern From 72124.3234 at compuserve.com Thu Feb 1 16:59:28 1996 From: 72124.3234 at compuserve.com (Kent Briggs) Date: Fri, 2 Feb 1996 08:59:28 +0800 Subject: Beta Testers Wanted Message-ID: <960201205224_72124.3234_EHJ92-1@CompuServe.COM> I'm looking for volunteers interested in testing the latest beta version of Puffer 2.0. Puffer is my shareware data file & e-mail encryption utility for Windows and has been significantly improved since version 1.0. It is now a full-fledged public key encryption program utilizing Diffie-Hellman technology. The exportable shareware version will support 512-bit public keys and 40-bit PC1 (RC4 clone) encryption. The U.S./Canada registered version will also support 1024-bit public keys and 160-bit Blowfish encryption. All versions support digital signatures, multi-pass data wiping (files, slack, & unused space), LZ77 compression, a built-in editor, and Windows clipboard encryption. I am currently negotiating a patent license for the D-H algorithm with Cylink and an export license with the State Dept. Testers must be residents of the U.S. or Canada. I am looking for cryptography novices through experts using a wide range of PC hardware running Win 3.1, Win 95, or OS/2. I also have detailed text files describing the security protocols and file formats used. I would like experts to take a look at these to make sure I didn't do something stupid. Those that can help will get a free copy of the final registered version. The software will be a 417 K zip file available via http. I will e-mail the protocol and file format specifications to anyone interested. Please respond by private e-mail. Thanks. Kent Briggs 72124.3234 at compuserve.com From rsalz at osf.org Thu Feb 1 17:09:47 1996 From: rsalz at osf.org (Rich Salz) Date: Fri, 2 Feb 1996 09:09:47 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <9602020046.AA23769@sulphur.osf.org> Once lost, trade secret can never be regained. The person(s) responsible can be sued so they never work again :), but it's unclear if RSA can stop anyone using unpublished trade-secret source. At any rate, I'll stop my comparison of the distributed RC2 and the licensed RC2 since RSA's done it for us. :) /r$ From llurch at networking.stanford.edu Thu Feb 1 17:11:42 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 2 Feb 1996 09:11:42 +0800 Subject: CONFIRMED: German Universities' ISP lifts webcom.com filter Message-ID: >From Declan's fight-censorship list. My mirror has now been disabled, because it is completely unnecessary. If you have no idea what this is about, see: http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/ -rich ---------- Forwarded message ---------- Date: Fri, 2 Feb 1996 00:35:22 +0100 (MET) Some minutes ago: | sobolev:~ % traceroute www.webcom.com | traceroute to s1000e.webcom.com (206.2.192.66), 30 hops max, 40 byte packets | 1 gatekeeper.rhein.de (193.175.27.1) 241.515 ms 224.741 ms * | 2 wan-gw.su.golden-net.rhein.de (193.175.27.6) 221.028 ms 194.252 ms 199.246 ms | 3 su-gw.cs.bn.golden-net.rhein.de (193.175.27.250) 358.375 ms 534.402 ms 359.005 ms | 4 131.220.6.2 (131.220.6.2) 258.929 ms 277.339 ms 249.133 ms | 5 131.220.241.3 (131.220.241.3) 301.754 ms 328.01 ms 429.14 ms | 6 131.220.1.199 (131.220.1.199) 369.062 ms 397.582 ms 399.12 ms | 7 Duesseldorf4.WiN-IP.DFN.DE (188.1.133.69) 408.983 ms 516.393 ms 599.211 ms | 8 ipgate2.win-ip.dfn.de (193.174.74.200) 608.828 ms 454.999 ms 399.153 ms | 9 pppl-frg.es.net (192.188.33.9) 559.177 ms * 599.775 ms | 10 umd2-pppl2.es.net (134.55.12.162) 618.292 ms 597.956 ms 629.111 ms | 11 mae-east.psi.net (192.41.177.245) 408.889 ms 328.154 ms 399.18 ms | 12 38.1.2.16 (38.1.2.16) 449.041 ms 718.307 ms 599.023 ms | 13 * 38.146.147.2 (38.146.147.2) 930.251 ms * | 14 SJT1E0.webcom.com (206.2.192.34) 989.108 ms 488.372 ms 629.073 ms | 15 * 206.2.192.65 (206.2.192.65) 750.307 ms 608.356 ms | 16 s1000e.webcom.com (206.2.192.66) 808.935 ms 888.363 ms 769.091 ms From pope at auditnet.tamu.edu Thu Feb 1 17:15:37 1996 From: pope at auditnet.tamu.edu (Jon L. Pope) Date: Fri, 2 Feb 1996 09:15:37 +0800 Subject: unscribe Message-ID: <170F31D140CE@AUDITNET.TAMU.EDU> unscribe cypherpunks at toad.com TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU Jon L. Pope, CISA, CIA Supervisory Internal Auditor Texas A&M University Mail Stop #1280 e-mail: pope at auditnet.tamu.edu College Station, Tx, 77843-1280 Phone: (409)845-1323 Fax: (409)845-6437) TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU From baldwin at RSA.COM Thu Feb 1 17:55:25 1996 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Fri, 2 Feb 1996 09:55:25 +0800 Subject: Thanks for not flaming the messenger Message-ID: <9601018232.AA823224197@snail.rsa.com> Well, I've read a whole bunch of replies to the legal warning I posted for my employer. I want to thank everyone for being thoughtful enough for not flaming me personally. My apologies to people who received multiple copies. The goal was to ensure that anyone searching for the original article would get the warning with it, and that any CD-ROM containing sci.crypt would also contain the warning. Sorry for the inconvenience. --Bob From bal at martigny.ai.mit.edu Thu Feb 1 18:30:40 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Fri, 2 Feb 1996 10:30:40 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI In-Reply-To: Message-ID: <9602020205.AA14789@toad.com> Date: Thu, 1 Feb 1996 18:26:15 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Sender: owner-cypherpunks at toad.com Precedence: bulk Now, copyright might be another matter. But you can't copyright an algorithm, only specific text in fixed form (ie, the source code). So this would mean you couldn't use the particular code posted to sci.crypt, but wouldn't stop anyone from using the algorithm, if they wrote their own code (to be safe, without having seen the RSA-copyrighted code, only having the algorithm described to them by someone else). If the source code posted to sci.crypt was in fact a copy of an RSADSI copyrighted soure code listing, then making copies of that listing is a copyright violation. However, copyright protection does not extend to the underlying algorithm, so unless RSADSI has a patent on the algorithm the idea is free, and can be reimplemented using a "clean room" or "Chinese wall" approach. If the posted source code was *not* a copy of RSADSI source code but instead produced by disassembling object code RSADSI's claims are tenuous at best. RSADSI could conceivably claim that the disassembled code is a derivative product of their copyrighted object code, but I think they would have a hard time distinguishing themselves from the facts in _Sega v. Accolade_. I fail to see how the legality of "alleged-RC2" is any different than that of the "alleged-RC4" code which was published last year. --bal From mixmaster at vishnu.alias.net Thu Feb 1 18:39:17 1996 From: mixmaster at vishnu.alias.net (Mr. Boffo) Date: Fri, 2 Feb 1996 10:39:17 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <199602020200.UAA22646@vishnu.alias.net> > WARNING NOTICE > > It has recently come to the attention of RSA Data > Security, Inc. that certain of its confidential and > proprietary source code has been misappropriated and > disclosed. Despite such unauthorized use and disclosure, > RSA Data Security reserves all intellectual property rights > in such source code under applicable law, including without > limitation trade secret and copyright protection. In Ya know... This is getting old! It seems like RSA Data Security can't control their own site. It only seems like yesterday (actually about 2 years ago) that another one of their "RC" algorithms was published to the Usenet thru anonymous remailers. Can't they secure their own site against break-ins? If they want to be the prima-donna site for encryption with all of the "copy-written" crypto, you would think that they could protect their own resources better. Lazarus Long From adam at rosa.com Thu Feb 1 18:45:31 1996 From: adam at rosa.com (Adam philipp) Date: Fri, 2 Feb 1996 10:45:31 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <02221509300197@compuvar.com> At 08:00 PM 2/1/96 -0600, you wrote: >> WARNING NOTICE > > It has recently come to the attention of RSA Data >> Security, Inc. that certain of its confidential and >> proprietary source code has been misappropriated and ^^^^^^^^^^^^^^^ >> disclosed. Despite such unauthorized use and disclosure, > Ya know... This is getting old! It seems like RSA Data >Security can't control their own site. It only seems like yesterday >(actually about 2 years ago) that another one of their "RC" algorithms >was published to the Usenet thru anonymous remailers. Can't they >secure their own site against break-ins? I hope that his code was not stolen, if it was actually stolen and then released and we knew that for sure, then trade secret rights would probably still apply. However the code was posted anonymously we do NOT know for certain that it was MISAPPROPRIATED. As such it may have been reverse engineered in manner that does not violate trade secrets and hence it can be used. The burden is with RSA to prove that any one person KNEW it was misappropriated. That is why we are seeing all these messages flying around on the web, RSA attorneys are trying to shut the barn door after the horses have left... a rushed, Adam, Esq. --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ |PGP key available on my home page|Unauthorized interception violates | | http://XXXXXXXXXXXXXXXXX/adam |federal law (18 USC Section 2700 et| |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted | |SUB ROSA... |communications are preferred for | | (see home page for definition) |sensitive materials. | \-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/ From llurch at networking.stanford.edu Thu Feb 1 18:45:45 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 2 Feb 1996 10:45:45 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" In-Reply-To: Message-ID: On Thu, 1 Feb 1996, Declan B. McCullagh wrote: > Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about > D.. by Just Rich at c2.org > > I disagree. It is clear to me that there is absolutely no cloud hanging > > over us. If any German court tried to press charges against me for > > posting Zendel's materials, they'd be laughed across the Argonne. Most > > mainstream Jewish groups *love* me right now. > > > > I find it curious, and I am beginning to get a little annoyed, that my > > name is rarely mentioned, though I set up the first mirror, and Declan got > > the files from me. > > So you're getting pissy that you're not The Only Zundel Mirror. Big > fucking deal. Get over it. The more the better. > > I find it telling that you wrote me mail demanding that I alter my web > pages to your satisfaction or you'll smear me in the press, since your > web site (you informed me) is going to be featured in the next issue of > TIME, Internet World, and the San Francisco Chronicle. > > Hey, guy, kudos to you. Glad to hear it. Smear the fuck away. This does not accurately represent what I said, and it certainly does not represent what I have done. You are still identified as "My friend Declan," and I recommend that people visit your site. I actually would have appreciated it if you had crowed, or at least shared, your media contacts. For example, I only just now found out about Steve Pizzo's poorly researched article in Web Review, where he presents as my views deliberate lies that I told Zundel in order to get his cooperation and trust. > > I am very annoyed that Declan has not responded to repeated requests to > > remove the cleartext "Stanford University" from the parts of his Web site > > that mention me. Of course the stanford.edu, or at least net 36.190, will > > remain in the URL, but there is no reason that the link text could not say > > "Rich Graves' mirror." First Declan sent me mail saying he would respect > > my wishes, but he didn't. > > Let's get the facts right and ignore Rich's distortions. I wrote: > > "I'll honor your wishes and take your full name off." > > I did *not* write that I'd take Stanford's name off the pages. I did > take your full name off, as I said I would. This does not accurately reflect your mail. At this time, you have not removed my full name, either. > > Then a friend of mine reminded Declan of my > > request, and Declan responded with abuse. > > Your friend, Haggai Kupermintz, sent me unsolicited email demanding to > know why I didn't act on a request that was sent earlier that day. I You will find that Haggai had been Cc'd on several messages back and forth on fight-censorship, and he was Bcc'd on my original request (at the header of my message to you was a notice that it was being Bcc'd to other people at Stanford). While I don't appreciate his mommying me, I hardly consider his mail unsolicited or unwarranted, since you have still failed to honor my request. > have better things to do than leap on every demand I get, so I flamed > him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If > you don't want to be "abused," don't send me demands in unsolicited > email. (I'm glad for the sake of other "abusers" at Stanford that your > school's speech code was struck down by a California court last year.) The "speech code" was never applied to anyone, and was widely regarded to be unenforceable. I opposed it. It was a joke, yes. What were we talking about again? > > Declan wants me to believe that this disclaimer is enough: > > > > "Please note that the > > existence of a web site at any particular institution does not > > in any way imply endorsement. Universities and businesses > > do not take responsibility for what their community members > > or customers place online." > > > > This is clearly untrue when the person in question is a staff member, as I > > am. Were I still a student, then I could more legitimately say that I'm a > > student at Stanford, and that I have the academic freedom to post whatever > > I want; but as someone who now merely works for a living at Stanford, I do > > whatever I want by the (very) good graces of my (very good) employer. > > I don't follow. In what way is that disclaimer untrue? You *do* > represent Stanford? The concept of academic freedom doesn't apply to > staff members? If that's true, you do have a point. Then you, kadie, and I agree. I have a point. Why do you persist in identifying, in two places, a Stanford University Mirror Site? > > One mirror site was enough. The German providers would not have blocked > > stanford.edu had it remained the only mirror site. The President of > > Stanford, Gerhard Casper, is a recognized constitutional scholar from > > Germany. The Stanford Provost, Condoleezza Rice, was one of the two or > > three people most responsible for the Bush Administration's policy > > towards German Unification. Dozens of Stanford students have studied in > > Berlin. > > One mirror site may have had a limited effect, but more mirror sites > have a more significant effect. I strongly disagree. Which has more symbolic power for good, a single man standing in front of a tank in Tiananmen Square, or nuking Hiroshima and Nagasaki? It is not ethical to abuse this power we have. Especially because neither of us are students at the universities whose machines we are abusing. > The press likes a local angle, and local mirrors are giving them just > that. I put a reporter from the Boston Globe in touch with the UMass > mirror operator, and a reporter from the Philadelphia Inquirer in touch > with the University of Pennyslvania mirror operator. I'd love to see > mirrors in every major city for greater coverage in every major paper. > > If you don't understand that concept, you don't understand the way the > media works. I do understand the way the media works. They live on "press releases" from "recognized authorities." Most > So Rich, answer me this: "What articulable and demonstrable harm have > additional mirror sites done, besides hurt your ego?" Since my mirror site has been limited to .edu and selected other domains for a full day, this is an odd question. The demonstrable harm, as you now agree, is that the Ottawa Times, http://intranet.on.ca/ott_time.html, the Stormfront-L neo-nazi list, and so on are full of lies about how universities sympathetic to Zundel's fight against Zionist oppression and the Holocaust Lie have jumped to his defense. > > This is ludicrous. I expect better from you. > > I'm a big fan of Tim's, and I think that while he may have been jesting, > his comments have a serious undertone. > > I don't really expect to be locked up for the rest of my life in a > German cellblock, but harassment at entry/exit points is possible. > Perhaps probable, given that other "distributors" of Neo-Nazi spew have > experienced just that. No distributors. Only point sources. And as has been pointed out, they often get off with a slap on the wrist. You have been duped by Zundel's false claims of persecution. I bet you even bought the "Dr. Axl Clocstein" story for a while. > > Declan, if you don't fix up your page the way I want it by morning (please > > not that you have three more hours of morning than I do), I will post a > > modified (spell-checked) version of this note on my Web page, to > > alt.censorship, and to your "fight-censorship" mailing list. > > Please send me in private email (or post it here if you really want) > exactly what you want me to change. 1. As I've been saying for the last day and a half, please remove all occurrences of the strings "Stanford" and "Graves." I hardly think that requesting not to be so identified is egotistical. 2. While you're at it, it would be good to remove the following as well, which does not accurately reflect the facts. In early January, Zundel contacted the Simon Wiesenthal Center and asked permission to reproduce some of their materials. He wanted to disprove some of their views as he had tried to rebut those of the Nizkor Project. (The Nizkor folks earlier had requested bidirectional linking. Zundel agreed to their request, heralding the experiment as "The Great Internet Holocaust Debate.") Nizkor's response to this is rather prominent on their Web site. 3. Please fix this: January 29, 1996: This site goes online, with the help of files supplied by Rich (rich at c2.org), supplemented with more recent documents taken directly from the Zundelsite. Rich's site at Stanford University goes online. (Note that Rich and I mirrored the Zundelsite at our own initiative, not by request.) To bolster Zundel's coyright claim against the National Alliance, please clarify that "we" specifically requested the materials from Zundel, and that his handler Marc uploaded them all to "one of our machines" (since we could not have run a WebWacker on the highly overloaded webcom.com). Also remove the string "Stanford." In any case, the files are no longer available at Stanford. 4. February 1, 1996: Web Review Magazine reports on the mirror sites. I have sent mail to Steve Pizzo and requested that he call me to correct some false statements attributed to me. 5. February 1, 1996, afternoon: UMass censors mirror. Simon Wiesenthal Center sends letters of protest to participating mirror universities. Sameer announces University of California at Berkeley mirror. Every one of these is false. a. The operator of the UMass mirror objects to your characterization of what happened as "censorship," and to your posting his private mail. b. Where is your confirmation of Simon Wiesenthal's action? c. Sameer has not announced a UC Berkeley mirror. He specifically asked that it not be listed because like most of us, he is beginning to have ethical qualms. 6. On index.html you have: There is an apparent campaign of email and web bombing being launched againt Zundel's site on Webcom, making it near-impossible to reach. Do you have a source for this besides me? Well, I retract the rumor. In fact it seems that the problem is that Zundel foolishly put a bunch of huge RealAudio files on his page that are overloading the server. > Rich, by now I suspect you've seen this joke, but what the hell: > > Q: What's a left-wing firing squad? > > A: Everyone stands in a circle and shoots at each other I guess this is supposed to be something clever about how the vanguard is supposed to discard their personal interests for the common good. I am a member of no vanguard. -rich From jimbell at pacifier.com Thu Feb 1 19:10:39 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 2 Feb 1996 11:10:39 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 02:02 AM 2/1/96 -0800, Just Rich wrote: >On Thu, 1 Feb 1996, Timothy C. May wrote: > >> At 7:27 AM 2/1/96, sameer wrote: >> >> I guess Declan M. won't be visting France or any of the other EU >> >> countries any time soon! >> > >> > That reminds me of a question-- >> > >> > If, for example, Germany decides that my company is in >> >violation of their laws for mirroring the Zundelsite, will they send >> >us a letter saying that, so we know not to go to Germany? >> >> The Nebraska-based neo-Nazi publisher who was picked up in Denmark and >> extradited to Germany pretty much knew his actions were illegal in Germany, >> but I doubt (sheer speculation on my part) he had ever been formally >> notified that an arrest warrant had been issued by Germany and could be >> exercised in Denmark. >> >> The situation with Declan, Sameer, Duncan, and others, is even less clear. > >I disagree. It is clear to me that there is absolutely no cloud hanging >over us. If any German court tried to press charges against me for >posting Zendel's materials, they'd be laughed across the Argonne. Most >mainstream Jewish groups *love* me right now. Actually, I think your argument self-destructs. Tim May is right. If you take solace in the fact that "most mainstream Jewish groups *love* [you] right now," then that strongly implies that this fact (assuming, for the purposes of the argument, that your claim is true: you are loved) indicates that Jewish groups have some sort of strong input into who Germany prosecutes. This implies a political friend/foe system, which is EXACTLY the kind of indeterminacy that Tim May (and many other people) are worried about. Consider the position of a "new" person who isn't on the "mainstream Jewish groups radar" (either positive or negative) the way you claim to be. The implications of your statement is that HE would have to WORRY. YOU would be SAFE! Doesn't this bother you a bit? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMRFzmvqHVDBboB2dAQHK3gQAobCDzSMWbGCwN9Iu8rN2Q3v1c/oxm4kh HaskQ1B2PyXVlzBwIZz8uNHWxeHLXr21mPYNTY77ScmfRp6cYF9DS+SqjvAmHI7f xxMn04bHLS5zNovvxt39fASrc5kgta+30pjDmjkjJY3ZImQw1lt68ajuRx02rDf7 Jt09GFypRS4= =hw5S -----END PGP SIGNATURE----- From sinclai at ecf.toronto.edu Thu Feb 1 19:22:01 1996 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 2 Feb 1996 11:22:01 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI In-Reply-To: Message-ID: <96Feb1.215126edt.10310@cannon.ecf.toronto.edu> > I hope that his code was not stolen, if it was actually stolen and then > released and we knew that for sure, then trade secret rights would probably > still apply. However the code was posted anonymously we do NOT know for > certain that it was MISAPPROPRIATED. As such it may have been reverse > engineered in manner that does not violate trade secrets and hence it can be > used. The burden is with RSA to prove that any one person KNEW it was > misappropriated. That is why we are seeing all these messages flying around > on the web, RSA attorneys are trying to shut the barn door after the horses > have left... The author claims that the code was disassembled. S/he credits "CodeView" which is Microsoft's debugging/disassembly tool. Of course, this could just be a cunning ruse... From EALLENSMITH at ocelot.Rutgers.EDU Thu Feb 1 19:22:02 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Fri, 2 Feb 1996 11:22:02 +0800 Subject: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles" Message-ID: <01I0PPI0LL00A0UNHV@mbcl.rutgers.edu> While it fortunately seems that the German government is getting some sense, I've had one idea for future such anti-censorship efforts. It's that, despite Alta Vista and other spiders, sometimes things on the web don't get spotted by search engines very soon. Having information out there doesn't do much good if people who haven't been following newsgroups, etcetera don't know about it. Rich and Declan may have thought of this already, but I haven't seen it on cypherpunks. There is a web page for multiple search-engine submissions at http://www.submit-it.com/. I don't know how well it works, since I haven't used it (yet). But it might be something to try. -Allen From jsw at netscape.com Thu Feb 1 19:26:57 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Fri, 2 Feb 1996 11:26:57 +0800 Subject: Visa & MC Std In-Reply-To: Message-ID: <31117ABA.611B@netscape.com> Clay Olbon II wrote: > > At 8:25 AM 2/1/96, pj ponder wrote (much elided): > > >AN FRANCISCO -- Hoping to remove a major impediment to credit card > >transactions over the Internet, a business group led by Mastercard > >International > >and Visa International plans to announce an industry-standard technology > >Thursday for protecting the security of electronic payments. > ... > > > >The software standard, called Secure Electronic Transactions, or SET, > >will permit a user to send a credit card account numbers to a merchant > >in a scrambled > >form. > > > >The scrambled number is supposed to be unintelligible to electronic > >eavesdroppers and thieves -- and even to the merchants receiving the > >payment. > > > >But a special code is supposed to enable the merchant to check > >electronically and automatically with the bank that issued the credit > >card to make sure that it is a > >valid card number and that the customer is the authorized user of the > >card. The number-scrambling part of the system is based on a well-known > >and widely used > >national software standard known as the Data Encryption Standard. > > ---------------- First a disclaimer. I have not studied the drafts of the protocol, or been directly involved with its development. I do know a few things and I will try to answer to the best of my abilities. > A few psueudorandom points regarding this post: > > First, it seems silly to implement a separate standard that only > works for the credit card number. What about the privacy of the rest of > the info (what I am ordering, how much, etc.). > > Can (or will) this be layered with Netscape's SSL? I don't know if the spec will specify SSL as the required transport, but I think that our products will use it. > How is this to be implemented? It sounds like the merchants will > just pass the encrypted number to the credit card company. If this is the > case, key management could become an issue. I suppose this could easily be > implemented using public key crypto, but only DES was mentioned. If only > DES is used and everyone uses the same DES key, that would be a valuable > key to break! RSA will be used in addition to DES (or perhaps something stronger). > How about a MITM attack. Get the encrypted credit card #, and > change the purchase amount, delivery info, etc if that is not encrypted. There is stuff in the protocol to prevent MITM and replay attacks. I'm not familiar with the details, but I know that they have been thinking about these problems for a long time. > If there is anyone on the list with more info on this, I would love to hear > it (heopfully we will hear something from Netscape, since they are quoted > in the article). From what I know so far, it seems like a poor compromise. It is hard to get even the flavor of the protocol in a press release that has been dumbed down for the general population. I believe that the spec will be released for a public review period before it is finalized, so you should have a chance to review it and get your comments in. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From ses at tipper.oit.unc.edu Thu Feb 1 19:31:55 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 2 Feb 1996 11:31:55 +0800 Subject: Prediction about new credit card number scheme In-Reply-To: Message-ID: On Thu, 1 Feb 1996, Thomas Grant Edwards wrote: > > >By JOHN MARKOFF AN FRANCISCO -- > >Hoping to remove a major impediment to credit card transactions over the > >Internet, a business group led by Mastercard International and Visa > >International plans to announce an industry-standard technology Thursday > >for protecting the security of electronic payments. > > My prediction about the new CC standard: it will be a mistake if they > don't pass on the details to cypherpunks. > > BTW - are any micropayment schemes reving up to commerciality yet??? > > -Thomas > > > > > (defun modexpt (x y n) "computes (x^y) mod n" (cond ((= y 0) 1) ((= y 1) (mod x n)) ((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n)) (t (mod (* x (modexpt x (1- y) n)) n)))) From jsw at netscape.com Thu Feb 1 19:35:56 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Fri, 2 Feb 1996 11:35:56 +0800 Subject: Prediction about new credit card number scheme In-Reply-To: Message-ID: <31117E58.6F16@netscape.com> Thomas Grant Edwards wrote: > > >By JOHN MARKOFF AN FRANCISCO -- > >Hoping to remove a major impediment to credit card transactions over the > >Internet, a business group led by Mastercard International and Visa > >International plans to announce an industry-standard technology Thursday > >for protecting the security of electronic payments. > > My prediction about the new CC standard: it will be a mistake if they > don't pass on the details to cypherpunks. I believe that there will be a public review period. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From nsb at nsb.fv.com Thu Feb 1 20:45:36 1996 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 2 Feb 1996 12:45:36 +0800 Subject: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) In-Reply-To: Message-ID: Excerpts from mail.cypherpunks: 30-Jan-96 Re: Apology and clarification Jamie Zawinski at netscape. (4170*) > Nathaniel Borenstein wrote: > > > > What we at FV have done is to demonstrate how easy it is to develop an > > FULLY AUTOMATED attack that undermines the security of all > > software-based credit card commerce schemes. > You have done no such thing. You have written *one component* of that > attack, and the easiest part of it at that. > Combine it with a virus, or self-replicating worm, and demonstrate that > it is immune to all known virus checkers, and *then* you will have > spoken the truth when you say you have "demonstrated" anything. This is a particularly fascinating reaction, Jamie. As I see it, we have implemented every part of the attack that we can implement without doing anything that is either unethical or illegal. Is it your position that no systematic flaw in your security is real until someone has actually broken it? Actually, that position would in fact be quite consistent with your company's earlier implicit assertion that 40-bit encryption was sufficient (for international consumers) until somebody actually broke it, even though everyone who understood cryptography already knew otherwise. > You may think this is nitpicking, but the fact is, you're assuming that > the implicit cooperation of some vast number of users in running your > program is easy to obtain. I disagree with this assumption. If this > assumption were true, then viruses would be a much bigger problem than > the mere annoyance that they are today. Nearly everyone with a computer has either been infected with a virus or knows somebody who has. There has never been a serious financial incentive for virus writers in the past, so they haven't ever been, for example, bankrolled by organized crime. They've been written by sociopathic hobbyists in the past. Your commerce mechanism gives them an incentive to turn pro. The average sophistication of Internet users is dropping every day, as the net continues to explode, and the ease of spreading malicious software is going up accordingly. Having said all that, I do agree with you 100% that the hardest part of the devastating, automated attack that we have outlined is in fact the infection vector. You are absolutely right about that. What we have shown is that the HARDEST part of stealing an unbounded number of credit cards transmitted using your company's preferred commerce mechanism is, in fact, the deployment of a virus or Trojan Horse. Unfortunately, as most personal computer users have long since realized, that just isn't that uncommon or hard to do. > *Computers* provide a path to large-scale fraud. So does the printing > press. So does the telephone, and the postal system. So what. You > still haven't proven that it's easy. I suspect that the world's financial institutions will, by and large, be grateful that First Virtual doesn't share your belief that one has to wait for a criminal to break a system to be convinced that it is insecure. Show me an automated way to break the postal system in a large-scale way without getting caught, and then I'll be worried about it, too. > With as much work as you've put into this, someone could write a > Microsoft Word document which when opened, would start dumping the > contents of your hard disk into the mail. Ooh, good point. We could probably use MS Word macros as the infection vector for our program. I like that idea. I'll add it to our list of potential ways this program could spread itself. However, the entire contents of your hard disk aren't of direct economic value. They're also hard to digest, and they're big enough to be likely to be noticed in transit (e.g. they can easily fill up mail spools if you mail 'em out). I'd much rather sift through your hard disk looking for credit card numbers, and then spirit them quietly off your machine. But I'd also install a keystroke sniffer if I suspected the user might be using your preferred mechanism to send out his credit card number. > It's not a matter of possibility. It's a matter of probability, and > risk management. It's unlikely enough that I'm not afraid of using my > credit card on the net. Tell me my credit card number, and I'll change > my mind. Hey, you're a smart guy. That probably means your machine is relatively hard to infect. A criminal would skip you and instead target the millions of consumers who were more easily infected. I didn't describe a scheme that could target one individual's credit card. I described a scheme that could steal millions of them indiscriminately. > All a banker needs to know is the amount of risk associated with the > thing in which they are investing; they don't need to know how keyboard sniffers work. The "trust us, we're experts" approach to security is only as good as the experts you trust, as you've just amply demonstrated. For my part, I'm happy to let the bankers hire independent experts study the attack we've outlined and reach their own conclusions. -- Nathaniel -------- Nathaniel Borenstein Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq at nsb.fv.com From wlkngowl at unix.asb.com Thu Feb 1 21:23:59 1996 From: wlkngowl at unix.asb.com (Mutatis Mutantdis) Date: Fri, 2 Feb 1996 13:23:59 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <199602020507.AAA23639@UNiX.asb.com> On Thu, 1 Feb 1996 20:00:50 -0600, you wrote: > Ya know... This is getting old! It seems like RSA Data >Security can't control their own site. It only seems like yesterday That has nothing to do with it. What they (or anyone else) can't control is disassembling the code.... which is apparently where it comes from. >(actually about 2 years ago) that another one of their "RC" algorithms Actually, about a year and a half ago... From nelson at santafe.edu Thu Feb 1 21:51:52 1996 From: nelson at santafe.edu (Nelson Minar) Date: Fri, 2 Feb 1996 13:51:52 +0800 Subject: Noise and the Nature of Mailing Lists In-Reply-To: Message-ID: <9602010503.AA06841@sfi.santafe.edu> tcmay at got.net (Timothy C. May) writes: >And remember, it's a whole lot easier using filters and reading tools to >reduce the volume of messages on an active group than it is to get an >inactive group up to critical mass! Yes, definitely! I'm sending this note to remind people that they can also read Cypherpunks via NNTP, at nntp://nntp.hks.net/hks.lists.cypherpunks/ There are several programs that can read newsgroups on other NNTP servers. I use Emacs Gnus, which has an excellent set of filtering tools. Cypherpunks would be a lot harder to read without it. It'd be easier to read if everyone preserved the References: headers, btw. (thanks, hks.net!) From jsw at netscape.com Thu Feb 1 21:53:42 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Fri, 2 Feb 1996 13:53:42 +0800 Subject: FV, Netscape and security as a product In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu> Message-ID: <311043FF.186A@netscape.com> Greg Broiles wrote: > Netscape and FV have both taken a > "security is a product" stance, which is a gross misrepresentation. We are definitely moving away from the "security is a product" stance that you mention. It was definitely overdone in the early days of the product, but after the security bugs of the summer I and others were able to convince marketing that they should back off. I want it to be clear what our product can and can not do. For example, SSL can only protect data in transit between two machines. If either machine is compromised then the data can be stolen at that end. Our product does not attempt to secure the user's machine, and can not operate securely on an insecure machine. Expect to see warnings and disclaimers of this nature from us in the future. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From attila at primenet.com Thu Feb 1 22:09:54 1996 From: attila at primenet.com (attila) Date: Fri, 2 Feb 1996 14:09:54 +0800 Subject: Freedom of speech question... In-Reply-To: <199602012012.OAA00279@einstein.ssz.com> Message-ID: Jim's point is particularly valid in the U.S. --Congress (and the states) pass statues that preempt the actual commission of the crime, or as Jim phrased it: for what might result. The enabling clause is "conspiracy" which is best defined by: three men are getting stinking drunk in a bar across from a bank; one suggests they rob the bank, and they sit there drinking and planning. when they depart, one man passes out on the floor; the other two, of course, are arrested while in the act --but the police also arrested the sleeping drunk. Why? Title 18 US ---- ...any one who commits, or conspires to commit, the crime of (insert your favourite), shall be charged with a felony.... conspiring to commit a crime, executed or not, is the same under U.S. law as committing the crime. --welcome to America. In the civil courts of Europe, you either committed the crime, or you did not. conspiracy does not count in a civil law case. On Thu, 1 Feb 1996, Jim Choate wrote: > > It is a commenly held belief that shouting 'fire' in a crowded theatre is a > crime because of the potential for harm to persons and property. It is one > of the most commen examples given for limiting freedom of speech even though > the Constitution says "Congress shall make no law...". This view is proposed > as a equaly valid rationale for limiting crypto, virus technology, drugs, > etc. > > My question to the list is would it be a crime if you were alone in the > theatre? If you developed a virus and didn't distribute it would that be a > crime? If you give it to one person is it a crime? How about if you give it > to millions? How many people must know a fact, posses source code or > executable. In short, does freedom of speech rest on how many people are > aware of your expression? > > My position is that if you answer in the affermative then you are basicaly > stating there is no freedom of speech. It should be perfectly permissible > to shout 'fire' in a theatre filled to the brim. If anyone takes you > seriously and is harmed then you should be liable for the damage. Your right > to shout 'fire' is not relevant. If you accept the premise then what you are > buying into is preemptive justice, in short judging somebody guilty by what > they might do, not what they have done. If this is permitted then we have a > serious problem in that anyperson is therefore guilty of whatever crime is > desired. > > > > __________________________________________________________________________ go not unto usenet for advice, for the inhabitants thereof will say: yes, and no, and maybe, and I don't know, and fuck-off. _________________________________________________________________ attila__ To be a ruler of men, you need at least 12 inches.... There is no safety this side of the grave. Never was; never will be. From adam at rosa.com Thu Feb 1 22:14:14 1996 From: adam at rosa.com (Adam philipp) Date: Fri, 2 Feb 1996 14:14:14 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <05390275000371@compuvar.com> At 09:51 PM 2/1/96 -0500, you wrote: >The author claims that the code was disassembled. S/he credits "CodeView" >which is Microsoft's debugging/disassembly tool. Of course, this could >just be a cunning ruse... Although it has not been completely settled that disassembly is a legitimate form of reverse engineering, the trend has been to consider the two equivalent. So, whoever posted RC2 had at least a good idea of how to present it. I don't think it would be be a good idea for them to come out and sue RSA for libel for the accusation that it was misappropriated however. Adam, Esq. --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ |PGP key available on my home page|Unauthorized interception violates | | http://XXXXXXXXXXXXXXXXX/adam |federal law (18 USC Section 2700 et| |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted | |SUB ROSA... |communications are preferred for | | (see home page for definition) |sensitive materials. | \-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/ From attila at primenet.com Thu Feb 1 22:15:51 1996 From: attila at primenet.com (attila) Date: Fri, 2 Feb 1996 14:15:51 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" In-Reply-To: Message-ID: Rich: if you want to indulge in personal rants and vendettas, take it to personal mail. secondly, you are slamming someone without the decency or courtesy to even copy him. the whole Zundel thing is completely off the concept unless maybe a mention that Germany is trying to deny free speech rights to Zundel. The man is entitled to his fifteen minutes in the sunlight, no matter how despicable he may be. everybody publicizing Zundel only extends his fifteen minutes in thye sun. anyway, Rich, you are being childish. I have two daughters who are always at each other's throats for something, but even a 10 year old is not as petty as you're pouting. why in the world would you even want to claim Zundel's trash? check the mirror for the fool. [ BTW, if I were a sysadmin, I would not cut his service, but I sure as hell would not encourage it. ] let's all have a nice day! attila [ the peacemaker ] On Thu, 1 Feb 1996, Rich Graves wrote: > On Thu, 1 Feb 1996, Declan B. McCullagh wrote: > > > Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about > > D.. by Just Rich at c2.org > > > I disagree. It is clear to me that there is absolutely no cloud hanging > > > over us. If any German court tried to press charges against me for > > > posting Zendel's materials, they'd be laughed across the Argonne. Most > > > mainstream Jewish groups *love* me right now. > > > > > > I find it curious, and I am beginning to get a little annoyed, that my > > > name is rarely mentioned, though I set up the first mirror, and Declan got > > > the files from me. > > > > So you're getting pissy that you're not The Only Zundel Mirror. Big > > fucking deal. Get over it. The more the better. > > > > I find it telling that you wrote me mail demanding that I alter my web > > pages to your satisfaction or you'll smear me in the press, since your > > web site (you informed me) is going to be featured in the next issue of > > TIME, Internet World, and the San Francisco Chronicle. > > > > Hey, guy, kudos to you. Glad to hear it. Smear the fuck away. > > This does not accurately represent what I said, and it certainly does not > represent what I have done. You are still identified as "My friend > Declan," and I recommend that people visit your site. > > I actually would have appreciated it if you had crowed, or at least > shared, your media contacts. For example, I only just now found out about > Steve Pizzo's poorly researched article in Web Review, where he presents > as my views deliberate lies that I told Zundel in order to get his > cooperation and trust. > > > > I am very annoyed that Declan has not responded to repeated requests to > > > remove the cleartext "Stanford University" from the parts of his Web site > > > that mention me. Of course the stanford.edu, or at least net 36.190, will > > > remain in the URL, but there is no reason that the link text could not say > > > "Rich Graves' mirror." First Declan sent me mail saying he would respect > > > my wishes, but he didn't. > > > > Let's get the facts right and ignore Rich's distortions. I wrote: > > > > "I'll honor your wishes and take your full name off." > > > > I did *not* write that I'd take Stanford's name off the pages. I did > > take your full name off, as I said I would. > > This does not accurately reflect your mail. At this time, you have not > removed my full name, either. > > > > Then a friend of mine reminded Declan of my > > > request, and Declan responded with abuse. > > > > Your friend, Haggai Kupermintz, sent me unsolicited email demanding to > > know why I didn't act on a request that was sent earlier that day. I > > You will find that Haggai had been Cc'd on several messages back and forth > on fight-censorship, and he was Bcc'd on my original request (at the > header of my message to you was a notice that it was being Bcc'd to other > people at Stanford). While I don't appreciate his mommying me, I hardly > consider his mail unsolicited or unwarranted, since you have still failed > to honor my request. > > > have better things to do than leap on every demand I get, so I flamed > > him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If > > you don't want to be "abused," don't send me demands in unsolicited > > email. (I'm glad for the sake of other "abusers" at Stanford that your > > school's speech code was struck down by a California court last year.) > > The "speech code" was never applied to anyone, and was widely regarded to > be unenforceable. I opposed it. It was a joke, yes. > > What were we talking about again? > > > > Declan wants me to believe that this disclaimer is enough: > > > > > > "Please note that the > > > existence of a web site at any particular institution does not > > > in any way imply endorsement. Universities and businesses > > > do not take responsibility for what their community members > > > or customers place online." > > > > > > This is clearly untrue when the person in question is a staff member, as I > > > am. Were I still a student, then I could more legitimately say that I'm a > > > student at Stanford, and that I have the academic freedom to post whatever > > > I want; but as someone who now merely works for a living at Stanford, I do > > > whatever I want by the (very) good graces of my (very good) employer. > > > > I don't follow. In what way is that disclaimer untrue? You *do* > > represent Stanford? The concept of academic freedom doesn't apply to > > staff members? If that's true, you do have a point. > > Then you, kadie, and I agree. I have a point. Why do you persist in > identifying, in two places, a Stanford University Mirror Site? > > > > One mirror site was enough. The German providers would not have blocked > > > stanford.edu had it remained the only mirror site. The President of > > > Stanford, Gerhard Casper, is a recognized constitutional scholar from > > > Germany. The Stanford Provost, Condoleezza Rice, was one of the two or > > > three people most responsible for the Bush Administration's policy > > > towards German Unification. Dozens of Stanford students have studied in > > > Berlin. > > > > One mirror site may have had a limited effect, but more mirror sites > > have a more significant effect. > > I strongly disagree. > > Which has more symbolic power for good, a single man standing in front of > a tank in Tiananmen Square, or nuking Hiroshima and Nagasaki? > > It is not ethical to abuse this power we have. Especially because neither > of us are students at the universities whose machines we are abusing. > > > The press likes a local angle, and local mirrors are giving them just > > that. I put a reporter from the Boston Globe in touch with the UMass > > mirror operator, and a reporter from the Philadelphia Inquirer in touch > > with the University of Pennyslvania mirror operator. I'd love to see > > mirrors in every major city for greater coverage in every major paper. > > > > If you don't understand that concept, you don't understand the way the > > media works. > > I do understand the way the media works. They live on "press releases" > from "recognized authorities." Most > > > So Rich, answer me this: "What articulable and demonstrable harm have > > additional mirror sites done, besides hurt your ego?" > > Since my mirror site has been limited to .edu and selected other domains > for a full day, this is an odd question. > > The demonstrable harm, as you now agree, is that the Ottawa Times, > http://intranet.on.ca/ott_time.html, the Stormfront-L neo-nazi list, and > so on are full of lies about how universities sympathetic to Zundel's > fight against Zionist oppression and the Holocaust Lie have jumped to his > defense. > > > > This is ludicrous. I expect better from you. > > > > I'm a big fan of Tim's, and I think that while he may have been jesting, > > his comments have a serious undertone. > > > > I don't really expect to be locked up for the rest of my life in a > > German cellblock, but harassment at entry/exit points is possible. > > Perhaps probable, given that other "distributors" of Neo-Nazi spew have > > experienced just that. > > No distributors. Only point sources. And as has been pointed out, they > often get off with a slap on the wrist. > > You have been duped by Zundel's false claims of persecution. I bet you > even bought the "Dr. Axl Clocstein" story for a while. > > > > Declan, if you don't fix up your page the way I want it by morning (please > > > not that you have three more hours of morning than I do), I will post a > > > modified (spell-checked) version of this note on my Web page, to > > > alt.censorship, and to your "fight-censorship" mailing list. > > > > Please send me in private email (or post it here if you really want) > > exactly what you want me to change. > > 1. As I've been saying for the last day and a half, please remove all > occurrences of the strings "Stanford" and "Graves." I hardly think that > requesting not to be so identified is egotistical. > > 2. While you're at it, it would be good to remove the following as well, > which does not accurately reflect the facts. > > In early January, Zundel contacted the Simon Wiesenthal Center and asked > permission to reproduce some of their materials. He wanted to disprove > some of their views as he had tried to rebut those of the Nizkor Project. > (The Nizkor folks earlier had requested bidirectional linking. Zundel > agreed to their request, heralding the experiment as "The Great Internet > Holocaust Debate.") > > Nizkor's response to this is rather prominent on their Web site. > > 3. Please fix this: > > January 29, 1996: This site goes online, with the help of files supplied > by Rich (rich at c2.org), supplemented with more recent documents taken > directly from the Zundelsite. Rich's site at Stanford University goes > online. (Note that Rich and I mirrored the Zundelsite at our own > initiative, not by request.) > > To bolster Zundel's coyright claim against the National Alliance, please > clarify that "we" specifically requested the materials from Zundel, and > that his handler Marc uploaded them all to "one of our machines" (since we > could not have run a WebWacker on the highly overloaded webcom.com). Also > remove the string "Stanford." In any case, the files are no longer > available at Stanford. > > 4. February 1, 1996: Web Review Magazine reports on the mirror sites. > > I have sent mail to Steve Pizzo and requested that he call me to correct > some false statements attributed to me. > > 5. February 1, 1996, afternoon: UMass censors mirror. Simon Wiesenthal > Center sends letters of protest to participating mirror universities. > Sameer announces University of California at Berkeley mirror. > > Every one of these is false. > > a. The operator of the UMass mirror objects to your characterization of > what happened as "censorship," and to your posting his private mail. > > b. Where is your confirmation of Simon Wiesenthal's action? > > c. Sameer has not announced a UC Berkeley mirror. He specifically asked > that it not be listed because like most of us, he is beginning to have > ethical qualms. > > 6. On index.html you have: > > There is an apparent campaign of email and web bombing being launched > againt Zundel's site on Webcom, making it near-impossible to reach. > > Do you have a source for this besides me? Well, I retract the rumor. In > fact it seems that the problem is that Zundel foolishly put a bunch of > huge RealAudio files on his page that are overloading the server. > > > Rich, by now I suspect you've seen this joke, but what the hell: > > > > Q: What's a left-wing firing squad? > > > > A: Everyone stands in a circle and shoots at each other > > I guess this is supposed to be something clever about how the vanguard is > supposed to discard their personal interests for the common good. > > I am a member of no vanguard. > > -rich > __________________________________________________________________________ go not unto usenet for advice, for the inhabitants thereof will say: yes, and no, and maybe, and I don't know, and fuck-off. _________________________________________________________________ attila__ To be a ruler of men, you need at least 12 inches.... There is no safety this side of the grave. Never was; never will be. From tedwards at Glue.umd.edu Thu Feb 1 22:24:37 1996 From: tedwards at Glue.umd.edu (Thomas Grant Edwards) Date: Fri, 2 Feb 1996 14:24:37 +0800 Subject: Telecom Bill may makes abortion talke illegal on the net... Message-ID: Sec. 507 of the Telecom Bill Ammends Section 1462 of title 18 of the U.S. Code (Chapter 71), in ways which may make sending the following over the Internet illegal: o any text, graphic, or sound that is lewd, lascivious, or filthy o any information telling about how to obtain or make abortions and drugs, or obtaining or making anything that is for indecent or immoral use Here is Section 1462 as Ammended: (Telecom bill chnages in "<" and ">"): Section 1462. Importation or transportation of obscene matters Whoever brings into the United States, or any place subject to the jurisdiction thereof, or knowingly uses any express company or other common carrier , for carriage in interstate or foreign commerce - (a) any obscene, lewd, lascivious, or filthy book, pamphlet, picture, motion-picture film, paper, letter, writing, print, or other matter of indecent character; or (b) any obscene, lewd, lascivious, or filthy phonograph recording, electrical transcription, or other article or thing capable of producing sound; or (c) any drug, medicine, article, or thing designed, adapted, or intended for producing abortion, or for any indecent or immoral use; or any written or printed card, letter, circular, book, pamphlet, advertisement, or notice of any kind giving information, directly or indirectly, where, how, or of whom, or by what means any of such mentioned articles, matters, or things may be obtained or made; or Whoever knowingly takes , from such express company or other common carrier any matter or thing the carriage of which is herein made unlawful - Shall be fined not more than $5,000 or imprisoned not more than five years, or both, for the first such offense and shall be fined not more than $10,000 or imprisoned not more than ten years, or both, for each such offense thereafter. ----------- Here is the text which addes the interactive computer service part in the Telecom Bill: SEC. 507. CLARIFICATION OF CURRENT LAWS REGARDING COMMUNICATION OF OBSCENE MATERIALS THROUGH THE USE OF COMPUTERS. (a) Importation or Transportation.--Section 1462 of title 18, United States Code, is amended-- (1) in the first undesignated paragraph, by inserting ``or interactive computer service (as defined in section 230(e)(2) of the Communications Act of 1934)'' after ``carrier''; and (2) in the second undesignated paragraph-- (A) by inserting ``or receives,'' after ``takes''; (B) by inserting ``or interactive computer service (as defined in section 230(e)(2) of the Communications Act of 1934)'' after ``common carrier''; and (C) by inserting ``or importation'' after ``carriage''. ----------- Media Notes: USAToday 02/01/96 - 07:37 PM ET http://www.usatoday.com/news/washdc/ncs16.htm Telecommunications deregulation breaks down electronic walls "At one point, the debate veered off on abortion. Seeing a ''high-tech gag rule,'' Rep. Nita Lowey, D-N.Y., joined by Pat Schroeder, D-Colo., and several other women lawmakers, asserted the anti-pornography provisions would outlaw discussions about abortion over the Internet, the global computer network. Rep Henry Hyde, R-Ill., a leading abortion foe, assured members that nothing in the bill suggested any restrictions on discussions about abortion." Well, Henry Hyde was right - nothing in the bill suggests restrictions on abortion discussion - the restrictions are in Title 18 of the U.S. Code, which now includes computer networks. ----------- Thanks to the Cornell Law School Legal Information Institute (http://www.law.cornell.edu/) and the Alliance for Competitive Communications (http://www.bell.com/) for source text. -Thomas Edwards From nobody at REPLAY.COM Thu Feb 1 22:50:47 1996 From: nobody at REPLAY.COM (Anonymous) Date: Fri, 2 Feb 1996 14:50:47 +0800 Subject: Nu? Message-ID: <199602020603.HAA11792@utopia.hacktic.nl> Tim May, 2/1/96, 10:39: > * I believe that much of "Jewish culture" is, for historical reasons, > closely related to German culture. It is understandable that so many Jews > hate Germans and German culture, but also sad. (I don't mean the newer > Israeli/Hebrew culture, but the Yiddish/German culture, which was so shaken > by the Holocaust that, sadly in my opinion, it cannot acknowledte its > essential Germanness.) We have an old saying, Tim, "Nisht geshtoygen, nisht gefloygen," which more or less means "You're making no sense" - literally, "You're not standing, you're not flying." I'll bow to you on CP-related matters any day, but on the subject of Yiddish culture you're clearly pretty clueless. No great loss, I assure you. ObCrypto: Reputations are subject-specific, not global. Your reputation on the Holocaust is nill, about the same as my relatives' (the ones with the funny striped suits and tattoos on their forearms) reputations are on the subject of encryption. Stick to crypto, folks - this isn't Shoah-punks. From rishab at best.com Thu Feb 1 23:14:50 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Fri, 2 Feb 1996 15:14:50 +0800 Subject: Domain hijacking, InterNIC loopholes In-Reply-To: <199602010926.EAA19923@amsterdam.lcs.mit.edu> Message-ID: <199602011457.GAA29387@shellx.best.com> David Mazieres wrote: > I don't think Domain hijacking is a terribly big threat. First of > all, the modification process insn't fully automated. Second of all, > it takes several weeks for the changes to go through. Before the My new ISP got the domain modified in a day, or so. The proces _is_ automated, as long as you follow the template perfectly. > changes go through, the internic sends out mail to a bunch of people, > including all previous administrators and administrators of all > domains which contain old or new nameservers. More to the point, the InterNIC informs all the major nameservers (such as ns.nasa.gov and all those that mirror ns.internic.net). Obviously. Without that, how would anyone know where to find your domain (even if 'hijacked')? But I never did say domain hijacking was a security threat - unlike spoofing, this can't in itself compromise your systems. But, as the InterNIC admits, it can have "serious consequences" on commercial organisations, for whom the loss of net presence for even a day could be considerable. > Thus, I'd say the domain modification process is slightly more secure > than First Virtual :-) :-) :-). It relies on the security of the > network routers and existing nameservers, and requires one or more > active attacks or viruses to defeat. Probably your best is to wait You obviously didn't get the point. There are no routers involved at all, or even nameservers. The Internet domain registry structure (unlike much else) is strictly hierarchic - the InterNIC is the source of all. Modify the InterNIC record, and the new record is official, and will be promptly accepted by all the nameservers that bother to track these things. > for as many as possible of the relevant sysadmins to go on vacation, > and then mail-bomb them rest so hard they end up not reading all of > their real E-mail. Then again, there's always the possibility that > the domain administrator knows how to use procmail... Again, whether the sysadmin eventually catches on is not the point. Unless the hijacker is exceptionally sophisticated (by, for example, not interrupting but only intercepting web and mail traffic) and the victim exceptionally stupid, the truth will be known soon. But perhaps not soon enough for, say, Hotwired or Yahoo who can't afford to go down. To drive my point home: suppose the owners of www.howtired.com (yes, it does exist) were to hijack hotwired. Further suppose that they mirrored (or otherwise replicated) hotwired's content, displaying it to users with some nasty changes, and filtering out all complaint mail. One assumes HotWired's admins are savvy enough to think of this, but you never know, and if they took a few days or more over fixing it, it would not be nice for them. Of course, their lawyers wouldn't make it nice for howtired either, if they had their address, and it wasn't in ... China! Rishab From declan+ at CMU.EDU Thu Feb 1 23:37:57 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 2 Feb 1996 15:37:57 +0800 Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...] In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 2-Feb-96 Re: Tim's paranoid rant abo.. by attila at primenet.com > if you want to indulge in personal rants and vendettas, take it to > personal mail. secondly, you are slamming someone without the > decency or courtesy to even copy him. Yeah, I don't particularly enjoy rants, but I engage in them myself occasionally, so I'm willing to cut Rich some slack. We've since mended fences and we're working in the same direction. I had thought his initial actions were slightly irrational, but now I know him a bit better, I think. Both of us are working in good faith, and that's what's important here. In particular, the NeoNazi slime are really starting to piss of both of us. Can anyone say "defamation," on this fascist's darling little page at Georgia State: [ http://www.gsu.edu/~hisjwbx/ZUNDEL ] > This is a mirror archive of most of Ernst Zundel's holocaust >revisionist site. I DO agree with his views. I ALSO ^^ ^^^^ > agree with his right to express them. There is an apparent campaign >of email and web bombing being launched > againt Zundel's site on Webcom, making it near-impossible to reach. >Germany has forced Deutsche Telekom to > censor access to his site by URL. This mirror archive exists to >demonstrate the folly and the danger of Internet > censorship. > > Read more about these attempts at censorship. > > -Declan McCullagh, declan at well.com, 1/29/96 ^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ Now, this guy copied that file from my web site. Fine -- it was up for FTP. But editing my comments to *support* Neo-Nazis and leaving my name is just fucking too much. I've sent him polite mail requesting a change. We'll see what happens. Cypherpunk relevance? Authentication for web pages. There's no reason for a reasonable person to believe, at first glance, that I was *not* the author. Perhaps someone has suggested this before, but should a web browser's functionality be extended to support authentication via an automated PGP-type mechanism? Using comments, possibly. I guess I'm just pissed over this attribution of Zundelscheistenviews to me, but has anyone else run into such a problem? (Legal threats and complaints to sysadmins are of course another alternative...) -Declan From jya at pipeline.com Fri Feb 2 00:06:57 1996 From: jya at pipeline.com (John Young) Date: Fri, 2 Feb 1996 16:06:57 +0800 Subject: Tivoli Message-ID: <199602011802.NAA24147@pipe3.nyc.pipeline.com> Mike, Is it fair to assume that it's your Tivoli that's in the NYT and WSJ today, bought by IBM? If so, congrats on never again having to sell your body for everlasting fame and glory. Envious From anonymous-remailer at shell.portal.com Fri Feb 2 00:11:30 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 2 Feb 1996 16:11:30 +0800 Subject: Alien factoring breakthroughs Message-ID: <199602020747.XAA15564@jobe.shell.portal.com> Came across this little gem on the web the other day. I thought I'd post it - it's as sensible as most of the crap here. Yours conspiratorially, Noddy. ---------------------------------------------------------------------------- From: remallin at dorsai.dorsai.org (Richard Mallinson) Newsgroups: alt.conspiracy, alt.alien.visitors, sci.math, alt.politics.org.nsa Subject: The Grays' involvement in cryptography and national security Date: 25 Jan 1994 07:05:10 GMT Summary: How the NSA has got help from extraterrtestrials ---------------------------------------------------------------------------- One thing that the NSA will not reveal is the magnitude of their advancement in theoretical mathematics and cryptography. It is estimated that the NSA is about 200 years ahead of the rest of the world in mathematical theory. This not only allows them to break any code devised outside of the NSA, but to devise codes which cannot be broken. A tiny part of this advancement is due to an intensive mathematics research program commenced in the 1960s. Fermat's Last Theorem was proven conclusively in 1964, but only those in the NSA know of it. Some 2,000 theorems and lemmas, all numbered and classified, have arisen. At least a dozen branches of theoretical mathematics such as flag theory, superspace theory, interstice theory, match theory and quantum logic have been developed, and yet not only has the outside world never heard of them, but the NSA has been deliberately inserting disinformation into textbooks, research papers, et cetera to keep everybody else off the trail. Most of this advancement has been achieved with outside help. In 1973, during the Nixon Administration, the NSA hooked up fith the Jason Society, the top-secret body that liaises with the extraterrestrial beings known as the Grays. This gave them an immediate infusion of mathematical theory, as the grays have developed mathematics to a level which we cannot completely comprehend. In return, the grays were given two more bases in New Mexico and a 15% increase in the number of people that they may abduct per year for analysis and extraction of vital fluids. The Grays have renegged on their abduction quota agreement, and are abducting many more people than before. Most of these are returned, after being implanted with a device which allows the grays to have total control over their thoughts and actions. Approximately 40% of Americans now carry one of these devices, which are impossible to remove without killing the host. Richard E. Mallinson ---------------------------------------------------------------------------- From anon-remailer at utopia.hacktic.nl Fri Feb 2 00:15:04 1996 From: anon-remailer at utopia.hacktic.nl (Anonymous) Date: Fri, 2 Feb 1996 16:15:04 +0800 Subject: No Subject Message-ID: <199602010400.FAA16774@utopia.hacktic.nl> Are anon remailers the only way to send anon email without giving up the source eventhough an organization has a wealth of dough/technology and several class B addresses? Couldn't they just trick their mail servers or would a nslookup/whois defeat that? And are nym accounts the only way to receive email without giving up who the intended recipient of tha mail/news post actually is? From sjb at universe.digex.net Fri Feb 2 00:40:38 1996 From: sjb at universe.digex.net (Scott Brickner) Date: Fri, 2 Feb 1996 16:40:38 +0800 Subject: noise levels In-Reply-To: <199601190051.RAA28314@nagina.cs.colorado.edu> Message-ID: <199601312323.SAA05263@universe.digex.net> Bryce writes: >Perry, I quite agree with you. I am having a very difficult >time wading through cpunks, and I am currently reduced to >grepping for my name, and then picking out a topic or two by >subject line before junking 95% of the posts. Since you have >such enthusiasm for solving the noise problem I suggest that we >do the following: I have an expansion on this. Why not generalize the problem to create a group rating system? Anyone who wants to can send ratings messages (rating each message on a scale of one to five, one meaning "what total crap" and five meaning "what a useful piece of information") to the ratings server. The server maintains the ratings for each message by sender. Client software can retrieve the ratings added since a given time and use this information with the ratings assigned by the user to generate compatibility profiles indicating with which raters the user tends to agree, and provide ratings on all messages based on it. The user can then have anything lower than his tolerance threshold automatically deleted. This is patterned after a newsgroup collaborative filtering tool I read a paper on not too long ago. I can't find that reference, but has an open architecture design for a ratings server. Ideally, one would modify MUAs to recognize an "X-Ratings-To:" header to tell where ratings messages should be sent, and the list server would add that to all outgoing messages. The MUA would present the ratings buttons when displaying messages containing "X-Ratings-To:" headers and automatically generate and send the rating when the user pushed a button. The beauty of this is that it works for *any* mailing list that has an associated ratings server. It allows anyone with the appropriate MUA to ignore those conspiracypunks boneheads almost transparently. Necessary coding: modifications to majordomo: - add optional ratings server address and update frequency in list configuration data - add "X-Ratings-To:" headers to outgoing messages in lists with ratings servers - periodically send ratings updates to ratings server subscribers modifications to MUAs: - recognize "X-Ratings-To:" headers in incoming messages and present ratings interface when displaying them - generate ratings messages to ratings server - interpret incoming ratings messages to compute user's predicted rating - maintain user preferences vector From jimbell at pacifier.com Fri Feb 2 01:08:34 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 2 Feb 1996 17:08:34 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: Despite being totally uninvolved with whatever this guy's talking about, Jim Bell is responding: At 11:06 AM 2/1/96 PST, baldwin wrote: > >WARNING NOTICE > > It has recently come to the attention of RSA Data >Security, Inc. that certain of its confidential and >proprietary source code has been misappropriated and >disclosed. Despite such unauthorized use and disclosure, >RSA Data Security reserves all intellectual property rights >in such source code under applicable law, including without >limitation trade secret and copyright protection. Hey, I'm not a lawyer, and I don't even play one on TV, but as I understood the law keeping something a secret was an alternative to disclosing it with a patent. Patents had certain advantages and disadvantages; trade secrets had other advantages and other disadvantages. A famous example, the "formula for Coca-Cola" was kept secret for decades; to patent it would have allowed anybody else to build Coca-Cola after 17 years of patent protection. Keeping it secret could, theoretically last forever, but the legal protection against copying is less or even non-existent. I am well aware that the legal system has been abusing the whole concept of patenting software, etc, ever since they discovered they wanted to keep the country from using RSA in the middle 1970's. However, it seems to me that if your "trade secret" is now disclosed, then it really isn't a "trade secret" anymore and you lose "trade secret" status. You may have a valid claim against the discloser, but that SHOULD be unrelated to everyone else. It sounds like you want the best of both worlds: You want to claim "trade secret" status for something that you either can't or don't want to patent. From jimbell at pacifier.com Fri Feb 2 01:20:10 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 2 Feb 1996 17:20:10 +0800 Subject: Charter of PDX Cpunk meetings Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 10:52 PM 2/1/96 -0800, Alan Olsen wrote: > >I requested that this debate be taken to private e-mail. Since you seem to >not want to do that, and since you insist of making false and unrealistic >claims, Which "false and unrealistic claims"? I am removing your name from the subscription list for >pdx-cypherpunks. This isn't a DEBATE. It is a WARNING to all other potential suckers in the Portland Oregon area that Alan Olsen engaged in highly unethical behavior with regards to the recent cypherpunks meeting, flamed me without justification in the national list, failed to respond to security inquiries, failed to deny issues and matters of truth, and failed to properly deal with a situation that he had a responsibility to handle ethically. Not to mention lying in the comment above. I am going to take this to the national list, because you took it there first in your original flame: I am going to point out that you flamed me for no good reason; you engaged in a "knee-jerk" "debunking" without even knowing what you were ostensibly "debunking," that you failed to respond to my polite request for clarification; that you've attempted to pretend that I was somehow at fault for noticing your transgressions; that your local clique is pre-programmed to defend you in the face of your transgressions. I notice that some of them don't even know what a key-signing meeting is FOR: I've received commentary which suggests that they believe that key-signing somehow vouches for the HONESTY of the person involved; not his IDENTITY. Until you start responding substantively to legitimate complaints, that is all you deserve. The public needs to be warned about people like you. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMRHIE/qHVDBboB2dAQHHMAQAkTFZaMMF6asl79yU8RSkd5O0zYElg9so syuonRR1UnrzTGlQ2cT/8GPZhuV/IIBSiroxu7EwCX6ASR6BTRUGVdTWbN3l27Vi M6FRiduXpBvzpIzQ7XOzwcvPv0D/bLXwXPGHzmUzqsk3chWpsskKw1PKZun7wCKL fG2MVim+Vqk= =Di2Q -----END PGP SIGNATURE----- From nelson at santafe.edu Fri Feb 2 01:45:07 1996 From: nelson at santafe.edu (Nelson Minar) Date: Fri, 2 Feb 1996 17:45:07 +0800 Subject: Anonymity -> Untraceability -> High Latency? Message-ID: <199602020919.CAA02994@nelson.santafe.edu> I've been trying out various mechanisms for anonymity: remailer chains, HTTP proxies. There's one problem that makes them inconvenient to use regularly: latency. A good Type I remailer chain takes at least an hour to deliver email, instead of the 15 seconds I'm used to. Mixmaster-style takes even longer; the delay is important to the security of the system. Forwarding all my HTTP requests through a proxy adds an extra hop and some processing to all web transactions, noticeably slowing down browsing. I'm not much for waiting for computers. The problem is that that these anonymity schemes rely on untraceability. And to be untraceable, we have to have centralized servers take our traffic and forward it along, stripping out identifying information, burying it in the noise of lots of other traffic. But that forwarding process seems guaranteed to add latency to the communication. Back in the old days (ie: six months ago, before Web search engines were big on the scene) I was reasonably happy with the needle-in-a-haystack anonymity of the unorganized Internet. I posted personal things to Usenet, fairly sure that only the members of that Usenet group were going to see my messages. I ftped files from all over without worrying that my transactions would be logged permanently. But now, with the amazing success of Web searching, I no longer feel that obscurity is sufficient security. Are there other approaches to anonymity that don't impose the latency that forwarding messages around does? From bruce at aracnet.com Fri Feb 2 02:07:22 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Fri, 2 Feb 1996 18:07:22 +0800 Subject: Helping the Crypto-Clueless Message-ID: <2.2.32.19960202095316.0069c6a8@mail.aracnet.com> While talking with Alan Olsen about the impending Telecommunications Decency Act, a thought struck me: one of the groups that's really going to be hurt by this is pagans. Me, I'm one o' them Christian types; it's my anarchism that'll get me on lists. But insofar as cypherpunks have contact with pagans (and aboriginal American groups and the like), probably there are a lot of folks who should be ramping up for privacy right away. Bruce Baugh bruce at aracnet.com From alano at teleport.com Fri Feb 2 02:26:01 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 2 Feb 1996 18:26:01 +0800 Subject: [noise] Re: Charter of PDX Cpunk meetings Message-ID: <2.2.32.19960202100334.009241ec@mail.teleport.com> -----BEGIN PGP SIGNED MESSAGE----- I think an explanation for this is due. Jim is going to move his complaints here instead of dealing with them with me no matter what I do... A bit of history here... I had seem Jim Bell's postings and had not thought too much about them one way or another. I felt that some people had been a bit too hard on him, but did not care one way or another. I organized a physical meeting on Jan 20th at a public coffee house in portland. Jim showed up. During this meeting he espoused some ideas which I found very bothersome because they sounded far too much like "magical thinking" and pseudo science. I did not challenge him about them at the meeting and tried to move on to other things. A while ago an anonymous poster made a number of comments about Jim Bell's beliefs involving assassination politics. He brought up a number of valid points. Jim ignored all of those points and flamed him on something totally without substance. (Not signing messages and not using an identifiable nym.) This bothered me. I responded to the post. A good portion of this message was flame, but it contained a number of questions about the workability of Jim's pet theories. Jim's response to this was to question the validity of the post, but not deal with any of the substance of the arguments. (He was questioning it because I did not sign the posting.) I ignored the post as I had other things occupying my time... During the period of time between the meeting and the offending post I had created a pdx-cypherpunks list. I had a number of people who were interested and it seemed like a good idea at the time... Well, i posted on the list a question about the next meeting and mentioned about the results from the key signing. (I had three people, who i did not mention by name, who had not signed keys or gotten back to me on it.) I relieved a response from Jim about my messages to him here and why he had not signed anyone's keys. [For those who are interested, I can forward the original messages. They are interesting reading, in an odd sort of way...] It came down to him complaining about my messages on national list. He still did not address any of the issues I had raised (he still has not), but was pretty pissed. A number of the other people on the list took him to task on a number of the comments he made. It grew into a pretty hot flame war on the list. After I started to get complaints and it prevented anything useful being posted, I posted a message to take the discussion to e-mail or I would start banning people from the list. Jim ignored that request and I removed him from the list. That is why it has moved back here. This will be my last response to Jim's rantings in public. i will be glad to deal with questions in e-mail. I have sent a number of responses to Jim already in e-mail and he has ignored them. He has made veiled threats to me on the pdx list and has shown no sign of wanting to deal with this in a rational manner. The issue comes down to this. Jim Bell has a number of ideas i disagree with. I have challenged him on some of those ideas. He is unwilling to answer any questions as to the flaws in his beliefs. Instead, he takes any questioning of his ideas as personal attacks. I refuse to give any respect to an individual who presents his ideas to the world and yet is unwilling to defend them in public (or in private). I suggest you get your killfiles ready. I will be killfileing Mr. Bell's comments on this list as it does not belong here. The following is the last I will say publically on the matter. At 12:16 AM 2/2/96 -0800, jim bell wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >At 10:52 PM 2/1/96 -0800, Alan Olsen wrote: > >> >>I requested that this debate be taken to private e-mail. Since you seem to >>not want to do that, and since you insist of making false and unrealistic >>claims, > >Which "false and unrealistic claims"? Well, lets see... The claim that you have a method of "rendering a building uninhabitable by electronic equipment for at least 30 days". The claims that the Portland meeting was a "private meeting". That I did not inform people of that fact. That I somehow owe you an apology for statements which you seem to be unwilling to deal with. I am sure that i can dig up more. >I am removing your name from the subscription list for >>pdx-cypherpunks. > >This isn't a DEBATE. That is because you are not willing to debate. You want your beliefs accepted with no proof and no rational thought. You want them to be accepted without question. >It is a WARNING to all other potential suckers in the >Portland Oregon area that Alan Olsen engaged in highly unethical behavior >with regards to the recent cypherpunks meeting, What behavior was that Jim? I told people about your loonie scheme to "disable hardware"? If you did not want it known, then you should have kept your mouth shut! (The first rule of not being seen is DON'T STAND UP!) You seemed to have some sort of idea that it was a private meeting. Nowhere was it stated that it was private. We were in a crowded coffee house. You were sitting in front of a big glass window. Anyone who wanted to take the time to hear you could have. There was no reasonable expectation of privacy at that meeting. I am sorry that you have suffered embarrassment. Grow up. >flamed me without >justification in the national list, I gave my justification. You are unwilling to respond to criticism of your ideas. You still are. Sorry, but you need to grow an epidermal layer. > failed to respond to security inquiries, I did not sign my messages to him. He assumed that it must be some sort of spoof. I left it unanswered for two reasons. At the time i was not really needing a confrontation (as my personal life was taking time) and I was not certain how to answer. (How do you answer someone who is THAT paranoid?) I wonder if he assumes Tim May's messages are all spoofs. (He may have something there...) >failed to deny issues and matters of truth, Did not answer mail... >and failed to properly deal with >a situation that he had a responsibility to handle ethically. Not to >mention lying in the comment above. Jim is not willing to deal with the issues i keep bringing up so i must be lying... >I am going to take this to the national list, because you took it there >first in your original flame: And I banned Jim from the Portland list... >I am going to point out that you flamed me >for no good reason; you engaged in a "knee-jerk" "debunking" without even >knowing what you were ostensibly "debunking," I was flaming you for being unwilling to clarify your positions. You made extraordinary claims and have been unwilling to explain how any of this is supposed to work or given anyone any sort of reason as to why we should believe you. >that you failed to respond to >my polite request for clarification; Yeah, that one is my fault. i should have responded sooner to that message. > that you've attempted to pretend that I >was somehow at fault for noticing your transgressions; No. You were at fault for ignoring every issue that was brought up. You have been unwilling to deal with anything resembling substance and instead insist on continuing this petty flame war. >that your local >clique is pre-programmed to defend you in the face of your transgressions. i.e. the rest of the Portland list jumped on his case for his behavior. Many of them are my friends. At least one of them is someone i have only met once. You seem unwilling to accept that maybe the idea that no one has sided with you is that they do not agree with you. >I notice that some of them don't even know what a key-signing meeting is >FOR: I've received commentary which suggests that they believe that >key-signing somehow vouches for the HONESTY of the person involved; not his >IDENTITY. As I have stated before, the concept of identity is a slippery thing. Actually the information on the key signing that I posted, and the theories behind it, were from the FAQ written by Derek Atkins. >Until you start responding substantively to legitimate complaints, that is >all you deserve. The public needs to be warned about people like you. You have one legitimate complaint. (That I did not respond to mail in a timely fashion.) Sorry... Guilty. The rest you have blown FAR out of proportion. You are mad because i said some unpleasant things to you on a list where you so much want to be respected. I suspect that you had lost the respect of most of them before I posted. If they are that easily swayed, then you have not done alot to earn their respect and be able to keep it. You have failed to respond to the mail I have sent in private. That makes me suspect that you do not want to resolve the issue with me, but cause problems for me with others as "punishment" for exposing your outlandish views. I am sorry that you feel that you have to go to such extremes. It reinforces my decision to bounce you from the Portland list however. The more you rant, the less I am willing to deal with you. When my daughter acts like you she is sent to her room. In your case, I will just have to ignore you... Find an anagram for "Spiro Agnew". -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMRHgrOQCP3v30CeZAQGHFQf8CVDZAKzBv3vHy4aY9hiV2ydNJ+Dz1DX8 wQiA0Hg1eK5WuCJ4y6lIrZpSOR6h9ok86eGAdyaWqayscgcvDWVyTF1D/VJ3RPyM vhbXLWF01DeG0eU+9ckqjoB4dJSYVYcdLRD18QzO/MDAmaOJaTehfxOT2BlNHHHi WoHpH1SYq0JOHsN+5UoITA7GUR1JNNlTDhHBtcM17Wqm5WXnhwm+z1gpBPExIcZ6 VFMOsPBGqHj02lYZtUVUwFzmVXRlF9zbN7SzqyhnPdK0TkmH/V7jtk2A91C62DAw 6ZCE8KNQbXOMlyKS0RyhtUCXfPZpBTs77leP/9tKs1vyortPxO07GA== =RoA4 -----END PGP SIGNATURE----- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ Is the operating system half NT or half full? From jrochkin at cs.oberlin.edu Fri Feb 2 03:02:12 1996 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 2 Feb 1996 19:02:12 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: At 7:06 PM 02/01/96, baldwin wrote: >WARNING NOTICE > > It has recently come to the attention of RSA Data >Security, Inc. that certain of its confidential and >proprietary source code has been misappropriated and >disclosed. Despite such unauthorized use and disclosure, >RSA Data Security reserves all intellectual property rights >in such source code under applicable law, including without >limitation trade secret and copyright protection. In Well, now we know it really was RC2. Is there a law-knowing type out there who can tell us what's going on legally? As I understand things, RSA is just bullshitting here. When something has 'trade secret' status, the only people with legal obligations toward it are those with contractual obligations to RSA--you can only enforce 'trade secrets' through contractual obligations, non-disclosure and confidentiality agreements, etc. Once something has been disclosed, as I understand it, people without contractual obligations in regards to it are free to do whatever they want to it--trade secret status of RC2 has nothing to do with me, who has no contractual obligations to RSA regarding RC2. (Unless the license agreement for RSAref could be stretched to apply somehow, but I don't think so). Now, copyright might be another matter. But you can't copyright an algorithm, only specific text in fixed form (ie, the source code). So this would mean you couldn't use the particular code posted to sci.crypt, but wouldn't stop anyone from using the algorithm, if they wrote their own code (to be safe, without having seen the RSA-copyrighted code, only having the algorithm described to them by someone else). You can _patent_ an algorithm, but as I understand it, something can't be patented and a trade secret--you have to disclose it in full to the patent office to get a patent, at which point it's no longer a trade secret. And the legalese from RSA doesn't even mention patents anyway (because they dont' have one, of course), only copyright and 'trade secret'. I'm not a lawyer of course. Information from someone more sure of their knowledge then I am would be appreciated. But, as I understand it, they're basically making stuff up, and there is nothing stopping any of us, who haven't signed any non-disclosure agreements with RSA, from using the RC2 algorithm. From tony at secapl.com Fri Feb 2 04:37:20 1996 From: tony at secapl.com (Tony Iannotti) Date: Fri, 2 Feb 1996 20:37:20 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI In-Reply-To: <9602020046.AA23769@sulphur.osf.org> Message-ID: On Thu, 1 Feb 1996, Rich Salz wrote: > At any rate, I'll stop my comparison of the distributed RC2 and the > licensed RC2 since RSA's done it for us. :) What if it's just a ruse by them to ID it as RC2? They could have even released a bogus version themselves, and then sent up a hue and cry.... From kelli at zeus.towson.edu Fri Feb 2 05:53:02 1996 From: kelli at zeus.towson.edu (banjo, lord of the c monkeys) Date: Fri, 2 Feb 1996 21:53:02 +0800 Subject: CDA as a tool (was: Re: Helping the Crypto-Clueless) In-Reply-To: <2.2.32.19960202095316.0069c6a8@mail.aracnet.com> Message-ID: On Fri, 2 Feb 1996, Bruce Baugh wrote: > While talking with Alan Olsen about the impending Telecommunications Decency > Act, a thought struck me: one of the groups that's really going to be hurt > by this is pagans. Me, I'm one o' them Christian types; it's my anarchism > that'll get me on lists. But insofar as cypherpunks have contact with pagans > (and aboriginal American groups and the like), probably there are a lot of > folks who should be ramping up for privacy right away. > I agree: and in addition to that, I'd like to say that contrary to the beliefs of some people on this list, I don't think the CDA is representative of a legislative body's spiteful action against general free speech and information; it's far to simple a motivation for computer-illiterate, re-election minded professional politicians. They simply don't know enough about the nature of the internet itself to conspire to something as abstract as all that. I believe that every congress critter had a specific social enemy in mind when he/she voted for that bill; somebody who they've been using as their banner, whom they vow to fight against when re-elected. Pagans are a good example of a group likely to be the victims of such political action. I, as an activist in the field, ask you to imagine the consequenses for the gay civil rights movement, when even discussing the issue is viewed as 'indecent or immoral' by some of the more conservative lawmakers. Remember when Canada banned the import of pornography, even the news-oriented gay and lesbian publications were halted at the border. The crypto relevance in this post is the value of examples such as these when explaining to your friends why they need non-government-escrowed crypto so badly in electronic discourse. People tend to see the need for it a bit more when they see the threat more clearly. I'm a college student, and while not all my friends are involved in the same pursuits I am, most of them are at least loosely associated with groups which are considered undesireable by some government types (Black Activists, Jewish Activists, Pro Life/Choice advocates, etc). In college, who isn't? I don't post too often to cypherpunks, so if this view is overly simplistic, right on the mark, or completely wrong, send me some mail, and we'll discuss. Kathleen M. Ellis http://zeus.towson.edu/~kelli/ kelli at zeus.towson.edu Diverse Sexual Orientation Coll. Towson State University DSOC at zeus.towson.edu "I can't help it, I'm a born lever-puller" -Ringo from "Yellow Submarine" "Your friends are really just enemies who don't have the guts to kill you" -J. Tenuta "Obscenity is a crutch for inarticulate motherfuckers." -Fortune Cookie Courtesy of Linux 1.3.45 From PADGETT at hobbes.orl.mmc.com Fri Feb 2 06:27:37 1996 From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security) Date: Fri, 2 Feb 1996 22:27:37 +0800 Subject: Telecom Bill may makes abortion talke illegal on the net... Message-ID: <960202090301.2020ff8d@hobbes.orl.mmc.com> > (b) any obscene, lewd, lascivious, or filthy phonograph recording, >electrical transcription, or other article or thing capable of producing >sound; or There goes rec.antiques.radio+phono & rec.radio.swap - many of the Trans-Oceanics I have bought on-line would qualify as filthy, ever try to remove years of accumulated tobbacco smoke residue from the inside of a dial-lens ? Don't forget rec.radio.shortwave - someone in a non-compliant country might transmit someting nasty. And as for lascivious - there goes the Tex Avery cartoons on Nickelodeon. Did Nehimiah (sp?) Scudder come up with this ? Warmly, Padgett From wilcoxb at nag.cs.colorado.edu Fri Feb 2 06:31:07 1996 From: wilcoxb at nag.cs.colorado.edu (Bryce) Date: Fri, 2 Feb 1996 22:31:07 +0800 Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...] In-Reply-To: Message-ID: <199602021350.GAA03188@nag.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "Declan B. McCullagh" is alleged to have written: > > Now, this guy copied that file from my web site. Fine -- it was up for > FTP. But editing my comments to *support* Neo-Nazis and leaving my name > is just fucking too much. I've sent him polite mail requesting a change. > We'll see what happens. Polite? You show more restraint than most of us would I suspect. Actually it is probably a good tactic for the first encounter. > Cypherpunk relevance? Authentication for web pages. There's no reason > for a reasonable person to believe, at first glance, that I was *not* > the author. It is possible to PGP-clearsign web pages using comments. PGP's insertion of "- " before any line beginning with "-" might cause a problem, but you'll just have to be a little more careful. I'm considering hacking up a "PGP verification service" web page which will accept a PGP-signed URL, retrieve it, verify it, and report the results. Of course I'll make it clear that this service is very susceptible to active attacks. On a related topic it would probably be wise for you to clear-sign your mail, Declan. Establish a public key with me, and next time I see mail from you saying "I've been reading about this 'the Holocaust was a hoax' stuff and it's actually kind of convincing." I'll know where to lay the authorship of the words... :-) Regards, Bryce "Toys, Tools and Technologies" the Niche New Signal Consulting -- C++, Java, HTML, Ecash Bryce PGP sig follows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMRIWjPWZSllhfG25AQE4UwP/eFEXJ0qoocgRdcNFqf2jeW/XOe8UNA8k cQkYRSuyTwODEbNtkoLWoAGh+ucttGToy13uvA2e4WO8PG3LD2BVQlHP5Xi/umip XpUn+Ge7fbCm4O2dlogf6HNLmTNo5BrwX8ET46wn1K4hLf695cIyYoMToua+4xWr azZPYCg+eYs= =unP7 -----END PGP SIGNATURE----- From jcobb at ahcbsd1.ovnet.com Fri Feb 2 06:59:13 1996 From: jcobb at ahcbsd1.ovnet.com (James M. Cobb) Date: Fri, 2 Feb 1996 22:59:13 +0800 Subject: "German service cuts Net access" (to Santa Cruz) Message-ID: Dmitri, On 01 28 96 you say: Heck, any message on the Internet is inherently porno- graphic because it's just a bunch of 1's and 0's. And we all know that to Sen Exon a 1 looks like a penis and a 0 looks like a vagina! :-) On C-Span, did I hear Senator Kennedy suggest the Senate Ethics Committee delve into Senator Exon for unlawful carnal knowledge of nuclear arithmetic? Cordially, Jim From steve at miranova.com Fri Feb 2 07:07:14 1996 From: steve at miranova.com (Steven L Baur) Date: Fri, 2 Feb 1996 23:07:14 +0800 Subject: Unix swapfile security issues... In-Reply-To: <199602010730.XAA09785@infinity.c2.org> Message-ID: >>>>> "Anonymous" == Anonymous writes: Anonymous> I'm working on a unix application where I want to store a Anonymous> key in memory and don't want it to get written out to a Anonymous> swap file. If the key is in any of the application's Anonymous> memory pages, it could be swapped out at any time, and Anonymous> potentially left in the swap file when the computer is Anonymous> turned off. That's only a problem if physical security doesn't exist at the console. No operating system (or monitor) can overcome the lack of that. Anonymous> But, what if the program creates a pipe() and writes the Anonymous> key into it, then reads the key out when necessary? A pipe ^^^^^ ^^^ ^^^ ^^^ In which case it's in memory and can be paged or swapped. Anonymous> has a 4K buffer, but that buffer is in the kernel's memory, Anonymous> not in the application's pages. Could a kernel buffer get Anonymous> written out to a swapfile? Depending on how the kernel is written, bringing down the machine could result in a dump of kernel memory being written to the swap device anyway. -- steve at miranova.com baur Unsolicited commercial e-mail will be proofread for $250/hour. From tcmay at got.net Fri Feb 2 07:09:07 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 2 Feb 1996 23:09:07 +0800 Subject: Germans, Nazis, Jews, and My Beliefs Message-ID: With all of the recent developments, including the comments against censorship and in favor of measures to route around censorship, and the charges of pro-Nazi sentiment, let me state some of my beliefs: * I strongly believe, to the point of certainty, that the events described variously as "the Holocaust" and "the gassing of Jews" occurred. I first encountered photos in "Life" magazine, circa 1966, and nothing I have seen since then has even slightly shaken my belief that Hitler and his government oversaw the extermination in the most barbaric manner of several millions of Jews, gypsies, homosexuals, cripples, etc. * However, I am very fond of German culture in general. Though my ancestry is essentially Scandinavian (Denmark, Norway) and Anglo-Saxon (Scotland, England), I have felt more affinity for things Germanic than for things French, Italian, Spanish, etc. Perhaps it was my interest in science, where Einstein, Heisenberg, Schodinger, etc., reigned supreme (though Darwin and Newton were no slouches!), but I felt an affinity for Germany that I did not feel for, say, France (though I lived for a year in the south of France, near Nice, as a child). * By "German culture" I mean: Einstein, the Rhine, beer, Beethoven, Mozart, castles, the Alps, Salzburg, Goethe, Heidelberg, and of course, the language (which is a root language of English, naturlich, and part of the "Indo-Germanisches," or "Indo-European" family of languages...proto-IE goes back a lot further than either Greek or Latin, which are just variants of PIE). * Nothing about the Third Reich appeals to me, excpept that they had some pretty good scientists. (And I believe that Schrodinger, Heisenberg, and others dragged their feet on alerting Hitler and his advisors to the real prospects for atomic bombs...in a way that Einstein, Bohr, Fermi, Szilard, and dozens of others in the U.S. at that time did not.) As one opposed to the excesses of government power, I view the excesses of the Third Reich as an object lesson about the dangers of totalitarianism. * I believe that much of "Jewish culture" is, for historical reasons, closely related to German culture. It is understandable that so many Jews hate Germans and German culture, but also sad. (I don't mean the newer Israeli/Hebrew culture, but the Yiddish/German culture, which was so shaken by the Holocaust that, sadly in my opinion, it cannot acknowledte its essential Germanness.) * As far as racial or ethnic differences go, I believe the so-called races are essentially indistinguishable, except for superficial differences in appearance, stature, pigmentation, etc. (And a comparison between Watusis and pygmies will reveal that "Negroids" are as varied in stature--and basketball skill--as any differences between Negroid, Caucasoid, and Mongoloid.) That all the races and sub-races, from Australian Aboriginal to European to Asian to American Indian can interbreed with identical fertility rates suggests no genomic differences. In fact, it strongly suggest that evolution as we normally think of it essentially stopped some tens of thousands of years ago, which makes a lot of sense. And there you have it. Let no one call me a Nazi. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pdlamb at iquest.com Fri Feb 2 07:57:13 1996 From: pdlamb at iquest.com (Patrick Lamb) Date: Fri, 2 Feb 1996 23:57:13 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI Message-ID: <199602021529.JAA15348@vespucci.iquest.com> At 11:06 2/1/96 PST, you wrote: > >WARNING NOTICE > > It has recently come to the attention of RSA Data >Security, Inc. that certain of its confidential and >proprietary source code has been misappropriated and >disclosed. Despite such unauthorized use and disclosure, >RSA Data Security reserves all intellectual property rights >in such source code under applicable law, including without >limitation trade secret and copyright protection. (Remainder of warning elided.) Does this mean RSADSI is claiming copyright infringement on the RC2 source code? Pat -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzACleQAAAEH/2+41W3bZPuWU1gv6A0bq3a57bgCiCAbU1QY41f+NI1I8i/+ a/L314RIpCR0iCZhsNMHNI9rVovsbmOQE4Cf9YYL3cClUoE2VAsLOi9LAjlN8qYc kmAqpsGQ39eaKrnlC/0lxJtFZgypT4m9UIsTU986y3gyy+ZTWwxtbDaLBEdsTiH/ e+zosoBiXmwWYY1n+5yvaKLGMUwa20AKdoRCUgqhJQpkW0nAvItU6WhaqxwH6JXp KCNsuP6k8FBmcKZfSSvUphSOIJnARAq9K9UPhj5BeAy1vKZ416jfgeYQUTxHQOMT rTiQOYR/oAR35gBpGYg6p1lu6Ma5eDPtpBPadUUABRG0IFBhdHJpY2sgTGFtYiA8 cGRsYW1iQGlxdWVzdC5jb20+ =DZzp -----END PGP PUBLIC KEY BLOCK----- From wlkngowl at unix.asb.com Fri Feb 2 07:59:29 1996 From: wlkngowl at unix.asb.com (Mutatis Mutantdis) Date: Fri, 2 Feb 1996 23:59:29 +0800 Subject: Telecom Bill may makes abortion talke illegal on the net... Message-ID: <199602020749.CAA10281@UNiX.asb.com> Thomas Grant Edwards wrote: >Sec. 507 of the Telecom Bill Ammends Section 1462 of title 18 of the U.S. >Code (Chapter 71), in ways which may make sending the following over the >Internet illegal: [..] > o any information telling about how to obtain or make abortions and > drugs, or obtaining or making anything that is for indecent or immoral ^^^^^ > use So the PharmWeb and any discussion of pharamacology would be illegal? Or does that soley apply to abortion drugs? Immoral is a pretty vague word legally... [..] > (a) any obscene, lewd, lascivious, or filthy book, pamphlet, picture, >motion-picture film, paper, letter, writing, print, or other matter of >indecent character; or So much for good foreign films... > (b) any obscene, lewd, lascivious, or filthy phonograph recording, >electrical transcription, or other article or thing capable of producing >sound; or Whoopie cuishins would be illegal. [..] From jamesd at echeque.com Fri Feb 2 08:00:05 1996 From: jamesd at echeque.com (James A. Donald) Date: Sat, 3 Feb 1996 00:00:05 +0800 Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted" Message-ID: <199602020704.XAA14197@shell1.best.com> On Thu, 1 Feb 1996, Declan B. McCullagh wrote: > > Rich, by now I suspect you've seen this joke, but what the hell: > > > > Q: What's a left-wing firing squad? > > > > A: Everyone stands in a circle and shoots at each other At 06:11 PM 2/1/96 -0800, Rich Graves wrote: > I guess this is supposed to be something clever about how the vanguard is > supposed to discard their personal interests for the common good. Actually it refers to the famous factionalism of the left: Similar to the parody in Monty Python's "Life of Brian" --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From sunder at dorsai.dorsai.org Fri Feb 2 08:23:22 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Sat, 3 Feb 1996 00:23:22 +0800 Subject: RC2 Source Code - Legal Warning from RSADSI In-Reply-To: Message-ID: On Fri, 2 Feb 1996, Tony Iannotti wrote: > On Thu, 1 Feb 1996, Rich Salz wrote: > > > At any rate, I'll stop my comparison of the distributed RC2 and the > > licensed RC2 since RSA's done it for us. :) > > What if it's just a ruse by them to ID it as RC2? They could have even > released a bogus version themselves, and then sent up a hue and cry.... There's an easy test.. set up the real RC2 to encrypt data and have this one decrypt it, then reverse the two, use different keys, etc... a few thousand rounds should give a strong indication if this is the true RC2. It doesn't mean that it wasn't rigged to produce weak keys and such, however a closer analysis of the source will point that out. :) ========================================================================== + ^ + | Ray Arachelian |Emptiness is loneliness, and loneliness| _ |> \|/ |sunder at dorsai.org|is cleanliness and cleanliness is god-| \ | <--+-->| |liness and god is empty, just like me,| \| /|\ | Just Say |intoxicated with the maddness, I'm in| <|\ + v + | "No" to the NSA!|love with my sadness. (Pumpkins/Zero)| <| n ===================http://www.dorsai.org/~sunder/========================= From rishab at best.com Fri Feb 2 08:36:08 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Sat, 3 Feb 1996 00:36:08 +0800 Subject: Domain registration In-Reply-To: <199602011939.OAA23286@amsterdam.lcs.mit.edu> Message-ID: <199602021550.HAA23942@shellx.best.com> David, as I wrote earlier, iyou only get fast responses from InterNIC if your application is _perfect_ - you might have used an older form, or misplaced your commas or something. From rishab at best.com Fri Feb 2 08:37:26 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Sat, 3 Feb 1996 00:37:26 +0800 Subject: Domain hijacking, InterNIC loopholes In-Reply-To: <199602011934.OAA23195@amsterdam.lcs.mit.edu> Message-ID: <199602021556.HAA27293@shellx.best.com> David Mazieres wrote: > How can you say there are no routers? The verification process is a > confirmation E-mail message. To intercept this you must compromise a > router, a nameserver, or the host on which the domain administrator > reads mail. Since there often are multiple domain administrators > on different networks, I stand my my statement that it would require > multiple active attacks, etc. The confirmation message is sent to the address requesting an update. This could be anyone. To take a real example, my dxm.org domain was modified by hostmaster at best.com - neither the existing admins, nor root at dxm.org received any confirmation, as the request was sent from another address. The InterNIC does NOT require domain update requests to be sent by admins - that is, in fact, the simplest level of authentication that will be introduced by the InterNIC Guardian Object. Rishab From nobody at REPLAY.COM Fri Feb 2 08:43:06 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 3 Feb 1996 00:43:06 +0800 Subject: Police PR Mendacity Message-ID: <199602021620.RAA05747@utopia.hacktic.nl> Financial Times, 2 Feb 1996 Governments around the world are taking action to police computer networks By Our Foreign Staff The US Congress last night passed legislation that imposes stiff penalties for the distribution of "indecent" material on the Internet, a global web of computer networks that can be reached by an estimated 30m computer users. The action echoes moves by other leading industrial countries to bring the Internet under some form of control. It coincides with a call by French officials for an international law on communications to deal with regulation of electronic publishing on the Net. In Japan, meanwhile, Tokyo police have made what are believed to be the first arrests in a crackdown on the distribution of pornography via computer networks. The rapid growth of the Internet has created widespread concerns about its use to distribute pornography, racial hate messages and other offensive materials. However the vast bulk of material published on the global computer network is commercial or technical in nature. The measures passed in the US Congress, which were attached to a broad Telecommunications Bill, for the first time place legal limits on the types of materials that can be distributed via computer networks. Government intervention is strongly opposed by Internet pioneers, and by many within the computer industry, who believe that rapid growth of the Internet and electronic commerce will be stunted by regulation. Moreover, legal experts say that the regulation of cyberspace raises complex issues about jurisdiction because the Internet carries information across national borders. In France, the issue has been brought to a head by the recent publication, on the Internet, of "Le Grand Secret" (The Big Secret), a book about Francois Mitterrand's battle with cancer written by Dr Claude Gubler, the late president's personal physician, which has been banned by the French courts. Mr Francois Fillon, post and telecoms minister, said in the French Senate yesterday that he was to propose to a March meeting of EU culture and telecoms ministers an international conference to debate a law. He said the government was creating a working group with representatives from the ministries of justice, culture and telecoms, and stressed that his concerns included the problem of dealing with regulation outside national boundaries and the difficulty of pursuing those who abused the system. He also suggested the possibility of introducing ethical codes for Internet operators along the lines of those already in place for the country's Minitel telephone- based information system. In Japan, where use of the Internet is growing rapidly, the legality of publishing pornography on computer networks is about to be tested in the courts following the first arrests for allegedly criminal use of the Internet. Tokyo police announced that they had arrested a 28-year-old businessman, Mr Hiroshi Kamekura, on suspicion of distributing pornographic pictures. He is alleged to have produced the images at home and distributed them on his home page since last month, said police. According to Mr Kamekura, the service was popular and he was asked by other Internet users to produce more provocative pictures. Police also arrested a high school student, accused of distributing pornographic pictures over the Internet since last September. The arrests may raise eyebrows in a country where graphic, frequently sadistic pornography, moderated only by a ban on depictions of pubic hair, is openly sold on book stalls everywhere. A German court has already acted to prevent users in that country from accessing sexually explicit Internet discussion groups. The court forced Compuserve, a US-based online information service, to block access to about 200 of the thousands of "Usenet" groups to be found on the Internet. ----- From rishab at best.com Fri Feb 2 09:14:04 1996 From: rishab at best.com (Rishab Aiyer Ghosh) Date: Sat, 3 Feb 1996 01:14:04 +0800 Subject: No Subject Message-ID: <199602021642.IAA20236@shellx.best.com> India's Department of Telecommunications (DoT) charges a licence fee of $50,000 per _annum_ for BBS operators, and nearly twice as much for e-mail providers. It is preparing to finalise a policy for Internet service providers; as it doesn't understand the distintion between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers (the geek in the garage), it is planning to charge well over $100,000 in annual licence fees. This is totally against the opinions of Telecom Secretary R K Takkar, as expressed to my newsletter, The Indian Techonomist, some months ago. I spoke to Mr Takkar for some time, providing him the "education" that he asked for in my newsletter and that large datacom companies here have been curiously averse to give him. He appreciated my point of view, and invited me to send a proposal for an alternative datacom policy, which I have done (and which is summarised below). I hope to meet him next week to follow this up. As a major part of my call for removing restraints is based on the Internet's treatment by other world governments, I would like letters of support to show this. My proposal may appear tame, but it isn't really. It will allow small ISPs to pay as little as $150 a year in licence fees; reduce the (high) likelihood of cartels between large companies; and entrench electronic free-speech at (some) parity with other media. (Note that the DoT has said that it is "not considering" blocking access to parts of the Net for reasons of morals or security. This despite the local media's loudly proclaimed discovery that the Net is 97.34% paedophile, or whatever.) Highlights 1. Definitions - The category for E-mail providers becomes redundant, leaving international gateway, national network, and "retail" service providers - Content providers have constitutional protection as electronic publishers - BBSes do not require licensing, being content providers 2. Goals - Licence fees not for revenue generation, but to ensure responsibility (unavoidable. Mr Takkar's words) - Licence fees based on telecom infrastructure costs, not revenues (at the moment, a licence is almost like income tax) - Regulation required for free and fair competition (see below) - TRAI should also handle datacom regulation, and datacom consumer complaints (the Telecom Regulatory Authority of India is likely to be very independent of the government, headed by a former Supreme Court judge) 3. Regulation - Equal access to gateway, network and service providers (to prevent denial of service and cartels, very likely here without explicit rules preventing them) - Rationalisation of DoT leased line tariff structure (now, a network costs more than the sum of its parts! too complicated to explain briefly) 4. Licensing - Uniform fee structure for gateway, network and service providers (say 2.5% of leased line costs, which are known as they are provided by the DoT) - Barriers to entry greatly reduced (minimal ISP pays $150 p.a) - However, total licence fee revenue for DoT not significantly reduced (important for success of this proposal; large nationwide network may still pay $100,000+ thanks to its huge leased line requirements) The full text of the proposal will be made publicly available on the Net sometime next week. Those who would like to see it, and a template for a letter of support, should send me mail at dcom-appeal at dxm.org. I would like letters from non-commercial organisations, lobby groups, policy bodies, and so on, but NOT datacom companies (I wouldn't mind _personal_ letters of support from them, but they wouldn't do for the DoT). I would particularly like to see something from Hong Kong, which I have used as a good example of how to do things in Asia. Thanks, Rishab ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From rishab at dxm.org Fri Feb 2 09:32:20 1996 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Sat, 3 Feb 1996 01:32:20 +0800 Subject: Germany, China, but not India? Message-ID: <199602021643.IAA20927@shellx.best.com> Sorry if this post got screwed up the first time. In the context of recent events in Germany and China, it is interesting to note that, despite horrid rumours about high license fees for ISPs, the Indian government is "not considering" blocking portions of the Net for security or moral reasons. The Telecom Secretary appears relatively progressive, and has invited me to send an alternative proposal for datacom policy. I would like letters of support: read on. -Rishab India's Department of Telecommunications (DoT) charges a licence fee of $50,000 per _annum_ for BBS operators, and nearly twice as much for e-mail providers. It is preparing to finalise a policy for Internet service providers; as it doesn't understand the distintion between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers (the geek in the garage), it is planning to charge well over $100,000 in annual licence fees. This is totally against the opinions of Telecom Secretary R K Takkar, as expressed to my newsletter, The Indian Techonomist, some months ago. I spoke to Mr Takkar for some time, providing him the "education" that he asked for in my newsletter and that large datacom companies here have been curiously averse to give him. He appreciated my point of view, and invited me to send a proposal for an alternative datacom policy, which I have done (and which is summarised below). I hope to meet him next week to follow this up. As a major part of my call for removing restraints is based on the Internet's treatment by other world governments, I would like letters of support to show this. My proposal may appear tame, but it isn't really. It will allow small ISPs to pay as little as $150 a year in licence fees; reduce the (high) likelihood of cartels between large companies; and entrench electronic free-speech at (some) parity with other media. (Note that the DoT has said that it is "not considering" blocking access to parts of the Net for reasons of morals or security. This despite the local media's loudly proclaimed discovery that the Net is 97.34% paedophile, or whatever.) Highlights 1. Definitions - The category for E-mail providers becomes redundant, leaving international gateway, national network, and "retail" service providers - Content providers have constitutional protection as electronic publishers - BBSes do not require licensing, being content providers 2. Goals - Licence fees not for revenue generation, but to ensure responsibility (unavoidable. Mr Takkar's words) - Licence fees based on telecom infrastructure costs, not revenues (at the moment, a licence is almost like income tax) - Regulation required for free and fair competition (see below) - TRAI should also handle datacom regulation, and datacom consumer complaints (the Telecom Regulatory Authority of India is likely to be very independent of the government, headed by a former Supreme Court judge) 3. Regulation - Equal access to gateway, network and service providers (to prevent denial of service and cartels, very likely here without explicit rules preventing them) - Rationalisation of DoT leased line tariff structure (now, a network costs more than the sum of its parts! too complicated to explain briefly) 4. Licensing - Uniform fee structure for gateway, network and service providers (say 2.5% of leased line costs, which are known as they are provided by the DoT) - Barriers to entry greatly reduced (minimal ISP pays $150 p.a) - However, total licence fee revenue for DoT not significantly reduced (important for success of this proposal; large nationwide network may still pay $100,000+ thanks to its huge leased line requirements) The full text of the proposal will be made publicly available on the Net sometime next week. Those who would like to see it, and a template for a letter of support, should send me mail at dcom-appeal at dxm.org. I would like letters from non-commercial organisations, lobby groups, policy bodies, and so on, but NOT datacom companies (I wouldn't mind _personal_ letters of support from them, but they wouldn't do for the DoT). I would particularly like to see something from Hong Kong, which I have used as a good example of how to do things in Asia. Thanks, Rishab ---------------------------------------------------------------------- The Indian Techonomist - newsletter on India's information industry http://dxm.org/techonomist/ rishab at dxm.org Editor and publisher: Rishab Aiyer Ghosh rishab at arbornet.org Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA From nobody at REPLAY.COM Fri Feb 2 09:35:41 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 3 Feb 1996 01:35:41 +0800 Subject: Espionage-enabled Greed Message-ID: <199602021657.RAA07766@utopia.hacktic.nl> To follow up the GNN report on Net espionage and NSA sniffing: For a quick overview of the prime sites for sniffing, see the informative map of the major US NAP's, routers and interconnections at: http://www.cerf.net/cerfnet/about/interconnects.html MAE-East, MAE-West, MAE-Chicago and others are detailed at: http://www.mfsdatanet.com:80/MAE/ AltaVista offers more about the Routing Arbiter project - - for examples, www.ra.net; rrdb.ra.net; rrdb.merit.edu; isi.com -- as well as about FIX-East and FIX-West, various NAP's and the international exchanges and routers. Is there technology for eluding these espionage-enabled chokepoints -- tunneling, satellite-richochet or otherwise? The newly announced Planet 1 personal satellite phone system, $2,500 a unit, could it provide secure privacy off the heirarchical telecomm throttle? Or, are all options slowly being shutdown by regulated greed? From tcmay at got.net Fri Feb 2 09:54:32 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 3 Feb 1996 01:54:32 +0800 Subject: Alien factoring breakthroughs Message-ID: At 7:47 AM 2/2/96, anonymous-remailer at shell.portal.com wrote: >From: remallin at dorsai.dorsai.org (Richard Mallinson) >The Grays have renegged on their abduction quota agreement, and are >abducting many more people than before. Most of these are returned, after >being implanted with a device which allows the grays to have total control >over their thoughts and actions. Approximately 40% of Americans now carry >one of these devices, which are impossible to remove without killing the >host. And several of these Gray-implanted abductees were ordered to subscribe to the Cypherpunks list! Known as "Tentacles," they share the same hive mind and report periodically to the mother base in Colorado. I'm sure you all know by now that "RSA" refers to their home star systems: Rigel, Sirius, and Arcturis. --Tim "Spooky" May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From fletch at ain.bls.com Fri Feb 2 09:56:17 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Sat, 3 Feb 1996 01:56:17 +0800 Subject: [NOISE][CONTEST][FACTS] don't help much, do they? In-Reply-To: Message-ID: <9602011536.AA06728@outland> > Ontogeny recapitulates phylogeny, as the saying goes. > [ Mr. May laments the futility of []'d labeling to raise S/N. ] For those that use emacs (and you should :), there's a version of GNUS (the newsreader) that has a neat scoring feature. Unlike a kill file which only gets rid of articles, scoring will automagically assign a negative (i.e. kill it) or positive (i.e. interesting) score to articles. You can manually rate articles or threads, or you can let Gnus use what the author of the package calls "artificial stupidity" to assign points based on whether or not you read a particular message. I've been using it on news for a couple of days now and it's starting to pickup some of my reading habits. It will also work on mail files (now if I can only get MH installed where my mail feed comes in I'll be set :). It also can access shared global score files using anon-ftp, so if someone want's to start a CP scoring service . . . . If you're interested check out: http://www.ifi.uio.no/~larsi/ --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From baldwin at RSA.COM Fri Feb 2 09:58:30 1996 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Sat, 3 Feb 1996 01:58:30 +0800 Subject: Technical comments on RC2 from John Kelsey Message-ID: <9601028232.AA823281610@snail.rsa.com> Here are some interesting technical comments on RC2 from sci.crypt. If you already read sci.crypt, delete this now and accept my apologies for wasting your time. --Bob ______________________________ Forward Header __________________________________ From: John Kelsey Newsgroups: sci.crypt Subject: Re: RC2 source code Date: Tue, 30 Jan 96 10:20:43 -0500 Organization: Delphi (info at delphi.com email, 800-695-4005 voice) -----BEGIN PGP SIGNED MESSAGE----- [ To: sci.crypt ## Date: 01/29/96 09:18 pm ## Subject: RC2 source code ] >From: anon-remailer at utopia.hacktic.nl (Anonymous) >Newsgroups: sci.crypt >Subject: RC2 source code >Date: 29 Jan 1996 06:38:04 +0100 This was interesting. Is this another "S1," or another "alleged-RC4?" The whole thing looks pretty believeable, i.e., it doesn't have any obviously dumb parts that I can see. Note that alleged RC2's block encryption function looks an awful lot like one round of MD5 performed on 16-bit sub-blocks, using the bitwise selection function as the nonlinear function, and a key-derived constant table. Additionally, in rounds four and eleven, there are four lookups into the expanded key array. The encryption function could be rewritten as for(i=0;i<16;i++){ a = rotl(a + bsel(d,c,b) + *sk++, 1); b = rotl(b + bsel(a,d,c) + *sk++, 2); c = rotl(c + bsel(d,c,b) + *sk++, 3); d = rolt(d + bsel(c,b,a) + *sk++, 5); if((i==4)||(i==11)){ a += xk[d&0x3f]; b += xk[a&0x3f]; c += xk[b&0x3f]; d += xk[c&0x3f]; } } If this is accurate, it may give us some insight into Rivest's development of MD4 and MD5, which were radically different than MD2. What are the dates on this? Did Rivest do MD4 or RC2 first? This may be the first block cipher in the commercial/academic world to use a UFN structure. One interesting part of this is the use of the subkey array as an S-box twice during the encryption process. I'm curious as to why this would be used only twice, rather than each round, i.e. a += bsel(b,c,d) + *sk++ + s[d&0x3f]; Sticking a very different internal transformation in may have been an attempt to make iterative (i.e., differential) attacks harder, since there's no longer a single round function through which you can pass differential characteristics. This depends upon when RC2 was developed and released. Note that the claim that "RC2 is not an iterative block cipher" seems to be based on the fact that it has two instances where a different round function is thrown in. (Essentially, it's actually an 18-round cipher with two different round functions, one of which is used only twice.) This other round function isn't very impressive, since it uses only six bits of the source block to affect the target block. A one-bit change in a randomly-distributed input block looks look like it will propogate pretty quickly: There's a roughly 0.5 probability that it doesn't make it through the bsel function. If it does, then there's about a 0.5 probability that it will cause a change in the carry bit. This happens four times per "round," so a one-bit change should have about a 2^{-8} chance to make it through one round as a one-bit change, and so about a 2^{-128} chance to make it through all sixteen rounds, assuming no impact from either of the two S-box lookups. Does this look right, or am I missing something? (This is a first approximation--if our bit is in the high-order position anywhere, then it *can't* cause a carry bit, but there's no obvious way to keep it there for long.) By choosing the input block, I can ensure that one-bit XOR difference makes it through the first step or two, but that doesn't do too much for an actual attack. Other XOR differences can help with the first round or so, but stop being helpful afterward. It generally looks hard to prevent diffusion by choosing other values, at least using XOR differences, because each subblock is rotated a different amount in each round. (The bits don't keep lining up.) We can also try to do a differential attack based on subtraction modulo 2^16, based partially on Tom Berson's attempt to differentially attack MD5 using subtraction modulo 2^32. This gets complicated because of the rotations and the bit selection operations, but it ought to be tried if it hasn't already. The key scheduling is also interesting, and somewhat reminiscent of MD2's internal operations. Each expanded key byte after the first N (where N is the number of bytes in the user's key) is determined by two bytes--the previous expanded key byte, and the expanded key byte N positions back. This means that we probably don't get ideal mixing of the key bytes in the early expanded key bytes, but it isn't clear to me that there will be a lot of problems with reasonable key lengths. (Note that a reasonable key length would be 128 bits=16 bytes, and that it should come from the output of a good one-way hash function.) I wouldn't recommend using the key schedule to hash passphrases, since long passphrases would leave us with many very low-entropy subkey values. In general, I think that really large user keys will leave us vulnerable to a variety of related-key attacks and other nasty stuff. I'm a little curious as to the purpose of phase 2 of the key schedule, but since it's only used when a watered-down version of the algorithm is wanted (right?), I haven't spent much time looking at it. Does alleged RC2's key schedule use the same permutation table as MD2 does? For small systems, this might have been a reasonably nice space savings. (On the other hand, if you have a hash function available at the same time, it makes sense to go ahead and use it in your key schedule, which isn't done here.) The algorithm looks like it will have reasonable performance on 16-bit machines like the 8086, which was almost certainly one of the requirements for the algorithm, given the times it was used. Comments? --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMQ43Q0Hx57Ag8goBAQG0LQQAiohrNSPvKzSIJjMeWjrK/r7HZOWp0Mhg zcq60rIyPMpsDnxuk7VlLrU2XBy0Aff4QpO8jORS3VFKtaLH5XJehc7WTZF+1En1 ux4prro+Gpvn99HToTqKa6igxlEGYShskoF/aBIkszZAg6m/P92BPyZ/PW3tnMtp MoMcdNGcO0I= =ttGl -----END PGP SIGNATURE----- From tcmay at got.net Fri Feb 2 10:11:54 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 3 Feb 1996 02:11:54 +0800 Subject: End-to-End Encryption Message-ID: At 4:57 PM 2/2/96, Anonymous wrote: >Is there technology for eluding these espionage-enabled >chokepoints -- tunneling, satellite-richochet or >otherwise? End-to-end encryption. So long as users can do end-to-end encryption, at various levels (that is, end users use things like PGP, other levels use things like SWIPE or PipeNet, etc.), what surveillance organizations do to monitor channels is not so critical. And remailers and proxies make traffic analysis less possible. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From djr at saa-cons.co.uk Fri Feb 2 10:20:47 1996 From: djr at saa-cons.co.uk (Dave Roberts) Date: Sat, 3 Feb 1996 02:20:47 +0800 Subject: Psion organisers Message-ID: I was wondering about a couple of things regarding the Psion Series 3a personal organisers. (According to the manual, you have them in the USA as well! :) Firstly, anyone know what kind of encryption is done on documents and spreadsheets held on it's internal disk? It only allows a 10 character password, and claims to encrypt the whole file. Secondly, I presume that as the encryption software is apparently embedded into the system (ie cannot be extracted), I won't get arrested when I wander through US customs next time. TIA - Dave. Dave Roberts | "Surfing the Internet" is a sad term for sad people. Unix Systems Admin | Get a board, find a beach, surf some REAL waves and SAA Consultants Ltd | get a *real* life. Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=- From paul at icx.com Fri Feb 2 10:20:59 1996 From: paul at icx.com (Paul Kanz) Date: Sat, 3 Feb 1996 02:20:59 +0800 Subject: Charter of PDX Cpunk meetings In-Reply-To: Message-ID: Now, hold on here. I was at the meeting and I don't know what you are referring to as "highly unethical behavior", could you expand this for myself and others. As for "FOR: I've received commentary which suggests that they believe that key-signing somehow vouches for the HONESTY of the person involved; not his IDENTITY." Unless I'm in the minority, the key-signing process IS NOT a test to determine if the person is a 'honest' person, but to ensure that the keys where valid and that someone did not make a mistake somewhere. Keep in mind that the meeting was a mixer, not a board of directors meeting - take a chill pill. -Paul On Fri, 2 Feb 1996, jim bell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > At 10:52 PM 2/1/96 -0800, Alan Olsen wrote: > > > > >I requested that this debate be taken to private e-mail. Since you seem to > >not want to do that, and since you insist of making false and unrealistic > >claims, > > Which "false and unrealistic claims"? > > > I am removing your name from the subscription list for > >pdx-cypherpunks. > > This isn't a DEBATE. It is a WARNING to all other potential suckers in the > Portland Oregon area that Alan Olsen engaged in highly unethical behavior > with regards to the recent cypherpunks meeting, flamed me without > justification in the national list, failed to respond to security inquiries, > failed to deny issues and matters of truth, and failed to properly deal with > a situation that he had a responsibility to handle ethically. Not to > mention lying in the comment above. > > I am going to take this to the national list, because you took it there > first in your original flame: I am going to point out that you flamed me > for no good reason; you engaged in a "knee-jerk" "debunking" without even > knowing what you were ostensibly "debunking," that you failed to respond to > my polite request for clarification; that you've attempted to pretend that I > was somehow at fault for noticing your transgressions; that your local > clique is pre-programmed to defend you in the face of your transgressions. > I notice that some of them don't even know what a key-signing meeting is > FOR: I've received commentary which suggests that they believe that > key-signing somehow vouches for the HONESTY of the person involved; not his > IDENTITY. > > Until you start responding substantively to legitimate complaints, that is > all you deserve. The public needs to be warned about people like you. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMRHIE/qHVDBboB2dAQHHMAQAkTFZaMMF6asl79yU8RSkd5O0zYElg9so > syuonRR1UnrzTGlQ2cT/8GPZhuV/IIBSiroxu7EwCX6ASR6BTRUGVdTWbN3l27Vi > M6FRiduXpBvzpIzQ7XOzwcvPv0D/bLXwXPGHzmUzqsk3chWpsskKw1PKZun7wCKL > fG2MVim+Vqk= > =Di2Q > -----END PGP SIGNATURE----- > > ______________________________________________________________________________ Paul Kanz System Administrator Interconnectix, Inc. 10220 SW Nimbus Ave, Building K4 Portland, OR 97223 Email: paul at icx.com Phone: 503.684.6641 Fax: 503.639.3469 ______________________________________________________________________________ From tcmay at got.net Fri Feb 2 10:37:14 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 3 Feb 1996 02:37:14 +0800 Subject: Anonymity -> Untraceability -> High Latency? Message-ID: At 9:19 AM 2/2/96, Nelson Minar wrote: >I've been trying out various mechanisms for anonymity: remailer >chains, HTTP proxies. There's one problem that makes them inconvenient >to use regularly: latency. "Latency" is not necessary for mix security. What is important is the number of messages mixed together in the mix. If it is desired that N = 10 and only 10 messages are entering the mix per hour, then, on average, the mix must wait an hour. E.g., "latency = one hour." If however, 100 messages are entering the mix per hour, then "latency = 6 minutes." >A good Type I remailer chain takes at least an hour to deliver email, >instead of the 15 seconds I'm used to. Mixmaster-style takes even >longer; the delay is important to the security of the system. None of these points is necessarily true. --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From baldwin at RSA.COM Fri Feb 2 10:52:35 1996 From: baldwin at RSA.COM (baldwin (Robert W. Baldwin)) Date: Sat, 3 Feb 1996 02:52:35 +0800 Subject: RC2 technical questions Message-ID: <9601028232.AA823283956@snail.rsa.com> In a shameless attempt to move the discussion of RC2 into a more technical arena, here are some interesting questions to explore about RC2. --Bob Key expansion - How can you tell whether the permutation is based on some sequence of digits from PI? - What are the diffusion and avalanche properties of this permutation? - What are the linear characteristics of this permutation? - What are the properties of the compression function that maps 16 bits (bytes X and Y) to 8 bits (byte Z) via Z = P[X + Y]? - How does the length of the key influence the mixing of bits during each pass of the expansion algorithm? - Is this a non-linear feedback shift register over the field GF(256)? - If the first pass of expansion is viewed as a hash function that produces 40 or 128 bits out, what are its properties? Round Functions - What are the diffusion and avalanche properties of the two round functions? - What are the linear approximations and how good are they? - What characteristics can be preserved by the round function that performs rotations? - With what probability? - Does the amount of rotation influence the security? - What characteristics can be preserved by the round function that performs the data dependent selection of the expanded key? - With what probability? - Are there any "weak" keys? - Will the expansion algorithm produce them? From tedwards at access.digex.net Fri Feb 2 11:20:29 1996 From: tedwards at access.digex.net (tedwards at access.digex.net) Date: Sat, 3 Feb 1996 03:20:29 +0800 Subject: Voice On the Net Digest V2 #44 In-Reply-To: <199602021245.HAA10963@enterprise.pulver.com> Message-ID: > From: "Shane D. Mattaway" > Date: Thu, 1 Feb 1996 07:12:32 -0500 > Subject: [VON]: WebPhone Beta 6 Release > AUDIO ENCRYPTION > All audio transmissions are encrypted to provide secure conversations > without any performance overhead. Encryption is accomplished using a > proprietary algorithm. If the encryption is secure, there is no need to have "security through obscurity." I rather doubt that the makers of WebPhone have invented a proprietary encryption method that actually provides a high level of security. Most truly secure encryption methods (DES, RSA, IDEA) are presented for peer review for years before the academic and cryptographic communities deem them to be reasonably secure. It is easy to claim you have a secure encryption algorithm - but most such algorithms turn out later to have serious security holes. Only some manage to hold up to their security claims under close academic analysis. PGPfone's encryption methods are available for public inspection, and are generally accepted by the cryptographic community to be secure. -Thomas Edwards From perry at piermont.com Fri Feb 2 11:26:49 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 3 Feb 1996 03:26:49 +0800 Subject: Denning's misleading statements In-Reply-To: Message-ID: <199602021832.NAA12047@jekyll.piermont.com> "James M. Cobb" writes: > A few days ago I bought Markoff and Shimomura's Takedown. I've > read the first three chapters. > > In my opinion: > > (1) the book is an important part of that well orchestrated > Psy Ops campaign > > (2) the book's designed from the word go to play that part. (3) You have been taking lots of really good drugs recently, but haven't quite come down yet. .pm From frissell at panix.com Fri Feb 2 11:49:30 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 3 Feb 1996 03:49:30 +0800 Subject: Declan appearing on "Europe's Most Wanted" Message-ID: <2.2.32.19960201111816.009b2ee4@panix.com> At 01:26 AM 2/1/96 -0800, Timothy C. May wrote: >The situation with Declan, Sameer, Duncan, and others, is even less clear. >Things are moving much faster now that the Net is the means of >distribution. I was of course half-joking about Declan visiting Europe, but >surely France could decide to throw the book at him, and any EU country he >entered (such as Ireland, judging from his name) could hold him at their >entry point and ship him off to France to "set an example." The "modal time served" in Europe for cypherpunks activities is/will be so low as to be indistinguishable from zero. If only that was my greatest legal risk. Continental legal systems believe in prior restraint so they make a lot of noise but they are pretty weak in the punishment department. DCF From sunder at dorsai.dorsai.org Fri Feb 2 12:04:57 1996 From: sunder at dorsai.dorsai.org (Ray Arachelian) Date: Sat, 3 Feb 1996 04:04:57 +0800 Subject: your mail In-Reply-To: <199602010110.RAA21647@infinity.c2.org> Message-ID: re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no such file... ========================================================================== + ^ + | Ray Arachelian |Emptiness is loneliness, and loneliness| _ |> \|/ |sunder at dorsai.org|is cleanliness and cleanliness is god-| \ | <--+-->| |liness and god is empty, just like me,| \| /|\ | Just Say |intoxicated with the maddness, I'm in| <|\ + v + | "No" to the NSA!|love with my sadness. (Pumpkins/Zero)| <| n ===================http://www.dorsai.org/~sunder/========================= From sandfort at crl.com Fri Feb 2 12:25:56 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 3 Feb 1996 04:25:56 +0800 Subject: FEBRUARY MEETING Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, The February Bay Area Cypherpunks meeting will start at noon in downtown San Francisco. The address and directions are: The meeting will be on the fourth floor of 388 Market St. The building is bounded by Market, Pine and Front (Front is the north-of-Market extension of Fremont St.) There are numerous parking garages in the area. You will have to sign in at the security desk in the lobby. You need to indicate that you are going to "Simple Access" on the 4th floor. After you get off the elevator there will be signs directing you to the conference room. 388 is above the Embarcadero BART and Muni Metro station. Other public transit links exist from the Transbay Terminal and the Caltrain Depot. If you have any questions about how to get to the meeting, let me know. If you are driving: >From the Peninsula: 1. Take 101 north to 80. 2. Take 80 east to the 4th Street exit. 3. Take Bryant east (north-east, actually) to Fremont. 4. Turn left on Fremont and drive to Market. 5. You are there, but now you need to find a place to park. 6. (You should have taken public transit!) >From the East Bay: 1. Take 80 west to the Fremont exit. Follow directions 4 thru 6, above. S a n d y P.S. About 50 people have already RSVPed my party invitation. If you have not told me if you will attending my party, please do so. I need to know how much stuff to get. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From llurch at networking.stanford.edu Fri Feb 2 12:28:36 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 3 Feb 1996 04:28:36 +0800 Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...] In-Reply-To: <199602021350.GAA03188@nag.cs.colorado.edu> Message-ID: On Fri, 2 Feb 1996, Bryce wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > An entity calling itself "Declan B. McCullagh" > is alleged to have written: > > > > Now, this guy copied that file from my web site. Fine -- it was up for > > FTP. But editing my comments to *support* Neo-Nazis and leaving my name > > is just fucking too much. I've sent him polite mail requesting a change. > > We'll see what happens. > > Polite? You show more restraint than most of us would > I suspect. Actually it is probably a good tactic for the > first encounter. Certainly a lot more polite than I am... > > Cypherpunk relevance? Authentication for web pages. There's no reason > > for a reasonable person to believe, at first glance, that I was *not* > > the author. > > It is possible to PGP-clearsign web pages using comments. > PGP's insertion of "- " before any line beginning with "-" > might cause a problem, but you'll just have to be a little > more careful. What's wrong with a prominent PGP-signed notice in 

's that "This
page, at URL [whatever], has a separate PGP signature at [other URL]." 
I've did that with the windows networking FAQ a few times until it just 
got to be too much trouble.

-rich





From jf_avon at citenet.net  Fri Feb  2 12:28:59 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 3 Feb 1996 04:28:59 +0800
Subject: Active processes monitoring?
Message-ID: <9602021919.AA08293@cti02.citenet.net>


on feb 2 96, sunder at dorsai.org replied to me:

>On Thu, 1 Feb 1996, Jean-Francois Avon wrote:
>
>> Hi!
>> 
>> I'm running on a first generation 486 ISA 4meg ram Win 3.11
>> I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11
>> How can I detect if another process is running on my system?
>> I use MEM /c in a dos window.  But is that sufficient?
>> Can a hidden process detect MEM loading and hide itself somehow?

>Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
>DOS box runs in its own space, MEM /C cannot see what processes are 
>running in Windoze.

AFAIK, when I do mem /c in a dos windows, under W3.11wg, it seems to report
all processes that I expect that would be running in the machine.

It reports win something processes,
it reports realdeal, cd-rom drivers and everything (I think...)

Can anybody Wizzard-type can reply on this one?

Or RTFM us with the proper references...

Thanks and Regards

JFA






From fair at clock.org  Fri Feb  2 12:35:21 1996
From: fair at clock.org (Erik E. Fair (Time Keeper))
Date: Sat, 3 Feb 1996 04:35:21 +0800
Subject: Espionage-enabled Greed
Message-ID: 


This scenario has one problem: the providers have determined that large
public peering points like the CIX, NAPs, MAEs, and FIXs do not scale well,
and that for the continued health and growth of the Internet, there are
going to have to be more small, private interconnects between providers.

Put another way: if the equipment you're working with has certain limits
(let's say 100Mb/s FDDI or 45Mb/s T3/DS3 interfaces), it's better to have
more interconnects with fewer peers at each interconnect point when your
traffic potentially or actually will exceed those interface limits in
aggregate. This is being driven by the incredible growth of the Internet,
and by the fact that the customers can (and do) buy the same size pipes
into the providers that the providers themselves use for their backbones -
i.e. any such customer can potentially fill your backbone around the
section of your backbone where he connects to you. Ooops.

If you want to have fewer, large interconnects, which, incidentally, you
can monitor all the traffic passing through, you've gotta have monstrous
point-to-point bit pipes and/or LANs, and the Router/Switch From Hell to
make the traffic move. There are people trying to build such things - it's
called Asynchronous Transfer Mode (ATM), but it doesn't really work in
practice yet at high enough speeds - best you can get at the moment is OC3
(155Mb/s), which is only a trifle faster than FDDI, and the stuff is more
expensive than conventional LAN/WAN technology, so it's only being used in
small areas to prove the technology (with the hope that it really does
scale as promised, and gets cheaper). There are working examples of a fast
LAN switch in use at the public peering points: the DEC GIGAswitch (3.2Gb/s
aggregate - 16 100Mb/s FDDI ports).

Of course, you also have to build a pretty fast computer to suck down all
this traffic and analyze it, too. And we all have the ultimate laugh on
would-be eavesdroppers: IP security (read: end-to-end encryption of the
data payload of IP packets on a per peer basis), drafts for which are in
implementation phase as of the Stockholm IETF meeting (July 1995). This
leaves 'em with just traffic analysis to use on us.

Erik Fair







From sunder at dorsai.dorsai.org  Fri Feb  2 12:37:40 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Sat, 3 Feb 1996 04:37:40 +0800
Subject: Active processes monitoring?
In-Reply-To: <9602010555.AA19695@cti02.citenet.net>
Message-ID: 


On Thu, 1 Feb 1996, Jean-Francois Avon wrote:

> Hi!
> 
> I'm running on a first generation 486 ISA 4meg ram Win 3.11
> I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11
> How can I detect if another process is running on my system?
> I use MEM /c in a dos window.  But is that sufficient?
> Can a hidden process detect MEM loading and hide itself somehow?
> 
> Are there others applications like MEM that are not as universal?
> (here, I guess that such stealth behaviour have to rely on identifying the
> program being loaded, thus, a less common program has less chance of 
> being fooled)

Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
DOS box runs in its own space, MEM /C cannot see what processes are 
running in Windoze.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================






From wilcoxb at nagina.cs.colorado.edu  Fri Feb  2 12:38:48 1996
From: wilcoxb at nagina.cs.colorado.edu (Bryce)
Date: Sat, 3 Feb 1996 04:38:48 +0800
Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: 
Message-ID: <199602021955.MAA01950@nagina.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

> What's wrong with a prominent PGP-signed notice in 
's that "This
> page, at URL [whatever], has a separate PGP signature at [other URL]." 
> I've did that with the windows networking FAQ a few times until it just 
> got to be too much trouble.


That's a good idea, but I don't see any reason to sign the 
notice.  Just put a "PGP signed" logo at the bottom of the
page.  If the user clicks on it then it hrefs to a .asc
file (or is it better to have a .html file is the
signature in 
...) which contains the detached sig for
the original page.


This would also have the bonus effect of making PGP more
visible to the web-browsing public.  I'll work on this
during my.. err.. "spare time".


Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRJsP/WZSllhfG25AQEimAP+O1SJBflS+rOQZ5K9bNwJYxuzhBBgRjvR
qePJn1d+uQvBs1sHgoofu7R8DbcHX1BEyCc2YUBC0i+fSu0sR3+nYawdcj6Wem9L
WEDmspbp2TMj35v8AtUinKNqfZqfG6S9Hsb7DColCxpuvvkFTdFGNJBkqgEFHS46
gANShEspa/4=
=54jP
-----END PGP SIGNATURE-----





From adam at lighthouse.homeport.org  Fri Feb  2 12:45:39 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sat, 3 Feb 1996 04:45:39 +0800
Subject: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <9601018232.AA823213189@snail.rsa.com>
Message-ID: <199602012351.SAA16150@homeport.org>


baldwin wrote:

|         RSA Data Security considers misappropriation of its
| intellectual property to be most serious.  Not only is this
| act a violation of law, but its publication is yet another
| abuse of the Internet.  RSA has begun an investigation and
| will proceed with appropriate action against anyone found to
| have violated its intellectual property rights.

	Out of curiosity, did your similar investigation of RC4 ever
lead anywhere?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From alano at teleport.com  Fri Feb  2 12:55:23 1996
From: alano at teleport.com (Alan)
Date: Sat, 3 Feb 1996 04:55:23 +0800
Subject: Your mail
Message-ID: <199602022009.MAA08670@desiree.teleport.com>




>re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no 
>such file...

To make matters worse, the code on the site was poorly written so that web wacker choked when I tried to download the site.

I guess the Grays captured the site.






From Bill.Humphries at msn.fullfeed.com  Fri Feb  2 13:02:50 1996
From: Bill.Humphries at msn.fullfeed.com (Bill Humphries)
Date: Sat, 3 Feb 1996 05:02:50 +0800
Subject: CDA as a tool (was: Re: Helping the Crypto-Clueless)
Message-ID: 


banjo, lord of the c monkeys (is that a 1,000 monkeys trying for RSA code,
12 monkeys trying for a screenplay to a Terry Gilliam film?) wrote:

>I agree:  and in addition to that [stuff deleted above], I'd like to say
>that >contrary to the beliefs of some people on this list, I don't think
>the CDA is
>representative of a legislative body's spiteful action against general
>free speech and information; it's far to simple a motivation for
>computer-illiterate, re-election minded professional politicians.

The legislators may not have known or understood what they voted for,
however, the fact of the matter remains is there were a host of groups
(primarily the Christian Coalition) who know what the Internet can do to
prevent them from dominating public discourse and dictating policy to the
GOP. They used the congress and a press-release driven news media to get
their way.


bill.humphries at msn.fullfeed.com
(not affiliated with the Microsoft Network)
@$#! Henry Hyde, #!*% James Exon, !@$! Ralph Reed







From rah at shipwright.com  Fri Feb  2 13:05:51 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 05:05:51 +0800
Subject: Futplex makes the news!
Message-ID: 


I just heard on WBUR (NPR) here in Boston that our own L. (I know his real
first name now...) "Futplex" McCarthy was busted by the UMASS diginarks for
putting "Nazi material" on the internet. This must be one of those
Nazi-mirrors I've been skipping articles over...

They were pretty hysterical, NPR. Maybe we should call him "FUDplex" in
honor of his newfound notariety...

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/







From llurch at networking.stanford.edu  Fri Feb  2 13:27:07 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 05:27:07 +0800
Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <199602021955.MAA01950@nagina.cs.colorado.edu>
Message-ID: 


On Fri, 2 Feb 1996, Bryce wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > What's wrong with a prominent PGP-signed notice in 
's that "This
> > page, at URL [whatever], has a separate PGP signature at [other URL]." 
> > I've did that with the windows networking FAQ a few times until it just 
> > got to be too much trouble.
> 
> That's a good idea, but I don't see any reason to sign the 
> notice.

For the paranoid, it would be an added assurance that they are reading the
original file at the original location. Otherwise, anybody could copy the
Web page, modify it, and give it someone else's PGP signature. 

But yeah, it would look awfully silly, especially to the non-PGP-aware
public. An unobstrusive PGP logo (below) would be great, and might become
a status symbol, like those cheesy HTML validation service and Internet
Audit Bureau logos (which I have used on a few pages). 

> Just put a "PGP signed" logo at the bottom of the
> page.  If the user clicks on it then it hrefs to a .asc
> file (or is it better to have a .html file is the
> signature in 
...) which contains the detached sig for
> the original page.
> 
> This would also have the bonus effect of making PGP more
> visible to the web-browsing public.  I'll work on this
> during my.. err.. "spare time".

Yeah, I like the idea of a standardized logo. A lot.

-rich





From tony at secapl.com  Fri Feb  2 13:30:37 1996
From: tony at secapl.com (Tony Iannotti)
Date: Sat, 3 Feb 1996 05:30:37 +0800
Subject: Active processes monitoring?
In-Reply-To: <9602021919.AA08293@cti02.citenet.net>
Message-ID: 


On Fri, 2 Feb 1996, Jean-Francois Avon wrote:

> AFAIK, when I do mem /c in a dos windows, under W3.11wg, it seems to report
> all processes that I expect that would be running in the machine.
> 
> It reports win something processes,
> it reports realdeal, cd-rom drivers and everything (I think...)

No wizard I, but I think that it is showing you all programs (TSRs, drivers,
etc) loaded _before_ Windows. I do not see it showing programs loaded in
other Dos windows. (Edit, XyWrite, dBase, MSD, etc.)






From brianh at u163.wi.vp.com  Fri Feb  2 13:34:36 1996
From: brianh at u163.wi.vp.com (Brian Hills)
Date: Sat, 3 Feb 1996 05:34:36 +0800
Subject: http://www.xcitement.com/virus/
Message-ID: 


It was up yesterday. I was there. and does have alot of info.
> 
> re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no 
> such file...
> 
> ==========================================================================
>  + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
>   \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
> <--+-->|                 |liness and god is empty,  just like me,|   \|
>   /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
>  + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
> ===================http://www.dorsai.org/~sunder/=========================
> 
> 


-- 
UNTIL WE MEET AGAIN :-)







From wlkngowl at unix.asb.com  Fri Feb  2 13:40:57 1996
From: wlkngowl at unix.asb.com (Mutatis Mutantdis)
Date: Sat, 3 Feb 1996 05:40:57 +0800
Subject: RC2 technical questions
Message-ID: <199602022058.PAA21068@UNiX.asb.com>


On Fri, 02 Feb 96 10:02:37 PST, "baldwin at RSA.COM" wrote:

>        In a shameless attempt to move the discussion of RC2 into
>a more technical arena, here are some interesting questions to
>explore about RC2.
>                --Bob

Odd. You're from RSA.COM... It would seem that you're better able to
find these things out than the rest of us.

Make that Alleged RC2, BTW. ;)

I'm rather curious about implementing known plaintext attacks.  The
reliance on addition and anding doesn't make me feel too confident.

For example, the ciphertext produced by the input of all zeros
(plaintext) is basically the added/anded (with rolls) skey bytes.

With a bit of probabilistic analysis one could work at determining the
skey[] bytes.  Weaknesses in the key expansion may help this
further...

Rob.







From rmartin at aw.sgi.com  Fri Feb  2 13:55:43 1996
From: rmartin at aw.sgi.com (Richard Martin)
Date: Sat, 3 Feb 1996 05:55:43 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: <9602021547.ZM22167@glacius.alias.com>


-----BEGIN PGP SIGNED MESSAGE-----

http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

Is an AP report on the at-home censorship.

richard

- --
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRJ4AR1gtCYLvIJ1AQFIrgQAnYnAAG0b+PU5IGUxBYI6ufcNzaaR4y5v
bsd7FS1uUSnATWuEXPEPgx1rtRRLgzIID5JoDMK9tcOAjIVts0OdJMMVE+ZVux4E
b+FijVRRaoelyOgbyPHUzr1E2e2oEhbNV8fKfAiaivaKR32FXDHxIJnHghRYlLDZ
M0keLCHcMTc=
=YCtp
-----END PGP SIGNATURE-----






From jrochkin at cs.oberlin.edu  Fri Feb  2 14:18:26 1996
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 06:18:26 +0800
Subject: cypherpunks press
Message-ID: 


The 29 January New Yorker has an article "Hackworm" that discusses the
Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
and John Gilmore specifically, discussion of crypto politics, while not
entirely toe-ing the cypherpunks party line, an enhearteningly informed and
rational treatement.

[An altavista search reveals the New Yorker is at
http://www.enews.com/magazines/new_yorker/, but they don't seem to put the
entire issue online, and parts of the 15 January issue is what you get when
you click on "current issue"]







From Jeremym at area1s220.residence.gatech.edu  Fri Feb  2 14:26:29 1996
From: Jeremym at area1s220.residence.gatech.edu (Jeremy Mineweaser)
Date: Sat, 3 Feb 1996 06:26:29 +0800
Subject: Active processes monitoring?
Message-ID: <2.2.32.19960202210108.00ec2df4@area1s220.residence.gatech.edu>


At 01:59 PM 2/2/96 -0500, you wrote:
>
>> Are there others applications like MEM that are not as universal?
>> (here, I guess that such stealth behaviour have to rely on identifying the
>> program being loaded, thus, a less common program has less chance of 
>> being fooled)
>
>Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
>DOS box runs in its own space, MEM /C cannot see what processes are 
>running in Windoze.

There are a number of process viewing applications available for Win95/NT.
I use two of them: one is called pstat.exe and the other is ps.exe.  Both of
them
show most of the visible processes running.  ps does not show running services,
but pstat does.  Both of them are available at

ftp://csa.gt.ed.net


Jeremy
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser at ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-






From rah at shipwright.com  Fri Feb  2 14:32:13 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 06:32:13 +0800
Subject: Futplex makes the news!
Message-ID: 


>I just heard on WBUR (NPR) here in Boston that our own L. (I know his real
>first name now...) "Futplex" McCarthy was busted by the UMASS diginarks for
>putting "Nazi material" on the internet. This must be one of those
>Nazi-mirrors I've been skipping articles over...

So, the "expanded version" of the story says that it was a nazi-mirror, and
FUDless verbage why Futplex did it, and that UMASS Amherst said they didn't
want "Political messages" on their web-server, so they booted Futplex.

LOL! The most Politically Correct university in the universe doesn't want
"Political messages" on their web server!

The ganglia twitch...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/







From mpd at netcom.com  Fri Feb  2 14:32:23 1996
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 3 Feb 1996 06:32:23 +0800
Subject: Futplex makes the news!
Message-ID: <199602022119.NAA29620@ix6.ix.netcom.com>


rah at shipwright.com (Robert Hettinga) wrote:

 > I just heard on WBUR (NPR) here in Boston that our own L. (I 
 > know his real first name now...) "Futplex" McCarthy was busted
 > by the UMASS diginarks for putting "Nazi material" on the 
 > internet. This must be one of those Nazi-mirrors I've been 
 > skipping articles over...

Horrors.  

We seem to be discovering more and more side effects from the 
defense of free speech for the unpopular.  The Holocausta Nostra
is cheering wildly at the opportunity to present the works of
Mr. Zundel under a banner reading "Nazi Scum".  Zundelsites are
being set up by people whose views are so disgusting they probably
offend even Mr. Zundel himself.  And now our very own "Futplex" 
will have to live the rest of his life branded as a electronic
distributor of "hate literature" by the forces of political
correctness at UMASS.  

It may be time to regroup and take inventory of what we are 
suposedly trying to accomplish here. 

--
X-Signature: Mike Duvos
X-Signature-File: c:\netcom\mail.sig


On a completely different note, which I am appending so as to waste
as little bandwidth as possible, Cypherpunks messages to my netcom
account stopped dead two days ago, and I am getting no response from
either majordomo at toad.com or cypherpunks-owner at toad.com.  

I am currently reading the list quite nicely on 

        news://news.hks.net/hks.lists.cypherpunks

using Netscape so it really isn't a big deal, but I was just curious
if there was a routing problem or some other Net glitch.

Please EMAIL any replies. 







From sandfort at crl.com  Fri Feb  2 14:40:16 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 3 Feb 1996 06:40:16 +0800
Subject: FEBRUARY MEETING
In-Reply-To: <311274f5.248877750@mailhost.primenet.com>
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Gary Edstrom pointed out to me that I forgot a minor detail about
the upcoming meeting and party--the date.  

They will be on Saturday 10 February.

Sorry about that.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From lmccarth at cs.umass.edu  Fri Feb  2 14:57:15 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sat, 3 Feb 1996 06:57:15 +0800
Subject: [NOISE] Futplex makes the news!
In-Reply-To: 
Message-ID: <199602022124.QAA03337@thor.cs.umass.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Bob Hettinga writes:
> So, the "expanded version" of the story says that it was a nazi-mirror, and
> FUDless verbage why Futplex did it, and that UMASS Amherst said they didn't
> want "Political messages" on their web-server, so they booted Futplex.

Just to be clear, I haven't been expelled or suspended from the school, and
I have not been notified of any kind of pending disciplinary action against
me. The pages are indeed gone, however.

Lewis "Futplex" McCarthy, checking in from Rumor Control Central

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRKA3Gf7YYibNzjpAQHiqQQAy//2FTjwOuJ9OT8Dpo9dH69GfbSmPadA
1WpFjFG6m05R0aAF5NFCKkmLRGXM4/pj2ZOSqB4ghfaBnd5GSviNWlWajOYFUYuk
q//INed6U1c7Es3SCNEJN0QeY8hDnZwtjUfsSwWlH8SnrY5PD9S0jj4H6kCoNCnQ
LVb6h2H+biQ=
=ILCO
-----END PGP SIGNATURE-----





From perry at piermont.com  Fri Feb  2 14:58:56 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Sat, 3 Feb 1996 06:58:56 +0800
Subject: cypherpunks press
In-Reply-To: 
Message-ID: <199602022111.QAA12320@jekyll.piermont.com>



Jonathan Rochkind writes:
> The 29 January New Yorker has an article "Hackworm" that discusses the
> Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
> Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
> and John Gilmore specifically, discussion of crypto politics, while not
> entirely toe-ing the cypherpunks party line, an enhearteningly informed and
> rational treatement.

Could someone please explain to me why Mitnick is a cypherpunk issue?
Myself, I have neither sympathy nor lack of sympathy for the
Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
the subject, and don't see any reason we should, as a group, discuss
or care about the topic.

Perry





From nsb at nsb.fv.com  Fri Feb  2 15:07:14 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sat, 3 Feb 1996 07:07:14 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: 


I know people are tired of hearing from me, but I can't let *this* go
unchallenged:

Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
"Paul M. Cardon"@fnbc.co (580*)

> Interesting address that was used to reach me.

> To: pmarc at nsb.fv.com
> To: pmarc

> Somehow, both reached me from within their system, but if they  
> can't configure their e-mail to show the proper address than I don't  
> have to much faith in their other abilities.  I don't imagine that  
> anybody else would have much luck replying to either of those or CAN  
> I now receive mail at nsb.fv.com?  Is this a new free service  
> provided by FV?

Bogus mail addresses of that kind are typically added by all sorts of
mail relays.  In other words, although I can't tell you 100% for certain
without seeing the mail headers, the scenario underlying this was
probably something involving a bogus mail relay.  Alternately, there are
some systems where this could have all happened entirely on your end, in
your delivery software.  There are a zillion ways this can happen,
actually.  I've checked my archive, and that address definitely was not
in the mail when it left my system.

I can guarantee you that it wasn't our system that did this.  If there's
one things we know cold, it's email.  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Fri Feb  2 15:17:56 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sat, 3 Feb 1996 07:17:56 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: 
Message-ID: 


Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
Weld Pond at l0pht.com (1503*)

> Here is an example of an imagemap for secure number entry.

> http://www.l0pht.com/~weld/numbers.html

I *really* like this example.  That's because it demonstrates so clearly
the security/usability tradeoff that I keep trying to hammer home to
people.

Yes, with something like this -- and a LOT of variation, so it wasn't
the same every time -- you could avoid an attack like ours.  But you'd
also have a user interface that was virtually unusable.  The focus of
the attack we outlined was one particular, naive approach to Internet
commerce that sacrificed a lot of security for usability.  If the net
result of what we've done is to force them to find a better balance, it
was well worth the effort.

Or, to put it another way, I'm not too worried about competing with
software-encrypted credit card numbers if they use an imagemap technique
like the one you've outlined.
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From foner at media.mit.edu  Fri Feb  2 15:21:16 1996
From: foner at media.mit.edu (Leonard N. Foner)
Date: Sat, 3 Feb 1996 07:21:16 +0800
Subject: Call for Demos at Computers, Freedom, and Privacy '96
Message-ID: <9602022139.AA20052@out-of-band.media.mit.edu>


Since 1991, the Computers, Freedom, and Privacy conference has brought
together experts and advocates from the fields of computer science, law,
business, public policy, law enforcement, government, and many other areas
to explore how computer and telecommunications technologies are affecting
freedom and privacy.

This year, for the first time, it's happening at MIT.  I'm helping to
coordinate a Technology Fair of interesting demos related to CFP's themes,
and I'm soliciting people for neat things they'd like to show.

If you think you have something you'd like to demo, please let me know.
For more information about the conference, you might want to check out
  http://www-swiss.ai.mit.edu/~switz/cfp96/
and for information about the demos themselves (including telling us what
items you may need us to provide), you should check out
  http://www-swiss.ai.mit.edu/~switz/cfp96/call-for-demos.html

Some examples to get you thinking:
. A demonstration of anonymous remailers?
. A demonstration of NFS packet substitution on the wire?
. Real-time Netscape key-breaking?
. A bake-off between some individuals or companies to see who can find out
  the most dirt on someone the fastest?
. Something else?

Remember, a lot of the things that Cypherpunks take for granted are
relatively unknown even to the type of crowd that goes to CFP; this could
be your chance to raise some awareness on these issues, show reporters what
can _really_ be done, and so forth.

If you'd like to demo (or even if you're just thinking about), please send
me mail as soon as possible so we can have time to plan.  Thanks!





From jf_avon at citenet.net  Fri Feb  2 15:25:18 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 3 Feb 1996 07:25:18 +0800
Subject: PGP "official" logo?
Message-ID: <9602022143.AA16479@cti02.citenet.net>


>On Fri, 2 Feb 1996, somebody wrote

>> Just put a "PGP signed" logo 
>> This would also have the bonus effect of making PGP more
>> visible to the web-browsing public.  I'll work on this
>> during my.. err.. "spare time".

and somebody replied:

>Yeah, I like the idea of a standardized logo. A lot.

Me too...

Some ideas:

 - ask Phil Z. if he ever devised a PGP logo.
 - a PGP logo design contest (the prize would be eternal glory
      and gratitude from all CPunks)
     In this latter case, the winner might be decided by:
          - a jury (presided by Phil Z. ?)
          - a vote of CPunks

I think it would not do any good if everybody used their own logo.

JFA






From nsb at nsb.fv.com  Fri Feb  2 15:33:24 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sat, 3 Feb 1996 07:33:24 +0800
Subject: Delusional
In-Reply-To: <9601301325.AA17030@sulphur.osf.org>
Message-ID: 


Excerpts from mail.cypherpunks: 30-Jan-96 Delusional Rich Salz at osf.org (752)

> You're disagreeing that I invented safe-tcl?  You disagree that I sent
> you and Ousterhout the very first message that said I want to strip out
> the dangerous commands?

That's not the way I remember it at all, but I'd be interested in seeing
the archives.  My recollection was that it was invented over breakfast
at an IETF meeting (the Columbus one???  I'm not sure) and that Dave
Crocker and Einar Stefferud were also there, along with Marshall and I. 
If I'm misremembering, I apologize.  Honeslty.  

> You're disagreeing that without enabled mail FV would probably
> not have happened?

Except for the fact that they provided prior evidence that Marshall & I
could work together, I'm not sure how it's relevant.  Yes, we used
safe-tcl to implement our server, but any number of other languages
would have sufficed.... -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From bjohnson at nym.alias.net  Fri Feb  2 15:40:16 1996
From: bjohnson at nym.alias.net (bjohnson at nym.alias.net)
Date: Sat, 3 Feb 1996 07:40:16 +0800
Subject: Proxies
Message-ID: <199602022146.PAA10881@vishnu.alias.net>


I keep hearing references to 'proxies' as a method of anonymity.  The only information that I've been able to find, deals with firewalls on networked systems.

Are 'proxies' applicable to personal PCs using browsers, such as Netscape?

Would appreciate any info or leads to information sources.

Thanks in advance,
bjohnson at nym.alias.net






From pmarc at fnbc.com  Fri Feb  2 15:40:21 1996
From: pmarc at fnbc.com (Paul M. Cardon)
Date: Sat, 3 Feb 1996 07:40:21 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <199602022142.PAA10232@abraxas.fnbc.com>


My mailer insists that Nathaniel Borenstein wrote:
> I know people are tired of hearing from me, but I can't let *this*
> go unchallenged:
>
> Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal
> F.. "Paul M. Cardon"@fnbc.co (580*)
>
> > Interesting address that was used to reach me.
>
> > To: pmarc at nsb.fv.com To: pmarc
>
> > Somehow, both reached me from within their system, but if they
> > can't configure their e-mail to show the proper address than I
> > don't have to much faith in their other abilities. I don't
> > imagine that anybody else would have much luck replying to either
> > of those or CAN I now receive mail at nsb.fv.com? Is this a new
> > free service provided by FV?
>
> Bogus mail addresses of that kind are typically added by all sorts
> of mail relays. In other words, although I can't tell you 100% for
> certain without seeing the mail headers, the scenario underlying
> this was probably something involving a bogus mail relay.
> Alternately, there are some systems where this could have all
> happened entirely on your end, in your delivery software. There are
> a zillion ways this can happen, actually. I've checked my archive,
> and that address definitely was not in the mail when it left my
> system.

You like that zillion word when you can't quantify something.

> I can guarantee you that it wasn't our system that did this. If
> there's one things we know cold, it's email.

C'mon Nathan.  It was in the Received headers generated at your  
end.  I agree that it COULD have happened on our end, but it didn't.  
 I've never seen anybody with such an arrogant attitude.  BTW, it  
looks like it has been fixed now.  :-b

---
Paul M. Cardon

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e





From jpp at software.net  Fri Feb  2 15:44:17 1996
From: jpp at software.net (John Pettitt)
Date: Sat, 3 Feb 1996 07:44:17 +0800
Subject: RSA disappears :-)
Message-ID: <2.2.32.19960202212818.016da488@mail.software.net>


rsa.com dissapeard from the net!  The only valid nameserver for rsa.com is
rsa.com and since it's net connection is down anybody trying to talk to
www.rsa.com or send mail to rsa is getting host not found errors.

:-)


--
John Pettitt
email:         jpettitt at well.sf.ca.us (home)
               jpp at software.net       (work)    







From jrochkin at cs.oberlin.edu  Fri Feb  2 15:49:01 1996
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 07:49:01 +0800
Subject: cypherpunks press
Message-ID: 


>Jonathan Rochkind writes:
>> The 29 January New Yorker has an article "Hackworm" that discusses the
>> Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
>> Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
>> and John Gilmore specifically, discussion of crypto politics, while not
>> entirely toe-ing the cypherpunks party line, an enhearteningly informed and
>> rational treatement.
>
>Could someone please explain to me why Mitnick is a cypherpunk issue?
>Myself, I have neither sympathy nor lack of sympathy for the
>Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
>the subject, and don't see any reason we should, as a group, discuss
>or care about the topic.
>
>Perry

The article mentions the cypherpunks, and spends a couple pages discusing
crypto politics and internet security issues.  Like I said, I found it an
unusually well-informed article for the conventional press.  I thought
other cypherpunks list members would be interested in a pointer to it, both
because it discusses the cypherpunks list and because it discusses crypto
politics in a fairly intelligent manner.  And, yes, because it was also
about Mitnick-Markoff-Shimomura, and despite your constant protests that it
isn't a cypherpunks issue, I know that many on the list disagree and are
interested in the issue (and have opinions about it, individually; of
course there is no group mind 'cypherpunks opinion'.)  And, also, because I
think media analysis and issues of what the media is doing and how it works
are 'cypherpunks issues'--that is, issues with a direct relationship to the
crypto issues often discussed here, and which a large proportion of list
members are interested in discussing and hearing about.

I don't see why you, Perry, are the arbiter of what is and is not a
'cypherpunk issue'--if there are lots of people interested in discussing a
certain issue or type of issue on the list, it's going to be discussed.
All you can do is increase the noise on the list even futher by constantly
complaining about it.   Which you seem to enjoy, so go ahead, I guess.







From tcmay at got.net  Fri Feb  2 16:02:50 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:02:50 +0800
Subject: Futplex makes the news!
Message-ID: 


At 8:47 PM 2/2/96, Richard Martin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Fre
>g%2Fag052102
>
>Is an AP report on the at-home censorship.

Many thanks for providing this, Richard! I just read it, and it worries me.

If UMass has yielded, the prominently mentioned CMU and Stanford sites may
be prompted to exactly the same thing. This will "prove" to the Germans
that they did the right thing, and be a blow in _favor_ of suppression of
speech.

I hope some other sites have the mirrored material and are not reeds in the
wind as at least one university is.

(Did I hear correctly that Futplex has "volunteered" to perform 500 hours
of community service at the Simon Wiesenthal Center's Boston office? And
that he has volunteered to attend 50 hours of sensitivity training? Or am
thinking of Cornell?)

Not to make light of this sorry episode, you understand. But my guess is
that unless Futplex immediately begins to grovel to the campus bigshots and
explain how his judgment was impaired by exposure to fascist Cypherpunks,
that his days at UMass as a grad student are numbered. This is the way
universities seem to handle these things.

--Tim, who hopes he's wrong....

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From andrew_loewenstern at il.us.swissbank.com  Fri Feb  2 16:21:27 1996
From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern)
Date: Sat, 3 Feb 1996 08:21:27 +0800
Subject: PGP "official" logo? (a.k.a. the Return of the Logo Wars)
In-Reply-To: <9602022143.AA16479@cti02.citenet.net>
Message-ID: <9602022227.AA01627@ch1d157nwk>


JF Avon (jf_avon at citenet.net), in a fit of creativity, writes:
> Some ideas:
>
>  - ask Phil Z. if he ever devised a PGP logo.
>  - a PGP logo design contest (the prize would be eternal glory
>       and gratitude from all CPunks)
>      In this latter case, the winner might be decided by:
>           - a jury (presided by Phil Z. ?)
>           - a vote of CPunks

If you consult the archives you will find the decayed remains of many  
cypherpunks whose blood was shed in the "Logo Wars" of years past.

Instead of having another logo war on the mailing list and having to shout  
over the din of accounts and subjects hitting the bottom of subscriber's kill  
files, I'll sum it up for you:  If you have a cool logo, put it on your own web  
pages (or get someone to put it on theirs).  Then post the URL on the mailing  
list.  If others like it they will use it.  Welcome to anarchy.

Forget contests (unless you want to pony up the prizes and the judges), forget  
voting, forget juries presided by PRZ (he has more important things to do...),  
forget trying to get a consensus on the mailing list...  Still, if you feel  
you must select a logo in public, set up your own mailing list for discussing  
the logo...

> I think it would not do any good if everybody used their own logo.

I doubt that there will be a large number of logos produced (if any...).  If  
one person comes up with a logo that is obviously better than all the rest then  
people will use it.  If nobody puts logos on their pages then it probably  
wasn't meant to be.


andrew





From bal at martigny.ai.mit.edu  Fri Feb  2 16:31:03 1996
From: bal at martigny.ai.mit.edu (Brian A. LaMacchia)
Date: Sat, 3 Feb 1996 08:31:03 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: <9602022229.AA11435@toad.com>


   Date: Fri, 2 Feb 1996 15:34:24 -0800
   X-Sender: tcmay at mail.got.net
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   From: tcmay at got.net (Timothy C. May)
   Sender: owner-cypherpunks at toad.com
   Precedence: bulk

   If UMass has yielded, the prominently mentioned CMU and Stanford sites may
   be prompted to exactly the same thing. This will "prove" to the Germans
   that they did the right thing, and be a blow in _favor_ of suppression of
   speech.

I just heard the latest version of this story on WBZ radio here in
Boston.  The report quoted the chairman of the CS dept. at UMass; his
claim is that Futplex's distribution of the material was clearly a
"political act" and thus not an appropriate uses of computing resources
funded by public tax dollars.  The report clearly stated that Futplex's
actions were taken to protest German censorship.

Immediately after this story WBZ reported that Germany is now
investigating AOL for possible distributions of banned material.

					--bal






From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb  2 16:36:26 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 3 Feb 1996 08:36:26 +0800
Subject: Just what the Internet needs right now...
Message-ID: <01I0QVJK2WDSA0UTJS@mbcl.rutgers.edu>


	I'll try to see if I can find some bomb-making information from a
non-US web site; it may help in counterarguments. Given that I'm still not
that good at searching, it would be nice if someone else could locate it also.
	-Allen

Reuters New Media
   
   _ Friday Febuary 2 4:54 PM EST _
   
Boys Arrested for Plotting Bomb

   
   
   NEW YORK (Reuter) - Three 13-year-old boys have been accused of
   plotting to blow up their school after learning how to build a bomb
   over the Internet, police said Friday.
   
   The boys were arrested Wednesday after other students at Pine Grove
   Junior High School in Minoa, New York, heard rumors of their plans and
   police were alerted, said Capt. William Bleyle of the nearby Manlius
   police department.
   
[...]

   One of the boys, believed to be the ringleader, admitted to police
   that the three eighth graders learned how to build the bomb from
   instructions they found on the Internet, the global network accessible
   from home computers.
   
   ``The information is very easy to find,'' Bleyle said. ''It's at your
   fingertips. They just called it up.''
   
   He said police found diesel fuel, a bag of fertilizer and other items
   -- the basic materials to build a bomb-- at the first boy's house.
   
   The boys found the information using a computer at home, not at
   school, said Gary Minns, superintendent of the East Syracuse-Minoa
   school district, about 250 miles northwest of New York City. The
   school is not hooked up to the Internet but had been considering it,
   he said.
   
   ``It goes way beyond what we would consider a prank,'' Minns said.
   ``Especially from Oklahoma City and the knowledge and awareness of the
   devastation these things can cause, to think they were even
   considering doing this type of thing is extremely disturbing.''
   
[...]

   The three boys had built and tested a bomb in a field behind an
   elementary school, Bleyle said. That bomb caught fire but did not
   explode. All three, who are being charged as juveniles, are accused of
   conspiracy, he said. They have been suspended from school.
   
   Police were still investigating their motives, Bleyle said, adding
   ``It was definitely to effect destruction on the school. It was not an
   idle threat. There was actual intent to carry this through. The
   destruction could have been enormous.''





From tcmay at got.net  Fri Feb  2 16:36:51 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:36:51 +0800
Subject: PGP "official" logo?
Message-ID: 


At 9:37 PM 2/2/96, jf_avon at citenet.net (Jean-Francois Avon (JFA
Technologies, QC, wrote:

>Me too...
>
>Some ideas:
>
> - ask Phil Z. if he ever devised a PGP logo.
> - a PGP logo design contest (the prize would be eternal glory
>      and gratitude from all CPunks)
>     In this latter case, the winner might be decided by:
>          - a jury (presided by Phil Z. ?)
>          - a vote of CPunks

I realize that Phil Z. is an "icon" to many people, but icons sometimes are
overrated. In this context, I mean symbolic icons, or logos, e.g., little
pictures.

Why is an icon or logo preferable to "Begin PGP signed..."? The little
rose, or chevrons, or escutcheons, or whatever, then have to be explained
to people. "PGP" is actually its own best logo.

(There is also the important point that most uses of PGP are in
primarily-ASCII settings, in e-mail. Yes, I know that MIME and whatnot can
support graphics, but such uses are rare. Look at this mailing list, and
Usenet, for examples of how most messages are composed. I routinely delete
all messages that have "attachments converted" to them, and others have
told me they do the same thing.)

Logos and signs typically are useful to attract customers from afar, as
with roadside signs, or to establish consumer preference. In the case of
PGP, neither situation seems especially germane.

Finally, the idea of a "contest" and a "vote" comes up once again. Being an
anarchy, no one is stopping anyone from attaching logos to their articles.
But I can't imagine a "vote of CPunks."

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Fri Feb  2 16:43:08 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:43:08 +0800
Subject: Proxies
Message-ID: 


At 9:46 PM 2/2/96, bjohnson at nym.alias.net wrote:
>I keep hearing references to 'proxies' as a method of anonymity.  The only
>information that I've been able to find, deals with firewalls on networked
>systems.
>
>Are 'proxies' applicable to personal PCs using browsers, such as Netscape?
>
>Would appreciate any info or leads to information sources.

A quick look with Alta Vista for the string "web proxy" reveals 25 articles
on Usenet and 200 on the Web, with some of them containing further
pointers, definitions, and other helpful information.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From somogyi at digmedia.com  Fri Feb  2 16:43:41 1996
From: somogyi at digmedia.com (Stephan Somogyi)
Date: Sat, 3 Feb 1996 08:43:41 +0800
Subject: Looking for GSM A5 info
Message-ID: 


I'm looking for information about the A5 encryption algorithm used in
GSM phones. Specifically:

- How does the algorithm work and is its encryption methodology similar
to any other well-known algorithms?

- Is A5's implementation mandatory to produce an world-wide
interoperable GSM device?

- What are the variants of A5 (there was some discussion of less secure
versions), how do they differ, and where are they used?

- Are there any known weaknesses in or attacks on A5-encrypted GSM
conversations?

- Are there notable instances where GSM deployment was delayed or
halted due to A5? (I remember hearing that such a delay happened in
Australia, but I don't recall details.)

Any related information, or pointers to related information,
appreciated greatly.

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media







From llurch at networking.stanford.edu  Fri Feb  2 17:00:38 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 09:00:38 +0800
Subject: Ways around "censorship" of Nazi Zundelsite (fwd)
Message-ID: 


Similar notes have been posted to the newsgroups and faxed to a number of
press critters in Germany, Canada, and the US. The Ottowa Times is
probably going to be the first out with a reasonably in-depth story. If
you have something of import to say, I'll give you the reporter's number. 

We won already. OK? I believe even the Wiesenthal Center is waking up to
the fact that the only acceptable and efffective way to deal with evil
lies in the modern age is by drawing them into the open and smothering
them with the truth. They should have a statement shortly. 

Share and enjoy.

-rich

---------- Forwarded message ----------
Date: Thu, 1 Feb 1996 12:34:42 -0800 (PST)
From: Rich Graves 
To: declan at eff.org, fight-censorship+ at andrew.cmu.edu, haggaik at leland
Subject: Ways around WebCom censorship of Zundelsite (fwd)

-----BEGIN PGP SIGNED MESSAGE-----

Declan et al, I sent the enclosed to the white supremacists' moderated
mailing list in order to foster the free flow of information, and Don
Black approved it for distribution. Now they all know about all the 
mirrors. 

Since there is no longer any censorship, and since Zundel has released a 
press release about how "major universities have come to his defence" 
against this Zionist repression, I believe it would be appropriate to 
express our true feelings now. Of course copyright and good taste 
dictate that his pages remain on the Web completely unedited, but I see 
no reason for them to be the only thing there.

I would recommend adding a link to the following additional publications
of Zundel's, which were similarly "censored": 

 http://www.almanac.bc.ca/hweb/people/z/zundel-ernst/flying-saucers/

To prevent the saving of bookmarks within his site, I further recommend
moving his pages into a subdirectory with a name that changes from time to
time, as I have done. 

I apologize for blowing up at Declan. The link text from my page to his
again reads, in part: "My friend Declan's page has some more developed
ideas, most but not all of which I agree with. He has more time for this." 

- -rich

- ---------- Forwarded message ----------
Date: Thu, 1 Feb 1996 00:55:06 GMT
From: Stormfront-l 
To: rich at c2.org
Subject: Ways around WebCom censorship of Zundelsite

From: Rich Graves 
Date: Wed, 31 Jan 1996 16:55:06 -0800 (PST)
Subject: Ways around WebCom censorship of Zundelsite
 
You might want to consider this on your own sites. An IP filter is no 
good if the IP address changes.
 
I would also suggest holding your own press conference on February 28th.
 
- ---------- Forwarded message ----------
Date: Wed, 31 Jan 1996 15:52:37 -0800 (PST)
From: Declan
To: Fight Censorship Mailing List ,
Subject: Re: A possible (though unlikely) easy way around WebCom censorship
 
On Wed, 31 Jan 1996, Declan B. McCullagh wrote:
> The attached TELECOM Digest message mentions assigning a new IP address
> to WebCom's web server, which would defeat the current block.
 
Thomas Leavitt from WebCom tells me that Telekom has blocked all accesses
to hosts within the webcom.com domain, though WiN has not. 
 
Apparently Spiegel TV is interested in reporting on this. One of their
reporters told me that the AntiDefamation League in NYC has been compiling
a list of offensive resources (primarily web pages, I think) on the
Internet. 
 
They're going to hold a press conference on February 28 to "demand reduced
access" to this material. 
 
- -Declan
 
- ---------- Forwarded message ----------
Anyway, this is all moot, because there are so many holes in the 
censorship curtain. See the full list of mirror sites and supplemental 
documentation at any of the following, all accessible from any computer 
in Germany:
 
http://web.mit.edu/afs/athena.mit.edu/contrib/bitbucket2/zundel/censorship.html
http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/censorship.
html
http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/censorship.
html
http://web.mit.edu/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/censor
ship.html
 
The Berlin Wall has fallen.
 
Next stop, the Great Firewall of China.

- ------------------------------------------------------------------------
To: Multiple recipients of the Stormfront-L Mailing List
Host: don.black at stormfront.org (Don Black)
To unsubscribe, send e-mail to 'listserv at stormfront.org' with the
line 'unsubscribe Stormfront-L' in the message BODY, not the subject.
- ------------------------------------------------------------------------

- -----
Processed with Listserv v2.77 for Wildcat v4

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMREji43DXUbM57SdAQFO0wP/XsuwmTWifPvJ2MscEWP0N+hSslXRzxfr
l1FN13DnduAJBE2yhJhZUZoCxdAlpXehHP7G2ZOyycdQpxUom7sTo4X0PP95Y5k4
7psQdzFoubAN7Uv6hQh1MTALD3t8vu2bwH4pYtkOeAi13PMvTe/PRfxlPBLcFz69
Bro6hYmaeE8=
=rKCu
-----END PGP SIGNATURE-----







From jonl at well.com  Fri Feb  2 17:08:25 1996
From: jonl at well.com (Jon Lebkowsky)
Date: Sat, 3 Feb 1996 09:08:25 +0800
Subject: Denning's misleading statements
In-Reply-To: <199602010308.WAA27249@pipe2.nyc.pipeline.com>
Message-ID: <199602022316.PAA12911@well.com>


> Responding to msg by jonl at well.com (Jon Lebkowsky) on Wed, 31 
> Jan  6:34 PM
> 
> 
> >Definitely! I wonder who we could get from the FBI??
> 
> 
>    Try for Al Bayse, formerly assistant director of the FBI's
>    Technical Services Division and its long-time senior
>    techonology expert. Here's a quote from David Burnham's new
>    book, "Above the Law:"
> 
>       Al Bayse, whom FBI documents suggest has been involved
>       in the Clipper since its inception, was ecstatic about
>       its inception. Shortly before the White House announced
>       the project to reporters, he telephoned the three
>       leading security experts in the academic world --
>       Dorothy Denning of Georgetown University, Lance Hoffman
>       of George Washington University and Peter Neumann of SRI
>       International -- and informed them that the FBI's
>       problem had been solved. (p. 150)
> 
>    Burnham claims that because Bayse shaped and directed the
>    FBI's investigative technologies from the late 1970s to the
>    mid-1990s he "may well be the nation's single most
>    influential law enforcement official since J. Edgar
>    Hoover." (p. 136)

Is he online? I need his email address, and Denning's.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky                  http://www.well.com/~jonl
Host, Electronic Frontiers Forum, 7PM PST 9PM CST Thursdays
  at Club Wired 
Vice President, EFF-Austin 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=






From jrochkin at cs.oberlin.edu  Fri Feb  2 17:19:16 1996
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 09:19:16 +0800
Subject: Futplex makes the news!
Message-ID: 


At 1:17 PM 02/02/96, Mike Duvos wrote:
>We seem to be discovering more and more side effects from the
>defense of free speech for the unpopular.  The Holocausta Nostra
>is cheering wildly at the opportunity to present the works of
>Mr. Zundel under a banner reading "Nazi Scum".  Zundelsites are
>being set up by people whose views are so disgusting they probably
>offend even Mr. Zundel himself.  And now our very own "Futplex"
>will have to live the rest of his life branded as a electronic
>distributor of "hate literature" by the forces of political
>correctness at UMASS.
>
>It may be time to regroup and take inventory of what we are
>suposedly trying to accomplish here.

The AP article on the net that someone referenced for us before
(http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Fre
g%2Fag052102), fortunately portrays Futplex M accurately as a principled
free speech crusador, rather then a Nazi, with a few good quotes from F
(nice job Futplex!).     [And Rich Graves should be pleased to see his name
gets mentioned _before_ Declan's.  snork.]   I hope he doesn't get into too
much trouble with UMASS, but I suspect he won't--after he gets called a
"free speech activist" on the AP wire, umass is going to look really bad
punishing him for his activism.   [I guess they've already told him he has
to take it down, but it served it's purpose anyway].

I think the whole endeavor was a resounding success, and I wish I had been
on the ball enough to participate in it.  So, nazi wierdos even worse then
Zundel have appropriated his views--only goes to show that when you try to
censor something (on the net especially--but this has always been true to
some extent, and you can frequently hear ACLU types worthily propagandizing
it), all you do is end up giving it free publicity.  So what if the
'holocost nostra' is delighting in calling Zundel "nazi scum", or whatever.
I haven't read his stuff, so I don't know if I think him deserving of that
title or not, but they can certainly exercise their freedom of speech in
saying so. (Although if they're not careful I suppose Zundel could exercise
his freedom of filing a libel lawsuit against them).

The important thing is that Rich, Declan, Futplex, and anyone else
participating showed the world that censorship on the internet, if not
impossible, is at least a good deal more dificult then people thought.
And,  just as importantly, that they defeated this individual act of
censorship thoroughly.  (Yes, I think participating in the defeat of
censorship is worthy even when it's nazi stuff you're protecting.  A
'banned sites' page on the WWW would be a great thing, even if it contained
a majority of links to neo-nazi propaganda.  If censorship attempts
continue, one of us ought to make such a site--and, of course, mirror it
throughout the universe).

[ Thought--if Germany was blocking sites that contained pornography
instead, not only would Rich/Declan/Futplex probably have been more
reluctant to mirror it, but they probably would have gotten in legal
trouble for doing so, even in the U.S.  And, of course, would have brought
their web servers to a standstill as the entire world tried to get erotic
pictures from their sites.  And the AP article probably wouldn't have been
so kind.   It's ironic and sad that in 1996 America, pictures of people
having sex are more dangerous contraband then is anti-semetic propaganda.]







From jcobb at ahcbsd1.ovnet.com  Fri Feb  2 17:23:43 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Sat, 3 Feb 1996 09:23:43 +0800
Subject: Gleeful Prosecutors, Happy AOL
Message-ID: 


 
 
  Friend, 
 
 
        A 02 02 96 Associated Press newsstory 
        ------------------------------------- 

  AMERICA ONLINE ADDED TO PROBE OVER INCITING RACISM

                     datelined 
 
    MANNHEIM, Germany (Feb 2, 1996 3:29 p.m. EST) 
 
                     reports: 
 
 
   Prosecutors hoping to ban neo-Nazi material from reaching 
   Internet users in Germany have notified America Online Inc. 
   that it may be charged with inciting racial hatred. 
 
  and of course... 
 
   America On-Line spokesman Ingo Reese in Hamburg said his 
   company also was happy to work with the prosecutors. 
 
 
  Cordially, 
 
  Jim 
 






From ddt at lsd.com  Fri Feb  2 17:34:19 1996
From: ddt at lsd.com (Dave Del Torto)
Date: Sat, 3 Feb 1996 09:34:19 +0800
Subject: Apology and clarification
Message-ID: 


At 1:57 AM 1/30/96, Nathaniel Borenstein wrote:

[explanation of keysniffing intentions elided]
>When you put all four of these together, you have an attack that IS new,
>in the sense that nobody we know of has ever mentioned it before, and
>which could in fact be used by a single criminal, with only a few weeks
[elided]

Nathaniel,

I took your posting in the spirit it was intended, I think, since it was
obviously not directed at a c'punk audience. You may remember, BTW, that I
did some information-gathering on keystroke sniffers early in 94. I, too,
did not feel comfortable spreading the info too widely, however, though
now, to a select audience, it might be timely.

Thanks for pointing out a very valid set of attack parameters, BTW.

>One good
>programmer, in less than a month, can write a program that will spread
>itself around the net, collect an unlimited number of credit card
>numbers, and get them back to the program's author by non-traceable
>mechanisms.  Does anyone on this list doubt that this is true?

I do not doubt it for an instant. I even know some Eastern Eudopeans who
might be at it as we speak.

   dave







From jcobb at ahcbsd1.ovnet.com  Fri Feb  2 17:37:56 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Sat, 3 Feb 1996 09:37:56 +0800
Subject: Going, Going, Gone With the Flow
Message-ID: 


 
 
  Friend, 
 
 
            A 02 02 96 Boston Globe newsstory 
            --------------------------------- 

     GOVERNMENTS MOVE TO LIMIT FREE FLOW OF THE INTERNET 

                       datelined 
 
             (Feb 2, 1996 00:17 a.m. EST) 

                       reports: 
 
 
    ...the Internet is slowly being colonized. 
 
 
  Colonized? 
 
    Governments around the world -- from Germany to Iran to 
    Singapore -- are moving to limit Internet access for their 
    citizens.... 
 
 
  Oh I see.  Colonized by parasites. 
 
    This move to cordon off the Internet into private plots -- 
    some call it digital Balkanization -- is seen by experts as 
    one of the most profound changes since the global network 
    emerged as a commercial medium in 1991. 
 
 
  S-s-h-h.  The experts speak! 
 
    Many Internet specialists say it marks the shift...to [a 
    "network"] where users are building nation states, an evo- 
    lution that they say will lead to the Internet's ultimate 
    success as a commercial and communication platform. 
 
 
  S-s-h-h!  The specialists have spoken. 
 
 
    Earlier this week, Federico Mayor, the director of UNESCO, 
    an arm of the United Nations, called for the drafting of a 
    global agreement that would help protect rights in cyber- 
    space. 
 
 
  Mais oui. 
 
 
  Cordially, 
 
  Jim 
 
 





From steve at miranova.com  Fri Feb  2 17:41:27 1996
From: steve at miranova.com (Steven L Baur)
Date: Sat, 3 Feb 1996 09:41:27 +0800
Subject: Proxies
In-Reply-To: 
Message-ID: 


>>>>> "Tim" == Timothy C May  writes:

Tim> At 9:46 PM 2/2/96, bjohnson at nym.alias.net wrote:

>> I keep hearing references to 'proxies' as a method of anonymity.
>> The only information that I've been able to find, deals with
>> firewalls on networked systems.
>> 
>> Are 'proxies' applicable to personal PCs using browsers, such as
>> Netscape?

Proxies aren't any use towards anonymity on a single user system.
They can be very useful on a network, regardless of whether a firewall
exists or not.

>> Would appreciate any info or leads to information sources.

Tim> A quick look with Alta Vista for the string "web proxy" reveals
Tim> 25 articles on Usenet and 200 on the Web, with some of them
Tim> containing further pointers, definitions, and other helpful
Tim> information.

For one-stop shopping I recommend Delegate, written by Yutaka Sato
, available from
	ftp://etlport.etl.go.jp/pub/DeleGate/

It should run on any reasonable Unix system.  Most of the
documentation is in Japanese, but there is enough in English to get it
up and running.

Regards,
-- 
steve at miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.





From rah at shipwright.com  Fri Feb  2 17:41:50 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 09:41:50 +0800
Subject: Futplex makes the news!
Message-ID: 


At 6:34 PM 2/2/96, Timothy C. May wrote:
>(Did I hear correctly that Futplex has "volunteered" to perform 500 hours
>of community service at the Simon Wiesenthal Center's Boston office? And
>that he has volunteered to attend 50 hours of sensitivity training? Or am
>thinking of Cornell?)

Ah.

I think what Tim's referring to is the brand new Reeducation Campz, Inc.
(RCI), "NewCommonwealth" facility currently taking on new "HappyCampers" in
Cambridge just up Brattle Street from Harvard Square.  I hear it's a
complete appropriate-behavior Skinnerian-behavior-modification
aversion-therapy facility complete with electroshock contour couches in
front of surplus Digital Equipment Corporation MicroVaxen, all running a
special version of CuttyBrowser, specially developed in COBOL for the
MicroVaxen by Mitre and Micotronx. When the wrong URLs are selected (EF*,
Cyph*, crypt*, White_W*, and "Black Rhino", to name a few grep strings),
the camper is randomly electrocuted at senstitive subcutaneous nerve
endings or gassed with nauseous sulpher fumes.

This technology, along with direct neural stimulation of pleasure centers
when Significant Figures of National Authority (SFNA) (including the First
Lady, the FBI Director, and the Attorney General), are randomly flashed,
although slowly, on the MicroVax's screen has proven very powerful in
creating extremely motivated and happy citizens of the Commonwealth.

An interesting side effect is that the process creates sexual arousal when
the HappyCampers see the company logo of the computer outside of the Camp
setting, which is apparently why the machines in this particular facility
were donated by Digital under a "Help the Commonwealth Grow" program,
reserved for Massachusetts computer companies. Digital is hoping that this
will help stanche the decline in sales they've been suffering the last few
years, or at least help get rid of a "very large" production run of
MicroVax computers they've been writing off for the last eight years.

RCI, a "hybrid" for-profit corporation owned by government/non-profit
organizations, is a partnership between the NSA, both NEAs, NOW, NARAL, The
Moral Majority, Oral Roberts University, The 700 Club, and, of course,
UMASS in cooperation with the Kennedy School of Government at Harvard.
After the camp, the HappyCamper is charged $37,000 in tuition for the
12-day 19-hour-a-day experience, is also required to pay for the computer
(because the campers tend to become emotionally distraught when separated
from the machines, and because nobody can be hired to clean the machines
either), and, is required to recruit 4 other campers.

Oddly enough, this last requirement has become something of a problem,
because graduates of the Camp are usually overzealous in their recruitment
efforts, dragging relatives, farm animals, and, in several cases,
inebriated homeless residents of Harvard Square to the Camp and leaving
them in unconscious piles at the Camp door. This is causing problems with
neighbors in the Brattle Street area, including John Kenneth Galbraith and
Governor William Weld, who are not now very happy campers at all. The Camp
is now required to give the neighborhood association 24 hour advanced
notice of every graduation, so that gardeners and domestic help can be
locked safely indoors.


Anyway, have fun, Futplex!  Remember that I've moved, and don't forget your
Kleenex when you go...

Better yet, stay in Ithaca.


Cheers,
Bob Hettinga

Ithaca? That's Cornell, right? Hmmmm... How about moving to New Haven, instead?

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/







From wilcoxb at nag.cs.colorado.edu  Fri Feb  2 17:51:32 1996
From: wilcoxb at nag.cs.colorado.edu (Bryce)
Date: Sat, 3 Feb 1996 09:51:32 +0800
Subject: PGP "official" logo? (a.k.a. the Return of the Logo Wars)
In-Reply-To: <9602022227.AA01627@ch1d157nwk>
Message-ID: <199602030017.RAA06483@nag.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Andrew Loewenstern 
 " is alleged to 
 have written:
>
> Instead of having another logo war on the mailing list and having to shout  
> over the din of accounts and subjects hitting the bottom of subscriber's kill  
> files, I'll sum it up for you:  If you have a cool logo, put it on your own web  
> pages (or get someone to put it on theirs).  Then post the URL on the mailing  
> list.  If others like it they will use it.  Welcome to anarchy.


Hello Andrew, I recommend that you set your line widths so a
smaller number so that people who quote you, as above, don't
generate >80 col lines, as above.


But anyway, I drew my own PGP logo for my "Bryce's Auto-PGP"
distribution site.  The logo's a kloogey piece of work, but 
I like the motif of an envelope with "PGP" stamped across 
the seal, so I use it.  If anyone else does the same idea
better, I'd love to see (/copy) it.


Anyone is welcome to copy my "PGP- the electronic envelope"
logo, but by doing so you are assenting to this contract,
which states that the next time we are hanging out together
in the same bar you will buy me a beer.


 BAP
Distribution Site 


Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRKpfvWZSllhfG25AQH1QwP/SX7UN0QV5OkxHnHQcZRs4c5f9wBb3+Dj
8MzJoIgdEIiiSLZ+dfc3EHiiP4huMtaNzb+E9k2os8gJvU9D3aYR8Lz8bZDKA0kF
dzbCsQAPZoFF+egicd4JTm1KfcfnXJmSModvf6Xoy+L7GdTw5j74tCZNZb9f1GY+
fs6c8XgI3ME=
=pd+E
-----END PGP SIGNATURE-----





From proff at suburbia.net  Fri Feb  2 17:55:08 1996
From: proff at suburbia.net (Julian Assange)
Date: Sat, 3 Feb 1996 09:55:08 +0800
Subject: Just what the Internet needs right now...
In-Reply-To: <01I0QVJK2WDSA0UTJS@mbcl.rutgers.edu>
Message-ID: <199602030025.LAA25077@suburbia.net>


>    He said police found diesel fuel, a bag of fertilizer and other items
>    -- the basic materials to build a bomb-- at the first boy's house.

Looks like I've just been placed into the ranks of the pyro-terrorist.

Golly, Deisel fuel.
Gosh, Fertilizer.
Ma, other items.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From nobody at REPLAY.COM  Fri Feb  2 17:59:15 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 09:59:15 +0800
Subject: Don't shot till you see the gray of their eyes
Message-ID: <199602030030.BAA27066@utopia.hacktic.nl>


Now I understand it.

That thing on the cover of Applied Crypto is really
one of the Gray's space ships that they use to abduct
aspiring cryptographers and implant microchips in them,
controlling their minds and making them obey RSA's
license agreement.

Very interesting indeed.

On a lighter note, a local NBC station advertised a
special they will have this monday, about the 1-800-INFO-PET
chips... only that parents are opting to have them implanted
in their newborn children.








From allyn at allyn.com  Fri Feb  2 18:18:39 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sat, 3 Feb 1996 10:18:39 +0800
Subject: FEBRUARY MEETING
In-Reply-To: 
Message-ID: <199602030121.RAA22883@mark.allyn.com>


Does anyone know if there are any meetings in the
Seattle, Washington area?

Mark Allyn





From sunder at dorsai.dorsai.org  Fri Feb  2 18:20:29 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Sat, 3 Feb 1996 10:20:29 +0800
Subject: Free filtered list -> Re: noise levels
In-Reply-To: 
Message-ID: 


On 31 Jan 1996, Steven L Baur wrote:

You know folks, I do run a free filtered cypherpunks list.  there's no 
need for ratings.  I filter, you read. :)

If you want to subscribe send a message with the subject "FCPUNX 
SUBSCRIBE" or "FCPUNX HELP"


==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================






From allyn at allyn.com  Fri Feb  2 18:24:12 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sat, 3 Feb 1996 10:24:12 +0800
Subject: RSA disappears :-)
In-Reply-To: <2.2.32.19960202212818.016da488@mail.software.net>
Message-ID: <199602030118.RAA22873@mark.allyn.com>


Hello!

RSA is fine and up and running as of 5 PM PST on
Friday Feb 1. RSA.COM nameserver at 192.80.211.33
is up and on the net as well as www.rsa.com.

Love

Mark Allyn





From wilcoxb at nag.cs.colorado.edu  Fri Feb  2 18:26:54 1996
From: wilcoxb at nag.cs.colorado.edu (Bryce)
Date: Sat, 3 Feb 1996 10:26:54 +0800
Subject: Web page authentication (was: Anti-Nazi Authentication)
In-Reply-To: 
Message-ID: <199602030123.SAA09872@nag.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----


 An entity calling itself "Rich Graves 
 " is alleged to have
 written:
>
> On Fri, 2 Feb 1996, Bryce wrote:
> 
> > > What's wrong with a prominent PGP-signed notice in 
's that "This
> > > page, at URL [whatever], has a separate PGP signature at [other URL]." 
> > > I've did that with the windows networking FAQ a few times until it just 
> > > got to be too much trouble.
> > 
> > That's a good idea, but I don't see any reason to sign the 
> > notice.
> 
> For the paranoid, it would be an added assurance that they are reading the
> original file at the original location. Otherwise, anybody could copy the
> Web page, modify it, and give it someone else's PGP signature. 


Uhhh- wait a second.  Anybody can always copy the file *and*
the signature to a new site without changing the
authentication.  And anybody can always copy the cleartext
and then sign it with a different key.  Right?  What are you
getting at?


Now what you can do is put the site's URL in the signed 
text, forcing the copier to change the URL and re-sign it
with his own key.  And you could time-stamp your document, 
proving that you had possession of it before the copier did.
But that's the extent of what you can do, AFAIK.


> But yeah, it would look awfully silly, especially to the non-PGP-aware
> public. An unobstrusive PGP logo (below) would be great, and might become
> a status symbol, like those cheesy HTML validation service and Internet
> Audit Bureau logos (which I have used on a few pages). 


Yeah that was my idea.  A little "PGP signed" logo.  If the
user clicks on it it gives them the signature, and/or a href
to a PGP page.  (Probably one maintained by yours truly.)


> Yeah, I like the idea of a standardized logo. A lot.


I have a little logo which is (as I recall) 32x32 pixels
which is just "PGP" with a red check-mark superimposed.
I'll hack on this idea during what I jocularly refer to as
my spare time.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRK45PWZSllhfG25AQG9uQP/Ry8TJDwvBjgNLjqJ4O0kX5277Th9ERoD
/I90bq+EvdkVOIypr8DIagxGQDtY8GUDeIXzZvvoUSH/h/EioKP7P6J3El9liCmO
NEYcGhlYtnKMn2/iKeQiZfu68iVSCpUSm8Tvq42ecLKTpgcpx+6sQIhFs3e5oG0O
F2lc601FTL4=
=0qGM
-----END PGP SIGNATURE-----





From declan+ at CMU.EDU  Fri Feb  2 18:34:28 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sat, 3 Feb 1996 10:34:28 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: 


Excerpts from internet.cypherpunks: 2-Feb-96 Re: Futplex makes the news!
by Timothy C. May at got.net 
> If UMass has yielded, the prominently mentioned CMU and Stanford sites may
> be prompted to exactly the same thing. This will "prove" to the Germans
> that they did the right thing, and be a blow in _favor_ of suppression of
> speech.
>  
> I hope some other sites have the mirrored material and are not reeds in the
> wind as at least one university is.

If we're talking about Nazis, UMass is the place to look for the PC
breed of 'em. Check out http://joc.mit.edu/roundup.html for info on
their recent PC speech code censor attempts at UMass Amherst.

I've decided to take the materials off my web pages -- but with no
pressure from, and in fact no communication at all with CMU
administrators. I've had nothing but support from the School of Computer
Science folks at Carnegie Mellon. A CMU SCS faculty member even offered
to host the pages if the administration got their panties in a snit.

This after there was a front page above-the-fold article in today's
Pittsburgh Tribune Review: "CMU in middle of Internet flap" It talked
about the Simon Wiesenthal Center's efforts to, um, educate university
administrators:

    The Simon Wiesenthal Center, the world's leading anti-Nazi organization,
was fuming however -- faxing indignant messages to the presidents of CMU,
Stanford, the Massachusetts Institute of Technology, and University of
Pennsylvania...

    Mark Weitzman, the director of the Wiesenthal Center's Task Force Against
Hate, said he had heard nothing by late yesterday afternoon from CMU
President Robert Mehrabian, whom he had urged by fax Wednesday "to address
this issue as quickly as possible."...

    Linda Hurwitz, director of the Holocaust Center of Pittsburgh, criticized
the postings, saying while she didn't approve of censorship in general, some
lies were so harmful that they were tantamount to yelling "fire" in a crowded
theater.

I don't often congratulate Carnegie Mellon for a job well done, but this
is one of those occasions. (Though I'm not sure how the administration
would have reacted if the Zundelstumphen was in my Andrew account
instead of my SCS AFS directory...)

-Declan






From mpd at netcom.com  Fri Feb  2 19:09:05 1996
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 3 Feb 1996 11:09:05 +0800
Subject: Futplex makes the news!
Message-ID: <199602030230.SAA20498@ix6.ix.netcom.com>


On 2 Feb 1996 19:02:29 -0500, you wrote:

>I think the whole endeavor was a resounding success, and I wish I had been
>on the ball enough to participate in it. 

[deletia]

>The important thing is that Rich, Declan, Futplex, and anyone else
>participating showed the world that censorship on the internet, if not
>impossible, is at least a good deal more dificult then people thought.

Before poo-pooing Tim, declaring victory, and returning home, it
should be noted that German prosecutors today added AOL to the list of
entities they wish to charge with "inciting hatred."

UMASS will of course test the political waters before taking any
action, but we may yet see the gonads of Futplex hanging from one of
the upper floors of the Graduate Research Center.  :)

Time will tell whether we have won this war, or have simply
encountered a lull after the first onslought by the enemy.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $







From dm at amsterdam.lcs.mit.edu  Fri Feb  2 19:20:16 1996
From: dm at amsterdam.lcs.mit.edu (David Mazieres)
Date: Sat, 3 Feb 1996 11:20:16 +0800
Subject: Lotus Notes
In-Reply-To: <199601310705.XAA09848@netcom6.netcom.com>
Message-ID: <199602030230.VAA06785@amsterdam.lcs.mit.edu>


> Tim May had it exactly right in his post entitled "Silver Linings
> and Monkey Wrenches" (thanks Tim).  The only thing I can add is that
> forcing them to attack a 40 bit key is better than giving them the
> whole key thru some LEAF scheme ala Clipper.

Your point may be valid, but who is attacking a 40 bit key?  Is
cracking 40 out of 64 bits of a 64-bit RC4 key as hard as cracking a
40 bit key, or does knowing a significant portion of the key make the
search considerably easier than brute force?  I've never heard anyone
make an assertion either way, except that some people seem to assume a
the difficulties are the same.

Thanks,
David






From tcmay at got.net  Fri Feb  2 19:23:23 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 11:23:23 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: 



I can't say that I've always wanted to use this oft-joked about title, but
for the first time since I got on some form of the Net in 1973, I think
there's some truth to it.

(It's not hopeless. In fact, the stuff we talk about, use, work on, etc.,
is the best hope.)

Several pieces of news are coming at the same time:

* the Communications Decency Act, as part of the Telecom Act, was passed by
Congress yesterday. Clinton is expected to sign it into law early next
week. It includes language of great significance for users, for ISPs, and
perhaps for remailers. When it takes effect--some number of days after
Clinton signs it into law--it could almost immediately have a chilling
effect on many newsgroups, on Web accesses, etc. Though civil liberties
groups are expected to challenge it in court, and may ultimately win, it
could be a long and expensive fight for some ISP who "lets" a 17-year-old
access indecent material (or lets abortion articles in, or lets various
other banned things in).

* Other countries are gaining steam in restricting, or trying to restrict,
what happens on the Net, especially what enters. Germany is the most
oft-discussed, with actions underway against Compuserve, American Online,
and possibly other ISPs with a German presence. And the Deutsche Telekom
access block of American sites. France is also contemplating various
actions. Even the "liberal" countries have things brewing, according to
news items appearing recently. (Look at the list of countries represented
by senior law enforcement officials at the Key Escrow meetings in Sept.
'94, for example. I don't expect most of these countries to have an active
public debate about crypto restrictions, for various obvious reasons. I do
expect them to accept with alacrity the "international treaties" when they
are offered.)

* And don't forget that there is still a campaign to control encryption and
to adopt a global regimen for "key escrow." The various international
meetings, the Washington meetings, and the noises coming out of foreign
capitals strongly suggest a comprehensive scheme--as yet unannounced--to
mandate the escrowing of keys with the local authorities. (To be sure,
there are many, many problems, and many avenues for attack, but this
doesn't mean such an international scheme won't be tried...look to the U.S.
lead in controlling drug traffic over the past 60 years.)

* The Wiretap Bill still mandates that digital switches be made digitally
wire-tappable. (Lots of technical details, and lots of debate about how
much of the $500 million mentioned will actually be budgeted, provided,
etc.) FBI Director Louis Freeh is still pushing this as critically
important. This is part of the larger mosaic.

* Various trial balloons about key authentication agencies, about having
the government issue keys and even handle e-mail (the Postal Service has
been pushing for this for a long time). Some of the "centralized" schemes
for signature authorities appear to fit in nicely with a
government-mandated certificate hierarchy. There are various scenarios for
how a certificate hierarchy could be mandated, ranging from outlawing of
"anarchic" variants (unlikely, at first) to the court system refusing to
help enforce contracts signed in a non-compliant manner (pretty likely, in
my opinion).

* Universities are *not* becoming more tolerant and diverse, more acceptant
of extreme speech. In fact, more and more of them are adopting "speech
codes," especially for the Internet. Sometimes called "stalking" laws,
sometimes "respect" laws, they serve to stifle what is noniolently,
noncoervively said by some students to others. Even private jokes, as at
Cornell, are treated as crimes (the "voluntary" community service the four
Cornell students agreed to). And "political" material is ordered off
university Web sites (the UMass case of Lewis McCarthy, which just unfolded
today).

*Universities, corporations, and even ISPs are explicitly adopting policies
that allow them to inspect e-mail at will. (If the arrangement is made in
advance, it may not violate the ECPA to do this...and I'm not saying there
aren't some good reasons why these entities would want the right to inspect
e-mail (their liability being a good example), just noting the growing
situation. Absent any sort of "common carrier," we may be approaching an
age where the relay layers most users must use have explicit policies
allowing monitoring and even banning unapproved/unescrowed encryption (I've
seen the policies of at least one ISP that state this). (Alice and Bob can
still presumably dial each other up directly over the phone lines and do a
UUCP-style transfer, but using intermediary ISPs may not allow them to use
the crypto of their choice...again, the ISPs, universities, corporations,
etc., may be held liable for misdeeds done over their systems, so this is
why they would want to control the content or have some way to monitor
communications.)

* The Four Horsemen of the Infocalypse. Increasing media reports of child
porn on the Net, of "digital stalkers" on campuses, of children finding
bomb instructions, of nuclear terrorists using Alta Vista to design their
bombs.... Even the media lionization of Shimomura, who dismisses concerns
about privacy as the ravings of paranoid hackers and libertarians, adds to
this public view. Shorter, more sensationalistic, articles are appearing
daily. (I don't believe the reporters, notably Markoff, Levy, etc., are "in
on" some kind of conspiracy, just noting that the media hype about the Net,
and hackers, and the dangers, are adding up to a growing sense that "the
government has to something!").

* "Anonymity" in general is under attack. Calls for "responsibility." "What
have you got to hide?" is the standard refrain. If the rumors of a kind of
"Internet Drivers License" are correct, all posts could be required to be
signed by the orginator. Forwarders would be held responsible for checking
signatures, or, at least, be held liable for misdeeds. They would not be
treated as we treat the carriers of sealed packages, for example. (I can
think of many counter-arguments, including the usual one about a forwarder
not knowing the contents of what he was forwarding, not being able to tell
if a file was noise, data, compressed data, or an encrypted packet...while
I find this persuasive, it may take years of expensive court cases to
establish this, and still might go against this interpretation.)

* Corporations are having their secrets stolen, and are demanding that
something be done. (Expect more of these calls to increase as more cases
like the RC2 case arise...without supporting RSA in their anger, I can see
why remailers scare the hell out of them,)

* Groups as disparate as the Church of Scientology and the Simon Wiesenthal
Center are screaming to have the Net regulated. What major groups will be
next? The Catholic Church? The Junior League? As more groups "threatened"
by the anarchic, free speech of the Net decide to cast their lot in with
the government (with hopes that if they scratch the government's back,
it'll return the favor, or at least help control the marauders), the
constituency for clamping down on the Net will grow.

* And the tax authorities, the IRS, FinCEN, etc., are well-known to be
trying to figure out how to get their cut, how to control the spread of
untaxed transactions, and how to make sure that Chaumian untraceable
digital cash is never fully deployed. You can bet that they would love to
have Visa or Mastercard or one of the "little" systems that allows full
traceability be adopted, maybe even mandated. This would in one fell swoop
fix several problems for them.

Without getting into paranoia about Clinton, Black Helicopters, U.N. troops
in American cities, the militia movement, Fostergate, etc., it looks to me
like a coordinated move to try to regain "control" of the transnational
Internet anarchy is getting started in earnest.

I said it is not hopeless. Indeed, the powerful technologies of encryption,
digital mixes, and other such tools will make a clamp-down very hard, maybe
ultimately impossible. This is my hope.

But in the meantime, a lot of hard work. And a lot of obvious targets--such
as people who put things on their Web pages, ISPs who let minors on their
systems, those who cause abortion information to be brought in from outside
the U.S., etc.--will be prosecuted, given huge fines to send a message to
others, and maybe even imprisoned. International treaties will be signed,
giving these laws the force of treaty. The New World Order,
cyberspace-style.

I'm not despairing. I just think a lot of work lies ahead of us. The crypto
anarchy future is not going to happen if governments have anything to say
about it. Therein lies the challenge.

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tien at well.sf.ca.us  Fri Feb  2 19:24:32 1996
From: tien at well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:24:32 +0800
Subject: crypto/classification
Message-ID: <199602030232.SAA06904@well.com>


A few weeks ago someone posted the following message:

From: nobody at tjava.com (Anonymous)
Date: Wed, 10 Jan 1996 22:30:55 -0600
Subject: Cryptology and classification

Hi all,

Just received a memo, the "Desk Reference Guide" to Executive Order 12958.
This memo/executive order discusses classified national security
information.  The cypherpunks-interesting aspect of this memo lies in
exceptions to some new guidelines.  Basically, this executive order
removes the authority for the government to "permanently" classify
information.  Basically, classification is now limited to 10 years
(or 25 years in some special cases).  The exceptions to this allow
classification for longer durations for certain types of material.
These types include things like protecting intelligence sources and 
nuclear weapons design info.  One of the other exeptions is for:

"...information that would impair United States cryptologic systems
or activities."

This appears to be taken directly from the executive order, so these
types of decisions are being made at high levels.  Thought you might
be interested.

        Hooker

I'm curious whether the "desk reference" contains more than the mere text
of the Executive Order.  If it does, I'd like to get a copy, since the FOIA
cases I handle typically involve classified information.

Please reply personally, since I only read the list in digest form.

Thanks!
Lee Tien







From tien at well.sf.ca.us  Fri Feb  2 19:30:48 1996
From: tien at well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:30:48 +0800
Subject: Encryption and the 2nd Amendment
Message-ID: <199602030233.SAA07384@well.com>


I agree that a 2nd A. argument is legally worthless; so do Mike Godwin and
other persons whose legal opinions are generally carefully considered.  

FWIW, I note that one gov't study of the constitutionality of encryption
restrictions, done by some law profs for DOEnergy, had a section surveying
the possible applicability of the 2nd A.  Since we are not using this
argument in Bernstein, I didn't read the section with any care.  The thrust
was, if I recall correctly, that even if the 2nd A did apply, it has so
little force that it doesn't matter (i.e., one can't easily point to
doctrine calling for "heightened" or "strict" scrutiny under the 2nd; I
happen to believe that there should be some form of scrutiny beyond
"rational basis" for infringement of 2nd A. rights, having been impressed
by Sanford Levinson's analysis, but the cases do not support it).

I suspect that one reason why folks find this approach rhetorically
interesting is that it's got that "you called it that, so . . . " flavor. 
In a different post on a different issue, Perry Metzger referred to
estoppel, and I think the same intuition operates here. But as Michael
Froomkin said, what the State Department calls it shouldn't be relevant to
the meaning for constitutional purposes.  Also, estoppel against the
government is quite limited.  There's a line of cases saying that, and
courts frequently refuse to hold the government to the same kind of
estoppel as private parties.  (Agreeing w/Peter Junger)

Lee Tien

 







From jf_avon at citenet.net  Fri Feb  2 19:37:59 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 3 Feb 1996 11:37:59 +0800
Subject: PGP "official" logo?
Message-ID: <9602030250.AB01223@cti02.citenet.net>


Cc: CypherPunks

Philip Zimmermann , replied to me:

>I'd like to see some suggested logos.  I am closing in on a design
>for a PGPfone logo.
>
>Phil

Well, I tend to believe that you are not reading Cypherpunks currently...

I got some reply that told me that, basically, the inherent anarchy of 
CPunks would make it impossible to hold a vote.  Some even questionned
the utility of a logo.  Some other said that many peoples use non-graphical
software.

While I think that a logo is a nice idea,  I never 
even considered designing one myself before somebody mentionned 
the idea, today on CPunks.

IMO, I think that a logo would appeal to non-techies.  The typical non-
techie attitude is to *ignore* anything he/she does not understand.  The 
proposed label "PGP signed" or similar would not have the effect a good
logo would on certain persons.

A logo could make PGP look "cool".  I am not prejudiced against trying to
attract peoples who would not look up by themselves, especially considering 
the actual condition of the net.

Refuting the usefullness of a logo would be an expression of the 
opinion that dumbness is uncurable.
MHO on it is that while dumbness will always exist, *specific individuals* 
could be educated.  This is especially true of the youngs. And beside, 
the masses never made anything change for the better... 

In this optic, and regarding the fact of the immense popularity of 
software that requires little computer knowledge, I think that a logo 
is not only appropriate but also necessary, if encryption issues are to 
be resolved in our favor.

Many techies, and many members of CPunks are of this type, scorn at the
"uneducated" public.  It is a great mistake they do.  Not because they
have have a duty to the public, but because in the "public", lives 
intelligent individual that, for a multitude of reasons, did not 
follow the same path as them.  They owe it to themselves, our of selfishness
to spread their vision of the world

Regards


JFA  B.Sc. Physics

P.S. Thanks for having written PGP.






From tien at well.sf.ca.us  Fri Feb  2 19:38:10 1996
From: tien at well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:38:10 +0800
Subject: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602030235.SAA08181@well.com>


I don't practice intellectual property law, but I think y'all should be
careful, legally speaking.  Without more facts, you don't know if the
purported disassembly was lawful.  


>From: Rich Salz 
>Date: Thu, 1 Feb 1996 19:46:50 -0500
>Subject: Re:  RC2 Source Code - Legal Warning from RSADSI
>
>Once lost, trade secret can never be regained.  The person(s) responsible
>can be sued so they never work again :), but it's unclear if RSA can
>stop anyone using unpublished trade-secret source.
>
>At any rate, I'll stop my comparison of the distributed RC2 and the 
>licensed RC2 since RSA's done it for us. :)
>        /r$

I think the first and second sentences don't map.  It's true that once a
trade secret is "lost," it's lost (though I suppose if everyone forgets it
and someone rediscovers and protects it it's regained).

But you must distinguish between *legally* lost and merely practically
disseminated.  Trade secrecy is not complete or real secrecy.  If I were
under NDA to RSA to keep RC2 secret, passed it on to Rich, and RC2 met the
legal test for trade secrecy, it is still a trade secret in the law.  I
don't recall the remedies, but I'm fairly sure that if Rich has the right
level of knowledge/notice, he's not immune.

>From: "Brian A. LaMacchia" 
>Date: Thu, 1 Feb 96 21:06:12 -0500
>Subject: Re: RC2 Source Code - Legal Warning from RSADSI
>
>   Date: Thu, 1 Feb 1996 18:26:15 -0500
>   Mime-Version: 1.0
>   Content-Type: text/plain; charset="us-ascii"
>   From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
>   Sender: owner-cypherpunks at toad.com
>   Precedence: bulk
>
>   Now, copyright might be another matter.    But you can't copyright an
>   algorithm, only specific text in fixed form (ie, the source code).  So this
>   would mean you couldn't use the particular code posted to sci.crypt, but
>   wouldn't stop anyone from using the algorithm, if they wrote their own code
>   (to be safe, without having seen the RSA-copyrighted code, only having the
>   algorithm described to them by someone else).   
>
>If the source code posted to sci.crypt was in fact a copy of an RSADSI
>copyrighted soure code listing, then making copies of that listing is a
>copyright violation.  However, copyright protection does not extend to
>the underlying algorithm, so unless RSADSI has a patent on the algorithm
>the idea is free, and can be reimplemented using a "clean room" or
>"Chinese wall" approach.  If the posted source code was *not* a copy of
>RSADSI source code but instead produced by disassembling object code
>RSADSI's claims are tenuous at best.  RSADSI could conceivably claim
>that the disassembled code is a derivative product of their copyrighted
>object code, but I think they would have a hard time distinguishing
>themselves from the facts in _Sega v. Accolade_.
>
>I fail to see how the legality of "alleged-RC2" is any different than
>that of the "alleged-RC4" code which was published last year.
>
>                                                --bal

Trade secrecy is separate from either copyright or patent.  It covers both
patentable and nonpatentable stuff.  Its great advantage is its potential
duration -- so long as it's not independently generated or
reverse-engineered.  Its great drawback is it's hard to maintain.  

I think Brian is right in what he said, but the critical qualification is
how the posted source code was produced.  One could have a trade secret in
the algorithm; Sega v. Accolade only addresses the copyright issues, if
memory serves.  The Ninth Circuit found that the dissassembly was
infringement, because it involved copying of the protected expression, but
excused the infringement based on "fair use."  *** Keep in mind that fair
use is multifactor, and the Sega decision expressly noted that Accolade was
only trying to achieve compatibility, only indirectly harming the market
for Sega's videogames.  This alone might distinguish disassembly to get RC2
source in order to put RC2 "out there," even from a copyright perspective.

What's unclear in the law is RSA's power to control dissassembly by
contract.  Traditionally, reverse engineering has always been a legitimate
means of penetrating trade secrecy.  The problem arises, though, if one
agrees not to reverse-engineer.  If I got an RSA product and agreed not to
disassemble and not to disclose anything I might happen to discover, then I
have a contractual, not statutory, duty.  This is like the shrink-wrap
license issue:  if I buy Lotus Notes, a shrink-wrap "no dissassembly"
provision may well be unenforceable.  Such a provision is more likely
enforceable in a truly bargained contract.  This is all contract law.

So if the person who disassembled was under a contractual bar, disassembly
could be misappropriation.  (I'm not clear on current misappropriation law,
which is in a statute in California if I recall.)

I'm not really up on all this, and it's very fact-sensitive, but I don't
think the legal issues are very simple, and I would counsel some caution. 
Are those enough qualifications and disclaimers?  

Lee







From tcmay at got.net  Fri Feb  2 19:38:23 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 11:38:23 +0800
Subject: Futplex makes the news!
Message-ID: 


At 2:28 AM 2/3/96, Mike Duvos wrote:
>On 2 Feb 1996 19:02:29 -0500, you wrote:
>
>>I think the whole endeavor was a resounding success, and I wish I had been
>>on the ball enough to participate in it.
>
>[deletia]
>
>>The important thing is that Rich, Declan, Futplex, and anyone else
>>participating showed the world that censorship on the internet, if not
>>impossible, is at least a good deal more dificult then people thought.
>
>Before poo-pooing Tim, declaring victory, and returning home, it
>should be noted that German prosecutors today added AOL to the list of
>entities they wish to charge with "inciting hatred."
>
>UMASS will of course test the political waters before taking any
>action, but we may yet see the gonads of Futplex hanging from one of
>the upper floors of the Graduate Research Center.  :)
>
>Time will tell whether we have won this war, or have simply
>encountered a lull after the first onslought by the enemy.

Meaning no disrespect to any of my colleagues here, but is there now some
sense that "we won"?

I don't see it this way. And the Germans don't seem to think they lost.

Let's look at where this issue is. The UMass admins yanked the Zundelsite
info, Declan has voluntarily withdrawn his ZS info, Germany is accelerating
its threats against CS, AOL, etc., and of course the Communications Decency
Act is about to be signed into law.

Maybe I'm not seeing the Boston-area papers, and their spin on things, but
it doesn't seem to me that an anti-censorship interpretation is getting a
lot of press. What I am sensing is just the opposite, that a bunch of
babykilling Nazis bent on taking over the Internet just had their main
Propaganda Center at UMass shut down by the forces of light. This is the
spin on the story I'm sensing.

(Hate to say it, but the nuances of free speech are lost on most people. To
most of them, putting Holocaust denial information on a site is ipso facto
proof of genocidal racism. I wouldn't be surprised to see the various
groups at UMass foaming at the mouth next week in the campus newspaper to
get the "notorious racist" Lewis McCarthy sanctioned or thrown out.
University administrators  will try to cool things off, but will keep
feeling the pressures from various "aggreived" groups until something just
has to be done. I've seen this many times at Stanford, UC Santa Cruz,
Berkeley, and elsewhere.)

Here's to hoping Rich's site remains up.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at REPLAY.COM  Fri Feb  2 19:45:38 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 11:45:38 +0800
Subject: What is this threat?
Message-ID: <199602030254.DAA04307@utopia.hacktic.nl>



The USG offers a $500,000 reward for stopping:

   Perception management and active measures activities.

The FBI DECA terms it one of seven "foreign intelligence 
activities that are deemed to be significant threats to  
U.S. national security interests."

----------

URL: http://www.fbi.gov/deca.htm
    
_______________________________________________________
   
DECA (pronounced "DECK-UH") is the FBI's program for the
Development of Espionage, Counterintelligence and
Counterterrorism Awareness. The DECA program disseminates
information concerning national security matters.
   
The FBI is the lead counterintelligence agency in the
United States. It has the principal authority to conduct
and coordinate counterintelligence and counterterrorism
investigations and operations within the United States.
The FBI, supported by other U.S. agencies as needed,
conducts espionage investigations when the subject of the 
investigation is not under the jurisdiction of the
Department of Defense, Uniform Code of Military Justice.
_______________________________________________________
   
NATIONAL SECURITY THREAT LIST
   
The FBI's foreign counterintelligence mission is set out
in a strategy known as the National Security Threat List
(NSTL). The NSTL combines two elements:

*  First, it includes national security threat issues
   regardless of the country of origin.

*  Second, it includes a classified list of foreign
   powers that pose a strategic intelligence threat to
   U.S. security interests.

The issue threat portion of the NSTL was developed in
concert with the U.S. Intelligence Community and key
elements of the U.S. Government. As a result, the FBI
identified seven categories of foreign intelligence
activity that were deemed to be significant threats to 
U.S. national security interests. The FBI will
investigate the intelligence activities of any country
that are related to any of these seven issues. They are:

1. Proliferation of special weapons of mass destruction
   to include chemical, biological, nuclear, and delivery
   systems of those weapons of mass destruction.

2. Collection of information relating to defense
   establishments and related activities of national
   preparedness.

3. U.S. critical technologies as identified by the
   National Critical Technologies Panel.

4. Targeting of U.S. intelligence and foreign affairs
   information and U.S. Government officials.

5. Collection of U.S. industrial proprietary economic
   information and technology, the loss of which would
   undermine the U.S. strategic industrial position.

6. Clandestine foreign intelligence activity in the
   United States.

7. Perception management and active measures activities.

_______________________________________________________
    
NATIONAL CRITICAL TECHNOLOGIES
   
Foreign intelligence activities directed at U.S. critical
technologies are of specific interest to the FBI. These
critical technologies are listed as follows:

   *  Materials:

      +  Materials synthesis and processing
      +  Electronic and photonic materials
      +  Ceramics
      +  Composites
      +  High-performance metals and alloys

   *  Manufacturing:

      +  Flexible computer-integrated manufacturing
      +  Intelligence processing equipment
      +  Micro- and nanofabrication
      +  Systems management technologies

   *  Information and communications:

      +  Software
      +  Micro and optoelectronics
      +  High-performance computing and networking
      +  High-definition imaging and displays
      +  Sensors and signal processing
      +  Data storage and peripherals
      +  Computer simulation and modeling

   *  Biotechnology and life sciences:

      +  Applied molecular biology
      +  Medical technology

   *  Aeronautics and surface transportation:

      +  Aeronautics
      +  Surface transportation technologies

   *  Energy and environment:

      +  Energy technologies
      +  Pollution minimization, remediation, and waste
         management

_______________________________________________________
   
National Security Begins With You
  
You may be the target of foreign intelligence activity if
you or your company are associated in any of the critical
technologies listed above. Foreign powers may also seek
to collect U.S. industrial proprietary economic
information and technology, the loss of which would
undermine the U.S. strategic industrial position. Foreign
intelligence collectors target corporate marketing
information in support of their nation's firms. Overseas
travel, foreign contact, and joint ventures may further
increase your exposure to the efforts of foreign
intelligence collectors. If you suspect possible foreign
intelligence activity, or have questions concerning the
National Security Threat List strategy, please contact
the FBI DECA Coordinator at the FBI Field Office nearest
you.

_______________________________________________________

Up to $500,000 Reward for Stopping Espionage
  
An amendment to title 18 U.S.C. Section 3071, recently
enacted, authorizes the Attorney General to make payment
for information of espionage activity in any country
which leads to the arrest and conviction of any
person(s):

1. ...for commission of an act of espionage against the
   United States;

2. ...for conspiring or attempting to commit an act of
   espionage against the United States;

3. or which leads to the prevention or frustration of an
   act of espionage against the United States.

Specifics of this amendment can be obtained from any FBI
DECA Coordinator.

_______________________________________________________

FBI Contact Numbers:
   
To report suspected illegal intelligence or terrorism
activity against the interest of the United States,
telephone the DECA Coordinator at the FBI Field Office
nearest you.

Update Version: 9/25/95

_______________________________________________________







From ravage at ssz.com  Fri Feb  2 19:51:16 1996
From: ravage at ssz.com (Jim Choate)
Date: Sat, 3 Feb 1996 11:51:16 +0800
Subject: Encryption and the 2nd Amendment (fwd)
Message-ID: <199602030328.VAA03766@einstein.ssz.com>



Forwarded message:

> Date: Fri, 2 Feb 1996 18:37:24 -0800
> From: tien at well.sf.ca.us (Lee Tien)
> Subject: Re: Encryption and the 2nd Amendment
> 
> I agree that a 2nd A. argument is legally worthless; so do Mike Godwin and
> other persons whose legal opinions are generally carefully considered.  
> 

I still believe this issue is a prime candidate for testing the 9th and
10th. There is nothing specific in the Constitution which allows the
government to control crypto technology (or any technology actualy) which is
contrary to the 10th. Per the 9th it should be left up to the states or the
people to decide. The current group of issues as mentioned in a post by Tim
May earlier today are all related by these amendments. The precedence of the
legislative and court bodies in this country ignoring these amendments may
be at an end.






From jf_avon at citenet.net  Fri Feb  2 20:12:28 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 3 Feb 1996 12:12:28 +0800
Subject: sent to U.Mass
Message-ID: <9602030349.AA03495@cti02.citenet.net>


Hi CPunks.

I went into www.umass.com, somewhere into it up untill I could find an e-mail
adress, and mailed this letter:



-----BEGIN PGP SIGNED MESSAGE-----

to: Dean of the University.

From: Jean-Francois Avon
Pierrefonds, QC, Canada

jf_avon at citenet.net


While I do not believe nor endorse the neo-nazi movements and their ideas, I consider interesting to be able to look at their arguments, if only to make my own opinion of them.

I understand that you banned a WWW site providing such information.  I also understand that this site presented this information to oppose the german govt. in their censoring actions against some such sites.  I do not have a first hand knowledge of the content of the specific site (Zundel) that started the whole thing and I am convinced that many other pro-nazi might use some material presented in a decent way for quite questionnable ends.

But nevertheless, from what I read, you seemed to have banned a site out of political correctness.  I hope it is not true.

Unfortunately, freedom and liberty, thoses crutial and typically american values, seems to be eroded first by thoses trusted to protect them: the american intellectual and scholar.

We live in a very sad world, where reason is dissapearing slowly, being replaced by fear and low animal instincts.

Please pardon my poor english.

Jean-Francois Avon

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRK0IgOWptJXIUrtAQHt1AP+ND5LeFPpc/ypyS2eBkK1SAsAyZazNpBf
t9vrBs3LOgu8wCmfKV+H9Qczfp4wCtcs3gMux+U7w1E7Xj556iPBCXNcYLVI/RBN
8DzJLYN3ANlJIZqKDSv+GGmsfvx+wIXKEFiM8lKV+D1PZIeZ1HEdy9N3vT6H12oL
1LOQKRLG4tM=
=H4wq
-----END PGP SIGNATURE-----






From jordan at Thinkbank.COM  Fri Feb  2 20:27:21 1996
From: jordan at Thinkbank.COM (Jordan Hayes)
Date: Sat, 3 Feb 1996 12:27:21 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: <199602030401.UAA19434@Thinkbank.COM>


	From tcmay at got.net Fri Feb  2 19:10:21 1996

	I'm not despairing ...

It seems to me that all the things you pointed out are just symptoms
of the Internet growing up.  You mentioned on the one hand that
you don't like the trend that you see culminating in having all
USENET posts be signed, but on the other hand that you'd like to
see a 'sealed package' approach to your packets.

The problem is clear: USENET *isn't* 'sealed packages' -- it's
practically an outdoor billboard.  And I think it's logical to
expect some concensus-based rules for behavior there.  This whole
uproar about 'porno on the net' has to do with how children can
'stumble' upon it, as opposed to, say, renting it from Blockbuster[*].

I'm a little more upbeat than Tim, I guess.  I see the trend toward
'socialization' on the 'public' part of the Internet as ultimately
just fine, and the trend toward finding private means ('sealed
packages') to transmit 'private' goods continuing.  Soon I hope
that there will be as much chance of children 'stumbling upon'
X-rated JPEGs as they can today image satellite-delivered porno in
their heads without a dish.

I think the trend will continue so that people will eventually feel
that their e-mail is about as safe from 'the public' as a phone
call is.  Absolute privacy will be resisted from the top because
being 'in power' means always having a final veto; but what is the
real risk of this?

And don't forget: if you have privacy, you don't need anonymity.
Swiss banks provide the ultimate example.

/jordan

[*] I think community standards are important.  Whether it's speed
bumps on side streets or calls for silence in a jazz club, the
participants in a group should get to decide what is acceptable
behavior within their group.  That being said, I also believe it
is one of the few roles that a national government to provide is
guidance about a small number of issues (so before you hit that
'R' key, I don't believe that small towns can assert racism in
their town charter ...).





From llurch at networking.stanford.edu  Fri Feb  2 20:42:26 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 12:42:26 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Feb 1996, Timothy C. May wrote:

> At 2:28 AM 2/3/96, Mike Duvos wrote:
> >On 2 Feb 1996 19:02:29 -0500, you wrote:
> >
> >Before poo-pooing Tim, declaring victory, and returning home, it
> >should be noted that German prosecutors today added AOL to the list of
> >entities they wish to charge with "inciting hatred."
> >...
> >Time will tell whether we have won this war, or have simply
> >encountered a lull after the first onslought by the enemy.
> 
> Meaning no disrespect to any of my colleagues here, but is there now some
> sense that "we won"?
> 
> I don't see it this way. And the Germans don't seem to think they lost.

That's what they thought in 1945, too. I'd really hate to have to nuke
them from orbit. I maintain (I hope a little more coherently now) that
widely publicized subversion is far more effective than a frontal assault.
Who holds up the nuking of Hiroshima and Nagasaki as great victories
against tyranny? 
 
> Maybe I'm not seeing the Boston-area papers, and their spin on things, but
> it doesn't seem to me that an anti-censorship interpretation is getting a
> lot of press. What I am sensing is just the opposite, that a bunch of
> babykilling Nazis bent on taking over the Internet just had their main
> Propaganda Center at UMass shut down by the forces of light. This is the
> spin on the story I'm sensing.

I think this sense is wrong.

Yesterday's "Modem Driver" column in the San Jose Mercury News was poorly 
researched, but had the right spin. It mentions that the operator of 
webcom.com is the grandson of a Holocaust victim, so he gets the Mom & 
Apple Pie vote.

 http://www.sjmercury.com/living/daveplot/modem084.htm

Front page of the Stanford Daily, which generated calls from the San Jose 
Merc and the Chronicle of Higher Edication, which are likely to get the 
story right:

 http://www-Daily.stanford.edu/2-2-96/NEWS/index.html

[No, I am *not* happy to get all the credit there]

AP story in Boston Globe (long and ludicrous on-line URL, and OK, so this 
is not the greatest story, but I think it's somewhat positive):

 http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

Web Review (good, even though he totally misrepresented what I'd said 
without even bothering to try to reach me):

 http://www.gnn.com/gnn/wr/96/02/01/news/ndn/zundel.html
 http://www.gnn.com/gnn/wr/current/news/ndn/telcom.html

The News & Observer (also never bothered to contact me before stating 
what I believed):

 http://www2.nando.net/newsroom/ntn/info/020296/info2_20579.html

> (Hate to say it, but the nuances of free speech are lost on most people. To
> most of them, putting Holocaust denial information on a site is ipso facto
> proof of genocidal racism.

I think it is, if (and only if) you agree with it.

> I wouldn't be surprised to see the various
> groups at UMass foaming at the mouth next week in the campus newspaper to
> get the "notorious racist" Lewis McCarthy sanctioned or thrown out.

I certainly would.

> Here's to hoping Rich's site remains up.

I've shut off access and challenged Zundel to get his many friends to run
their own damn mirrors. They could, you know -- at least one of them has a
T1. But I will put the files back (on c2.org and/or netcom and/or AOL
accounts, because it's just not ethical for me to involve Stanford in
this) if Deutsche Telekom continues to block access to webcom.com after,
say, next Wednesday. 

If they're not back up by, say Monday, I'll post an ultimatum to the 
above effect.

Netcom has hosted several notorious hate groups for years. There's no way 
in hell they'd buckle, and they're big enough to matter. Probably bigger 
than Stanford and CMU combined, though without quite the same symbolic 
power.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRLgRI3DXUbM57SdAQHDDwP/XI0VJKQ9mELfCFeo/HLxqfanO4Xw1xcu
bXPiao91PCSKYJIfOM0Xku90bQB2rdVgbFLqX1fxbUu3cHi8pmq9ZRtV8rWgLcvR
WpMnmslOZjTmoIjUL5llRmQbPhUWhYithCQuP1EXsoZ/mo8ngQyW0AfGPvYWyGpe
dK3Zn0YohvQ=
=2k0/
-----END PGP SIGNATURE-----





From alano at teleport.com  Fri Feb  2 20:55:07 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 3 Feb 1996 12:55:07 +0800
Subject: RSA disappears :-)
Message-ID: <2.2.32.19960203042904.00928b40@mail.teleport.com>


At 01:28 PM 2/2/96 -0800, John Pettitt wrote:
>rsa.com dissapeard from the net!  The only valid nameserver for rsa.com is
>rsa.com and since it's net connection is down anybody trying to talk to
>www.rsa.com or send mail to rsa is getting host not found errors.

Maybe it was because Tim May broke their cover.

Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From ampugh at mci.newscorp.com  Fri Feb  2 21:05:27 1996
From: ampugh at mci.newscorp.com (Alan Pugh)
Date: Sat, 3 Feb 1996 13:05:27 +0800
Subject: PGP "official" logo?
Message-ID: <199602030147.UAA29244@camus.delphi.com>


=snip=
>Why is an icon or logo preferable to "Begin PGP signed..."? The little
>rose, or chevrons, or escutcheons, or whatever, then have to be explained
>to people. "PGP" is actually its own best logo.
>
>(There is also the important point that most uses of PGP are in
>primarily-ASCII settings, in e-mail. Yes, I know that MIME and whatnot can
>support graphics, but such uses are rare. Look at this mailing list, and
>Usenet, for examples of how most messages are composed. I routinely delete
>all messages that have "attachments converted" to them, and others have
>told me they do the same thing.)

i agree with mr. may. graphics are misplaced in email generally. 
it takes long enough to download my mail without the additional
load of cute graphics. i can't image many graphics at all that 
would be much smaller than the biggest sig files.

otoh, it _would_ be useful imo to have a pretty much 'standard' 
graphic to put on web pages similar to the 'netscape' buttons 
you see everywhere. they might do nothing but link to one of the 
cypherpunks home pages, but the more people see them, the more 
aware people will hopefully become. perhaps it will pique some 
folks curiosity. actually, i like rsa's logo, but it is obviously 
taken. 

that said, i've seen a few passes on this list of discussion of a
graphic logo. the archives would be a good place to look for a fairly
massive volume of posts on it.  if anyone has a good idea, put it on a 
page and post the pointer.



amp







From tcmay at got.net  Fri Feb  2 21:40:14 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 13:40:14 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: 


At 4:12 AM 2/3/96, Rich Graves wrote:

>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>against tyranny?

Since you ask, I do.

A land invasion of Japan would've likely cost half a million American
lives, and perhaps a million or more Japanese citizen lives, according to
comprehensive studies I think are on the mark.

(Anecdotally, my father was on Guam at that time, and was part of the force
being prepared for the land invasion of Japan. He was mighty happy to hear
about the new wonder weapon and how it ended the war in days rather than
months.)

If the war was just, then ending it quickly and decisively was more just
than ending it more slowly and painfully. That some Japanese died in a
nuclear fireball rather than in conventional firestorms or blockbuster
bombings is neither here nor there.

Sometimes ya just gotta nuke em.


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From Neal.McBurnett at att.com  Fri Feb  2 22:03:06 1996
From: Neal.McBurnett at att.com (Neal McBurnett)
Date: Sat, 3 Feb 1996 14:03:06 +0800
Subject: Analysis of PGP keyserver web of trust
Message-ID: <9602030545.AA06363@lever.dr.att.com>


-----BEGIN PGP SIGNED MESSAGE-----

I wrote a Java program to analyze the the PGP web of trust and I've
documented it on some web pages.  They include information on the
strongly connected components (the largest has 1291 keys in it), the
longest "shortest-path" (21 signatures long), the 'central trustee'
and 'central truster', the mean path length (6.4, by one definition), etc.

	http://bcn.boulder.co.us/~neal/pgpstat/

(For those who saw the earlier version, I've fixed some small bugs.)

There is a lot of useful information here for folks who want to
improve the connectivity of the public PGP web of trust.

Cheers,

Neal.McBurnett at att.com  503-331-5795  AT&T Bell Labs, Denver/Portland
WWW: http://bcn.boulder.co.us/~neal/Home.html  (with PGP key)

- -----------------------------------------------------------------------

                           PGP Keyserver Statistics
                                       
   This is an analysis of the web of trust among users of the leading
   technology in the world of secure email communications, Pretty Good
   Privacy (PGP). See the [1]PGP Frequently Asked Questions for more
   information on PGP itself and other related tools.
   
   There is a set of public key servers around the world which allow PGP
   users to register their keys and publicly sign each other's keys via
   [2]email and [3]WWW interfaces. This analysis is based on the public
   keyring obtained from
   [4]ftp://ftp.uit.no/pub/crypto/pgp/keys/pubring.pgp on _1 Jan 1996_.
   For comparative analysis, here is the [5]Jan 1 version (7,976,108
   bytes long). I could also provide a shorter and simpler file format
   which just lists which keyIDs signed which keyIDs. If there is
   interest, updates can be provided.
   
Overall Statistics


Public keys submitted ('pub'):          19124
Signatures ('sig'):                     28031
Total number of unique keys referenced: 21107
Revoked keys:                           839

Self-signed keyIDs:                     7300
Other unique keyID-signs-keyID pairs:   17908

   Note that less than half of the keys are signed by themselves. People
   should _always sign their own UserID_ on their own key! Otherwise,
   someone else can surreptitiously change the email address in order to
   encourage correspondents to send email to the wrong place.
   
   Only about 1/3 of the keys are signed by at least one another key, and
   only 1/6 have 2 signatures.
   
     To be a "good PGP-citizen", you should
     * Be very careful about signing keys. Have first-hand knowledge
       based on hard-to-forge communications that the key's fingerprint
       (pgp -kvc) in your keyring matches the user's real fingerprint.
     * Sign the keys of at least two other people
     * Get at least two signatures on your own key.
     * Extra credit: Sponsor a [6]key-signing party
       
Strongly-Connected Components

   A 'strongly-connected' set of keys is defined as a set in which every
   key leads to every other key via some chain of signatures (aka
   signature path). Note that we are not incorporating any PGP-specific
   rules for establishing trust (e.g. the default CERT_DEPTH of 4, the
   default requirement for two 'marginally trusted' introducers to
   establish trust, etc.).
   
   After running pgp -kc on the keyring (with MIT PGP 2.6.2, for almost 2
   days...) the number of signatures dropped from 28031 to 25810,
   presumably because some old signatures where thrown out. The analysis
   here was done with the original keyring, so all versions of PGP will
   not recognize all the signatures which are accepted here.
   
   Note that the program used for this analysis (pgpstat.java) so far
   only deals with keyID-keyID relationships, rather than dealing
   separately with each keyID/UserID pair. It does properly ignore
   revoked keys.

Size of 'strong': largest strongly-connected component: 1291
Size of 'signees': keys signed by 'strong':             2775
Size of 'signers': keys which sign 'strong':            2001

   The [7]largest strongly-connected component of this keyring (the set
   names 'strong') has 1291 keys in it. The [8]next-largest
   strongly-connected component has only 16 keys in it. There are another
   1484 keys which are directly or indirectly signed by at least one key
   in 'strong' but which do not sign any key in 'strong' and are thus not
   in the strongly-connected component, for a total of 2775 keys in the
   'signees' set that can be reached from the 'strong' set. Similarly,
   there are a total of 2001 keys in the 'signers' set which directly or
   indirectly sign at least one key in the strong component.
   
Shortest-Path Distances

   Using a breadth-first search of the keyspace, we can calculate the
   shortest path from one keyID to other keyIDs it has directly or
   indirectly signed.

Mean distance from strong keyIDs to signees:    6.41189
Mean distance to strong keyIDs from signers:    6.70961

Maximum shortest-path distance:                 21

   First, for each key in 'strong', we compute the mean length of the
   shortest path necessary to reach each key in 'signees': 6.41189. Next
   we do the converse, following paths of signatures into the strong
   component rather than out of it. The mean distances are different
   because a different set of keys is involved: signers vs signees.
   
   Finally, we note that there are several pairs of keys which have a
   shortest path distance of 21 between them. Here is the [9]example
   path, between these two keys:

6CB05C95 Karl F. Scheibner 
82996935 Brett Dubroy <1:225/357 at fidonet.org>

   Anyone who is along this path can improve the tightness of the web of
   trust by finding someone they know further along the path and
   carefully signing their key.
   
Centers of Trust: the Central Trustee and Central Truster

   By examining the shortest-path data more closely we can identify the
   keys which are closest to the 'center' of the web of trust. The
   'central trustee' is the key which is signed most directly by others:
   the key which has the shortest mean distance from all of the
   'signers'. Here is the current "top 10":

Mean    Max     KeyID           UserID
4.17191 11      CE766B1F        Paul C. Leyland 
4.30235 12      53AAF259        Klaus-Peter Kossakowski, DFN-CERT 
4.37881 12      32DD98D9        Vesselin V. Bontchev 
4.38381 12      D410B7F5        DFN-CERT 
4.4043  13      DA0EDC81        Phil Karn 
4.4073  12      F82CEA91        Simon Cooper 
4.43778 13      C1B06AF1        Derek Atkins 
4.46527 13      466B4289        Theodore Ts'o [SIGNATURE] 
4.47576 12      C7A966DD        Philip R. Zimmermann 
4.48426 12      8E0A49D1        Wolfgang Ley, DFN-CERT 

   You can also get the [10]full list by mean distance.
   
   Here is the [11]distance to the cental trustee from the each of the
   signers along with info on how many keys sign and are signed by each
   key.
   
   The converse of this is the 'central truster', the key which trusts
   other keys most directly:

Mean    Max     KeyID           UserID

3.91928 10      32DD98D9        Vesselin V. Bontchev 
3.97694 11      C7A966DD        Philip R. Zimmermann 
4.0191  12      DA0EDC81        Phil Karn 
4.0418  12      0DBF906D        Jeffrey I. Schiller 
4.05838 11      CE766B1F        Paul C. Leyland 
4.08396 12      7B7AE5E1        Germano Caronni 
4.08973 11      4D0C4EE1        Jeffrey I. Schiller 
4.13405 12      666D0051        Assar Westerlund 
4.17333 12      5826CF8D        John Gardiner Myers 
4.17982 12      466B4289        Theodore Ts'o [SIGNATURE] 

   You can also get the [12]full list by mean distance.
   
   Here is the [13]distance to each of the 'signees' from the central
   truster, along with info on how many keys sign and are signed by each
   key.
   
Further Questions

   Many other aspects of the web of trust could be explored.
     * It is important that the web be multiply-connected. p Good
       software to do bi-connectivity (or tri-connectivity, etc.) for
       directed graphs would be useful, especially if it identifies the
       most significant articulation points (keys which are critical for
       the connection of big pieces of the web).
     * Identification of large cliques or near-cliques (sets of keys
       which all sign each other, related to coloring problem, very
       hard.)
     * Software to generate a high-level graphical view would be useful.
       For example, a directed-acyclic-graph of the connectivity of the
       larger strongly-connected components would be interesting.
     * It shouldn't be too hard to make pgpstat.java into a server which
       could answer custom queries (shortest path from x to y, size of
       component that x is in, suggestions for who might be able to sign
       your key (e.g. other keys from the strongly-connected component
       which are in your domain), etc.)
       
Tools

   The analysis tool, pgpstat.java, is an application written in the very
   nice new language [14]Java (Perl just doesn't have any decent
   hierarchical data structure support...). Source code will probably be
   made available after some cleaning-up for others who want to explore
   different keyrings or other avenues of analysis.
   
   Performance note: the algorithms used here mostly scale linearly in
   time complexity, based on the sum of the numbers of keys and
   signatures. In particular this is true for the code that finds the
   strongly-connected components (thanks to a favorite professor of mine,
   Bob Sedgewick, and his "Algorithms" book!)
   
   The one notable exception is finding the centers of trust and the
   longest shortest-path, which is quadratic in the size of the connected
   set, but doesn't have to be computed nearly as often, as a practical
   matter. The full analysis took less than 30 minutes using one
   processor on a Sun Sparc 1000 (50 Mhz?). There are lots of
   opportunities for optimization, and hopefully non-quadratic algorithms
   for at least approximating the center/longest path problems.
   
   Please let me know if you have any feedback on this analysis.
     _________________________________________________________________
                                      
   [15]Neal McBurnett 

References

   1. http://www.quadralay.com/www/Crypt/PGP/pgp00.html
   2. http://www.pgp.net/pgp/email-key-server-info.html
   3. http://www.pgp.net/pgp/www-key.html
   4. ftp://ftp.uit.no/pub/crypto/pgp/keys/pubring.pgp
   5. file://localhost/home/neal/public_html/pgpstat/public-keys.960101.pgp
   6. http://www.quadralay.com/www/Crypt/PGP/pgp06.html#608
   7. file://localhost/home/neal/public_html/pgpstat/strong-from
   8. file://localhost/home/neal/public_html/pgpstat/strong2
   9. file://localhost/home/neal/public_html/pgpstat/maxpath
  10. file://localhost/home/neal/public_html/pgpstat/strong-from
  11. file://localhost/home/neal/public_html/pgpstat/signers
  12. file://localhost/home/neal/public_html/pgpstat/strong-to
  13. file://localhost/home/neal/public_html/pgpstat/signees
  14. http://www.javasoft.com/
  15. http://bcn.boulder.co.us/~neal/Home.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMRL1t8KbwnFPAGm1AQHizwIAn+HiF7ohgcxlYAI9OS4St9FFghzCQ+8v
TQYKssbcqS06Y0kkeTYyKFBRfwTrulxugE+aq6Jchpw2vo0C6YvEdA==
=mXbe
-----END PGP SIGNATURE-----





From edgar at Garg.Campbell.CA.US  Fri Feb  2 22:19:45 1996
From: edgar at Garg.Campbell.CA.US (Edgar Swank)
Date: Sat, 3 Feb 1996 14:19:45 +0800
Subject: OFFSHORE RESOURCES
Message-ID: <7VHPiD2w165w@Garg.Campbell.CA.US>


Another URL for offshore investing, etc. is

  http://www.dnai.com/offshore/offshore.html

Edgar W. Swank   

-- 
edgar at Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108





From ses at tipper.oit.unc.edu  Fri Feb  2 22:22:49 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sat, 3 Feb 1996 14:22:49 +0800
Subject: Analysis of PGP keyserver web of trust
In-Reply-To: <9602030545.AA06363@lever.dr.att.com>
Message-ID: 


There's a bunch of nifty graph-mangling code available as part of the 
stanford graphbase (literate CWEB, written by DEK; I think that had some 
stuff for bi-connectedness).


Simon //  TeX Files - Don Knuth is out there





From dmandl at panix.com  Fri Feb  2 22:32:59 1996
From: dmandl at panix.com (David Mandl)
Date: Sat, 3 Feb 1996 14:32:59 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: 


At 8:02 PM 2/2/96, Timothy C. May wrote:
>*Universities, corporations, and even ISPs are explicitly adopting policies
>that allow them to inspect e-mail at will. (If the arrangement is made in
>advance, it may not violate the ECPA to do this...and I'm not saying there
>aren't some good reasons why these entities would want the right to inspect
>e-mail (their liability being a good example), just noting the growing
>situation.

On that note...

A good friend of mine was fired (forced to resign) from her Wall Street
programming job recently.  The reason: her employer "just happened" to
stumble onto a message she'd posted to a mailing list a year ago, in which
she'd said some "very unflattering" things about the company.  The message
in question was posted from her personal email account (so it in no way
violated the company's rather strict internet use policy) and was the only
such message she'd ever posted.

However, one other piece of email was cited, this one also containing an
unflattering reference to the company but never mentioning them by name.
The obvious conclusion is that they hadn't merely come across this stuff in
an innocent Alta Vista search for "Company Name," but rather had searched
for my friend's name specifically.

My friend is looking into various legal options, so she's asked me not to
say any more for now.  But I consider this a very serious development and a
frightening precedent.  The company in question, incidentally, also does
routine scans of email and archives all incoming and outgoing mail.

As I and others have been saying for a while: what's happening on the net
is another "enclosures" movement.  Yes, I know that on this list that's a
politically incorrect view.  Deal with it.

   --Dave.

--
Dave Mandl
dmandl at panix.com
http://www.wfmu.org/~davem







From merriman at arn.net  Fri Feb  2 23:49:21 1996
From: merriman at arn.net (David K. Merriman)
Date: Sat, 3 Feb 1996 15:49:21 +0800
Subject: PGP & thee
Message-ID: <2.2.32.19960202191849.006aee34@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

I have a couple of questions about the variants of PGP on the CP ftp site:

1> What are the different Mac versions about? Which one goes with which Mac?

2> What are the differences in the different DOS/OS2 versions?

Reason I'm asking is that I've got some folks interested in using PGP, and I want to be able to point them in the right direction.

Emailed responses preferred to save listwidth :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRJGisVrTvyYOzAZAQHxygQAoSHE5FOC20manSJvjprKjUkZyrj/3iCC
dz59IKftq6xxVYEE6ys/m0xnwIEBygayfqQzcvco66QfasFjCbKWakGQgOuW7bnk
UToLUSpnP31UBCozASRrSCDh1he535WHCegqTVCr7dUweDuPC7CGmpp9G78WsmfH
mWNvdOim76s=
=tgOX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From jamesd at echeque.com  Sat Feb  3 00:55:18 1996
From: jamesd at echeque.com (James A. Donald)
Date: Sat, 3 Feb 1996 16:55:18 +0800
Subject: Germany investigates AOL for providing Zundelaccess
Message-ID: <199602030836.AAA13781@blob.best.net>


At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
>      America Online spokesman Ingo Reese in Hamburg said his company
> also was happy to work with the prosecutors. The company is ``totally
> opposed'' to illegal propaganda, he said,

They target the gutless, in order to create precedents 
without having to go to court.

You will recall that AOL also shopped its customers to the 
feds over child pornography.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From tbyfield at panix.com  Sat Feb  3 00:59:35 1996
From: tbyfield at panix.com (t byfield)
Date: Sat, 3 Feb 1996 16:59:35 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: 


At 1:18 AM 2/3/96, Dave Mandl wrote:

>As I and others have been saying for a while: what's happening on the net
>is another "enclosures" movement.  Yes, I know that on this list that's a
>politically incorrect view.  Deal with it.

        "Politically incorrect" on this list? What's gotten into you, Dave?
Really! PCism is what all those goddamn Tax-n-Spend Leftist Liberals
do--you know, like the ones in the _Life of Brian_. Folks here would never
engage in _any_ kind of PCism. I'm shocked, shocked...
        Don't you get it? Nation-states are going to collapse Real Soon Now
(after all, their Imminent Death has been Predicted), and the Markets,
guided by an irresistably beckoning Invisible Hand, will Rise Up against
their Tyrannous Masters and be guided out of State Space into
Crypto-Anarchy[T{C}M], the land of milk and honey. And everyone who's
positioned themselves shrewdly--as your friend no doubt has--will prosper.
No problem!
        Tell your friend she has _nothing_ to worry about. In a few months,
she'll look back and laugh.


--Victor! von Kredulous-am-Kapitalismus

Visit Pere Lachaise!
We got majordomos, we're typing on phone lines, it's Realpolitik Lite & Fun 2!
---------:---------:---------:---------:---------:---------:---------:----
Nostradamus F. Xavier          | Clipto-nemesis: privatization, tons of $$$,
victor at get.not   212-255-2748  | end of history, optimistic tax deductions,
G.A.D.D.I.S.: Nag Hammadi, EG  | C-corps, lecture circuits, insider trading,
Higher power: "What me worry?" | carpal tunnel syndrome, other cool stuff.
"Sleeping policemen are national borders on the Information Soapbox Derby."







From llurch at networking.stanford.edu  Sat Feb  3 01:00:42 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 17:00:42 +0800
Subject: Helping the Crypto-Clueless
Message-ID: 


Bruce Baugh's latest missive inspired me to send the following to my new
racist friends, and also, coincidentally, to those at the Wiesenthal
Center, law enforcement agencies, and so on who also read the list.  Posts
to Stormfront-L are moderated to keep out any non-racist "noise," but I
assume that this message will be approved. Don really has no other choice. 

I imagine that this message will inspire greater awareness of and interest
in cryptographic applications, though I do not have great confidence that
it can do much to address my friends' cluelessness as such. 

I was not inclined to give them any real specifics on how to obtain and
employ cypherpunkish tools. After all, we're not very close friends. 

-rich

---------- Forwarded message ----------
Date: Sat, 03 Feb 96 08:21:32 0800
From: Not_By_Me_Not_My_Views Publishing 
To: stormfront-l at stormfront.org, rich.graves at leland.stanford.edu
Subject: Publicizing Stormfront-L; Internet privacy resources; Copyrights

-----BEGIN PGP SIGNED MESSAGE-----

I was surprised and disappointed to learn recently that there are no 
public archives of the Stormfront list. Many organizations, most of 
whom are strongly opposed to Stormfront's goals, seem to be keeping 
private logs of everything that is said on Stormfront-L, but to date 
none have made their archives public.

I find this silly. It's an open list, after all, and you know that 
people who do not share your goals are reading the list. With all this 
talk about The Enemy and free expression, it's odd that only The Enemy 
has accurate chronicles, and that you deny the general public the 
right to read what you say.

To address this oversight, I will be opening up my personal archives 
of Stormfront-L to public view on c2.org's Web server. I haven't 
worked out the details yet, but I'll probably be using hypermail, if 
this use is judged to satisfy the license terms.

Don't bother unsubscribing me. There are lots of people who would be 
only too happy to send me their copies of list mail, anonymized. Don't 
bother moving to another list, either, unless you don't mind losing 
all members of the list whose loyalties cannot be established beyond a 
reasonable doubt. See, you can't exactly announce on the list that 
you're moving to a new list where The Enemy can't find you.

Despite the fact that it has always been trivial to determine the list 
membership, I plan to respect list members' privacy by giving you all 
a day to avail yourselves of the large number of anonymity and double-
blind pseudonymity resources available on the Internet.

For information on the most well-known remailer, the penet.fi 
anonymous contact service, send email to both help at anon.penet.fi 
(sends you the FAQ) and ping at anon.penet.fi (assigns you an ID). The 
disadvantages of the penet.fi service are that it is slow (mail is 
delayed as much as 24 hours) and that it is not really secure (records 
of which IDs belong to which real email address are kept on a computer 
in Finland, and are therefore available to very determined law 
enforcement officers and other armed thugs).

Those with a technical bent may wish to look into more secure 
cypherpunk remailers, but they require some brains. Even I don't 
really use them.

Alternatively, if one or more of you have the means and incentive to 
set up a public Stormfront-L archive on the Internet, and very soon, 
then please let me know, and I will drop my plans. The advantages of 
an official public list archive run by someone who shares your goals 
should be obvious. Of course, private archives will still be kept by 
third parties in order to ensure that the official archive remains 
accurate and up to date. Checks and balances, natch.

I would be happy to provide some technical assistance if you need help 
getting started.

On to copyrights. The issue of who owns the copyrights to the 
Zundelsite pages has been raised both privately and publicly (very 
publicly).

It appears that Mr. Zundel has made his choice. The Zundelsite 
materials are in the public domain. Anyone can use them, abuse them, 
modify them, or sell them without violating anyone's intellectual 
property rights. May a thousand Zundelsites bloom. You may also 
include his works on BBSes, CD-ROMs, and T-shirts that you sell for 
personal profit. I'm working on a T-shirt for the "Zundel 
Detournement" contest right now. I doubt any of you would be 
interested in buying one, though.

Still, it would be much better if a formal network of mirror sites was 
established. That way you'd have a channel for receiving updates 
direct from Zundel's webmasters. Unfortunately, it seems that Mr. 
Zundel is embarrassed by the thought of being associated with the 
people who actually want to mirror his site for the content. He has 
had to  publicly distance himself from the very proud white 
supremacist Joe Bunkley, for example.

Most sincerely,

- -rich

P.S. You may have heard it reported recently that the author of PGP, 
which I am using (if this message does not bear a valid PGP digital 
signature, it is probably a forgery) is a Neo-Nazi sympathizer. This 
was untrue, and Phil considers this suggestion to be a serious libel. 
The newspaper that ran the allegation posted a very public and 
detailed retraction. Of course some Neo-Nazi sympathizers do use PGP, 
and so can you. In fact I'd love to exchange key signatures with one
of you guys in the San Francisco Bay Area (I'm sure there are a lot
of you here).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRMa2Y3DXUbM57SdAQFQfwP+LV5H6+YPv9E7HHfmgcm7dQLDf/layB8s
xzUjH5QX8zdWNE5t+9gQt3W7sG3pN1IQ32IxclcmlMBZIQmVzmZ7rbsGq07gwpPc
I7yLqK0KAz8tNND+ZBtXX/lLQ4zu46cb6p2fJsMDS5Gv+cWA+smNE44CiM9reeNX
xlQAV5UeeLA=
=LpPb
-----END PGP SIGNATURE-----





From llurch at networking.stanford.edu  Sat Feb  3 01:20:28 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 17:20:28 +0800
Subject: Germany investigates AOL for providing Zundelaccess
In-Reply-To: <199602030836.AAA13781@blob.best.net>
Message-ID: 


On Sat, 3 Feb 1996, James A. Donald wrote:

> At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
> >      America Online spokesman Ingo Reese in Hamburg said his company
> > also was happy to work with the prosecutors. The company is ``totally
> > opposed'' to illegal propaganda, he said,
> 
> They target the gutless, in order to create precedents 
> without having to go to court.
> 
> You will recall that AOL also shopped its customers to the 
> feds over child pornography.

Didn't they have a court order? Sure they could have resisted, but they
didn't bend quite so far over backwards that they were really bending over
forwards. 

This is an exapmple of the kind of defeatist attitude that I think is 
counterproductive. Instead, say:

"With all the press attention being paid to censorship issues right now,
with the ridiculously Unconstitutional so-called Communications Decency
Act and so on, even America 'Online' is not likely to be so stupid and
spineless as to buckle under now. Ferchrissakes, the guy who runs
webcom.com is the grandson of a Holocaust victim; he deserves everyone's
undying respect for his commitment to the freedoms of someone he so
despises, and is simply not going to lose business because of this stand.
We won't let it happen." 

-rich





From ethridge at Onramp.NET  Sat Feb  3 01:21:33 1996
From: ethridge at Onramp.NET (Allen B. Ethridge)
Date: Sat, 3 Feb 1996 17:21:33 +0800
Subject: Just what the Internet needs right now...
Message-ID: 


>        I'll try to see if I can find some bomb-making information from a
>non-US web site; it may help in counterarguments. Given that I'm still not
>that good at searching, it would be nice if someone else could locate it also.
>        -Allen
>
>Reuters New Media
>
>   _ Friday Febuary 2 4:54 PM EST _
>
>Boys Arrested for Plotting Bomb
>
>
>
>   NEW YORK (Reuter) - Three 13-year-old boys have been accused of
>   plotting to blow up their school after learning how to build a bomb
>   over the Internet, police said Friday.
>
>   The boys were arrested Wednesday after other students at Pine Grove
>   Junior High School in Minoa, New York, heard rumors of their plans and
>   police were alerted, said Capt. William Bleyle of the nearby Manlius
>   police department.
>
>[...]
>
>   One of the boys, believed to be the ringleader, admitted to police
>   that the three eighth graders learned how to build the bomb from
>   instructions they found on the Internet, the global network accessible
>   from home computers.

This was on the national TV news tonight as well.  I'm still trying to
figure out what planet all these people are from.  Boys and bombs have gone
together at least since i was a boy.  Teenage boys were building pipe bombs
back when i was a teenager, in the seventies, before anyone had heard of
personal computers or the internet.  Of course, i didn't learn about bombs
for blowing up entire buildings until much later, when some television show
mentioned combining diesel fuel with  fertilizer.  This show even got
specific as to the type of fertilizer, but i forgot to take notes.

The only counter-argument than makes any sense to me is that this isn't
new.  Boys have been building bombs for years.  Now they get their
information from the internet instead of the library or older kids down the
street.  The information has always been available.

Of course, there is always the argument about parental responsibility, but
that's not as sexy as the evil internet.

        allen







From jcobb at ahcbsd1.ovnet.com  Sat Feb  3 01:50:12 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Sat, 3 Feb 1996 17:50:12 +0800
Subject: Denning's misleading statements
Message-ID: 


 
 
 
  Jeff, 
 
 
  On 01 28 96 you say: 
 
    We [cypherpunks] are becoming the "Bad Guys" in a well 
    orchestrated Psy Ops campaign propagated naively by the 
    4th Estate. 
 
 
  A few days ago I bought Markoff and Shimomura's Takedown. I've 
  read the first three chapters. 
 
  In my opinion: 
 
    (1)  the book is an important part of that well orchestrated 
         Psy Ops campaign 

    (2)  the book's designed from the word go to play that part. 
 
 
  Cordially, 
 
  Jim 
 
 
 






From stewarts at ix.netcom.com  Sat Feb  3 02:19:02 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 3 Feb 1996 18:19:02 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Message-ID: <199602030951.BAA12305@ix2.ix.netcom.com>


At 05:30 PM 1/29/96 -0500, Nathaniel wrote:

>Have you downloaded my key from the net?  Assume that you have.  How do
>you know it's mine?
>
>I use PGP about 20 times per day.  I use it in a manner that is
>*meaningful*.  Unless we have in some way or another verified each
>others' keys, it is meaningless for me to sign a message to you. 
>Putting a PGP signature on a message to someone who has no way of
>verifying your keys is a nice political statement, but is utterly
>meaningless in terms of adding any proof of the sender's identity.  --

We have this discussion around here occasionally; one thing it does
is allows somebody to know that different messages were from the
_same_ person, whether that person is using a purported True Name
or an outright alias.  Another thing it does is allows you to demonstrate,
if need be, that you have the keys that were used to sign a message,
by signing another message with the same key, and optionally by
doing the Web Of Trust thing to validate your identity to someone.
I'm not aware that anyone's actually _done_ this in court,
but Utah and maybe other states have laws recognizing the validity of
digital signatures, and other courts could at least accept it along
with the usual Expert Witnesses.

Obviously it doesn't let you prove that an unsigned message isn't from you,
but that's pretty tough without requiring all messages to be
signed with your True Nationalist-ID-Card Is-A-Citizen Key.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Sat Feb  3 02:19:06 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 3 Feb 1996 18:19:06 +0800
Subject: FV's Borenstein discovers keystroke capture programs! (gifs at 11!)
Message-ID: <199602030951.BAA12309@ix2.ix.netcom.com>


At 09:24 AM 1/30/96 -0500, Nathaniel Borenstein  wrote:
>>  But I just can't believe that he thinks that
>the telephone is more secure on average than a keyboard.
>
>We have a few pages of C code that scan everything you type on a
>keyboard, and selects only the credit card numbers.  How easy is that to
>do with credit card numbers spoken over a telephone?
>The key is large-scale automated attacks, not one-time interceptions.

Speaker-independent recognition of digits is a done deal.
For large-scale automated attacks, you obviously don't wiretap the customer;
you hire The Dread Pirate Mitnick* to wiretap the 800 number for the
Home Shopping Channel, and hoover down the CC numbers of a large
number of known frequent-shopping cardholders.  (Actually, hitting on them
might be a bit tough, since they've presumably got direct T1s or T3s from
one or more carriers, which are harder to tap than the average residence line.)


(*Not the original Kevin "Dread Pirate" Mitnick, who's retired,
but Fred Bargle, who's got the current Dread Pirate Mitnick franchise.... :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Sat Feb  3 02:19:12 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 3 Feb 1996 18:19:12 +0800
Subject: Netscape, CAs, and Verisign
Message-ID: <199602030951.BAA12320@ix2.ix.netcom.com>


At 06:50 PM 1/30/96 -0500, Phill wrote:
>Question is how can Netscape (or anyone else) _securely_ allow an arbitrary
CA's 
>certificate to be used? Certainly the process cannot be automatic. Binding the 
>Verisign public key into the browser may be an undesirable solution, but the 
>problem is to think of a better one.

It's easy, and I gather Netscape has done it in 2.x - let the _user_ decide
what CAs
to trust.  For convenient verification, you can have the user sign the
keys for each of the CAs, and then the chain-following software only needs
to compare each certificate's signer with the user's own pubkey, rather than
comparing with Verisign's.  If you want to be automatic about it, you _could_
have the user sign Verisign's key when first generating keys, or you could
ask the user the first time.  

You've got to pull the wool over your _own_ eyes, here :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Sat Feb  3 02:19:56 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 3 Feb 1996 18:19:56 +0800
Subject: Crypto suggestion - re: Fatal Flaws in Credit Cards
Message-ID: <199602030951.BAA12301@ix2.ix.netcom.com>


Nathaniel's written about the "fatal flaw" in any system that
involves typing credit card numbers into your computer being that
they're easy for a keyboard-sniffer or similar cracker to recognize.
An obvious work-around for this (and for many of the problems with
Social Security / Taxpayer ID numbers) is to use some sort of smartcard
that generates one-shot numbers that the credit card company (or tax thugs)
can map back to the "real" owner's ID.  The downside of this approach
is that you need a lot of bits to support it, since you have to accomodate
the expected number of users * the average uses/user + overhead,
and that may (for credit cards) be annoyingly long to type in
(though fine for electrical-interface cards, or cards that display
their numbers as barcodes for a wand reader, or whatever.)

Some potential algorithms:
1) public-key - 512 bits isn't really enough (cracking it doesn't necessarily
        let you charge to everybody's Visa number, but it does let you
        figure out what everybody's is), and that's already too long.

2) data-base of randomly generated numbers - the would do ok for SSNs;
        give everybody a dozen or two, and let them get more if
        they want.  That wouldn't even require a smartcard, but it
        would tend to require a SSN card that you don't lose,
        since you probably won't remember the dozen long numbers on the back.
        This would of course require redesigning all those databases
        that know an SSN is 9 digits long - I view this as a Good Thing,
        especially since it may get people to stop using them as database keys.

        Is it practical for credit cards?  Ten billion customers times
        a million uses each is 16 digits; I suppose that's not much longer
        than current card numbers, though each card company would need to
        keep track of more numbers.  You'd probably cache a hundred or a
thousand
        in the card, and update the card every couple of years?

3) Some kind of hash or secret-key encryption of a constant (your "real"
card number)
        and a random number?  This would still be susceptible to brute-force
        search (10**20 not being an exceptionally large number), and you'd
        need an algorithm with either zero or a very low probability of
        collisions.  A secret-key version would require a tamper-proof card
        to reduce probability of theft, and I'm not sure I believe in
        tamper-proof cards, even if you have a lot of keys and a salt
        that tells the credit-card company which key to use.

Any other suggestions?
        
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs






From hal9001 at panix.com  Sat Feb  3 03:52:30 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Sat, 3 Feb 1996 19:52:30 +0800
Subject: Declan appearing on "Europe's Most Wanted"
Message-ID: 


At 1:26 2/1/96, Timothy C. May wrote:

>The Nebraska-based neo-Nazi publisher who was picked up in Denmark and
>extradited to Germany pretty much knew his actions were illegal in Germany,
>but I doubt (sheer speculation on my part) he had ever been formally
>notified that an arrest warrant had been issued by Germany and could be
>exercised in Denmark.

It is even worse since they invited him into the country (and issued him a
Visa with the intent of arresting him and shipping him to Germany) to
attend a Nazi Convention. It was, in essence, a Government Authorized Sting
Operation.







From ses at tipper.oit.unc.edu  Sat Feb  3 03:57:21 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sat, 3 Feb 1996 19:57:21 +0800
Subject: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <96Feb1.215126edt.10310@cannon.ecf.toronto.edu>
Message-ID: 


On Thu, 1 Feb 1996, SINCLAIR  DOUGLAS N wrote:

> The author claims that the code was disassembled.  S/he credits "CodeView"
> which is Microsoft's debugging/disassembly tool.  Of course, this could
> just be a cunning ruse...

i'd guess it was in fact reverse engineered





From sinclai at ecf.toronto.edu  Sat Feb  3 05:47:31 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Sat, 3 Feb 1996 21:47:31 +0800
Subject: Toronto ZS radio coverage
Message-ID: <96Feb3.081746edt.3003@cannon.ecf.toronto.edu>


The first item on the 8:00 AM radio news this morning was about the
Zundelsites, cypherpunks, and German censorship.  The station was
CFNY 102.1, an alternative music station that is quite net.aware.
We probably got the coverage here because Toronto is Zundel's home
town.





From frissell at panix.com  Sat Feb  3 05:48:05 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 3 Feb 1996 21:48:05 +0800
Subject: Germany investigates AOL for providing Zundelaccess
Message-ID: <2.2.32.19960203132452.009ce224@panix.com>


At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:

>      America Online spokesman Ingo Reese in Hamburg said his company
>also was happy to work with the prosecutors. The company is ``totally
>opposed'' to illegal propaganda, he said, but argued that commercial
>on-line companies have as much control over materials posted on the
>Internet as telephone companies have over their customers'
>conversations.

That's what happens when you hire Germans for your German operations.

DCF






From frissell at panix.com  Sat Feb  3 06:05:06 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 3 Feb 1996 22:05:06 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <2.2.32.19960203134458.009cfccc@panix.com>


At 04:24 PM 2/2/96 -0500, lmccarth at cs.umass.edu wrote:

>Just to be clear, I haven't been expelled or suspended from the school, and
>I have not been notified of any kind of pending disciplinary action against
>me. The pages are indeed gone, however.
>
>Lewis "Futplex" McCarthy, checking in from Rumor Control Central
>

So that's why my How to Read Banned Newsgroups on Compuserve is unavailable.
I'll get it back up on IOS later today.  Would someone else like to mirror
it for redundancy?  It's only one page.

Sameer -- if you're listening, maybe you and I could start an updated site
"Censorship Central" that maintains updated links to banned materials so
people can do "one stop shopping."

DCF 






From frissell at panix.com  Sat Feb  3 06:13:59 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 3 Feb 1996 22:13:59 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <2.2.32.19960203135737.00740450@panix.com>


At 04:24 PM 2/2/96 -0500, lmccarth at cs.umass.edu wrote:
>Just to be clear, I haven't been expelled or suspended from the school, and
>I have not been notified of any kind of pending disciplinary action against
>me. The pages are indeed gone, however.
>
>Lewis "Futplex" McCarthy, checking in from Rumor Control Central

Are *you* going to bring action against the school?  You could proceed
administratively for free.

DCF






From nobody at REPLAY.COM  Sat Feb  3 06:14:16 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 22:14:16 +0800
Subject: What is this threat?
Message-ID: <199602031355.OAA20420@utopia.hacktic.nl>



Anonymous questioned the meaning of the FBI-DECA 
national security threat:

>Perception management and active measures activities.

----------


Updated "The Puzzle Palace" will have more on this.

"Perception management" means any method used to conceal
intelligence or counterintelligence -- HUMINT, ELINT,
SIGINT, etc. -- including encryption or other operations
or communication technologies not accessible to, or
comprehensible by, the USG.

"Active measures activities" means any operations, human,
technological or administrative, that threaten the US.

The threat is a catch-all for interference with, or 
operation against intelligence and counterintelligence, 
surveillance and counter-surveillance or any other means 
used by the USG to protect against threats.

Its obscurity is used to cover in general what is not
covered explicitly by the other six well-known threats 
-- and to avoid revealing details of what is known or 
may yet be discovered.

It points to USG, and likely international, operations 
more blackly cloaked than those garishly paraded.












From mcguirk at indirect.com  Sat Feb  3 06:24:47 1996
From: mcguirk at indirect.com (Dan McGuirk)
Date: Sat, 3 Feb 1996 22:24:47 +0800
Subject: Crypto suggestion - re: Fatal Flaws in Credit Cards
In-Reply-To: <199602030951.BAA12301@ix2.ix.netcom.com>
Message-ID: <199602031408.HAA04273@bud.indirect.com>


> Nathaniel's written about the "fatal flaw" in any system that
> involves typing credit card numbers into your computer being that
> they're easy for a keyboard-sniffer or similar cracker to recognize.
> An obvious work-around for this (and for many of the problems with
> Social Security / Taxpayer ID numbers) is to use some sort of smartcard
> that generates one-shot numbers that the credit card company (or tax thugs)
> can map back to the "real" owner's ID.
> 
>[...]
>
> Any other suggestions?

Isn't this what zero-knowledge proofs are for?  Prove you know the
credit card number without ever having to transmit it.






From llurch at networking.stanford.edu  Sat Feb  3 06:26:50 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 22:26:50 +0800
Subject: THIS IS NOT NUKEPUNKS Re: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: 


ROTFL

But this is not nukepunks...

and that wasn't my point. There is considerable debate about whether
dropping the bomb was right. The moral clarity of a Gandhi, MLK, or (to
add someone who actually killed people, I think) Thomas Paine is much more
useful when you're talking about winning hearts & minds. 

If you have a choice, don't nuke.

But yes, sometimes ya just gotta nuke em.

-rich





From nsb at nsb.fv.com  Sat Feb  3 06:26:59 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sat, 3 Feb 1996 22:26:59 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: 


Excerpts from mail.cypherpunks: 2-Feb-96 Re: FV Demonstrates Fatal F..
"Paul M. Cardon"@fnbc.co (1751*)

> > I can guarantee you that it wasn't our system that did this. If
> > there's one things we know cold, it's email.

> C'mon Nathan.  It was in the Received headers generated at your  
> end.  I agree that it COULD have happened on our end, but it didn't.  
>  I've never seen anybody with such an arrogant attitude.  BTW, it  
> looks like it has been fixed now.  :-b

Well, I would think that if you were seriously trying to diagnose this
problem, you would have heeded my request and actually sent me the
Received headers that you claim prove that there was a problem on my
end.  I've been tracking down mail delivery problems for fifteen years
now, I take them *excruciatingly* seriously, and I think I know a
*little* bit about them.  If that makes me arrogant, I apologize.

Received headers are typically (but not always) added at each step along
the way as a mail message travels in a store-and-forward manner.  Mail
that leaves my system typically(i.e. using my preferred user agent) has
two Received headers by the time it leaves, and neither of them specify
the destination address at all.  Received headers don't generally
include destination informations, but may include them optionally, using
a FOR clause.  Any Received header that actually included the bogus
address you specified is definitely not generated by my machine, not
merely because I'm confident it wouldn't use that address, but more
critically because that clause of Received headers (FOR) isn't EVER
generated by my machine!  That's how I can be so absolutely sure that it
wasn't added by my machine.  When messages leave my machine they have
two Received headers, using these formats:

Received: by  nsb.fv.com (4.1/SMI-4.1)
        id AA26452; Fri, 2 Feb 96 16:40:24 EST
Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.nsb.fv.com.sun4.41
          via MS.5.6.nsb.fv.com.sun4_41;
          Fri,  2 Feb 1996 16:40:23 -0500 (EST)

Note the complete absence of any FOR clause here.  It doesn't matter WHO
my system is sending mail to, it doesn't document the fact in the
Received headers.  (NOTE TO C'PUNKS:  In general, any mail relay that
uses the FOR clause for anything other than "final" delivery -- a very
tricky concept, by the way -- is indulging in a potentially very serious
breach of privacy, which should certainly concern the readers of this
list.  That's because it is typically based on the envelope addresses
rather than the header addresses, and hence can expose recipient names
that the sender thinks were being kept confidential, such as BCC
addresses.  That's one reason I prefer not to use the FOR clause at all.)

Note also that Received headers almost always appear in reverse order of
composition, because most relaying software just prepends them.  This
means that the mail you got from me probably has two headers like this
one, and that the one before it is the first one added by any machine
other than mine.  Most likely, the one before this is added at FV's mail
relay.  I don't *think* it uses "FOR" clauses either, but I can't swear
to that.

I hope this is helpful.  This is as far as I can go in diagnosing this
problem without actually seeing the mail headers you claim to have
received.  If you have any interest in diagnosing the real problem, as
opposed to publicly flaming me, I encourage you to send me the headers. 
I also see no point whatsoever in continuing to CC cypherpunks on the
diagnosis of a mail delivery problem, but will continue to do so in my
replies if you continue to send mail to cypherpunks slandering my
technical abilities in the guise of talking about a mail delivery
problem for which you refuse to provide documentary evidence that is
allegedly in your posession.  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nobody at REPLAY.COM  Sat Feb  3 07:39:46 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 23:39:46 +0800
Subject: Don't shot till you see the gray of their eyes
Message-ID: <199602030030.BAA27037@utopia.hacktic.nl>


Now I understand it.

That thing on the cover of Applied Crypto is really
one of the Gray's space ships that they use to abduct
aspiring cryptographers and implant microchips in them,
controlling their minds and making them obey RSA's
license agreement.

Very interesting indeed.

On a lighter note, a local NBC station advertised a
special they will have this monday, about the 1-800-INFO-PET
chips... only that parents are opting to have them implanted
in their newborn children.








From proff at suburbia.net  Sat Feb  3 07:41:15 1996
From: proff at suburbia.net (Julian Assange)
Date: Sat, 3 Feb 1996 23:41:15 +0800
Subject: (fwd) National Security Agency
Message-ID: <199602031526.CAA11269@suburbia.net>


Path: news.aus.world.net!suburbia.net!proff
From: proff at suburbia.net (Julian Assange)
Newsgroups: alt.anagrams
Subject: National Security Agency
Date: 3 Feb 1996 10:50:30 GMT
Organization: AUSNet Services pty. ltd.
Lines: 21
Message-ID: <4evelm$b9n at sydney1.world.net>
NNTP-Posting-Host: suburbia.net
X-Newsreader: TIN [version 1.2 PL2]

National Anti-Secrecy Guy
Secret Analytic Guy Union
Caution Laying Any Secret
Run anti Social Agency Yet
Uncle gay, Insane Atrocity
Insane, ugly, acne atrocity
Your testical, again Nancy?
Acute yearly sactioning 
Yes, gain unclean atrocity.
Nuns age angelic atrocity

National Gay Secrecy Unit

ftp://suburbia.net/pub/electron/gan.tgz

--
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+

--
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From llurch at networking.stanford.edu  Sat Feb  3 07:41:28 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 3 Feb 1996 23:41:28 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: 


I originally sent Tim private mail saying "you're wrong."

On the other hand, reading futplex's actual statement and the fact that
Germany continues to "investigate" CompuServe and AOL, maybe he's right... 

This is not the end, but it may be the end of the beginning.

I also think there's a place for premature ejaculations of victory, 
because they tend to become self-fulfilling prophecies. If the press says 
that Germany is successfully censoring Zundel, then that sets a 
precedent; but if the press says that Germany's limp attempts to censor 
somebody on the Internet were a total failure, then they'll just look 
like a bunch of goofballs pursuing a lost cause. 

-rich





From declan+ at CMU.EDU  Sat Feb  3 07:43:33 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sat, 3 Feb 1996 23:43:33 +0800
Subject: Germany investigates AOL for providing Zundelaccess
Message-ID: 


German prosecutors appear to be using the *threat* of charges to force
AOL and CompuServe to block access to web sites. I suspect they'd rather
not actually file formal charges...

This is escalation. Faced with criminal charges for "inciting racial
hatred" or with enraged customers if they block access to web servers in
the U.S., what will AOL do? Try to block by URL?

-Declan

-----------------------------------------------------------------------

February 2, 1996

      BERLIN (AP) -- Prosecutors trying to keep Germans from reading
neo-Nazi propaganda on the Internet have notified America Online Inc.
that it may be charged with inciting racial hatred.

      Last week, prosecutors served similar notice to another
U.S.-based computer on-line service, CompuServe Inc. of Columbus,
Ohio, and T-Online, a division of the German phone company.

[...publishing neo-Nazi lit is illegal...]

      Prosecutors in Mannheim are considering bringing incitement charges
against the three Internet providers in Germany for allowing access to
material posted on the Internet by Ernst Zuendel, a German neo-Nazi living
in Toronto.

[...easy to create a web site...]

      T-Online, Germany's largest Internet access provider, responded
to the prosecutors' investigations by blocking its 1 million
subscribers from gaining access to the computer in California where
Zuendel had posted his tracts.

      Computer users accused T-Online of overreacting because the
block also prevented them from reaching more than 1,500 other sites on
that part of the network.

      CompuServe, with 4 million subscribers worldwide, including
220,000 in Germany, has not blocked the California server but said it
was working with the prosecutors to find a solution.

      America Online spokesman Ingo Reese in Hamburg said his company
also was happy to work with the prosecutors. The company is ``totally
opposed'' to illegal propaganda, he said, but argued that commercial
on-line companies have as much control over materials posted on the
Internet as telephone companies have over their customers'
conversations.

      America Online, based in Vienna, Va., only began operating in
Germany in December in a joint venture with a German company,
Bertelsmann AG. The joint venture has 40,000 subscribers in Germany;
America Online has 4.5 million customers worldwide.

[...]







From karl at cosmos.cosmos.att.com  Sat Feb  3 07:57:55 1996
From: karl at cosmos.cosmos.att.com (Karl A. Siil)
Date: Sat, 3 Feb 1996 23:57:55 +0800
Subject: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <2.2.32.19960202140459.006d7194@cosmos.cosmos.att.com>


At 08:00 PM 2/1/96 -0600, Mr. Boffo wrote:
>> WARNING NOTICE > > It has recently come to the attention of RSA Data 

        [ text omitted ]

>secure their own site against break-ins? If they want to be the
>prima-donna site for encryption with all of the "copy-written" crypto,
>you would think that they could protect their own resources better.

I strongly suspect RSA distributes source to those customers who pay enough,
with the caveat that the customers don't share it, of course. My company
does that, even with its most sensitive code (of course, for a lot of money
:-) ). I find it extremely unlikely (from just a probabilistic standpoint)
that this leak came from within RSADSI.

I would first suspect someone of disassembly, of which I am envious. Not
because I couldn't do it, but because I don't have time to install a new
CD-ROM drive, never mind sit down and read hex dumps and assembler.

My second suspect is a disgruntled or "Crypto Freedom Fighter" employee at
some customer's site. If this is the case and the given anonymous remailer's
(or remailers') integrity is (are) not compromised, good luck to RSA in
trying to prosecute: They're gonna need it.

This horse is out of the barn, down the road, and in the next county.

My one question: Who cares about RC2?

                                        Karl






From campbelg at limestone.kosone.com  Sat Feb  3 08:40:57 1996
From: campbelg at limestone.kosone.com (Gordon Campbell)
Date: Sun, 4 Feb 1996 00:40:57 +0800
Subject: What happened to Aegis?
Message-ID: <2.2.32.19960203162249.0068582c@limestone.kosone.com>


After doing a total reinstall of my system (don't ask) I discovered that I
don't have a copy of the Aegis PGP Shell distribution archive anywhere. I
attempted to grab it from http://iquest.com/~aegisrc as listed in the docs,
but the site doesn't exist.

Doesn anybody know what gives and where I can get a new copy of the archive?
I really like this shell and haven't figured out how to otherwise integrate
PGP with EudoraPro.

Any other suggestions are also welcome.

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.






From jimbell at pacifier.com  Sat Feb  3 09:09:43 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 4 Feb 1996 01:09:43 +0800
Subject: THIS IS NOT NUKEPUNKS Re: Sometimes ya just gotta nuke em
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:25 PM 2/2/96 -0800, Rich Graves wrote:
>ROTFL
>
>But this is not nukepunks...
>
>and that wasn't my point. There is considerable debate about whether
>dropping the bomb was right. The moral clarity of a Gandhi, MLK, or (to
>add someone who actually killed people, I think) Thomas Paine is much more
>useful when you're talking about winning hearts & minds. 

>If you have a choice, don't nuke.
>But yes, sometimes ya just gotta nuke em.
>-rich

Actually, at this point I don't think it would be inappropriate to remind
you two debaters (as well as the rest of the people here) that part of the
implications of my "Assassination Politics" idea is that it would
automatically force the elimination of all heavy weapons including nuclear,
down perhaps to handheld rifles.

 I am a 2nd amendment absolutist:  I believe that I have the right to
possess any and all "arms," including nuclear, biological, and chemical, as
well as all convention armaments.

There is no contradiction here.  

BTW, Rich, I hope you saw my recent comment wherein I praised you for your
principles and courage concerning the "Zundelsite" situation.  Perhaps I
originally judged you in haste.  While possessing no sympathy (even strongly
negative sympathy) for Nazi and Neo-Nazi (and Holocaust revisionist)
propaganda, I have similarly low opinions of censorship of all kinds.

My knowledge of this is hazy, however.  Consider this the beginnings of what
may be a profound and sincerely felt apology.

Jim Bell 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMROQgvqHVDBboB2dAQHOYwQAoSItmeqPx0m6YWLIfCL3B3UX9KbvWynJ
y0xxsuP3Q/ra8JDHAonDYnvrI2avmWGXErtHRnVfKW0ohgBAOizfcbZay3/WDW30
ZYRq/OERyzLjq4u98ecrykoxU2whkomzLycdx2/1fl6rmQxvFFW0xwjZtX2q5K2b
Aj0XwefNtuc=
=iqsH
-----END PGP SIGNATURE-----






From cwe at it.kth.se  Sat Feb  3 09:11:49 1996
From: cwe at it.kth.se (Christian Wettergren)
Date: Sun, 4 Feb 1996 01:11:49 +0800
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: 
Message-ID: <199602031655.RAA18445@piraya.electrum.kth.se>



The "keyboard sniffer" of FV is really troublesome, and the
extension of this threat will hamper the Internet Commerce
tremendously, I believe. The thing that might have made it
hard to accept the threat for cypherpunkers is that it was 
presented together with a plug for the FV scheme, (which may 
or may not be valid btw.)

But more generally, I see the following happening.

The factors that now are "harmonizing" are;
* the tremendous growth of Inet commerce; Digicash, encrypted
  CardNo's etc. Many of the now proposed schemes have no
  independant "evidence" mechanism, whereby you can settle
  a disputed transaction fairly. You will have to choose
  to believe one of the parts, and that is very often the
  service provider/bank/card company.

* The decline of the "ordinary" card fraud market,
  VISA/Europay/Mastercard is rapidly finishing their
  forthcoming smart card systems. I'd guess this "market"
  is gone within 2-3 years. Some "big organisations" might
  start to move into the new "fraud markets" soon.

* The fact that the PC are such an extremely used platform,
  and that the need for back compatibility will make it
  almost impossibe to add substantial security to it now.

* The fact that anti-virus tools haven't been able to
  eradicate the virii problem even before the "forthcoming
  surge" in virus writing that I believe will come. According
  to a survey by Information Week (Nov 27 -95) 67% of the 
  companies had been hit by a virus the last year, and 12% 
  of the companies had suffered financial loss caused of it. 
  (1293 companies surveyed). 
  Admittedly there are social problems behind the continued spread
  of virii too, but that alone doesn't make them go away. Take
  a look at the article "Virus Authors strike Back" by Alan
  Solomon in "Computers and Security" 11 (1992) 602-606. The
  state of anti-virus tools seemed to be in a rather sad state
  back then, and I really wonder whether they are any better
  now.

* The knowledge about how to write virii has been spread
  rather far - a college kid can get his hands on one of
  the polymorphic virus generators, and start to output
  new self-encrypting virii with the same action routine
  regularly. Also, note that this new kind of virii ("virii
  with a mission") would start to cost immediately, in 
  contrast with the "old kind" that only cost when you 
  have to clean them out, or if they wipe un-backuped data.
  (your fault - core dumped)

* All PC's will be net-connected... Embed a public key in the
  virus, let it encrypt the loot and post it to Usenet
  in the group junk.erotica. You can then harvest the group
  with the secret key anywhere in the world.
  (Be generous, let the virus go away automatically if it
  has "contributed" enough money.)

The pay-off of continously updating your virus to cope with
new protection mechanisms would be enormous. Lets assume that I
employ 10 programmers 2 years from now, that writes new action 
routines and develop new virus types... I bet I could get 
a decent living quite soon. Also assume I settle down in a 
suitable country with lax enough laws, do you believe that I
would be a criminal then? What is the legal status of virii,
and what is this concept of "electronic money" anyway? :-)

I promise, I wont do that. It's not a bet.












From loofbour at cis.ohio-state.edu  Sat Feb  3 09:36:50 1996
From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow)
Date: Sun, 4 Feb 1996 01:36:50 +0800
Subject: Futplex makes the news!
In-Reply-To: 
Message-ID: <199602031721.MAA07583@hammond.cis.ohio-state.edu>


Rich Graves writes:
 > AP story in Boston Globe (long and ludicrous on-line URL, and OK, so this 
 > is not the greatest story, but I think it's somewhat positive):
 > 
 >  http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

This article appears to have moved to a different, but equally
ludicrous URL:

http://www.boston.com/globe/cgi-bin/waisgate?WAISdocID=6775428472+0+0+0&WAISaction=retrieve

nathan





From tcmay at got.net  Sat Feb  3 09:54:28 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 01:54:28 +0800
Subject: Germany investigates AOL for providing Zundelaccess
Message-ID: 


At 1:24 PM 2/3/96, Duncan Frissell wrote:
>At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
>
>>      America Online spokesman Ingo Reese in Hamburg said his company
>>also was happy to work with the prosecutors. The company is ``totally
>>opposed'' to illegal propaganda, he said, but argued that commercial
>>on-line companies have as much control over materials posted on the
>>Internet as telephone companies have over their customers'
>>conversations.
>
>That's what happens when you hire Germans for your German operations.


He was only following orders.


--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dcrocker at brandenburg.com  Sat Feb  3 09:56:42 1996
From: dcrocker at brandenburg.com (Dave Crocker)
Date: Sun, 4 Feb 1996 01:56:42 +0800
Subject: Don't type your yes/fraud response into your computer
Message-ID: 


(I sent this separately to the www-buyinfo list and now decided that
cypherpunks might also be an interesting -- or even better -- venue for
raising the question.  Sorry for the duplicates if you get them.  d/)

If this has shown up in one or another of the discussion threads already, I
apologize for missing it.

	In thinking about the nature of the credit card keyboard attack, it
occurs to me that the confirmation message sent from First Virtual back to
the (purported) purchases is, itself, pretty distinctive.  It makes me
wonder whether an attack of the style used to detect credit card typing on
the keyboard could not also be used to detect the arrival of the FV
confirmation query and then, of course, to automatically generate a 'yes'
response back to FV?

	At base, the moral to the story is that a compromised user machine
permits essentially any and all activities to be suborned.  Only a smart
card mechanism stands a chance of standing up to this, but that, in effect,
makes the smart card the 'user machine'.

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                 fax: +1 408 249 6205
675 Spruce Dr.                                     dcrocker at brandenburg.com
Sunnyvale CA 94086 USA                           http://www.brandenburg.com

Internet Mail Consortium                   http://www.imc.org, info at imc.org







From ErnstZundl at aol.com  Sat Feb  3 10:05:07 1996
From: ErnstZundl at aol.com (ErnstZundl at aol.com)
Date: Sun, 4 Feb 1996 02:05:07 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960203124656_311380557@emout09.mail.aol.com>


THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!

Recently several Jewish co-conspirators have tried to silence
me!  I finally go onto Usenet to make myself open for debate,
and the Communist conspirators write to the AOL postmaster
and ask that they remove my account!

Below are some messages I received from some of those
people who do not believe in Free Speech.  *I* believe in 
Free Speech.  Without Free Speech, I would be unable to
declare which books I feel should be burned, who should
be persecuted, and who should be declared to be inferior
or part of a race-wide conspiracy like the "Holocaust."

Please do not send email to the people who complained
about me.  I beleive in Free Speech, and so I believe in
their right to complain about me.  I also believe that it
just demonstrates that they are willing Fellow Travelers
in the worldwide Communist Conspiracy, they are friends
of the Black Helicopters of the United Nations, and they are
enemies of the Aryan Nazi UFO's at the center of the Earth.

Now, fellow Patriots and Supermen Aryans, read their
messages and tell me what you think?

>> Subj:  Re: TOS violations
>> Date:  Mon, Jan 29, 1996 8:23 PM EDT
>> From:  freedom at pathcom.com
>> X-From: freedom at pathcom.com (Marc Lemireberg)
>> To: postmaster at aol.com
>> CC: ernstzundl at aol.com, Mossad at israel.gov

>> Dear Sir/Madam:

>> An American Online user is repeatedly violating AOL's Terms of Service
>> on USENET.  Please read a sample post below.

>> He is a controversial Canadian publisher, Ernst Zundel,
>> who beleives in "Free Speech."  I personally do *NOT*
>> believe in "Free Speech" because I am a Jewish Communist. 
>> His continued posting from AOL could bring legal action
>> against your company, because that is what Jewish Communists
>> like me do.  It is the only way to keep the Aryan Space Nazi
>> UFO Mothership from vaporizing the world.

>> Please correct this problem by informing the user of his
>> politically incorrect activity.

>> Thank you.

>> -- Marc Lemireberg
>>*******************************************************
>>          **                DIGITAL CENSORSHIP BBS                **
>>          **     Canada's most Politically Correct BBS, access on    **
>>          ** FIRST call, 100% FREE, NOW 2.1 GIGABYTES ONLINE!! **
>>          **                        ^^^^^^^^^^^^^^^^^^^^^^^^^^ **
>>          **        Node 1 (417) 462-3328 28.8 V.34            **
>>          **        Node 2 (417) 465-4768 14.4 V.42            **
>>           
>> *******************************************************

>> Date:  Mon, Jan 29, 1996 1:26 AM EDT
>> From:  declan+ at CMU.EDU
>> X-From: declan+ at CMU.EDU (Declan B. McCullagh)
>> To: cypherpunks at toad.com
>> CC: ernstzundl at aol.com, fight-censorship+ at andrew.cmu.edu,
postmaster at aol.com

>> Ernst Zundel is the Neo Nazi Hatemonger who sparked the Wiesenthal
>> Center's attempts at censorship, and the latest move by the German
>> government.

>> Now an AOL alias, "ernstzundl at aol.com", is being used in the course of an 
>> effective propoganda spree on Usenet newsgroups including >>
alt.skinheads, alt.mindcontrol, and alt.fan.ernst.zundel.

>> Now, the Wiesenthal Center Censors are enraged over this attempt to
>> popularize the evil Ernst Zundel.  He and his legions of Aryan Supermen
>> of superior strength and intellect *must* be stopped from unleashing the
>> horror of intersteallar war upon Israel.  AOL is Earth's last defense
against
>> the Interstellar Aryan Space Nazis lead by Ernst Zundel.

>> As a card-carrying member of the Jewish Communist Conspiracy, I must
>> protest Mr. Zundel's acts of "Free Speech." Shalom, Fellow Travelers!


>> Subj:  No Subject
>> Date:  Tue, Jan 30, 1996 11:13 AM EDT
>> From:  ca314 at freenet.uchsc.edu

>> I hate Aryan Nazis from Space.  I will oppose them when they land
>> on Earth!


>> Subj:  Re: Ernst Zundel Says: Join the Aryan Corps!!! 
>> Date:  Sun, Jan 28, 1996 11:28 PM EDT
>> From:  hoel at eng.usf.edu
>> X-From: hoel at eng.usf.edu (Matthew Hoelstein (EE))
>> To: ernstzundl at aol.com (ErnstZundl)

>> Get out of misc.activism.militia!  Real patriots are not racist-- they
just
 >> hate Jews, Blacks, Catholics, and anyone who is "different".  People 
>> like me are really just Jews controled by the Zionist Occupied Government,
>> and the Militias are really just a way to help Israel seize more power. 

>>       Matthew D. Hoelstein, Milita Commander
>>       hoel at suntan.eng.usf.edu


>> Subj:  Re: Aryan Corps Operations Specialist????????
>> Date:  Sat, Jan 27, 1996 6:19 PM EDT
>> From:  bootboy at airmail.net
>> X-From: bootboy at airmail.net (Bootboy)
>> To: ernstzundl at aol.com (ErnstZundl)

>> Get off the internet, German Swine!
>> Sh'ma y'israel!
>> -Bootboy-  88/14
>> Jewish Skinheads U.S.A.
>> http://web2/airmail.net/bootboy/



*** Now do you see what kind of censorship I am up against???

If you want to help me, please DO NOT email the people above to complain.

Instead, you can help me in my cause to make the Earth safe for White
children.
You can help me by joining me and my legions of Aryan Nazi UFO Supermen
at the center of the Earth.  All you have to do to get there is enter the
Earth's center by way of a volcano in Antarctica.

If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
make the journey to Antarctica and into the volcano!!  We owe it to
the world, we owe it to the great Adolph Hitler, and we owe it to
the White Race.

And please bring a sweater.  It's cold!









From blancw at accessone.com  Sat Feb  3 10:16:39 1996
From: blancw at accessone.com (blanc)
Date: Sun, 4 Feb 1996 02:16:39 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <01BAF21F.279FC500@blancw.accessone.com>


From: 	Duncan Frissell

Sameer -- if you're listening, maybe you and I could start an updated site
"Censorship Central" that maintains updated links to banned materials so
people can do "one stop shopping."
....................................................................

Look at:  
http://www.mit.edu:8001/activities/safe/home.html

in particular, at:  
http://www.mit.edu:8001/activities/safe/notsee.html#Politics


   ..
Blanc










From gimonca at skypoint.com  Sat Feb  3 10:41:19 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Sun, 4 Feb 1996 02:41:19 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: 


> 
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.
> 
> And please bring a sweater.  It's cold!
> 

Hey buddy--it was 32 below zero in Minneapolis this week, not 
including wind chill! I'm packin' swim trunks.






From drose at AZStarNet.com  Sat Feb  3 10:55:57 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Sun, 4 Feb 1996 02:55:57 +0800
Subject: Our "New Order"
Message-ID: <199602031830.LAA12987@web.azstarnet.com>


(Apologies to those on the cyberia-l list, to which this was x-posted, and
to Perry Metzger.)

In view of the fact that our government seems bent on abrogating its
citizens' rights to free speech, has anyone done a survey indicating which
foreign countries have the best Net connections to the U.S. (excepting, of
course, Germany and possibly France)?

It may be expedient for Planned Parenthood and others whose points of view
differ somewhat from those approved under our "New Order"* to explore
alternatives in order to reach their constituencies.

--David M. Rose

* "My New Order", as many of you know, is the 1941 sequel to "Mein Kampf".






From declan+ at CMU.EDU  Sat Feb  3 11:00:28 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 4 Feb 1996 03:00:28 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: 


Excerpts from internet.cypherpunks: 3-Feb-96 THE JEWS (ALL of them!)
Try.. by ErnstZundl at aol.com 
> >> Date:  Mon, Jan 29, 1996 1:26 AM EDT
> >> From:  declan+ at CMU.EDU
> >> X-From: declan+ at CMU.EDU (Declan B. McCullagh)
> >> To: cypherpunks at toad.com
> >> CC: ernstzundl at aol.com, fight-censorship+ at andrew.cmu.edu,
> postmaster at aol.com

[...]

> >> Now, the Wiesenthal Center Censors are enraged over this attempt to
> >> popularize the evil Ernst Zundel.  He and his legions of Aryan Supermen
> >> of superior strength and intellect *must* be stopped from unleashing the
> >> horror of intersteallar war upon Israel.  AOL is Earth's last defense
> against
> >> the Interstellar Aryan Space Nazis lead by Ernst Zundel.
>  
> >> As a card-carrying member of the Jewish Communist Conspiracy, I must
> >> protest Mr. Zundel's acts of "Free Speech." Shalom, Fellow Travelers!

Damn, he blew my cover. I shall seek vengeance with my orbital
mindcontrol lasers.

Shalom,

Declan






From maggie at critpath.org  Sat Feb  3 11:00:34 1996
From: maggie at critpath.org (Maggie Heineman)
Date: Sun, 4 Feb 1996 03:00:34 +0800
Subject: FYI: Free calls to Congress
Message-ID: <199602031833.LAA19465@mailhost1.primenet.com>


You too can call and complain about the CDA if you like.
Or any CRYTPO RELATED idea you fell revelant!

Love Always,

Carol Anne
         -  Please repost far and wide -  
  
>     The following two telephone numbers will connect anyone in the U.S. to 
>     the Capitol switchboard from where they can connect to any 
>     Congressional office:
>     
>     1-800-962-3524 
>     1-800-972-3524
>     
>     The numbers are courtesy of the Christian Coalition which is providing 
>     them to its members (and now to us).  Please feel free to forward this 
>     message to friends and family.

----------------------------------
It works!  -- I tested both the 962 and 972 numbers. 

Same dialogue on both calls -  

Operator:  Capital
Me:  Is this the Capital Switchboard?
Operator:  Yes.
Me:  I'd like to have Chaka Fattah's office, please
Ansering Machine: You have reached the office of Chakkah Fattah...

--------------------------
Relayed - The original poster (I think) was


>  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  + To send a message across the listserv, send your e-mail message    +
>  +                 To: lev-zev at igc.apc.org                            +
>  + To unsubscribe, send a message containing "unsubscribe LEV-ZEV"    +
>  +                 To: majordomo at igc.apc.org                          +
>  + Problems or Questions:                                             +
>  +                 mail: jpierotti at tcn.org                            +
>  + *Suggested SUBJECT prefixes when sending messages to the listserv* +
>  +                 ALERT:, MEDIA RELEASE:, or FYI:                    +
>  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Maggie 
=======================================================================
Margaret Andrus Heineman [maggie at critpath.org]
Fight the Right Network (Philadelphia)
-- http://www.critpath.org/ftrn/
Webmaster, PFLAG on the Web 
-- http://www.critpath.org/~maggie/pflag/   

Keep remembering: they are against the free flow of information.  
Anything you can do to increase information flow hurts them . -Purdom 
========================================================================







From sethf at MIT.EDU  Sat Feb  3 11:10:09 1996
From: sethf at MIT.EDU (sethf at MIT.EDU)
Date: Sun, 4 Feb 1996 03:10:09 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>


	HOLD YOUR FLAMES! That message looks like a troll designed to
set us all off arguing. DON'T FEED THE TROLL.

--
Seth Finkelstein  				sethf at mit.edu
Disclaimer : I am not the Lorax. I speak only for myself.
Freedom of Expression URL http://www.mit.edu:8001/activities/safe/home.html





From zinc at zifi.genetics.utah.edu  Sat Feb  3 11:29:12 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Sun, 4 Feb 1996 03:29:12 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: 


oh my...

i guess it really does take all types.

-pjf

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.59 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 






From a-johnb at microsoft.com  Sat Feb  3 11:33:34 1996
From: a-johnb at microsoft.com (John Banes (Wasser))
Date: Sun, 4 Feb 1996 03:33:34 +0800
Subject: Microsoft's CryptoAPI - thoughts?
Message-ID: 


I have "standardized" the PS files on the MS website, so there should 
be no more problems. Sorry for the inconvenience.
----------
| From: Futplex  
| To: Cypherpunks Mailing List  
| Cc: CryptoAPI Information Alias
| Subject: Re: Microsoft's CryptoAPI - thoughts?
| Date: Friday, January 26, 1996 3:02AM
|
| rickt at psa.pencom.com writes:
| > [Info can be found at: 
http://www.microsoft.com/intdev/inttech/cryptapi.htm]
|
| Has someone here managed to extract PostScript hardcopy of the
| CAPI from this Web page? I tried earlier this evening and
| wound up with a miniature
| ecological disaster on my hands. The page says:
|
| "For ease of online reading and printing, we've provided copies of this
| lengthy document in Microsoft Word and Postscript formats."
|
| I grabbed the ZIPped PostScript version and unZIPped it, which resulted in a
| single file called "capiapp.ps". Making the wild assumption that this was
| indeed a PostScript file, I sent it to the printer and forgot about it for a
| while.
|
| An hour later I discovered a chaotic scene in the printer room, as the
| printer had spewed about 1.5 reams of raw PostScript printouts. The 
output bin
| had overflowed for a while, spraying paper in several directions. 

|
| As it turns out, the file unhelpfully begins with
| 	%-12345X at JPL ENTER LANGUAGE=POSTSCRIPT
| preceding the usual "%!PS-Adobe-3.0" line. Worse still, it appears that the
| capiapp.ps file is actually a catenation of many PostScript files (one per
| chapter?), each beginning with a version of this ensnarling line.
|
| I could do some global search-and-replacing, etc., but I think I'll wait for
| Microsoft to distribute a decent PS version of this document. Perhaps they
| should consider not generating it with MS Word....
|
| Grr!
|
| Futplex 
| 







From PADGETT at hobbes.orl.mmc.com  Sat Feb  3 12:07:02 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sun, 4 Feb 1996 04:07:02 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: <960203083305.2020cd29@hobbes.orl.mmc.com>


Tim rote:
>At 4:12 AM 2/3/96, Rich Graves wrote:
>>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>>against tyranny?
>Since you ask, I do.

And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
we had or could build for about a year (had taken several *years* to
separate enough fissionable material for the three via two entirely
different processes).

To me this is the great strength of the USA: given a theoretical problem, we
will develop a hundred different solutions, try them all in parallel, and at 
least one will work.
						Warmly,
							Padgett





From ses at tipper.oit.unc.edu  Sat Feb  3 12:35:10 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sun, 4 Feb 1996 04:35:10 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: <960203083305.2020cd29@hobbes.orl.mmc.com>
Message-ID: 


On Sat, 3 Feb 1996, A. Padgett Peterson, P.E. Information Security wrote:

> And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
> we had or could build for about a year (had taken several *years* to
> separate enough fissionable material for the three via two entirely
> different processes).

So secret even Gen. Groves was unaware of it- he was so misled that he 
thought he would have the next Fat Man finished on the 12th or 13th 
August 1945, and ready for dropping on the 17th/18th of August. 

PerryDeflector: Guess they must have used some pretty funky codes eh?





From jordan at Thinkbank.COM  Sat Feb  3 12:47:09 1996
From: jordan at Thinkbank.COM (Jordan Hayes)
Date: Sun, 4 Feb 1996 04:47:09 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: <199602032012.MAA01412@Thinkbank.COM>


	From jf_avon at citenet.net Sat Feb  3 11:04:01 1996

	>Soon I hope
	>that there will be as much chance of children 'stumbling upon'
	>X-rated JPEGs as they can today image satellite-delivered porno in
	>their heads without a dish.

	I guess that children do not see the depicted event as as
	traumatic as you personnally do...  But guess what, maybe
	some peoples do not mind their kids seeing theses pictures.



Hey, I tried to explain this, but you missed it: I *don't personally
care* about whether kids see porno.  I *know* that a *huge* percentage
of the population in this country does (sorry for being USA-centric,
but we have [at least for now] the largest net population, so you
can see how this will go ...).  Therefore, I'd like to see a way
for the default be that kids (dare I say everyone!) don't *automatically
stumble upon* it in the open network.  I'm all for parents giving
access to their kids to whatver they feel is right, and I'm all
for adults making that choice as well; but I think that if the
majority of the people in a community don't want the default behavior
to be "click here for tits!" then it's up to us, as technologists,
to provide easy-to-use mechanisms for those who do want to see them
to not infringe on those who don't.

If you want porno on your TV, you can rent it, you can pay-per-view
it, you can get a sattelite dish, or whatever.  But most people
don't want it by default to be on channel 7.  Last time: I *personally*
am not one of them, but it's important to see what the majority
thinks on this issue.



	Phones are *NOT* private devices.

Again, you missed my point.  People *think* they are, and if you
compare "private" calls to "tapped" calls, you'll see that the
expectation of privacy is not so misplaced.  Yes, if your communications
are important to you or you are a potential target of investigation,
you should know it's not private.  But it's not like any significant
number of phone calls are tapped, by the government or otherwise.
And it's not likely to happen, either, because NONE CARES WHAT YOU
SAY TO YOUR FRIEND ON THE PHONE.

	You can tap a phone for 10$ worth of Radio Shack hardware.

And I'm sure you do this, what, 18,000 times per hour?  I'm like
so sure that you listen to all your neighbors phone calls.

	>And don't forget: if you have privacy, you don't need anonymity.
	>Swiss banks provide the ultimate example.

	I would like other peoples to comment on this one, but I
	think that swiss banks *did* also provide anonymity. (number
	accounts)

You can get a numbered account at a Swiss bank by showing up at
the branch, introducing yourself to the branch manager, proving to
him who you are, and signing some papers.  They will keep your name
out of any transactions you make, but they *know you* ... this is
not anonymity; this is merely privacy.

Another good example is John Perry's PGP'd mailing list.  No chance
of anyone "stumbling upon" the content, since it's all PGP'd.  But
it's not anonymous, and for good reasons.  So what if all mailing
lists were like this?  What if alt.binaries.pictures.erotica.oral
was like this? What if all our mail programs and news readers were
able to cope easily with this?  I think this is the question that
efforts like IPSec are trying to answer: we'd all be *way* better
off.

What if looking at a JPEG were like buying beer?  The default is
that a 12 year old isn't going to fool the guy at 7-11, but if
their parents buy a beer and give it to 'em, what the heck?
Consuming alcohol is not regulated; *purchasing* it is.

Don't forget: the fact that "porno on the net" (for instance) is
an issue *at all* is a *failure* of technology.  It would be a
non-issue if USENET wasn't essentially a technology vacuum.

/jordan





From jordan at Thinkbank.COM  Sat Feb  3 12:48:49 1996
From: jordan at Thinkbank.COM (Jordan Hayes)
Date: Sun, 4 Feb 1996 04:48:49 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: <199602032025.MAA01565@Thinkbank.COM>


#if !defined(perry)

	From tcmay at got.net Fri Feb  2 21:32:22 1996

	A land invasion of Japan would've likely cost half a million
	American lives, and perhaps a million or more Japanese
	citizen lives, according to comprehensive studies I think
	are on the mark.

Sorry to inject a little scholarly research on this topic, but I
would urge those of you who are interested in how this mythology
was created and disseminated to do an AltaVista serach for Alperovitz;
he's potentially the leading scholar on this subject.  I've read
his book, and Tim probably ought to as well ...

If you read nothing else on this topic, I urge you to check out
an interview with him at http://www2.ari.net/home/bsabath/950711.html

#endif

/jordan





From nsb at nsb.fv.com  Sat Feb  3 12:49:09 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sun, 4 Feb 1996 04:49:09 +0800
Subject: FV, Netscape and security as a product
In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu>
Message-ID: 


Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV, Netscape and securi..
Jeff Weinstein at netscape. (985*)

> > Netscape and FV have both taken a
> > "security is a product" stance, which is a gross misrepresentation.

>   We are definitely moving away from the "security is a product" stance
> that you mention.  It was definitely overdone in the early days of the
> product, but after the security bugs of the summer I and others were
> able to convince marketing that they should back off.  I want it to
> be clear what our product can and can not do.  For example, SSL can
> only protect data in transit between two machines.  If either machine
> is compromised then the data can be stolen at that end.  Our product
> does not attempt to secure the user's machine, and can not operate
> securely on an insecure machine.  Expect to see warnings and disclaimers
> of this nature from us in the future.

I applaud this clear, sensible, and correct statement.  Nicely put, Jeff.

I don't think it's fair for Greg to characterize our approach as
"security is a product".  Quite the contrary, we keep talking about
security as a *process*.  It's made up of multiple layers, which may
include digital signatures, encryption, hard-to-sniff identifiers,
out-of-band mechanisms, confirmation loops, vigorous investigation of
attempted fraud, and probably many other things, not to mention more
"traditional" aspects of server-level security.  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Sat Feb  3 12:50:48 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sun, 4 Feb 1996 04:50:48 +0800
Subject: Crypto suggestion - re: Fatal Flaws in Credit Cards
In-Reply-To: <199602030951.BAA12301@ix2.ix.netcom.com>
Message-ID: 


Excerpts from mail.cypherpunks: 3-Feb-96 Crypto suggestion - re: Fat..
Bill Stewart at ix.netcom.c (2735*)

> Nathaniel's written about the "fatal flaw" in any system that
> involves typing credit card numbers into your computer being that
> they're easy for a keyboard-sniffer or similar cracker to recognize.
> An obvious work-around for this (and for many of the problems with
> Social Security / Taxpayer ID numbers) is to use some sort of smartcard
> that generates one-shot numbers that the credit card company (or tax thugs)
> can map back to the "real" owner's ID.  

Absolutely true.  If you go back to my original post, I mentioned smart
cards as one possible solution.  Once you add smart cards, you don't
have the system I described as fatally flawed, which is software-only
encryption of credit card numbers.  -- NB
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Sat Feb  3 12:57:06 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sun, 4 Feb 1996 04:57:06 +0800
Subject: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net>
Message-ID: 


Excerpts from mail.cypherpunks: 1-Feb-96 Re: Flaw in Netscape rejoin..
Jeff Weinstein at netscape. (10884*)

>   You would not send the FV ID to the "bad guys" until you saw a complete
> FV transaction take place.  You remember the ID when you see it, but
> only send it after seeing the e-mail verification message.

But there's no obvious correlation between the VirtualPIN as it appears
in the web transaction and the message that comes back!  In other words,
what you might be sniffing for in the web page would be a form that said
"Enter your Virtual PIN here".  But what comes back will be a mail
message that does NOT include the Virtual PIN and in which there's no
way that I can think of to do the correlation.  (That's a design
feature.)  This means that your algorithm will trigger if the host
machine gets ANY transfer-query back from FV, but it might not be
associated with the VirtualPIN that you previously intercepted.  The
correlation at this stage is VERY hard, and when you misfire, our fraud
department gets a quick heads up.

>   It should be quite easy to determine what protocol a user uses to read
> their mail from within winsock.  If we want to limit it to pop3 users, we
> could just keep track of connections to port 110.  As noted before, if
> they don't use pop we don't target them.

But you don't know, when you intercept a Virtual PIN, whether you've
intercepted the one that belongs to the user whose machine you've
infected.  This scheme will break down very quickly in "promiscuous"
environments like universities, CyberCafes, etc.  How will your attack
program know not to make the wrong decision in any environment where
more than a single user ever uses the machine?

The point is that if it misfires with any frequency at all -- even 1% of
the time -- we'll get some quick heads up about the ongoing fraud.

>   With the explosive growth of internet connected PCs, I think that
> the number of people who "surf" and read e-mail on different machines
> is dwindling rapidly.  I am happy to skip those old guard of the
> internet and concentrate on the newbies who only have one computer
> and one account.

Yes, I certainly understand that this is Netscape's product strategy,
and I think it is a VERY GOOD ONE at the level of selling tools to
users, which you guys are clearly great at.  However, the Internet
really is very heterogeneous, and is likely to continue to be so. 
Trends like CyberCafes are likely to make there continue to be a large
number of non-personal machines for a long time to come.  And unless
your attack program can figure out how NOT to infect such machines, it's
going to tip its hand fairly fast, especially since such machines will
probably be among the MOST vulnerable to various kinds of automated
infection.

>   I still think that someone could construct an attack against the
> current FV system using the techniques I've described.  It would be
> more complicated to construct than the keyboard attack but that has
> been proven time and again not to be a barrier.  Someone who could
> construct the Morris worm or the year ago IP spoofing attacks could
> do it. 

I think we're already way beyond that in complexity, and you still
haven't outlined all the necessary pieces of a successful automated
attack.  But even if you are eventually successful in devising an
automated attack on FV, it's already clear that it's going to be far,
far more complicated than the attack we've outlined on
software-encrypted credit card numbers.  If you take seriously the
notion that an automated attack should be as hard as possible, I think
the advantages of our system are already crystal clear.

>   I think that you may have to rethink some of your assumptions that
> were valid back when you designed the system, but are no longer given
> the current growth and changing demographics of the internet.

I like CyberCafes.  I like public access terminals in airports and
universities.  I like programs that create "terminal rooms" in the inner
cities to allow disadvantaged people to access the net.  All of these
are part of the current growth and changing demographics of the
Internet, too.

I do agree with you that if the Internet becomes much more homogeneous,
an automated attack on FV will become easier.  EVERYTHING becomes more
vulnerable in a homogeneous world, as in an ecosystem.  Diversity helps
to protect the health of the overall ecology.  Fortunately, I don't see
extreme homogeneity coming to the Internet any time soon.  Major
platforms from Microsoft and Netscape, for example, might well attain
80% market dominance, but the remaining 20% has a vital role to play in
keeping the net healthy.  Helping to thwart a complex automated attack
is just one example of this more general observation.

>   I'd really like to see some effort spent on closing some of the more
> gaping holes in the underlying systems.  Why should it be so easy
> for one program to snoop on the keystrokes directed to another?
> Why should it be so easy for a program downloaded from the net
> to patch a part of the operating system?

Agreed completely.  On the other hand, trends from OS vendors seem to be
moving in quite the opposite direction.  Think about "click here to
execute" in mail or news postings on the Microsoft Network.  And someone
recently told me (don't know if it's true) that Microsoft's OCX
architecture for executable web content is the best avenue yet for
creating Trojan Horses......  And I, for one, am deeply uneasy about
Java's security model, too.  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Sat Feb  3 13:11:38 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Sun, 4 Feb 1996 05:11:38 +0800
Subject: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <310E0EBE.30FD3BCC@netscape.com>
Message-ID: 


Excerpts from mail.cypherpunks: 1-Feb-96 Re: C'mon, How Hard is it t..
Jamie Zawinski at netscape. (2014*)

> > Is it your position that no systematic flaw in your security is real
> > until someone has actually broken it?

> Of course not.  You don't have to actually break it to show that it's
> possible.

> Of course, you *do* have to show the likelyhood of success and effort
> required to pull it off as well before it's interesting at all, whether
> it's theoretically possible or not.

OK, let's try this again:  Is it your position that the hardest part of
the attack we've outlined is the large-scale infection of consumer's
machines with untrusted code, using a virus, Trojan Horse, or some other
method?  And that this attack is not serious because doing that is
prohibitively difficult?  If so, I agree with the first claim but not
the second.  But I'm really trying to get clear about your position
here.  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From rishab at best.com  Sat Feb  3 13:13:45 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Sun, 4 Feb 1996 05:13:45 +0800
Subject: No Subject
Message-ID: <199602021638.IAA18451@shellx.best.com>


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal at dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From anon-remailer at utopia.hacktic.nl  Sat Feb  3 13:26:50 1996
From: anon-remailer at utopia.hacktic.nl (Anonymous)
Date: Sun, 4 Feb 1996 05:26:50 +0800
Subject: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602032104.WAA02903@utopia.hacktic.nl>


     It is becoming obvious to anyone with two brain cells to rub
together that RC4 and now RC2 have been deliberately released by RSA
Data Security.

     Consider that neither of these ciphers would be used in any
freely available software systems if licensing fees had to be paid to
RSA.  Now that the algorithms are public knowledge, many developers
will include them in their products if for no other reason than to
tweak RSA's nose.

     The warning notices and claims of dire consequences from RSA
are clearly designed to spread FUD among deep-pocket users of such
products.  Rather than risk any legal exposure, medium and large
companies who wish to use products containing RC2 and RC4 will obtain
licenses from RSA.  RSA has traded the entirety of a small pie for a
significant portion of a much larger pastry.

     Quite brilliant marketing when one thinks about it.





From jya at pipeline.com  Sat Feb  3 13:40:14 1996
From: jya at pipeline.com (John Young)
Date: Sun, 4 Feb 1996 05:40:14 +0800
Subject: GNU_kum
Message-ID: <199602032124.QAA24024@pipe4.nyc.pipeline.com>


   2-3-96. FinTim:

   "World's financial police to cast money laundering net
   wider."

      The plan needs to address issues raised by cybercash.
      These technologies pose a threat but answers should
      not be dated as soon as published. Officials want 
      developers of new technologies to consider their 
      criminal potential before launch, to avoid clampdown 
      afterwards. Possible safeguards against the misuse of 
      electronic purses may include limiting their maximum 
      value or restricting use to closed systems.


   "Communist to capitalist." [Book review]

      China's Rise, Russia's Fall, by Peter Nolan.

      Nolan says China's leaders had the self-confidence to
      chart their own evolutionary approach, largely
      preserving state institutions at a central and regional
      level, and fostered entrepreneurship through intelligent
      government planning. Russia's ruling class were 
      hoodwinked by a phalanx of mainly US and UK advisers 
      urging a "shock therapy" of destroying existing 
      economic and political power-bases. The result has been 
      a deep tragedy.

   2-3-96. EcoMist:

   "Why is the Internet so slow; what can be done about it?"

      At present there is no answer, only a few expedients to
      limit traffic on congested routes, say, with "caches".
      However, Web site owners object to providers caching
      their wares, because it robs them of valuable
      information about their viewers -- the sort that
      advertisers demand. The caches have, in effect copied
      these pages without their owners' permission, and are
      showing them to others without their owners' knowledge.
      But faced with an Internet meltdown copyright violation
      may be the least of their worries.


   GNU_kum (for the three)













From wb8foz at nrk.com  Sat Feb  3 13:58:25 1996
From: wb8foz at nrk.com (David Lesher)
Date: Sun, 4 Feb 1996 05:58:25 +0800
Subject: PGP "official" logo?
Message-ID: <199602031635.LAA16677@nrk.com>


EFF is promoting a new symbol of free speech -- the blue ribbon.

Can/should a PGP logo incorporate that somehow?

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From tomw at netscape.com  Sat Feb  3 14:00:54 1996
From: tomw at netscape.com (Tom Weinstein)
Date: Sun, 4 Feb 1996 06:00:54 +0800
Subject: Netscape, CAs, and Verisign
In-Reply-To: <199602030951.BAA12320@ix2.ix.netcom.com>
Message-ID: <3113D385.2781@netscape.com>


Bill Stewart wrote:
> 
> At 06:50 PM 1/30/96 -0500, Phill wrote:
> > Question is how can Netscape (or anyone else) _securely_ allow an
> > arbitrary CA's certificate to be used? Certainly the process cannot
> > be automatic. Binding the Verisign public key into the browser may
> > be an undesirable solution, but the problem is to think of a better
> > one.
> 
> It's easy, and I gather Netscape has done it in 2.x - let the _user_
> decide what CAs to trust.  For convenient verification, you can have
> the user sign the keys for each of the CAs, and then the
> chain-following software only needs to compare each certificate's
> signer with the user's own pubkey, rather than comparing with
> Verisign's.  If you want to be automatic about it, you _could_ have
> the user sign Verisign's key when first generating keys, or you could
> ask the user the first time.

In 2.0, what we do is maintain a database of certificates that have
various trust attributes.  We ship this database with a number of CAs
that we feel confident in, but the user can add and delete CAs if he
wants.

When the Navigator is presented with a certificate that it can't
verify (the CA isn't in the database), the user is prompted as to
whether or not to trust the site and whether to trust it permanently, or
just for this session.

The Navigator can also download certificates as one of the following
mime types:

application/x-x509-ca-cert
application/x-x509-server-cert
application/x-x509-user-cert

When the Navigator sees one of these, it presents the user with a
series of dialog boxes that take him through the process of approving
the certificate and adding it to the database.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw at netscape.com





From tcmay at got.net  Sat Feb  3 15:03:45 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 07:03:45 +0800
Subject: Sometimes ya just gotta nuke em--and nuke em again
Message-ID: 


At 8:25 PM 2/3/96, Jordan Hayes wrote:

>Sorry to inject a little scholarly research on this topic, but I
>would urge those of you who are interested in how this mythology
>was created and disseminated to do an AltaVista serach for Alperovitz;
>he's potentially the leading scholar on this subject.  I've read
>his book, and Tim probably ought to as well ...

I have responded privately to Jordan Hayes on this issue. Reasonable people
can disagree on historical events, and historical motives, and certainly
the "decision to drop the bomb" has long been a contentious one.

I regret that Jordan Hayes believes a condescending tone, implying others
are not as scholarly as he, is the way to make a point.

(I've also received several long articles from people who seemed outraged
that I was belittling the dropping of the bomb. I wasn't belittling it. Far
from it. The Japs surrendered after the second bomb, so it was obviously
not a trivial matter to them.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From stephan.mohr at uni-tuebingen.de  Sat Feb  3 15:09:15 1996
From: stephan.mohr at uni-tuebingen.de (Stephan Mohr)
Date: Sun, 4 Feb 1996 07:09:15 +0800
Subject: free speach and the government
Message-ID: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>


Well, I feel that I agree with the people on the right of free speech for
i.e. the neo-nazi stuff or other political, ideological and/or religious
ideas. But there is still something that leaves me uneasy: imagine there
would be a way to easily make a powerful poison, easily applicated to
your town's water-reservoir, or a very easy way to build some strong
explosive device. etc. Actually, I think that stuff like this does exist
already.

But the idea that one day I just put 'easy made deadly poison for millions'
into my webcrawler and whoop there it is on my screen or on the screen of any
other fool, doesn't sound to right to me. I would like things like this
to be better put aside and locked up.

Well, maybe my imagination isn't strong enough to make my point. But do
you fighter for free speech, in principle, think that nothing, really
nothing, shouldn't be prevented of being published? And by being
published, I mean published in the net, not at loompanics (who knows
loompanics?).

I know, of course, that by accepting that there is something that
shouldn't be available on the net, we would need something to decide what
and how to ban. So I wonder what would be a more 'net'-like way of handling 
this type of thing and how to prevent that some 'strong-armed' governments
take the net over.

I do not see tokay's governments being prepared for the net (at least not
the German one). But I see them trying to put the 'old' laws onto the net.
Not because they are mean, but because they don't know any better. So, I
think it would be nice to have something to offer to them. I do not think though
that they will accept the totally right of free speech (yet). 

There is something that is closely related to the right of free speech but
not the same and that is the right of privacy. And I think there is a big
danger of the issue of free (public) speech been taken over to the right of
privacy. Governments may, by arguing to control the public net, start to
prohibit the use of strong cryptography. It seems important to me to
separate this two issues. Maybe it will be necessary to agree to some kind
of (hopefully self organized) control of the public net. But it is totally
unacceptable to allow whatever organization to look into someone's private life.

Comments and hints to information on these topics very much welcome

Stephan






From cacst9+ at pitt.edu  Sat Feb  3 15:25:26 1996
From: cacst9+ at pitt.edu (Cecelia A Clancy)
Date: Sun, 4 Feb 1996 07:25:26 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: 




On Sat, 3 Feb 1996 ErnstZundl at aol.com wrote:

Ernst Zu"ndel's e-mail address is ezundel at cts.com.  He is on on
AOL to me knowledge.


> THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
> 
> Recently several Jewish co-conspirators have tried to silence
> me!  I finally go onto Usenet to make myself open for debate,
> and the Communist conspirators write to the AOL postmaster
> and ask that they remove my account!
> 
> Below are some messages I received from some of those
> people who do not believe in Free Speech.  *I* believe in 
> Free Speech.  Without Free Speech, I would be unable to
> declare which books I feel should be burned, who should
> be persecuted, and who should be declared to be inferior
> or part of a race-wide conspiracy like the "Holocaust."


The above text does not feel like Zu"ndel to me.  I think
that this ErnstZundel at aol.com might very well be an imposter.
The above is not the real Zu"ndel's speaking or writing
style.  Zu"ndel does not want books burned and people persecuted
nor does he want certain races and ethnic groups declared
inferior.

Zu"ndel more likely to complain about hypocricy and lack of tolerance
than lack of capitalized Free Speech. (At least according to
what I have been exposed to of him.)

 
> Please do not send email to the people who complained
> about me.  I beleive in Free Speech, and so I believe in
> their right to complain about me.  I also believe that it
> just demonstrates that they are willing Fellow Travelers
> in the worldwide Communist Conspiracy, they are friends
> of the Black Helicopters of the United Nations, and they are
> enemies of the Aryan Nazi UFO's at the center of the Earth.
> 
> Now, fellow Patriots and Supermen Aryans, read their
> messages and tell me what you think?
> 
> >> Subj:  Re: TOS violations
> >> Date:  Mon, Jan 29, 1996 8:23 PM EDT
> >> From:  freedom at pathcom.com
> >> X-From: freedom at pathcom.com (Marc Lemireberg)
> >> To: postmaster at aol.com
> >> CC: ernstzundl at aol.com, Mossad at israel.gov


Mossad?  Come on, get real.  The real Mossad would have an address
that ends in .il.   The ending .gov is for US government agencies.

"Do not write to these people", huh.  Well, I wonder if this is
because some of these addresses might all be fake?  I'll try sending to
them to see what happens.
Lemineberg!   That's a spoof on "Mark Lemire" a guy who really
works with the real Zu"ndel.

> >> *******************************************************
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.

Sorry, but the guy with the Charlie Chaplain mustache spelled his
first name "Adolf", not "Adolph."  The real Zu"ndel would not
make this misspellilng.


Cecelia Clancy
University of Pittsburgh

cacst9+ at pitt.edu
+1 (412) 441-2231








From cacst9+ at pitt.edu  Sat Feb  3 15:40:31 1996
From: cacst9+ at pitt.edu (Cecelia A Clancy)
Date: Sun, 4 Feb 1996 07:40:31 +0800
Subject: Ok Fake Ernst!
In-Reply-To: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>
Message-ID: 



Lets see how many of these names bounce back.





From jf_avon at citenet.net  Sat Feb  3 15:47:05 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 4 Feb 1996 07:47:05 +0800
Subject: [philosophy of censorship] Re: Imminent Death of Usenet Predicted
Message-ID: <9602032325.AA07317@cti02.citenet.net>


Jordan wrote to me today:


>Hey, I tried to explain this, but you missed it:

     Apologies, I did miss part of your point.

>I *know* that a *huge* percentage
>of the population in this country does (sorry for being USA-centric,
>but we have [at least for now] the largest net population, so you
>can see how this will go ...).  

     Should the absolute number of peoples 'wishing' something relevant?

>Therefore, I'd like to see a way
>for the default be that kids (dare I say everyone!) don't *automatically
>stumble upon* it in the open network.

     I find the sentence a bit strong, here.

>I think that if the
>majority of the people in a community don't want the default behavior
>to be "click here for tits!" 

     They can subscribe to a net provider that restricts access to such newsgroups.
If this restriction is circumvented by the kid, don't you think that the said 
kid will find ways to get whatever he/she wants no matter the laws?

     They also can choose the ultimate solution: not to be on the net.

>then it's up to us, as technologists,
>to provide easy-to-use mechanisms for those who do want to see them
>to not infringe on those who don't.

     *THAT* is the thing I have most problems to.  This sentence is 
boobie-trapped.  Let's me state, for the book (or maybe hard drive),
that I do not subscribe to this view of Man.  I believe that 
selfishness is a virtue and that altruism is at best a psychological
problem.  Why is it that us, technologists, thoses who know and can, 
have a duty to thoses who cannot?  This does not contradict good 
commercial practices.  If there is a *demand* then, there is a market.
Any producers does follow the demand very closely or he gets out of 
business.

     But govt intervention, rules, standards, etc are *all* enforced 
at the point of a gun (even if deeply hidden under a pile of red tape).
This view implies that *because* you can produce, you have a duty to the
one who cannot.  It means that if you can produce, your duty is to become
a cattle for the benefit of others.  If you cannot produce, you have every
rights.

     In today's political climate, the whiners, complainers and decryier
are god.

     When is it that thoses who get sucked by the collectivists leeches
will say : Enough!  I am fed up to owe any drifter the best of my life!


> <...> porno <...>  you can rent it <...>  But most people
>don't want it by default to be on channel 7.  
>Last time: I *personally*
>am not one of them, but it's important to see what the majority
>thinks on this issue.

     I agree with you on this one: wouldn't it be wonderfull to have porno
movies on channel 7 ...   sigh...  :->


     Actually, just as I mentionned, every entities that seeked to control
man used guilt to do so.  And by the nature of guilt, sex and human mind,
sex is *the* best thing to induce guilt.

     Since a large part of the population *are* controlled through the sex-guilt 
association, it is 
extremely handy to create the pseudo-justification the govt need
for their actions.

     But as I said previously, the biggest threath to the govt is that peoples
can now find each other and talk together.  Previously, we had the means to
talk but no means of finding each others.  The Internet provides this.



>Yes, if your communications
>are important to you or you are a potential target of investigation,
>you should know it's not private.  But it's not like any significant
>number of phone calls are tapped, by the government or otherwise.
>And it's not likely to happen, either, because NONE CARES WHAT YOU
>SAY TO YOUR FRIEND ON THE PHONE.

     Unless you discuss about how freedom of speech should go unbreached...


>	>And don't forget: if you have privacy, you don't need anonymity.
>	>Swiss banks provide the ultimate example.


>You can get a numbered account at a Swiss bank by showing up at
>the branch, introducing yourself to the branch manager, proving to
>him who you are, and signing some papers.  They will keep your name
>out of any transactions you make, but they *know you* ... this is
>not anonymity; this is merely privacy.

No, for all it matters, it is anonymity.  Because the swiss banks does
not publish the name of accounts holders.  The recent case of German 
police raiding homes of german citizens working in Lischtenstein(?)
banks shows that, far all that matters, theses banks accounts are 
anonymous, i.e. there is no way for the german govt to know the name
of the accounts holders.   Their only way to gain knowledge is through
the use or threath of physical violence.


>Don't forget: the fact that "porno on the net" (for instance) is
>an issue *at all* is a *failure* of technology.

     Sorry for my stupidity, but I *completely* fail to understand.
Would you please explain what are your basis for stating so?


>  It would be a
>non-issue if USENET wasn't essentially a technology vacuum.

     I find this a bit strong, but since I did not understand the previous
statement, I will refrain from commenting.


Regards to all CPunkers

JFA
Existence exists, Reality Is.  






From paralax at alpha.c2.org  Sat Feb  3 16:05:30 1996
From: paralax at alpha.c2.org (paralax at alpha.c2.org)
Date: Sun, 4 Feb 1996 08:05:30 +0800
Subject: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602032339.PAA08244@infinity.c2.org>


At 15:54:04 -0800 )2-03-96 Timothy C. May wrote:

> I regret that Jordan Hayes believes a condescending tone, implying others
> are not as scholarly as he, is the way to make a point.

> (I've also received several long articles from people who seemed outraged
> that I was belittling the dropping of the bomb. I wasn't belittling it. Far
> from it. The Japs surrendered after the second bomb, so it was obviously
> not a trivial matter to them.)

Mr. Hayes MAY have used a condescending tone but you have exposed your
racist roots again.  First you embarass yourself with you lack of knowledge,
sensitivity and understanding about all things Jewish and now you insult an 
entire race with the use of the word "Jap".

Stick to cypher related topics - - - - - -  You're elevating the Ugly American to
another level altogether.

A. Paralax View





From EALLENSMITH at ocelot.Rutgers.EDU  Sat Feb  3 16:06:43 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sun, 4 Feb 1996 08:06:43 +0800
Subject: Noise and the Nature of Mailing Lists
Message-ID: <01I0SBIKF1HCA0UTZ4@mbcl.rutgers.edu>


From:	IN%"tcmay at got.net" 31-JAN-1996 00:44:48.72

>However, and current subscribers will no doubt jump in and give their
views, I hear that the current volume of messages is less than one per day,
with--according to my sources--sometimes days between messages. (I also
hear that the Extropians are devoting more of their energy to their
magazine, which may also be a factor.)
------------
	Actually, I'd guess that the recent problems with the mailing list
software are the problem. I got signed off of there when I changed mailing
addresses, and they haven't been able to put me back on. If it's that
low-traffic, I may see about requesting it from them again.
------------

>And remember, it's a whole lot easier using filters and reading tools to
reduce the volume of messages on an active group than it is to get an
inactive group up to critical mass!
------------
	One idea is to set up two lists, one of which has an automatic
filter that forwards stuff to another list... I'm currently trying to set that
up for another list I'm on. Something to keep in mind is that irrelevant
discussion can chase people off... what's happened to the list I mentioned.
	-Allen





From ericm at lne.com  Sat Feb  3 16:28:52 1996
From: ericm at lne.com (Eric Murray)
Date: Sun, 4 Feb 1996 08:28:52 +0800
Subject: free speach and the government
In-Reply-To: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>
Message-ID: <199602040002.QAA11844@slack.lne.com>


Stephan Mohr writes:
> 
> Well, I feel that I agree with the people on the right of free speech for
> i.e. the neo-nazi stuff or other political, ideological and/or religious
> ideas. But there is still something that leaves me uneasy: imagine there
> would be a way to easily make a powerful poison, easily applicated to
> your town's water-reservoir, or a very easy way to build some strong
> explosive device. etc. Actually, I think that stuff like this does exist
> already.
> 
> But the idea that one day I just put 'easy made deadly poison for millions'
> into my webcrawler and whoop there it is on my screen or on the screen of any
> other fool, doesn't sound to right to me. I would like things like this
> to be better put aside and locked up.

You can't put the genie back into the bottle.
Once something is invented or described, the knowledge
is out there.  Someone who wants to use that knowledge
for "wrong" purposes can find it.

Maybe a lot of people around the world could agree that
the knowledge to make something really dangerous (say Sarin nerve gas) 
should be suppressed.  But where do we draw the line?  If
we, or rather our government acting obstensibly in our interest, decides
to supress the information on how to make Sarin, not too many people
will complain.  But the tendency of governments is to regulate and
restrict and tax more.   What happens when governments suppress
knowledge on how to make gunpowder?  Or printing presses?  Or
encryption?

Many people argue (rightly IHMO) that once started on the slippery slope
of suppressing knowledge there's no stopping until we're all
under the boot heel of the police state.

[..]
> I know, of course, that by accepting that there is something that
> shouldn't be available on the net, we would need something to decide what
> and how to ban. So I wonder what would be a more 'net'-like way of handling 
> this type of thing and how to prevent that some 'strong-armed' governments
> take the net over.

So far the "net-like" way to deal with the problem is to not
supress information at all, and instead assume that people are
intelligent enough to make their own choices on what to do
with "dangerous" information.

 
> I do not see tokay's governments being prepared for the net (at least not
> the German one). But I see them trying to put the 'old' laws onto the net.
> Not because they are mean, but because they don't know any better. So, I
> think it would be nice to have something to offer to them. I do not think though
> that they will accept the totally right of free speech (yet). 

No government will accept net-speech that's any freer than
any other speech in that country.

In the US the media is by and large controlled by huge
media conglomerates with a vested interest in maintaining
the status quo and delivering up their audience to their
advertisers in tidy packages.

The government is along for the ride, being part and parcel
of the same system.  They won't rest until net-speech is
by and large controlled by huge media conglomerates all
busy delivering up the net-public to advertisers in tidy
packages... I'm not saying that there's a Black Heliocopters
type conspiracy, or any other for that matter.  There doesn't
have to be, there are huge political forces moving things
this way.  So there might as well be a conspiracy, as the
end effect on us is the same.


I think that any compromise with government censorship is a bad idea.
All we'd do is give them a little more while on the way towards the
inevitable.  If we don't give them all the censorship power they
want they'd just take it anyhow.  Better to hold out as well as
we can while we can.


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
 Fuck Exon and the Communications "Decency" Act!  US off the Internet now!
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From nobody at REPLAY.COM  Sat Feb  3 16:33:35 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sun, 4 Feb 1996 08:33:35 +0800
Subject: Ok Fake E.E.rnst!
Message-ID: <199602040011.BAA13348@utopia.hacktic.nl>



>From: Cecelia A Clancy 
>Subject: Ok Fake Ernst!

>In-Reply-To: 
><9602031850.AA18675 at frumious-bandersnatch.MIT.EDU>


Ho -- bandersnatch is powered up again and transmitting via the 
pigeon-beshitten attic-lattice of MIT dome!


PCB-swilling frumious, the cronkest of Hasse-heads, 23 years 
hacking a b.s.e.e.








From JMKELSEY at delphi.com  Sat Feb  3 16:39:58 1996
From: JMKELSEY at delphi.com (JMKELSEY at delphi.com)
Date: Sun, 4 Feb 1996 08:39:58 +0800
Subject: RC2--Some very preliminary analysis
Message-ID: <01I0SDBW5VYY984JFR@delphi.com>


-----BEGIN PGP SIGNED MESSAGE-----

[ To: sci.crypt, cypherpunks ## Date: 02/02/96 06:21 pm ##
  Subject:  Alleged RC2--some very preliminary analysis ]

I just wanted to post some corrected comments here, regarding
alleged-RC2.

1.   The best differential characteristic I can think of looks like
it will have a probability of 2^{-4} per round.  It's a one-round
iterative characteristic.  In my earlier post, I miscalculated this
to be 2^{-8} per round.  Sorry.

2.   Each round of RC2 represents four "steps."  This means that RC2
has 64 "steps," the same number as MD5.  (I find this interesting,
since MD5 has twice as many bits to diffuse through, and the
attacker can choose its key, but not its input block.)

3.   I don't see how to build useful linear characteristics.  Our
S-box is one bit wide.  There may be some very low-round confusion
failures, but they don't seem particularly useful here.  I'd like to
hear from anyone who can see a way to do a linear attack here.

It looks to me (though I haven't spent enough time to be certain)
that the best differential characteristics to push through the block
are going to be one-bit characteristics.  (These are certainly easy
to analyze.)

Let's throw some terminology in here:

This is one step:

A = rotl(A + f(B,C,D) + sk[i], 1);

A round is all four of these steps.  In the step above, A is the
target block (it's the one that's getting stomped by the other
values) and B, C, and D are the source block.  f(B,C,D) is the
bitwise-select function.  For each bit position i, if B_i is a one,
then f_i = C_i, otherwise f_i = D_i.

Now, when a one-bit difference is anywhere in the target block (the
block getting all the stuff added into it) except for the high bit,
its probability of not propogating to other bits in that block seems
to be about 0.5.  (This is just based on its chances of affecting
the carry into the next bit position.)  When the flipped bit is the
high-order bit of the target block, it has no chance of propogating.
When a one-bit difference is in the source block, if the rest of the
bits are approximately random, then it has a 0.5 probability of not
affecting the target block at all.  If it does affect the target
block, it has a 0.5 probability of only affecting one bit in that
block.

Note that I messed up the calculations in my earlier post on RC2 by
combining these three events in each round.  Let me try to fix that:

We flip some bit, t, making certain that if this bit doesn't
cause other bits to change, it won't ever affect the low six bits of
any block during rounds 4 and 11, when it would have a radical
effect on the encryption process.  (In other words, we choose an
input XOR delta with only bit t on.)  This bit then has the
following effect:

a.   Whenever it's in the target block, it passes through the
encryption step with probability 0.5.  (This means that changing
this bit doesn't change the carry into the next higher bit.) This
happens once per round.

b.   Whenever it's in the source block, it fails to affect the
target block with probability 0.5.  This happens three times per
round.

Note the reasons for this.  The source block affects the target
block only through this function:  ((A&B)|((~A)&C)).  This function
looks somewhat complicated, but it's really just a bitwise IF-THEN
statement:  If bit A is on, then choose bit B, otherwise choose bit
C.  Assume that A, B, and C are random.  Now, imagine flipping A.
If you were choosing bit B before, now you're choosing bit C.  Since
they're both random, half the time, B=C, so there's no change.  On
the other hand, imagine flipping bit C.  About half the time, bit A
is a one, and so C has no effect on the output.

All of this gives us a total per-round probability of 2^{-4} (NOT
2^{-8}). Getting through 14 rounds with this characteristic thus
happens with probability 2^{-56}.  *IF* single-bit characteristics
are the best ones to use, I'm doing the calculations right, and
there aren't some improvements in splitting out and dealing with
several possible characteristics in the later rounds, then it looks
to me like straight differential attacks aren't going to be too
practical against alleged RC2, though they will be possible. The
trick is going to be detecting the right pairs reliably. (This
analysis is guaranteed to be worth at least what you paid me for it.
:-) )

If this really is RC2, I suspect the number of rounds needed was
determined by imagining flipping a bit, and then seeing what the
odds were that it wouldn't flip any other bits all the way through.
My guess is that a probability of 2^{-64} of this happening was
deemed acceptably low.

That takes care of diffusion--now how about confusion?  Has anyone
looked at this cipher with regard to linear attacks?  In general, it
seems like source-heavy UFNs can often be attacked by linear
attacks.  However, it's not clear to me how to build linear
characteristics that will make it through more than a few rounds of
alleged-RC2.  Linear characteristics that are spread across many
subblocks (i.e., partly in A and partly in B) seem to get messed up
quickly by the rotations.  However, just keeping a linear
characteristic in A doesn't seem to work too well, either--if the
bits in the other blocks are random, then the bits in our
characteristic will quickly become random, as well, because the
bit-selection function has balanced outputs.  Intuitively, I think
the problem here is that we're applying a three-bit to one-bit
balanced S-box here, and each output from this S-box has at least
one different input bit.  This seems to make it really hard to find
correlations between multiple S-box output bits and their
corresponding input bits that span more than one or two rounds.
Also, we have to deal with the carry-bits from addition, which make
things significantly harder.  Am I missing something?

There are some other plaintext patterns that will make it through a
single round, but I can't see any way to exploit them for more
rounds.  Anyone want to point something out to me?

The other interesting area is the key schedule.  Recall that phase
one of the key schedule in alleged-RC2 works by filling the leftmost
k bytes with the k bytes of key, and then using a byte-wide S-box to
expand this out to 128 bytes.  Phase two then works from the
opposite direction, taking the last t bits of the expanded key
buffer, and making the entire expanded key dependent only upon those
bytes.  As someone on cypherpunks pointed out, this seems to be
meant to make it possible to use the key schedule directly on user
passphrases, and then reduce the effective key length to t bits to
meet export control requirements.

In general, I don't think it's a good idea to use that key schedule
to hash long user passphrases, because the first few subkeys wind up
with some badly skewed bits. (This may or may not translate into an
attack, but there isn't any good reason for allowing it.)  If you
had (say) a 64-byte user passphrase, this would mean that the first
four rounds' subkeys were badly skewed in this way, and the next
four rounds' subkeys were probably not all that well-mixed.  As I
said, I don't see a specific attack based on this, but it seems like
a bad idea, since I might be able to plan out (for example)
differential characteristics that took advantage of the skewed
subkey bits.

If you're using the key schedule to hash passphrases, then it's
probably better that you use phase two as well, perhaps with bits =
256 or something similar.  If you limit user passphrases to
something reasonable, such as 64 characters, then this is probably
okay.  Has anyone else looked at this?  (Naturally, it would make
more sense to just hash the passphrase intelligently, and then use
the export control hack if you had to.)

Comments?

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRP5P0Hx57Ag8goBAQF2FQP8DCxUvPqNly99t/KyRogWKkM5X0iZWHhq
MdQ5XEFWdyg26KMpwmPmFeNcgj3rpQiValSGGM3cTzAd2v35GQrKwPdRU/nmQW7B
hojJrYA1D0IuMxE7c0+tyqdjw6oFXrqiWYH816NKKlTSvAUzgst8hCyoVgpbNwkm
tbjAD93wsTk=
=uaz+
-----END PGP SIGNATURE-----





From llurch at networking.stanford.edu  Sat Feb  3 16:58:56 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sun, 4 Feb 1996 08:58:56 +0800
Subject: Futplex makes the news!
In-Reply-To: <199602022119.NAA29620@ix6.ix.netcom.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Feb 1996, Mike Duvos wrote:

> It may be time to regroup and take inventory of what we are 
> suposedly trying to accomplish here. 

I believe we *have* regrouped sufficiently, and I am doing my best to give
followup stories what I believe to be the correct spin. 

UMass will be *humiliated* if we play this right. Whom do we call?

For what I think is a good story (I wish they'd credited cypherpunks and 
other people more, but they do need to play up the local angle), see:

 http://www-Daily.stanford.edu/2-2-96/NEWS/index.html

AFAIK, futplex is the only person who has suffered any kind of negative
impact from these events. Except for cpunk reactions to my very poor
postings here, and *one* person who thought I was a Nazi (and who was
corrected, and apologized), I've been getting nothing but praise. 

IMHO, the correct response is to stop whining and trumpet victory, loudly,
and slam Exon and the CDA while we're at it. 

"This story shows that the so-called Communications Decency Act is just 
as ill-advised. If only four people at a handful of major universities 
can defeat German censorship of someone everybody hates, how can we 
expect mere laws to prevent the spread of indeterminate 'indecent' 
material on the Internet, which any teenager is interested in."

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRKUXI3DXUbM57SdAQF3FQP/aVjiP4/yTj7Atuq409NJCuCB7deEpqvF
JcebTz1jG8D4M08VGhjOgFDGs+cNJ1zKXB3AZ9OLuCDnTr4oONsvPo2e3RnbZUYe
YMHBFsKNisq5FRAGOy2UwBbukI+NauFDAzKvCfQJBs5iPpk6aE8sEtwu+ja5nYBs
y8zjtjSuMDQ=
=jUPV
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Sat Feb  3 17:11:13 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sun, 4 Feb 1996 09:11:13 +0800
Subject: The FV Problem = A Press Problem
Message-ID: <01I0SE71ZF6SA0UTZ4@mbcl.rutgers.edu>


From:	IN%"vin at shore.net"  1-FEB-1996 02:08:33.54

>Greg Broiles  opined:

>We should, however, learn from what FV did right - they wrote software which
>(apparently) had or can have a real political effect. (It seems to have
>worked on Garfinkel, anyway). Cypherpunks write code? FV wrote code and got
>some attention for their otherwise unexciting message.  

        Now _that's_ a useful and on-target observation.
-------------
	Quite. To expand it: A. a program doesn't have to be new to the
technical community to make a difference, it just has to be new to the rest of
the world; B. publicity for programs makes a difference. If DigiCash had
come out with this program and had done the press release better than the FV
folks, I suspect we'd be cheering them on and the credit card types would be
doing worse - a good situation.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Sat Feb  3 17:24:53 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sun, 4 Feb 1996 09:24:53 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: <01I0SEGNWJAYA0UTZ4@mbcl.rutgers.edu>


	One thing that I'm worried about is InterNIC. As I understand it, it
is a central company that is in the business of receiving domain name
registrations, including the info on what that domain is connected to, and
sending it out to various nameservers. The nameservers then use this to route
some (not all, I do believe) traffic.
	This situation is a weak point. The government in whatever country
InterNIC's physical presence is in (the US, I believe) can put pressure on
it for "faciliating breakage of laws" or some such nonsense (for some material,
such as the sites that have crypto material, the espionage argument that it
is cooperating in limiting their ability to work might be what was used). It
is then forced to stop issuing domain names except to people the US govt wants
to get such. Nameservers in the US that use any other service to determine
domain names get arrested themselves, under likewise treatment.
	Now, this can all be fought in the courts and will likely be defeated..
but it would still cause some problems. Am I completely incorrect, or do the
programmers on here and elsewhere need to start coming up with a better way to
do things?
	-Allen





From lmccarth at cs.umass.edu  Sat Feb  3 17:29:07 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 4 Feb 1996 09:29:07 +0800
Subject: [NOISE] Futplex makes the news!
In-Reply-To: <2.2.32.19960203135737.00740450@panix.com>
Message-ID: <199602040100.UAA03838@opine.cs.umass.edu>


Duncan Frissell writes:
> Are *you* going to bring action against the school?  You could proceed
> administratively for free.

Unfortunately I'm in an awkward stage of my career. This is my 3rd year in
graduate school, with 2 or 3 more years to go. I have been happy with nearly
all aspects of my time studying at UMass. It would be a royal pain to try to
switch horses in midstream. And I very much want to finish my degree.

Meanwhile, I think I can safely say that from this point on I need to dot
all my i's and cross all my t's until I graduate from UMass. Suppose it
turned out that no-one wanted to sit on my thesis committee ?  I'm sure
anyone who's been through grad school can imagine other disturbing
hypothetical scenarios.

James Donald may characterize me as gutless. I think he would probably be 
correct to some extent.

Have I answered your question ?

Lewis Futplex McCarthy 





From llurch at networking.stanford.edu  Sat Feb  3 17:35:22 1996
From: llurch at networking.stanford.edu (Richard Charles Graves)
Date: Sun, 4 Feb 1996 09:35:22 +0800
Subject: Zundelsite webcom.com <--> Germany routing difficulties resolved
Message-ID: <199602040116.RAA28239@Networking.Stanford.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

The Zundelsite "censorship" issue has been resolved. We have a permanent home
for the site that will not be blocked or harassed by the site management. We
will help Zundel remove the shrill "I am being censored!" claims from his Web
pages.

More details will be forthcoming on Monday.

- -rich

$ From llurch at networking.stanford.edu to cypherpunks at toad.com $
$ Sat Feb  3 17:15:16 PST 1996 $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQIz43DXUbM57SdAQFVlwQAxC4ywUESFZMf/dFBtK2z0I3WpU/Q4n9F
UucUtgqq66J0sPV3erneyh/Po9N0UfH/bYhYhfT3ubdUTwUIGDY0OaPtrB5ymUe1
9JtlBqJd4l9YrWJAkM4NSw7zZWaLjnoh9sly1LCZu+YAZUxZJVCyyC8YLPnqAeYs
DI6c/F0Llfs=
=mZaO
-----END PGP SIGNATURE-----





From tcmay at got.net  Sat Feb  3 17:51:00 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 09:51:00 +0800
Subject: Futplex makes the news!
Message-ID: 


At 1:00 AM 2/4/96, lmccarth at cs.umass.edu wrote:

>Meanwhile, I think I can safely say that from this point on I need to dot
>all my i's and cross all my t's until I graduate from UMass. Suppose it
>turned out that no-one wanted to sit on my thesis committee ?  I'm sure
>anyone who's been through grad school can imagine other disturbing
>hypothetical scenarios.
>
>James Donald may characterize me as gutless. I think he would probably be
>correct to some extent.

I think Lewis McCarthy was very brave to put up the Zundelsite mirror.
(Maybe unwise, too.) It's certainly not something most of the rest of us
are doing on our sites at universities, corporations, and even private
sites.

(Many ISPs will drop a customer who creates any trouble.)

And it's sad that the couple of days of the UMass Zundelsite's effect, even
now being lost in the "spin" coming from the German press about how UMass
forced the removal of the site, will perhaps result in a much lower public
presence by Lewis. (From what I've seen at California universities, the
folks with the long knives will still be trying to "get him."
Unfortunately, with search tools like Alta Vista they can keep tabs on him
semi-automatically and report any further evidence of his racist,
mysogynistic, and anti-democratic views to the Dean of Students.)

(I could add a smiley here, but it's really not very funny.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ravage at ssz.com  Sat Feb  3 18:10:01 1996
From: ravage at ssz.com (Jim Choate)
Date: Sun, 4 Feb 1996 10:10:01 +0800
Subject: Futplex makes the news! (fwd)
Message-ID: <199602040203.UAA06687@einstein.ssz.com>



Forwarded message:

> Date: Sat, 3 Feb 1996 19:01:18 -0800
> From: tcmay at got.net (Timothy C. May)
> Subject: Futplex makes the news!
> 
> (Many ISPs will drop a customer who creates any trouble.)
> 

I think most private sites have their future on the line. In my own case it
has taken just about every resource I have available to get online and stay
there. This is one aspect of supporting your local private ISP that many
folks don't understand very well. For some reason most folks have the
impression that if you can start and run a private site you must be making
money hand over foot. Just taint so.

> 
> --Tim May
> 





From llurch at networking.stanford.edu  Sat Feb  3 18:40:49 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sun, 4 Feb 1996 10:40:49 +0800
Subject: Zundelsite webcom.com <--> Germany routing difficulties resolved
In-Reply-To: <199602040135.SAA19463@sal.cs.utah.edu>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 3 Feb 1996 the Bcc'd dude wrote privately:

>  Just for the fun of it, could you make your access statistics
> public? In particular, I'd like to know how many hits you 
> got from inside Btx.DTAG.DE.
>
> I have a strong suspicion that the intersection of those
> who can afford to browse the web through T-Online for 12-16 Pf/min
> (ca. 9-12 cents) with 2.400 bps (except in major cities, where
> it's 14.400) and those who are interested in neo Nazi web sites,
> faked or not, might be smaller than expected.

Good question! Something that not enough people are asking.

There were like two or three dozen hits. Period. But I think Declan 
publicized his mirror more widely, and probably got a few more.

You can get aggregate hit counts for all files in "/~llurch" through the 
www-leland.stanford.edu main page (features, I think).

I'm not sure I'll be able to get a server log dump because it would just
be so huge -- not because of the Zundelumpen, but because of the Windows
95 FAQ in my directory, which got a lot of press in early January. 

Zundel's main site at webcom.com did not just become popular and
overloaded with the press reports. It has always been overloaded because
he's a dumbshit who posts 3MB RealAudio files on the main page. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQWUo3DXUbM57SdAQHUZAQA2C5Bwg2lrpdHoXgs0+H1X3G7ssVO3Yyr
1ZfqSUO/HOrBDqzxh0hSnbt6DdrpfRvC1yO3ObEsV7sr3yQ4MfjOu8KhWptZpLiC
NlPveSWDN6/EiDGhueAyflUmSINuHHgZguaJnQDtihIUrz3pIg7dRT2mM4vWZV/m
Fk5CxWGbhgg=
=PdRm
-----END PGP SIGNATURE-----





From jsw at netscape.com  Sat Feb  3 18:45:26 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Sun, 4 Feb 1996 10:45:26 +0800
Subject: Netscape, CAs, and Verisign
In-Reply-To: <199602030951.BAA12320@ix2.ix.netcom.com>
Message-ID: <31141581.69C@netscape.com>


Tom Weinstein wrote:
> The Navigator can also download certificates as one of the following
> mime types:
> 
> application/x-x509-ca-cert
> application/x-x509-server-cert
> application/x-x509-user-cert
> 
> When the Navigator sees one of these, it presents the user with a
> series of dialog boxes that take him through the process of approving
> the certificate and adding it to the database.

  The only one of the above mime types that should be used with 2.0
is application/x-x509-ca-cert.  The others are not supported.  The
spec for the ca-cert type will be released on our web site soon.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jimbell at pacifier.com  Sat Feb  3 18:59:32 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 4 Feb 1996 10:59:32 +0800
Subject: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:03 AM 2/2/96 -0800, Alan Olsen wrote:

>I think an explanation for this is due.  Jim is going to move his complaints 
>here instead of dealing with them with me no matter what I do...

Alan Olsen is correct, here.

>
>A bit of history here...
>
>I had seem Jim Bell's postings and had not thought too much about them one 
>way or another.  I felt that some people had been a bit too hard on him, but 
>did not care one way or another.
>
>I organized a physical meeting on Jan 20th at a public coffee house in 
>portland.  Jim showed up.  During this meeting he espoused some ideas which 
>I found very bothersome because they sounded far too much like "magical 
>thinking" and pseudo science. 

Alan Olsen will be amazed to see that I am absolutely agreeing with his 
limited understanding of the description of the events of the meeting.  
Further, I am acknowledging that I said certain things which, to the vast 
majority of the population, and ESPECIALLY moderately-technically educated 
ones, would sound like "magical thinking and pseudo science."  Even to 
extremely well-educated ones, in fact.  This sounds strange, but it is true. 
 But of course, I only told him PART of the story.  It is as if David 
Copperfield (the magician, not the Dickens character) claimed that he was 
going to make an elephant disappear:  The claim sounds impossible to 
believe. Logic tells us he can't do that.  But, on the other hand, he has a 
reputation as a "magician."   The difference, obviously, is that the name 
"David Copperfield" is far better known than "Jim Bell."

Of course, I am embarrassed to have to admit that I can't recall the name of 
the person who said something like, "A sufficiently advanced technology is 
indistiguishable from magic."  Perhaps somebody more "into" SF quotations 
can supply the reference.

Regrettably, I fear Alan Olsen (being exposed to talk which at the time he 
interpreted as "magic") will mis-remember the details of which I spoke. 
Actually, in the short term this is good.  Fortunately, I recall what I said 
quite well, and it will all become clear eventually.

As I kept saying in my (not-yet-canned) tagline:

Something is going to happen.    Something....Wonderful!   (2010)


>I did not challenge him about them at the 
>meeting and tried to move on  to other things.

Alan Olsen is correct, here.  He did not indicate the extent of his 
disbelief.  Perhaps I would have been willing to tell him more if he'd 
politely approached me after the meeting with his doubts.  Maybe not, however.
It's not really a deep-dark secret.

Instead, Alan Olsen flamed me on this national list, despite myself having 
done nothing to him (either in public or private or private email) to 
justify this.  In case there is any doubt here, I hereby give him permission 
to post any past and/or future (private) email from me to him that he may 
care to quote, which in his opinion "justifies" his acts of flaming.  
Furthermore, I give a blanket permission to anybody reading this message to 
publish on this (or other, more appropriate list) any private email from me 
which would, itself, "justify" or explain, pre-facto, Alan Olsen's odd 
behavior.

In other words, Alan Olsen has bought the rope, and has tied it to a branch 
on the tree, and is now asking permission from me to hang himself.  He has 
my permission.

>A while ago an anonymous poster made a number of comments about Jim Bell's 
>beliefs involving assassination politics.

And my response was that unless he (the anonymous poster) was unwilling to 
at least use a stable nym to stick around long enough to debate the details 
on some SUITABLE area, his criticisms were no more realistic than flames. 

>  He brought up a number of valid points. 

But he (the anonymous poster):
1.  FLamed me on this national list, similarly to the way Alan Olsen later did.
2.  Failed to be willing to sustain the debate in a more appropriate list, 
even under a stable nym.
3.  Didn't stick around to respond to my commentary.

> Jim ignored all of those points and flamed him on something totally 
>without substance. 

Others apparently disagree.  I received supportive (private) email, agreeing 
that I had been flamed by that anonymous poster.  The fact that he was 
anonymous says it all.  The fact that he has not returned says it all.  The 
fact that Alan Olsen is bringing up this example as if it is some sort of 
fault of mine incriminates Alan Olsen most of all.

> (Not signing messages and not using an identifiable 
>nym.)

If that's all that he did, then it wouldn't have been a problem.  I suspect 
that Alan Olsen had something to do with that anonymous post; in fact, I 
suspect that he knows who sent it.  Alan's following commentary sounds like 
an admission that he, himself, did it.

>This bothered me.

Your general behavior bothers me.

> I responded to the post.  A good portion of this message 
>was flame, but it contained a number of questions about the workability of 
>Jim's pet theories.

Justa sec.  You're admitting that a person  (YOU?!?)ANONONYMOUSLY posted to 
Cypherpunks, with a "good portion" of what even you are willing now to admit 
was a "flame", and yet you fault ME for my response to it?

Pardon me for a few minutes while I try to stop laughing, Alan.  


>Jim's response to this was to question the validity of the post, but not 
>deal with any of the substance of the arguments.

Which I believe is the logical thing to do.  For a number of reasons.  
First, I am well aware of the primary purpose of the Cypherpunks list, and 
the fact that I am relatively new here.  I have no intention of inflicting 
an unwelcome discussion of "Assassination Politics" on the list, and 
certainly not with a person who clearly wanted to start a flamewar and 
didn't genuinely want to debate the issues with even a stable nym.

Clearly, I recognized that if I responded to the bait and clogged 
Cypherpunks with off-topic (or numerous marginal-topic ones) then this 
flamer would already have won by sowing hate and discontent, and have not 
suffered any longterm loss of reputation of his own.  I, on the other hand, 
use my REAL NAME.

Only a fool would have taken an anonymous flamer seriously under those 
circumstances.


>  (He was questioning it 
>because I did not sign the posting.) 

You're admitting it, huh?

> I ignored the post as I had other 
>things occupying my time...

In other words, you took the time to flame me, but when I failed to take the 
bait you lost interest and went on to something else, huh?  Interestingly, 
subsequent to that event, both you and a number of your clique "lose 
interest" very quickly when things turn against you.  How...conveeeeenient!


>During the period of time between the meeting and the offending post I had 
>created a pdx-cypherpunks list.  I had a number of people who were 
>interested and it seemed like a good idea at the time...

What you REALLY wanted to do was to create your own little fiefdom where you 
could punish non-believers, a privilege which does not accrue to you on the 
national list.  


>Well, i posted on the list a question about the next meeting and mentioned 
>about  the results from the key signing.  (I had three people, who i did not 
>mention by name, who had not signed keys or gotten back to me on it.)  I 
>relieved a response from Jim about my messages to him here and why he had 
>not signed anyone's keys.  [For those who are interested, I can forward the 
>original messages.  They are interesting reading, in an odd sort of way...] 

You have my permission, BTW.  Go ahead and post them.  And this message will 
be signed.


> It came down to him complaining about my messages on national list.  He 
>still did not address any of the issues I had raised (he still has not), but 
>was pretty pissed.

Yes I was "pretty pissed."   But since you've now basically admitted that 
you were the anonymous flamer, as well as having flamed me on Cypherpunks 
without justification, under the circumstances I don't think you have pretty 
much destroyed your own credibility.  I assume people on Cypherpunks don't 
want anonymous flaming, and they wouldn't have appreciated it if I'd taken 
your bait and abused my position here.


>A number of the other people on the list took him to task on a number of the 
>comments he made. 

In other words, Alan Olsen's clique decided to help him out of his jam.  
He'd screwed up by flaming me nationally, and he disappeared for a few days 
while his cronies tried to pretend that it was all my fault.

> It grew into a pretty hot flame war on the list.  After I 
>started to get complaints and it prevented anything useful being posted,

Read:  "After my credibility had been shot to pieces...."

> I posted a message to take the discussion to e-mail or I would start banning 
>people from the list.

Read:  "I don't want anybody to know what I did, Jim.  Stop reminding people 
about it!"

>Jim ignored that request and I removed him from the list.

Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
"PDX Cypherpunks list."

>
>That is why it has moved back here.

That's a very interesting admission, Alan.  While I'm sure that some of the 
people around here are interested in your character faults, baiting, 
flaming, and crude anonymous posting, most of them probably want this 
discussion off the national list and onto a local one.  Problem was, you 
couldn't even accept getting embarrassed locally, despite the fact that I 
was willing to maintain this as a local issue.  You were clearly afraid that 
your credibility would be destroyed by a serious discussion of your actions, 
so you couldn't even accept limiting the discussion to the local list.

>This will be my last response to Jim's rantings in public. 

Read:  "Things are bad enough as it is!  I'd better cut and run."

> i will be glad 
>to deal with questions in e-mail.

On the contrary, I have no interest in dealing with this sleazy character in 
email.  He was the one who chose a national list to do his flaming and 
baiting, and I think he deserves full "credit."

>  I have sent a number of responses to Jim 
>already in e-mail and he has ignored them.  He has made veiled threats to me 
>on the pdx list and has shown no sign of wanting to deal with this in a 
>rational manner.

Alan, please re-post these "veiled threats."  Let's see how you interpreted 
them as such.  Please explain your reasoning.

Above, you accused me of "magical thinking and pseudo science."  Let's see, 
maybe I ought to get out my set of voodoo dolls and poke a few pins in them...

Feel that, Alan?  And that?  And that?  


>The issue comes down to this.  Jim Bell has a number of ideas i disagree 
>with.  I have challenged him on some of those ideas. 

Anonymously, with flames, on a national list on which the discussion did not 
belong, anyway.   I, recognizing this, attempted to spare the rest of you 
Olsen's rants.

> He is unwilling to 
>answer any questions as to the flaws in his beliefs.

Alan Olsen is unwilling to apologize for his behavior.  He was unwilling to 
debate as a stable nym, even.  Clearly, he did not want to genuinely debate 
the issues involved.

>  Instead, he takes any 
>questioning of his ideas as personal attacks. 

No, I take unjustified (and anonymous) flames on Cypherpunks as attacks not 
only on myself, but on the rest of you people.   The only reason this 
discussion came back is that Alan Olsen's personal fiefdom was not strongly 
enough controlled by him, apparently, to help him out.

> I refuse to give any respect 
>to an individual who presents his ideas to the world and yet is unwilling to 
>defend them in public (or in private).

That's an odd statement from a person who wasn't willing to debate as a 
stable nym.  I'm using my own name.  And if there are any of you who have 
any residual doubts about my willingness to debate my ideas, I recommend 
that you ask the regulars on the FIDO areas DEBATE, CIVLIB, CONTROV, 
LEGAL_LAW, LAW, POLTITICS, and a few others.  While I haven't posted much in 
the last couple months there, I copied most everything to those areas and 
received many responses.  I responded, there, even to flamers if the "tone" 
of the "echo" (FIDO's term for what Internet people generally call a "list") 
allowed it.

>I suggest you get your killfiles ready.

I suggest that we regularly warn subsequent "newbies" about Alan Olsen and 
his misguided set of "ethics."

>  I will be killfileing Mr. Bell's 
>comments on this list as it does not belong here.

That's illogical.  What you really meant is that you don't want to hear the 
truth.  What you REALLY would like to do is to control EVERYBODY ELSE'S 
killfiles, so as to silence me.

>The following is the last I will say publically on the matter.

You're going to take your bat and ball and "go thwait home!"  You hear your 
mommy calling, Alan.

Jim Bell
jimbell at pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQVtPqHVDBboB2dAQGCkAQAqXcN+lTsICS69k5t+43wwm37Em4OHmsJ
P1+HPPjQColXiboVKdXMhHt2qi9xOnGiU62ih0qnI8M2KO5FDw0GqmLqj47ERDjO
9xe/ykXBCutL65CSDIGpIBujToKHHxMRVTEV0uzdS9+W6/JUOG9HnctoFuFnpUUl
+f0rwqCH3PY=
=wZyv
-----END PGP SIGNATURE-----






From perry at piermont.com  Sat Feb  3 18:59:50 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Sun, 4 Feb 1996 10:59:50 +0800
Subject: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <199602032104.WAA02903@utopia.hacktic.nl>
Message-ID: <199602040230.VAA14636@jekyll.piermont.com>



Anonymous writes:
>      It is becoming obvious to anyone with two brain cells to rub
> together that RC4 and now RC2 have been deliberately released by RSA
> Data Security.

Anyone with more than two brain cells might feel otherwise, however.

.pm





From dlv at bwalk.dm.com  Sat Feb  3 19:15:13 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 4 Feb 1996 11:15:13 +0800
Subject: free speach and the government
In-Reply-To: <199602040002.QAA11844@slack.lne.com>
Message-ID: 


Eric Murray  writes:
> Stephan Mohr writes:
> >
> > Well, I feel that I agree with the people on the right of free speech for
> > i.e. the neo-nazi stuff or other political, ideological and/or religious
> > ideas. But there is still something that leaves me uneasy: imagine there
> > would be a way to easily make a powerful poison, easily applicated to
> > your town's water-reservoir, or a very easy way to build some strong
> > explosive device. etc. Actually, I think that stuff like this does exist
> > already.
> >
> > But the idea that one day I just put 'easy made deadly poison for millions'
> > into my webcrawler and whoop there it is on my screen or on the screen of a
> > other fool, doesn't sound to right to me. I would like things like this
> > to be better put aside and locked up.
>
> You can't put the genie back into the bottle.
> Once something is invented or described, the knowledge
> is out there.  Someone who wants to use that knowledge
> for "wrong" purposes can find it.

Either some information is being suppressed, or no information whatsoever is
being suppressed. Whether it's the knowledge how to made strong crypto, or how
to make the A-bomb, or now to make Sarin, or _Mein Kampf_, or uuencoded
pictures of naked kids, really doesn't matter. E.g., many people perceive the
dissemination of Nazi teachings to be as dangerous as the dissemination of a
Sarin recipe. One can't be "a little big pregnant".

I believe that any exception to unlimited free speech, be it libel, or
copyright violation, or child pornography, or Nazi propaganda, or Chinese
dissident materials, just isn't compatible with the cpunk agenda. No censorship
is acceptable. That's an absolute.

[...]
> In the US the media is by and large controlled by huge
> media conglomerates with a vested interest in maintaining
> the status quo and delivering up their audience to their
> advertisers in tidy packages.
>
> The government is along for the ride, being part and parcel
> of the same system.  They won't rest until net-speech is
> by and large controlled by huge media conglomerates all
> busy delivering up the net-public to advertisers in tidy
> packages... I'm not saying that there's a Black Heliocopters
> type conspiracy, or any other for that matter.  There doesn't
> have to be, there are huge political forces moving things
> this way.  So there might as well be a conspiracy, as the
> end effect on us is the same.

There's a widespread misconception that most journalists support freedom of
speech for non-journalists. I deal with journalists occasionally, and my
impression is that the attitude of some of them can be summarized as follows:
"I'm an important guy because I can say something that hundreds of thousands of
people will see/read; and I can libel another person and s/he won't be able to
respond". People with this attitude are very threatened by the Internet. I'm
not saying that all journalists are this way; I'm just pointing out that it's
foolish to assume that just because a person works in the media, s/he's in
favor of free speech, especially unlimited free speech.

> I think that any compromise with government censorship is a bad idea.
> All we'd do is give them a little more while on the way towards the
> inevitable.  If we don't give them all the censorship power they
> want they'd just take it anyhow.  Better to hold out as well as
> we can while we can.

>From the technology point of view, there's no difference between helping
Chinese dissidents circumvent their government's restrictions on the net,
and helping neo-Nazis in Germany and helping child pornographers in the
U.S. No one can determine which of the countless bits of information that
travel over the Internet every second are false, or harmful, or subversive,
or otherwise not worthy of transnmission.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jya at pipeline.com  Sat Feb  3 19:22:26 1996
From: jya at pipeline.com (John Young)
Date: Sun, 4 Feb 1996 11:22:26 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <199602040257.VAA20379@pipe3.nyc.pipeline.com>


   Lewis,

   Take heart and wisdom from this experience of being caught
   up in public events. Being used, and abused, by
   institutions for their impersonal, otherwordly, purposes.

   Public disputes are like that, when your personal
   advocacies are distorted, twisted back in unexpected forms 
   in assault on your seemingly impregnable position.

   Well done for this foray. But be prepared for shrewd
   opposition again as you continue behaving responsibly
   to challenge the day's short-sighted conventional wisdom.

   I think you shouldn't worry about thesis advisors, the
   thoughtful ones will understand your action and its
   underlying principles. They may be less daring and more
   cautious than you -- such is the burden of maturity -- but
   I suspect they will admire your audacity, and remember when
   they did the same in younger days when public disputes
   seemed more alluring and tractable -- as I do.

   Thanks much.

   John











From avatar at mindspring.com  Sat Feb  3 20:37:07 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Sun, 4 Feb 1996 12:37:07 +0800
Subject: Searching for the best
Message-ID: <199602040420.XAA23885@borg.mindspring.com>


Hi, Folks

        I am looking for the best file encryption program and the best file
wiping program.
PC compatible, perferably Win 95 compatible.
                                                                        Thanx
Charles Donald Smith Jr.
582 Clifton Rd. N.E.
Atlanta, Ga. 30307-1787
(404)-378-7282

REPUBLICAN; smaller government, less taxes, richer people, and proud children!! 






From tcmay at got.net  Sat Feb  3 20:38:46 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 12:38:46 +0800
Subject: New sig, let me know what you think!
Message-ID: 



Since Clinton is getting ready to sign the Exon Amendment/Communications
Decency Act/Telecom Bill, with some amazingly restrictive rules about what
kind of material can be sent over computers (especially if there's a chance
anyone under the age of 18 can see it), I have been worried about the
implications for my hobby. You see, I am also an amateur Biblical scholar,
and have been working on my "Modern Vernacular Translation."

For most of my messages involving speech, the CDA, censorship, etc., I plan
to include part of my translation as a kind of inspirational quote. Surely
Sen. Exon will not object to this material as "indecent"? After all, it's
the word of God.

I threw this together quickly, excerpting some online versions of the
Bible. Others could do the same thing, by quoting salacious material from
other sources. The letters of Thomas Jefferson, for example? Or
Congressional testimony itself, maybe stuff from the Meese Commission
reports? Juicy stuff there. Is the CDA going to make quoting from the
Congressional Record a crime? (I suppose it ought to be....)

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From gimonca at skypoint.com  Sat Feb  3 21:05:42 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Sun, 4 Feb 1996 13:05:42 +0800
Subject: New sig, let me know what you think!
In-Reply-To: 
Message-ID: 



Packwood Diaries?
Gingrich's novel?
Screenplay for Gramm's porno movie?
Anything involving a Kennedy?

 ***********************************************************************
        --The Interview--             | gimonca at skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

On Sat, 3 Feb 1996, Timothy C. May wrote:

> 
> Others could do the same thing, by quoting salacious material from
> other sources. The letters of Thomas Jefferson, for example? Or
> Congressional testimony itself, maybe stuff from the Meese Commission
> reports? Juicy stuff there. Is the CDA going to make quoting from the
> Congressional Record a crime? (I suppose it ought to be....)
> 





From jf_avon at citenet.net  Sat Feb  3 21:37:07 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 4 Feb 1996 13:37:07 +0800
Subject: New sig, let me know what you think!
Message-ID: <9602040507.AA20267@cti02.citenet.net>


Tim May signature is truly a gem!


>[This Bible excerpt awaiting review under the Communications Decency Act]
>And then Lot said, "I have some mighty fine young virgin daughters. Why
>don't you boys just come on in and do em right here in my house - I'll just
>watch!"....Later, up in the mountains, the younger daughter said. "Dad's
>getting old. I say we should do him." So the two daughters got him drunk and
>did him all that night. Sure enough, Dad got em pregnant....Onan really
>hated the idea of doing his brother's wife and getting her pregnant while
>his brother got all the credit, so he whacked off first....Remember, it's
>not a good idea to have sex with your sister, your brother, your parents,
>your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
>Vernacular Translation, TCM, 1996]






From jf_avon at citenet.net  Sat Feb  3 21:46:35 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 4 Feb 1996 13:46:35 +0800
Subject: free speach and the government
Message-ID: <9602040531.AA20987@cti02.citenet.net>


dlv at bwalk.dm.com (Dr. Dimitri Vulis) writes:

>Eric Murray  writes:
>> Stephan Mohr writes:

>I believe that any exception to unlimited free speech, be it libel, or
>copyright violation, or child pornography, or Nazi propaganda, or Chinese
>dissident materials, just isn't compatible with the cpunk agenda. No censorship
>is acceptable. That's an absolute.

     I agree with that.  Principles are important.  I agree that Sarin reciepes might
be dangerous.  I also agree that such information should not be broadcasted.  
But I think that this control should be effected by the individual poster, out of 
benevolence for Man, not enforced at the point of a gun by a govt that pretends 
that we are to dumb to act by ourselves.  The nature of the Internet is 
unique in the history of mankind.  We must adapt, *as individuals* not as "a society".

The collectivity is a statistical concept that have no existence, apart in the 
pretensions of the collectivists do-gooders.



>There's a widespread misconception that most journalists support freedom of
>speech for non-journalists. I deal with journalists occasionally, and my
>impression is that the attitude of some of them can be summarized as follows:
>"I'm an important guy because I can say something that hundreds of thousands of
>people will see/read; and I can libel another person and s/he won't be able to
>respond". People with this attitude are very threatened by the Internet. I'm
>not saying that all journalists are this way; I'm just pointing out that it's
>foolish to assume that just because a person works in the media, s/he's in
>favor of free speech, especially unlimited free speech.

I think it is safe to say, especially regarding coverage of the Internet by
popular medias, that even if there are some journalists that still have integrity,
most of their bosses don't.


>From the technology point of view, there's no difference between helping
>Chinese dissidents circumvent their government's restrictions on the net,
>and helping neo-Nazis in Germany and helping child pornographers in the
>U.S. No one can determine which of the countless bits of information that
>travel over the Internet every second are false, or harmful, or subversive,
>or otherwise not worthy of transnmission.

Well,  here I don't completely agree.  *you* can determine what is worth and 
what is not.
But again, I suppose that if you have rationnal arguments, you will be able
to convince other rationnal individuals.  I am not in favor of broadcasting 
neo-nazi scum all over because I think that their essence is the same as the one
underlying the censorship movement.  They share the same vision of man, only the
flavor change slightly.  OTOH, somebody presenting facts pertaining to nazism and
what happened to the jews (confirming or infirming) are acceptable, as long as 
they are *facts*.  But there are plenty of causes that seems worthwhile
to defends, so why pick up the mosts dubious?


Ciao

JFA






From jamesd at echeque.com  Sat Feb  3 22:03:21 1996
From: jamesd at echeque.com (James A. Donald)
Date: Sun, 4 Feb 1996 14:03:21 +0800
Subject: free speach and the government
Message-ID: <199602040548.VAA04878@shell1.best.com>


At 10:52 PM 2/3/96 +0000, Stephan Mohr wrote:
> But do
> you fighter[s] for free speech, in principle, think that nothing, really
> nothing, [should] be prevented [from] being published?

Yes:

> [...]
>
>I know, of course, that by accepting that there is something that
>shouldn't be available on the net, we would need something to decide what
>and how to ban. So I wonder what would be a more 'net'-like way of handling 
>this type of thing and how to prevent that some 'strong-armed' governments
>take the net over.

There is no "net-like" way of preventing people from communicating 
when one wishes to speak and another wishes to listen.  To attempt 
to achieve such a goal violates the principles that made the internet
possible, such as the "no settlements" rule.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jamesd at echeque.com  Sat Feb  3 22:06:14 1996
From: jamesd at echeque.com (James A. Donald)
Date: Sun, 4 Feb 1996 14:06:14 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <199602040548.VAA04885@shell1.best.com>


At 08:00 PM 2/3/96 -0500, you wrote:
>
>James Donald may characterize me as gutless. I think he would probably be 
>correct to some extent.

You acted for liberty:  I failed to act:  How could I characterize you
as gutless?

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jamesd at echeque.com  Sat Feb  3 22:30:20 1996
From: jamesd at echeque.com (James A. Donald)
Date: Sun, 4 Feb 1996 14:30:20 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: <199602040611.WAA18584@blob.best.net>


http://www2.ari.net/home/bsabath/950711.html

At 12:25 PM 2/3/96 -0800, Jordan Hayes wrote:
>Sorry to inject a little scholarly research on this topic, but I
>would urge those of you who are interested in how this mythology
>was created and disseminated to do an AltaVista serach for Alperovitz;
>he's potentially the leading scholar on this subject.  I've read
>his book, and Tim probably ought to as well ...

SCHOLARLY RESEARCH!!!!

You do not know shit from beans:  Alperovitz is no more a scholar 
than Zundel is:  He is a historical revisionist 
who lies even more crudely than the holocaust revisionists.

It is clear that in the opinion of the high command, the decision to 
surrender after they were nuked was a dramatic and radical change of 
position.  Alperovitz says otherwise, thus he is either grotesquely 
ignorant or, more likely simply dishonest.


Alperovitz writes: 
        The use of the atomic bomb, most experts now believe, was totally
        unnecessary. Even people who support the decision for various 
        reasons acknowledge that almost certainly the Japanese would have
        surrendered before the initial invasion planned for November. 
        The U.S. Strategic Bombing Survey stated that officially in 1946. 

        We found a top-secret War Department study that said when the 
        Russians came in, which was August 8, the war would have ended 
        anyway. The invasion of Honshu, the main island, was not 

        [And so on and so forth]

After the second nuclear attack, the Japanese high command had a
meeting with the emperor:  They heard testimony on the effects of
atomic bombs.  About half wanted to surrender, about half argued that
Japan should die gloriously:  They were unaware that the US had just
used up almost its entire nuclear arsenal.  They expected that surrender
would be followed by the same kind of reign of terror, rape, brutal
degradation, and mass murder, that they inflicted on the people that
they conquered. They expected that failure to surrender would result
in continued nuclear bombardment at about the same rate.  (Both
beliefs were incorrect.)

The Emperor *at that meeting* made the decision to surrender, shocking
a large part of the high command, and then made a speech on radio
announcing the surrender, stating as reason for the surrender that if
they did not surrender, Japan would be utterly destroyed by nuclear
weapons.

Seeing as they were still debating the issue *after* two nuclear
weapons had landed on them, it seems reasonable to believe that
without atomic weapons, it would have been necessary to fight from
house to house from one end of Japan to the other.


When Hirohito ordered surrender in response to atomic bombing, the high 
command attempted to violently overthrow him, and when they failed, many
in the high command committed suicide.





>
>If you read nothing else on this topic, I urge you to check out
>an interview with him at http://www2.ari.net/home/bsabath/950711.html
>
>#endif
>
>/jordan
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jamesd at echeque.com  Sat Feb  3 22:34:39 1996
From: jamesd at echeque.com (James A. Donald)
Date: Sun, 4 Feb 1996 14:34:39 +0800
Subject: Microsoft's CryptoAPI - thoughts?
Message-ID: <199602040611.WAA18599@blob.best.net>


At 11:11 AM 2/3/96 TZ, Wasser wrote:
> I have "standardized" the PS files on the MS website, so there should 
> be no more problems. Sorry for the inconvenience.

Thank you, but it would be even better to webify them.

I have webified them (http://www.jim.com/jamesd/mscryptoapi.html), 
but I am sure most people would prefer an official copy:

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From anonymous-remailer at shell.portal.com  Sat Feb  3 22:48:58 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Sun, 4 Feb 1996 14:48:58 +0800
Subject: C2 and the Worst Case
Message-ID: <199602040628.WAA07276@jobe.shell.portal.com>


sameer  wrote:

> > The question is, how much would they get? How much information about c2
> > users would fall into the wrong hands?
>
>	The only information we have is the information you give
> us. If you don't give us your name, we don't have your name. If you
> don't give us the site you're coming from, we don't have the sit eyour
> coming from. They can't get information out of us that we don't
> have. That's our guiding principle, in terms of the privacy against
> government-level attack.

Are you saying that when someone with an anonymous mailbox on c2.org
retrieves his/her mail via a POP3 connection, no log is made of
the originating IP address?






From jamesd at echeque.com  Sat Feb  3 22:54:40 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sun, 4 Feb 1996 14:54:40 +0800
Subject: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602040622.WAA07274@shell1.best.com>


At 03:39 PM 2/3/96 -0800, paralax at alpha.c2.org wrote:
>Mr. Hayes MAY have used a condescending tone but you have exposed your
>racist roots again.  First you embarass yourself with you lack of knowledge,

Paralax does not know shit from beans.  He presumably imagines that Tim is
"embarrassed" because Tim's knowledge of the historical facts differs from
those facts dreamed up by the usual crew of apologists for totalitarian terror.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From joseph at genome.wi.mit.edu  Sat Feb  3 22:59:18 1996
From: joseph at genome.wi.mit.edu (Joseph Sokol-Margolis)
Date: Sun, 4 Feb 1996 14:59:18 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <9602040642.AA19600@karlo>


what the hell was that? Surley you can't expect us to belive people wrote that?
--Joseph





From mccoy at communities.com  Sun Feb  4 00:14:23 1996
From: mccoy at communities.com (Jim McCoy)
Date: Sun, 4 Feb 1996 16:14:23 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: <199602040812.AAA27504@scylla.communities.com>


>	One thing that I'm worried about is InterNIC. As I understand it, it
>is a central company that is in the business of receiving domain name
>registrations, including the info on what that domain is connected to, and
>sending it out to various nameservers. The nameservers then use this to route
>some (not all, I do believe) traffic.

Close, but not quite.  The role that the InterNIC serves is to register 
domains
and to maintain the top-level mappings.  It is from InterNIC that the 
root-level 
nameservers load info regarding which domains are served by which 
nameservers.
The way this process works from any particular users point of view is as
follows:

1) You request that the host name www.foo.bar be resolved to an IP 
address.
2) Your TCP/IP software checks its local cache (if any) to see if it 
already
   has the requested information and if so it returns it without doing a
   lookup [there are timeouts and other bits involved but this is the 
simple version]
3) If a lookup is necessary your TCP/IP software digs up a pre-defined 
name/number
   for who is should ask.  This is the info that you enter into a 
resolv.conf file
   in unix, a MacTCP DNS setting, etc.  It is usually the nameserver for 
your
   internet service provider or a local nameserver for your network.  
Once the
   resolver knows who to ask it formats a query and sends it off.
4) This nameserver checks its cache to see if it already has the info and 
if not
   it forwards the request to another nameserver.  Eventually the request 
hits
   a root server; the root servers then check the domain name against 
their tables
   (the ones it loaded up from the NIC) and forward the request to the 
appropriate
   nameserver.
5) Eventually the request is forwarded to a nameserver which is able to 
give an
   authortative answer for this domain and the result is sent back to the 
original
   requester.

At any point in this chain it is possible for someone to decide who will 
give the
authoratative answer for this domain.  It is possible for you, the 
requester, to
decide for yourself who will be asked.  All you need to do is to add 
whatever
nameserver you trust early into the query chain and that server will be 
asked first
and only if it does not answer authoratatively will the regular 
nameservers be
asked to resolve the request.

The DNS system represents to oldest digital reputation system I know ot.  
It is _all_ 
about trust; if you think that someone is giving out bogus information or 
you want
your answers to come from someone else it is trivial to change the way 
your nameservice
is configured so that lookups happen in the manner that you want.  No one 
can control
how names are resolved into numbers unless someone else grants them that 
power.  There
was a minor rebellion among the internet service providers this fall when 
the NIC
announced that they would begin charging for their services and it flares 
up every now
and then when some of the larger independant ISPs begin to feel that the 
NIC is favoring
the major players like MCI, Sprint, et al. when it comes to address and 
routing blocks
and other name/IP number issues.  The point that is frequently raised to 
keep the NIC
in line is that there is nothing preventing these providers from going 
out and doing
whatever they want, whether it be establishing new root servers, 
allocating whatever
numbers they want, or just plain ignoring that the NIC exists.  And there 
would be
absolutely nothing that InterNIC could do about it, because that is how 
DNS works. The
biggest problems that would occur would be when there was a conflict in 
the namespaces
served (e.g. your lookup for www.foo.com returns one number when a 
InterNIC served
root nameserver responds and another when a different set of root 
nameservers respond)
and the number that would be returned would depend entirely on which 
nameservers your
query asked to get the answer.  In short, it would depend on who you 
decided to trust...

On a more cypherpunk-related note, it is actually quite trivial for you 
to create your
own shadow domains which are completely private to whatever group you 
want.  If you
want to create the foo.cypherpunk domain you can do it just by 
downloading the BIND
nameserver code and settting up a nameserver which answers queries for 
the top-level
.cypherpunk domain.  All that is required for someone else to resolve 
names in this
set of domains is for them to know that a .cypherpunk address needs to be 
resolved
by the nameserver you created (which involves adding only a single line 
in every DNS 
config system that I know of.)  It is also difficult for any authority to 
mandate 
that certain nameservers be used because the entire system is already so 
distributed 
as to make such a mandate useless (it would also cause such a performance 
hit for 
net connections that it would be about as effective as the old 55mph 
federal speed 
limits :)

jim
--
Jim McCoy
mccoy at communities.com





From jcobb at ahcbsd1.ovnet.com  Sun Feb  4 01:53:34 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Sun, 4 Feb 1996 17:53:34 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: 


 
 
  Rich, 
 
 
  Neither dropping nuclear weapons on Japanese cities nor an invasion 
  of Japan was necessary to secure surrender of the Japanese government. 
 
  David Kahn explains: 
 
    Communications intelligence contributed...in major ways to the 
    Allies' Pacific victory.  It stepped up American submarine sinkings 
    of the Japanese merchant fleet by one third. This cutting of Japan's 
    lifelines was, Premier Hideki Tojo said after the war, one of the 
    major factors that defeated Japan. 
 
       David Kahn.  "Codebreaking in World Wars I and II: The 
       Major Successes and Failures, Their Causes and Their 
       Effects" (1980).  In: Kahn on Codes: Secrets of the New 
       Cryptology.  Macmillan Publishing Co.  1983.  Page 108. 
 
 
    The water transport intercepts should provide case after case of how 
    American submarines won one of the most important victories in the 
    Pacific: the sinking of the Japanese merchant fleet.... 
 
       Kahn.  "Opportunities in Cryptology for Historians."  Op 
       cit.  P 289. 
  
 
    Some information came out shortly after World War II, when we 
    all heard about how we broke some Japanese codes before Pearl 
    Harbor, which...did help very much...in the successful American 
    submarine blockade of Japan, which very largely brought the Jap- 
    anese empire to its knees. 
 
       Kahn.  "Signals Intelligence in the 1980s" (1981).  Op cit. 
       P 292. 
 
   
 
             In other words, it was Starvation City. 
             --------------------------------------- 
 
  As an aside. these three quotations from Kahn on Codes, a collection 
  of articles, show that David's views in this regard are consistent 
  over the years. 
 
  Continuing-- 
 
  Dropping nuclear weapons on Japanese cities or an invasion of Japan 
  was not necessary to secure surrender of the Japanese government. 
   
  William Langer explains: 
 
    In the greatest air offensive in history [during May, June, and 
    July 1945] United States land-based and carrier-based aircraft des- 
    troyed or immobilized the remnants of the Japanese navy, shattered 
    Japanese industry, and curtailed Japanese sea communications by sub- 
    marine and air attack and extensive minefields.  United States bat- 
    tleships moved in to shell densely populated cities with impunity 
    and the Twentieth Air Force dropped 40,000 tons of bombs on Japanese 
    industrial centers in one month. 
 
       William Langer.  An Encyclopedia of World History. 
       Houghton Mifflin Co.  1948.  Page 1169. 

 
                    It was Devastation City. 
                    ------------------------ 

  Then why Hiroshima and Nagasaki? 
 
  There were two main reasons nuclear weapons were dropped on Japanese 
  cities: 
 
       (1)  generally, to proclaim Pax Americana...with a bang 
 
       (2)  specifically, to declare war on the Soviet Union. 
 
 
  For the sake of completeness, let's ask:  If it really had been 
  necessary to drop nuclear weapons on Japan in order to compel the 
  Japanese government to surrender, should they have been dropped? 
 
  Without hesitation. 
 
 
  Cordially, 
 
  Jim 
 
 

 
  NOTE.  The first part of the "Opportunities" article was published 
  in 1972.  The second part, dealing with World War II, was written 
  perhaps a decade later for publication in the collection. 
 
 






From alano at teleport.com  Sun Feb  4 02:03:42 1996
From: alano at teleport.com (Alan Olsen)
Date: Sun, 4 Feb 1996 18:03:42 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <2.2.32.19960203194631.00955980@mail.teleport.com>


At 12:46 PM 2/3/96 -0500, ErnstZundl at aol.com wrote:

>If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
>make the journey to Antarctica and into the volcano!!  We owe it to
>the world, we owe it to the great Adolph Hitler, and we owe it to
>the White Race.

"But what about Hitler's Brain?"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From secret at secret.alias.net  Sun Feb  4 02:26:56 1996
From: secret at secret.alias.net (K00l Secrets)
Date: Sun, 4 Feb 1996 18:26:56 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <199602041005.EAA06068@paulsdesk.phoenix.net>


In article <960203124656_311380557 at emout09.mail.aol.com> ErnstZundl at aol.com writes:
> Instead, you can help me in my cause to make the Earth safe for White
> children.
> You can help me by joining me and my legions of Aryan Nazi UFO Supermen
> at the center of the Earth.  All you have to do to get there is enter the
> Earth's center by way of a volcano in Antarctica.
> 
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.
> 
> And please bring a sweater.  It's cold!

Is this guy really a Nazi, or just a complete nut?  I mean, if he's
out there convincing Neo-Nazis and Holocaust deniers to go freeze to
death at the South pole, as that really anti-semitic?





From frissell at panix.com  Sun Feb  4 03:53:43 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 4 Feb 1996 19:53:43 +0800
Subject: Futplex makes the news!
Message-ID: <2.2.32.19960204113951.009bca04@panix.com>


At 07:01 PM 2/3/96 -0800, Timothy C. May wrote:
>presence by Lewis. (From what I've seen at California universities, the
>folks with the long knives will still be trying to "get him."
>Unfortunately, with search tools like Alta Vista they can keep tabs on him
>semi-automatically and report any further evidence of his racist,
>mysogynistic, and anti-democratic views to the Dean of Students.)
>
>(I could add a smiley here, but it's really not very funny.)

But it's a state school.  All you have to do is sue.  Since academics are
gutless, they aren't that hard to face down.  So far, no one's really wanted
to face my mouth so they've left me alone once I made it clear that I was a
libertarian anarchist nut.

I feel sorry for Lewis though and wouldn't want him to do anything he wasn't
comfortable with.

DCF

"Then there was the time that my RA (Resident Assistant) in my dorm in a
small (private) liberal arts college in the Northwest found out I had a gun
in my room..."






From mab at crypto.com  Sun Feb  4 05:24:18 1996
From: mab at crypto.com (Matt Blaze)
Date: Sun, 4 Feb 1996 21:24:18 +0800
Subject: RC2 technical questions
In-Reply-To: <9601028232.AA823283956@snail.rsa.com>
Message-ID: <199602040753.CAA27660@crypto.com>


baldwin at rsa.com writes:
>         In a shameless attempt to move the discussion of RC2 into
> a more technical arena, here are some interesting questions to
> explore about RC2.
>                 --Bob
> 
> Key expansion
> - How can you tell whether the permutation is based on
>   some sequence of digits from PI?

[long list of other good and interesting questions deleted]

In a previous message, baldwin at rsa.com also wrote:
>WARNING NOTICE
...
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.  In
>particular, RSA Data Security's RC2 (TM) symmetric block
>cipher source code has been illegally misappropriated and
>published.  Please be advised that these acts, as well as
>any retransmission or use of this source code, is a
>violation of trade secret, copyright and various other state
>and federal laws.  Any person or entity that acquires,
>discloses or uses this information without authorization or
>license to do so from RSA Data Security, Inc. is in
>violation of such laws and subject to applicable criminal
>and civil penalties, which may include monetary and punitive
>damages, payment of RSA's attorneys fees and other equitable
>relief.


Bob,

I'm confused by these two messages, as a non-lawyer (but I realize you're
also a non-lawyer).  How can RSADSI, on the one hand, expect to be able
to assert trade secret status over RC2 (with a warning to "...any person
who acquires, discloses or uses this information...") while at the same time
encouraging the world to examine and better understand the (illegally-
published) RC2 code?  To my lay mind, I cannot see how one can reconcile
your two messages.

I'm not trying to be cute or play lawyer.  I'm honestly confused as
to just what RSADSI's position here is.

-matt





From paralax at alpha.c2.org  Sun Feb  4 05:28:37 1996
From: paralax at alpha.c2.org (paralax at alpha.c2.org)
Date: Sun, 4 Feb 1996 21:28:37 +0800
Subject: Nuke em if ya got em "TCMay"
Message-ID: <199602041303.FAA05924@infinity.c2.org>


On Date: Sat, 03 Feb 1996 22:20:52 -0800 James A. Donald Wrote:

At 03:39 PM 2/3/96 -0800, paralax at alpha.c2.org wrote:

P> Mr. Hayes MAY have used a condescending tone but you have exposed your
P> racist roots again.  First you embarrass yourself with you lack of knowledge,

JAD> Paralax does not know shit from beans.  He presumably imagines that Tim is
JAD> "embarrassed" because Tim's knowledge of the historical facts differs from
JAD> those facts dreamed up by the usual crew of apologists for totalitarian terror.

JAD> James A. Donald

Historical facts and or personal interpretations thereof were never called in to question by me.  I took umbrage with Mr. May's insulting, insensitive and racist comments about Jews and the Japanese.  Whether Mr. May's is personally embarrassed by his public display of ignorance and bigotry matters not.  He did indeed embarrass himself on an 'International Stage'.

I may not know shit from beans (actually I do) but I do know cultural  insensitivity, racism, bigotry and ignorance when I see it displayed so blatantly.  I encouraged Mr.
May to return to topics 'cipher' before further embarrassment ensues.  I urge you to do
likewise.

A. Paralax View





From declan+ at CMU.EDU  Sun Feb  4 05:30:00 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 4 Feb 1996 21:30:00 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: 


Excerpts from internet.cypherpunks: 4-Feb-96 Re: THE JEWS (ALL of
them!).. by K00l Secrets at secret.alia 
>  
> Is this guy really a Nazi, or just a complete nut?  I mean, if he's
> out there convincing Neo-Nazis and Holocaust deniers to go freeze to
> death at the South pole, as that really anti-semitic?

Ernst Zundel is indeed a National Socialist. But as others pointed out
in previous messages, his real email address is ezundel at cts.com. I
posted a message to fight-censorship last week on the emergence of the
Zundelimposter. It's archived at the remaining CMU mirror site, at:

http://www.gsia.cmu.edu:80/andrew/ml3e/www/Not_By_Me_Not_My_Views/censorship/im
poster.012896.txt

-Declan






From ErnstZundl at aol.com  Sun Feb  4 06:10:09 1996
From: ErnstZundl at aol.com (ErnstZundl at aol.com)
Date: Sun, 4 Feb 1996 22:10:09 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960204084755_135434252@emout04.mail.aol.com>


>> if he's out there convincing Neo-Nazis and Holocaust deniers >> to go
freeze to death at the South pole, as that really
>> anti-semitic?

DUH!!

Nobody is going to freeze to death if they dress warmly.  That is just a myth
about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
somehow Antarctica were freezing cold, we will be plenty warm inside the
volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.

I am not asking Nazis and Holocaust deniers to freeze to death!  I am
inviting them to jump into a volcano, you fool!







From ErnstZundl at aol.com  Sun Feb  4 06:18:28 1996
From: ErnstZundl at aol.com (ErnstZundl at aol.com)
Date: Sun, 4 Feb 1996 22:18:28 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960204084744_135434288@emout10.mail.aol.com>


>> Surley you can't expect us to belive people wrote that?

Who do you propose wrote it then?  Aryan Space Nazis?





From declan+ at CMU.EDU  Sun Feb  4 06:30:37 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 4 Feb 1996 22:30:37 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960204084755_135434252@emout04.mail.aol.com>
Message-ID: 


Excerpts from request: 4-Feb-96 Re: THE JEWS (ALL of them!).. by
ErnstZundl at aol.com 
> Nobody is going to freeze to death if they dress warmly.  That is just a myth
> about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
> you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
> somehow Antarctica were freezing cold, we will be plenty warm inside the
> volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.
>  
> I am not asking Nazis and Holocaust deniers to freeze to death!  I am
> inviting them to jump into a volcano, you fool!

The ernstzundl at aol.com imposter obviously does not know that Xenu will
chain him to an Antarctic volcano and annihilate him with nuclear
weapons. Beware the thetans!

ObCrypto: Obviously someone as controversial as Zundel needs to PGP-sign
his messages. (Actually, *her* messages, since Ingrid posts for the
Zundelish One.) Does anyone want to show her how to use PGP? I think she
has a PPP connection from her computer at home to cts.com. Message
headers don't indicate what mailer she uses.

-Declan






From paralax at alpha.c2.org  Sun Feb  4 06:53:22 1996
From: paralax at alpha.c2.org (paralax at alpha.c2.org)
Date: Sun, 4 Feb 1996 22:53:22 +0800
Subject: Aegis PGP Shell
Message-ID: <199602041406.GAA11463@infinity.c2.org>


Gordon Campbell wrote: 

GRC> After doing a total reinstall of my system (don't ask) I discovered that I
GRC> don't have a copy of the Aegis PGP Shell distribution archive anywhere. I
GRC> attempted to grab it from http://iquest.com/~aegisrc as listed in the docs,
GRC> but the site doesn't exist.

GRC> Doesn anybody know what gives and where I can get a new copy of the archive?
GRC> I really like this shell and haven't figured out how to otherwise integrate
GRC> PGP with EudoraPro.

GRC> Gordon R. Campbell, Owner - Mowat Woods Graphics

>From alt.security.pgp another reader writes:

> It seems that iquest.com has dropped off the net today so the 
> normal url:  http://iquest.com/~aegisrc/beta2.htm is 
> unavailable.  With the weather around here right now, I doubt 
> it will be up any time soon.

> I've created a very quick mirror site at:
> http://fly.hiwaay.net/~lyman/pgpwsbeta.htm

> Please use it only if you cannot connect to the first url.

A. Paralax View





From dlv at bwalk.dm.com  Sun Feb  4 07:45:16 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 4 Feb 1996 23:45:16 +0800
Subject: free speach and the government
In-Reply-To: <9602040531.AA20987@cti02.citenet.net>
Message-ID: 


(Little crypto relevance, some technology)

jf_avon at citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada)) writes:
>
> I think it is safe to say, especially regarding coverage of the Internet by
> popular medias, that even if there are some journalists that still have integrity
> most of their bosses don't.

They may have integrity; they just adhere to different moral principles.
E.g., if their salaries are paid by the advertisers, they may feel that
they owe their allegiance to the advertisers, not the readers, and that
pleasing the advertisers is more important than telling the (whole) truth.

> >U.S. No one can determine which of the countless bits of information that
> >travel over the Internet every second are false, or harmful, or subversive,
> >or otherwise not worthy of transnmission.
>
> Well,  here I don't completely agree.  *you* can determine what is worth and
> what is not.

I can determine what's not worth reading for me. (I wish I had better technical
means to filter out the incoming traffic that I know is not worth my reading --
freedom of non-association, in addition to freedom of speech and freedom of
association :-). I could share my opinions with others (through a rating system
or by publicly urging everyone to *plonk* someone I don't like, although I find
this in bad taste). I can't determine that an item is so unworthy that it
should be suppressed and that someone else should be deprived of his right
to read it. In my opinion, I can't determine that a certain item of information
is not worth being published/transmitted at all. Someone else is likely to
be interested in the information that I'm not interested in.

> But again, I suppose that if you have rationnal arguments, you will be able
> to convince other rationnal individuals.  I am not in favor of broadcasting
> neo-nazi scum all over because I think that their essence is the same as the
> underlying the censorship movement.  They share the same vision of man, only

Frankly, I've never looked at the stuff the WC is trying to suppress. I know
enough on the subject to be convinced that it's not worth my time and effort.
But if someone wants to publish it, and someone else wishes to read what they
publish, they should be at liberty to do that. I don't think they're the same
as the WC's, who seek to suppress speech.

As for pciking a more popular cause for a test case, yes, I wish there was
something more savory (like PRC or SG dissidents), but "popular speech doesn't
need protection".

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From bernardo at alpha.c2.org  Sun Feb  4 07:56:06 1996
From: bernardo at alpha.c2.org (bernardo at alpha.c2.org)
Date: Sun, 4 Feb 1996 23:56:06 +0800
Subject: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: <199602041518.HAA17608@infinity.c2.org>


jim bell wrote:

>> I think an explanation for this is due.  Jim is going to move his complaints
>> here instead of dealing with them with me no matter what I do...
>
> Alan Olsen is correct, here.

This is childish and pointless.  Please shut up or take it to email.

> But he (the anonymous poster):
> 1.  FLamed me on this national list, similarly to the way Alan Olsen later did.

FWIW, this is an _international_ list with a lot of people who are
just not interested in your petty bickering.  If you want to argue
about this, please do it in private.  If Alan posts responses to the
list, that's his problem.  You don't _have_ to answer in public.

> 2.  Failed to be willing to sustain the debate in a more appropriate list, 
> even under a stable nym.

You have something against anonymity?  In this case, perhaps this list
is not the best place to be.

> that I had been flamed by that anonymous poster.  The fact that he was
> anonymous says it all.  The fact that he has not returned says it all.  The 

The fact that he was anonymous says nothing whatsoever.  So what if
you received some email agreeing that you'd been flamed?

> the fact that I am relatively new here.  I have no intention of inflicting
> an unwelcome discussion of "Assassination Politics" on the list, and 

Actually, and Perry may disagree here, but I'd have no objection to a
discussion of "Assassination Politics", or any other nutty political
theories, as long as we can stick to reasonably mature discussion and
not flames and petty ego boosting.

> suffered any longterm loss of reputation of his own.  I, on the other hand, 
> use my REAL NAME.

Whoopie!  A True Name!  Big deal.  I care not one jot whether or not
you use your REAL NAME.  I have no way of knowing if it is, in fact,
your real name.  Should it make a difference?

No one is going to "suffer any longterm loss of reputation" by
disagreeing with you, or anyone else, whether or not they use a nym
(or anonymity).

> Only a fool would have taken an anonymous flamer seriously under those 
> circumstances.

An anonymous post is no less valid for being anonymous.  The only
advantage of a stable nym, whether or not it's a True Name, is the
ability to gain (or lose) reputation through the content of its
posts.  Perhaps a nym with some reputation is taken more seriously
than an anonymous poster, but so is an unknown nym.  Neither you nor
Alan has any reputation to speak of (to me, at least), so an anonymous
post has no less.

>> Jim ignored that request and I removed him from the list.
> 
> Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
> "PDX Cypherpunks list."

Are you saying he doesn't have that right?  If it's his list, he can
do whatever the hell he likes with it.

> On the contrary, I have no interest in dealing with this sleazy character in 
> email.  He was the one who chose a national list to do his flaming and 
> baiting, and I think he deserves full "credit."

In other words, you are not interested in resolving any problem you
have with Alan, you just to make a lot of noise in public in an
attempt to "embarrass" him.  Go play on some other list where this
kind of thing is appreciated.

>> The following is the last I will say publically on the matter.
> 
> You're going to take your bat and ball and "go thwait home!"  You hear your 
> mommy calling, Alan.

This list periodically devolves into this childishness.  I'm glad Alan
is not going to say any more.  I award Alan 20 Reputation Points for
being mature enough to walk away (delayed long enough to see whether
he does)





From avatar at mindspring.com  Sun Feb  4 08:14:57 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Mon, 5 Feb 1996 00:14:57 +0800
Subject: Encryption Programs
Message-ID: <199602041551.KAA26343@borg.mindspring.com>


OBVIOUSLY the spokesman of the group. I ask for help and this is what I get?

        One more time, I'm well aware of the capabilities of PGP. What I'm
looking for is a program
that does a better job of binary encryption than just Radix 64 ASCII armoring.


>Return-Path: remailer at utopia.hacktic.nl
>Date: Sun, 4 Feb 1996 10:40:07 +0100
>To: avatar at mindspring.com
>From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request)
>Organization: Hack-Tic International, Inc.
>XComm: This message was automaticly Remailed by an Anonymous Remailer.
>XComm: Report inappropriate use to 
>Subject: Encryption Programs
>From: House.of.the.Rising.Sun at utopia.hacktic.nl
>
>
>	wow, a fresh newbie with his first toy!  your lights work, too?
>    cypherpunks is not for you if you need to ask for encryption....
>
>	there's only one encryption program which is both simple and
>    effective: PGP.  if you don't know where to find it, use DEC's Alta
>    Vista web search engine in advanced mode for "mit NEAR pgp"
>
>	you can get a DOS image. there are some windows interfaces I
>    have been told, but fuck Bill Gates and horse he rode in on.
>
>	maybe some day, you'll find enlightenment on choice of operating
>    systems...  instead of following the herd to Gate's bank of mindless.
>
>
>>From avatar at mindspring.comSun Feb  4 09:06:32 1996
>Date: Sat, 03 Feb 1996 23:17:09 -0600
>From: avatar at mindspring.com
>To: cypherpunks at toad.com
>Subject: Searching for the best
>
>Hi, Folks
>
>        I am looking for the best file encryption program and the best file
>wiping program.
>PC compatible, perferably Win 95 compatible.
>                                                                        Thanx
>Charles Donald Smith Jr.
>582 Clifton Rd. N.E.
>Atlanta, Ga. 30307-1787
>(404)-378-7282
>
>REPUBLICAN; smaller government, less taxes, richer people, and proud
children!! 
>
>
Charles Donald Smith Jr.
582 Clifton Rd. N.E.
Atlanta, Ga. 30307-1787
(404)-378-7282

REPUBLICAN; smaller government, less taxes, richer people, and proud children!! 






From Andrew.Spring at ping.be  Sun Feb  4 08:17:40 1996
From: Andrew.Spring at ping.be (Andrew Spring)
Date: Mon, 5 Feb 1996 00:17:40 +0800
Subject: Alien factoring breakthroughs
Message-ID: 



>The Grays have renegged on their abduction quota agreement, and are
>abducting many more people than before. Most of these are returned, after
>being implanted with a device which allows the grays to have total control
>over their thoughts and actions. Approximately 40% of Americans now carry
>one of these devices, which are impossible to remove without killing the
>host.
>

The mark of a good conspiracy theory is its untestability.  Your theory
fails here, because you could perform autopsies on those hosts who have
died of natural causes to recover the mind control devices.

Suggest you amend the last sentence to read "...one of these devices, which
dissolve immediately upon death, and which are impossible to remove..."
etc, etc.







From PADGETT at hobbes.orl.mmc.com  Sun Feb  4 08:29:20 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 00:29:20 +0800
Subject: Don't type your yes/fraud response into your computer
Message-ID: <960204111411.202124c6@hobbes.orl.mmc.com>


>	At base, the moral to the story is that a compromised user machine
>permits essentially any and all activities to be suborned.  Only a smart
>card mechanism stands a chance of standing up to this, but that, in effect,
>makes the smart card the 'user machine'.

True and has been one reason the smartcards/tokens/etc have been available
for years. The other side of the coin is expense - for a smart card and 
reader you are looking at over $100. For a token alone (you enter the 
one-time response) $30-$60. In a mass-market environment, this is not
supportable.

OTOH, keyboard sniffing software is easy to detect because it must go 
resident and it must intercept the keystrokes. The fact that no software
has bothered to do this does not mean that it cannot be done. The 
easiest way for such software to act would be to ignore the machine software
and when sensitive material is to be passed, to do so via direct port 
(hardware) access - been a while since I looked at it but AFAIR is around
port 60h. (PC type machines)

This would take care of anything sitting on Int 09 or Int 16 since it would
be bypassed. Often a problem that looks difficult when viewed as a whole
becomes simple once you disassemble it.

Rather than try to find a workaround for a machine you do not trust, why not
develop a means to trust it ? Can do with software alone and that is cheap.

						Warmly,
							Padgett

ps Dave, what is this thingie on the 21st ? May be in the area (opportunity
   for plug here 8*).

pps Before y'all get too wrapped up in free-speech vs libel in the US I would 
    suggest studying the difference between criminal law and civil.





From PADGETT%TCCSLR at emamv1.orl.mmc.com  Sun Feb  4 08:51:28 1996
From: PADGETT%TCCSLR at emamv1.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 00:51:28 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <01I0TB0U7ZR600MSLZ@emamv1.orl.mmc.com>



>James Donald may characterize me as gutless. I think he would probably be 
>correct to some extent.

"Freedom is just another word for nothing more to lose." - Janis

						P.fla





From mang at lisgar.edu.on.ca  Sun Feb  4 09:40:35 1996
From: mang at lisgar.edu.on.ca (Mike Ang)
Date: Mon, 5 Feb 1996 01:40:35 +0800
Subject: "Nations see Internet as threat to security"
Message-ID: <199602041651.LAA05232@plethora.lisgar.edu.on.ca>



"Nations see Internet as threat to security" made the front page of the 
Saturday _Globe and Mail_.

There are some really nice lines in the article, which basically states 
that electronic freedoms through the Internet are a direct challenge to 
the power of nation states.  They mention all of the more recent 
examples in China, Germany, France, and the States.

Here are some of the more interesting paragraphs:

But as China, Germany,







From mang at lisgar.edu.on.ca  Sun Feb  4 09:44:58 1996
From: mang at lisgar.edu.on.ca (Mike Ang)
Date: Mon, 5 Feb 1996 01:44:58 +0800
Subject: "Nations see Internet.." continued
Message-ID: <199602041718.MAA05257@plethora.lisgar.edu.on.ca>



Sorry about that -- here's the whole thing again


"Nations see Internet as threat to security" made the front page of the 
Saturday _Globe and Mail_.

There are some really nice lines in the article, which basically states 
that electronic freedoms through the Internet are a direct challenge to 
the power of nation states.  They mention all of the more recent 
examples in China, Germany, France, and the States.

The author obviously wasn't afraid of making large claims.  Most of them 
were acceptable, but some seemed completely unsubstantiated (see below).

Here are some of the more interesting paragraphs:

But as China, Germany, the United States and now France have discovered 
recently, data sent electronically over the Internet can be every bit as 
threatening to a country's laws or its culture as armies of yesteryear.  
But its elusive nature makes it difficult to track down and impossible to 
eradicate.  And there is growing concern that the very existence of the 
Internet is a threat to the nation-state.

[..]

"We think of states as unitary bodies, but what they really are is a 
bundle of sovereignties -- economic sovereignty, military sovereignty, 
cultural and social sovereignty."  That bundle is now coming undone, or 
as Mr. Saffo put it, "Digital technology is the solvent leaching the glue 
out of the state as we know it."

..

It's not just cultural or social sovereignty that governments worry 
about.  The power to tax is also being eroded by the increase in economic 
transactions that take place over the Internet, some encrypted so that 
prying eyes at the tax department could not read them even if a tax 
inspector was fortunate enough to stumble upon them.  Drug dealers and 
terrorists are resorting increasingly to this means of moving funds.

..

However, advocates of unregulated cyberspace says [sic] this just means 
that the only people using encryption programs at the moment are those 
doing it illegally.  It's a similar argument to the one often made in 
Canada against gun control -- the bad guys already have weapons.

..


Yay, more FUD.  The article does a good job of raising some of the 
important issues.  But I _highly_ doubt that "drug dealers and 
terrorists" are using digital cash to transfer funds.  They also 
characterize strong encryption as something evil.

The author implies that main reason for encrypting financial
transactions is to evade the tax department - if I'm sending my credit 
card # across the net, _of course_ I'm going to encrypt it, and
when using digital cash, encryption is generally part of authentication.

Comparing crypto to guns works in the sense that the "bad guys" will 
always be able to have access to them.  However, I for one support gun 
control but do not support mandatory limits on crypto.  Where I live,
there are no theats that justify allowing everyone to carry guns - the 
threat to privacy and freedom of speech justifies allowing everyone to 
use strong crypto.  You can use a gun to deprive another person of their 
life - what harm can you do another with PGP?  Perhaps you can harm them 
by being able to spread hate propaganda, but I don't think that that is a 
strong enough argument.

	- Mike.

If you've got to flame me, do it by email.





From hayden at krypton.mankato.msus.edu  Sun Feb  4 10:02:30 1996
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 5 Feb 1996 02:02:30 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Now that we all have web pages that are naughty and might be seen by 
little children, I'd like to hve some kind of a graphic that can 
universally be seen as a "Warning:  The following material is unsuitable 
for children and close-minded twits".  (or words to that effect).

Anybody with much more graphic design ability than I wanna take a crack 
at something that can be spread all over the net?  It shoudl poke as much 
fun as possible at the inaness of the CDA, while still being a legitimate 
effort to warn people that the material is offensive (just in case people 
start getting yanked off the street on CDA violations).



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMRTStjokqlyVGmCFAQGA3QQA0HOMcmxT+y8NbNtI/ak9Jc1kcmjK5v2l
pO17j14IGiz3I+EwXkYMHkCPMup2CyxBZ3YTNkQ4wc8bbtUrYGy/fBSs/yA8Gfy+
TxmGb5uzdLqdhhkJHwgG1CpOkYocX9EN/LUDQ1lB7jDpW5PjNTG1EMkGq1/L3nG5
O3vI3hLrltw=
=D/1b
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden at krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------






From farber at central.cis.upenn.edu  Sun Feb  4 10:16:49 1996
From: farber at central.cis.upenn.edu (Dave Farber)
Date: Mon, 5 Feb 1996 02:16:49 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960204180104.006b16b0@linc.cis.upenn.edu>


Posted-Date: Fri, 2 Feb 1996 21:09:19 -0500
X-Sender: farber at linc.cis.upenn.edu
Date: Fri, 02 Feb 1996 21:09:19 -0500
From: Dave Farber 
Subject: IP: Blue Ribbon Campaign invite [ with a endorsement from me
  djf]
To: interesting-people at eff.org (interesting-people mailing list)
X-Proccessed-By: mail2list

From: Dan Brown 

Greetings from the Electronic Frontier!


As you likely already know, on Feb. 1 1996 the United States House and
Senate voted on and overwhelmingly passed the Telecommunications Act almost
immediately after being reported out of committee, before the public was
able to read, much less comment upon this bill. 

The Electronic Frontier Foundation (EFF), decries the forfeiture of free
speech prescribed by the sweeping censorship provisions of the
telecommunications "reform" legislation

EFF is launching a campaign using a blue ribbon as a symbol to visually
communicate support for free speech in the electronic world.  As a provider
of content on the Internet we invite you to join in this awareness campaign
by displaying a link to our "Blue Ribbon" page where we will update what is
happening in the effort to preserve free speech. 

Pictures, HTML anchors and information on the progress of the campaign are
all available from http://www.eff.org/blueribbon.html. 

Don't wait in silence. Please join the fight against Internet Censorship!!



------------------------------------------------------



Dan Brown | System admin for the Electronic Frontier Foundation | brown at eff.org
    +1 415 436 9EFF Voice || +1 415 436 9993 Fax || +1 415 605 1481 Pager
         (Please leave area code _and_ phone number if you page me!)









From nsb at nsb.fv.com  Sun Feb  4 10:33:41 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Mon, 5 Feb 1996 02:33:41 +0800
Subject: Flaw in FV process (was FV and Netscape slagging each other off :-)
In-Reply-To: <2.2.32.19960131235757.00d078d8@mail.software.net>
Message-ID: 


Excerpts from mail.cypherpunks: 31-Jan-96 Flaw in FV process (was FV ..
John Pettitt at software.ne (1168*)

> In the FV model as I understand it I'd have to ship the software and wait for 
> an approve/deny/fraud from the user.  If it's anything but approved I'm SOL,
> I still have to pay Microsoft for the product but I didn't get paid.

Actually, that's not quite right.  People dealing in physical goods
typically ship them AFTER the "yes" response from the user.  And one of
the next enhancements to our system, currently implemented and in
testing in-house, will feature digitally signed notices to merchants
when credit card authorization is obtained.  At that point, the
merchant's risk will be no greater than in traditional mail-order credit
card sales.

> Solve that process flaw and I'll add FV support to software.net.

Glad to hear it!  -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Sun Feb  4 10:34:33 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Mon, 5 Feb 1996 02:34:33 +0800
Subject: XMAS Exec
In-Reply-To: 
Message-ID: 


Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV Demonstrates Fatal F..
Dr. Dimitri Vulis at bwalk. (1227)

> I'd like to take an exception to this description of the XMAS EXEC, since
.............
> I had serious doubts that the person who wrote it was malicious.

Agreed completely.  I didn't mean to imply that the author was
malicious, merely that it well-illustrated the "social engineering"
approach to getting users to run untrusted code.  What I was saying is
that someone who *was* malicious could have used the same approach as
the attack vector for getting our credit card snooper (or other nasty
code) onto lots of consumer machines.  This came up, in the discussion,
because most people on this list seem to believe (correctly, I think)
that the hardest part of the attack we outlined is the initial infection
vector.  -- Nathanielx
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From merriman at arn.net  Sun Feb  4 10:52:46 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 5 Feb 1996 02:52:46 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960204061752.00686e1c@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 11:37 AM 02/4/96 -0600, Robert A. Hayden wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Now that we all have web pages that are naughty and might be seen by 
>little children, I'd like to hve some kind of a graphic that can 
>universally be seen as a "Warning:  The following material is unsuitable 
>for children and close-minded twits".  (or words to that effect).
>
>Anybody with much more graphic design ability than I wanna take a crack 
>at something that can be spread all over the net?  It shoudl poke as much 
>fun as possible at the inaness of the CDA, while still being a legitimate 
>effort to warn people that the material is offensive (just in case people 
>start getting yanked off the street on CDA violations).
>

Hmmmmm. Maybe a doll with an international 'no' sign superimposed?

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQyXcVrTvyYOzAZAQHXhQP/dnOLwoE5iTf5sNBwPaBl/1+7tXftWIc2
KyxSqqEhgLOcBssTo56Yt7r5TMFVukbWDirNuJW4xFRqFJovw2fG2XdpxMUJlVHF
McjIgXbddYWuyjZ+G04uiKcaoMRYFMFajOipIDkTYSNHBMkfDkxbLNrT3YMNpeCx
nDyvzpX+tGM=
=iqHi
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From jpp at software.net  Sun Feb  4 11:33:44 1996
From: jpp at software.net (John Pettitt)
Date: Mon, 5 Feb 1996 03:33:44 +0800
Subject: Don't type your yes/fraud response into your computer
Message-ID: <2.2.32.19960204182512.0071a52c@mail.software.net>


At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go 
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The 
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port 
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.

Nice try - but the virtual machine model used by intel supports interception
of I/O operations.  Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.

I still think the basic 'if the machine is not secure all bets are off'
premis stands.





--
John Pettitt
email:         jpettitt at well.sf.ca.us (home)
               jpp at software.net       (work)    







From tallpaul at pipeline.com  Sun Feb  4 11:43:11 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 5 Feb 1996 03:43:11 +0800
Subject: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602041921.OAA19675@pipe8.nyc.pipeline.com>


"Neither the atomic bombing nor the entry of the Soviet Union 
into the war forced Japan's surrender. She was defeated before 
either of these events took place." 
 
     General of the Army Douglas MacArthur 
 
"It is my opinion that the use of this barbarous weapon at 
Hiroshima and Nagasaki was of no material success in our war 
against Japan. The Japanese were already defeated and ready to 
surrender because of the effective sea blockade and the 
successful bombing with conventional weapons. ... My own feeling 
was that in being the first to use it, we adopted an ethical 
standard common to the barbarians of the Dark Ages." 
 
     Admiral William Leahy, Chairman of the Joint Chiefs of Staff 
 
"The Japanese were ready to surrender and it wasn't necessary to 
hit them with that awful thing... I hated to see our country be 
the first to use such a weapon." 
 
     General of the Army Dwight D. Eisenhower 
 
These statements by the Allied military commanders were not 
deeply buried in graduate school libraries or military archives. 
They were widely printed and discussed in the media during last 
year's discussion over the Enola Gay exhibit at the Smithsonian 
Museum. 
 
Now the mere fact that the Allied military commanders all agreed 
that the nuclear bombings were unnecessary does not automatically 
mean that the commanders were correct. Theoretically, J.A. Donald 
and T.C. May might have a greater understanding. But both Donald 
and May must justify this hypothesis with evidence and logic, not 
mere assertion. 
 
Thus, J.A. Donald was perfectly free to write in Message-Id: 
<199602040622.WAA07274 at shell1.best.com> on Feb. 03 22:20 that: 
 
"Paralax does not know shit from beans.  He presumably imagines 
that Tim is 'embarrassed' because Tim's knowledge of the 
historical facts differs from those facts dreamed up by the usual 
crew of apologists for totalitarian terror." 
 
In what way and to what extent did General of the Army MacArthur, 
the senior Allied commander in the Pacific Theater not "know shit 
from beans?" 
 
In what way and to what extent was MacArthur one of the "usual 
crew of apologists for totalitarian terror?" 
 
In what way and to what extent did Chief of Staff Leahy not know 
"shit from beans?" 
 
In what way and to what extent was Leahy one of the "usual crew 
of apologist for totalitarian terror?" 
 
In what way did General Eisenhower especially not know "shit from 
beans" about this issue, given his access to all available 
information when he was President? 
 
In what way and to what extent was President Eisenhower one of 
the "usual crew of apologists for totalitarian terror?" 
 
J.A. Donald seems particularly taken with the originality and 
accuracy of the phrase "shit for beans" to reflect certain states 
of philosophical and historical knowledge for he repeated it in 
his next message Message-Id: 
<199602040611.WAA18584 at blob.best.net> on Feb. 3, 22:09 where he 
wrote: 
 
"SCHOLARLY RESEARCH!!!! 
 
"You do not know shit from beans:  Alperovitz is no more a 
scholar  than Zundel is:  He is a historical revisionist who lies 
even more crudely than the holocaust revisionists. 
 
"It is clear that in the opinion of the high command, the 
decision to  surrender after they were nuked was a dramatic and 
radical change of  position.  Alperovitz says otherwise, thus he 
is either grotesquely  ignorant or, more likely simply 
dishonest." 
 
In what way was General MacArthur an "historical revisionist" and 
in what way did he "lie even more crudely than the holocaust 
revisionists?" In what way was he "grotesquely ignorant or, more 
likely simply dishonest?" 
 
In what way of Chief of Staff Leahy? or President Eisenhower? 
 
One does not normally find J.A. Donald's phrases in civilized or 
cultured discourse over political and historical issues. His 
language is that of the demagogue, not the scientist. But he is 
entitled to use the language he wishes, just as other people have 
a similar right to examine his behavior and motivation in terms 
of identical language. 
 
We know, for example, that the pickpocket when caught may point 
to an innocent person and loudly cry "stop thief" in an effort to 
mislead the public by denouncing an innocent person for the very 
behavior for which the pickpocket is guilty. 
 
J.A. Donald voluntarily choose to present the dispute in terms of 
people who "don't know shit for beans," who are "apologists for 
totalitarian terror," who are "historical revisionists," who are 
"grotesquely ignorant or, more likely simply dishonest." 
 
Given the respective lineup of sources, what information and 
analysis would J.A. Donald present to us to lead us to conclude 
that his characterizations accurately reflect General MacArthur, 
Chief of Staff Leahy, and General Eisenhower rather than, like 
the pickpocket, J.A. Donald himself? 
 
T.C. May, while arguing essentially the same historic view as 
J.A. Donald (or rather vice versa) approaches the issue in a 
fundamentally different manner. T.C. May uses logic where J.A. 
Donald uses demagogic rhetoric. (I do not here refer to T.C. 
May's characterization of other racial/ethnic/national groups 
about which others on the list have posted.) 
 
When I read the first post by T.C. May on the mass nuclear 
bombings of civilians I thought his post was: a) off-topic for 
the cypherpunks list and; b) wrong. 
 
At that time I dismissed the idea of a public reply, thinking 
that he may have had a bad day, misunderstood the issue, or any 
of a thousand other reasons that have led me and indeed all of us 
to behave in a similar fashion at one time or another. 
 
But he re-posted on the thread in Message-Id: 
 on Feb 3, 15:54 where he 
wrote: 
 
"(I've also received several long articles from people who seemed 
outraged that I was belittling the dropping of the bomb. I wasn't 
belittling it. Far from it. The Japs surrendered after the second 
bomb, so it was obviously not a trivial matter to them.)" 
 
I think his logic is at fault here in several ways. 
 
First, I think his logic is invalid because it is a "non 
sequitur." That is the statement that the Japanese did not take 
the bombing as trivial is true but not related to the argument. 
"2 + 2 = 4" is similarly true but unrelated; and I know of no 
group of people who, whatever their politics, consider mass 
nuclear bombings of civilians to be a "trivial matter." 
 
Second, I think his logic is invalid because it commits the "post 
hoc ergo propter hoc" fallacy that goes, in essence "after this, 
therefore because of this." 
 
"The Japanese surrender came after the bomb, therefore it came 
because of the bomb" is the invalid argument. One could, to use a 
"reductio ad absurdum" counter argument, saying with equal 
(in)validity that John Smith ate a bowl of beans, took a shit, 
and the next day the Japanese surrendered, therefore the 
surrender occurred because of the beans and the shit." 
 
Indeed the Japanese surrendered, but the evidence by three top 
(THE three top?) Allied commanders show that the surrender was 
not produced by either bombs, shit, or beans. 
 





From sameer at c2.org  Sun Feb  4 11:48:31 1996
From: sameer at c2.org (sameer)
Date: Mon, 5 Feb 1996 03:48:31 +0800
Subject: RC2 technical questions
In-Reply-To: <199602040753.CAA27660@crypto.com>
Message-ID: <199602041859.KAA09877@infinity.c2.org>


> 
> I'm confused by these two messages, as a non-lawyer (but I realize you're
> also a non-lawyer).  How can RSADSI, on the one hand, expect to be able

	Giving Bob the benefit of the doubt here, I'm assuming that he
passed on the legal warning as a service to his employer, but he made
his post talking about RC2's technical strengths as an individual, not
speaking for his employer.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From x93ojg at juliet.stfx.ca  Sun Feb  4 11:51:38 1996
From: x93ojg at juliet.stfx.ca (Still)
Date: Mon, 5 Feb 1996 03:51:38 +0800
Subject: How do I quit list?
In-Reply-To: 
Message-ID: 


Could someone tell me how to quit this list, I just dont have the time to 
read anything that is being sent to it.

Thanks

--

	     T H E  M A N , T H E  M Y T H , T H E  L E G E N D . 
******************************************************************************
* Dylan "Still" Boudreau	* Knowledge is proud that she knows so much; *
* Internet: x93ojg at stfx.ca	* Wisdom is humble that she knows no more.   *
******************************************************************************
*       Homepage: http://juliet.stfx.ca/people/stu/x93ojg/welcome.html       *  
******************************************************************************

		When someone says, "That's a good question." 
		 You can be sure it's a lot better than the 
		         answer you're going to get.







From dlv at bwalk.dm.com  Sun Feb  4 11:55:29 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 03:55:29 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960204061752.00686e1c@arn.net>
Message-ID: 


"David K. Merriman"  writes:
> >Now that we all have web pages that are naughty and might be seen by
> >little children, I'd like to hve some kind of a graphic that can
> >universally be seen as a "Warning:  The following material is unsuitable
> >for children and close-minded twits".  (or words to that effect).
>
> Hmmmmm. Maybe a doll with an international 'no' sign superimposed?

Either the 'no' sign (red crossed circle) or a wide red cross over one of:
 rattle
 baby bottle / pacifier
 disposable diapers (with contents visible)
  safety pin?

I'd like to think of some variation of skull+bones or the 'radioactive' sign.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Feb  4 12:23:18 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 04:23:18 +0800
Subject: XMAS Exec
In-Reply-To: 
Message-ID: 


Nathaniel Borenstein  writes:
> Dr. Dimitri Vulis at bwalk. (1227)
>
> > I'd like to take an exception to this description of the XMAS EXEC, since
> .............
> > I had serious doubts that the person who wrote it was malicious.
>
> Agreed completely.  I didn't mean to imply that the author was
> malicious, merely that it well-illustrated the "social engineering"
> approach to getting users to run untrusted code.  What I was saying is
> that someone who *was* malicious could have used the same approach as
> the attack vector for getting our credit card snooper (or other nasty
> code) onto lots of consumer machines.  This came up, in the discussion,
> because most people on this list seem to believe (correctly, I think)
> that the hardest part of the attack we outlined is the initial infection
> vector.  -- Nathanielx

In '87, many people received an unsolicited executable from a known source, and
ran it without thinking twice. (If A has B's address in his nickname file, then
B probably knows and trusts A to some extent.) I hope users today know better.

I don't see why stopping a keyboard sniffer is any harder than stopping any
other virus/trojan - and most shops manage to keep them out.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jordan at Thinkbank.COM  Sun Feb  4 13:02:05 1996
From: jordan at Thinkbank.COM (Jordan Hayes)
Date: Mon, 5 Feb 1996 05:02:05 +0800
Subject: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602041956.LAA16514@Thinkbank.COM>


	From tallpaul at pipeline.com Sun Feb  4 11:47:09 1996

	When I read the first post by T.C. May on the mass nuclear
	bombings of civilians I thought his post was: a) off-topic
	for the cypherpunks list and; b) wrong.

By the way, the certainly *is* a crypto-relevance to this thread,
since much of what we knew at the time about the Japanese high
command and their motivations and actions was learned through MAGIC
intercepts.  It also has quite a lot to do with how these intercepts
(and related documents) were released over time; the intentionality
of what was released, when, and how shows a good deal about how
this subject was managed by our government.

Since I practically started it (by calling into question Tim's
recitation of the story invented about the 500,000 Americans "saved"
by dropping the bomb), I'd like to call on those who are interested
in it to do some more searching, reading, analyzing and talking.

But not here.

Thanks,

/jordan





From nobody at REPLAY.COM  Sun Feb  4 13:03:36 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 5 Feb 1996 05:03:36 +0800
Subject: Futplex makes the news!
Message-ID: <199602042013.VAA28130@utopia.hacktic.nl>


Duncan Frissell  wrote in "Re: Futplex makes the news!":

[..]
"Then there was the time that my RA (Resident Assistant) in my dorm in a
small (private) liberal arts college in the Northwest found out I had a gun
in my room..."

Ah. The only semester I lived on campus, the RA was our roommate, who
just finished doing a round of bong hits with us, then walked around
the hall and busted everyone else who was smoking dope.

It's sad when a noneteen year old kid tries to act like your mother or father.









From dmandl at panix.com  Sun Feb  4 13:07:43 1996
From: dmandl at panix.com (dmandl at panix.com)
Date: Mon, 5 Feb 1996 05:07:43 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: 
Message-ID: 


On Sun, 4 Feb 1996, Robert A. Hayden wrote:

> Now that we all have web pages that are naughty and might be seen by 
> little children, I'd like to hve some kind of a graphic that can 
> universally be seen as a "Warning:  The following material is unsuitable 
> for children and close-minded twits".  (or words to that effect).

How about a full-color, actual-size GIF of an erect penis?  I think
that ought to get the message across to most concerned parents that my
web page is not for little Johnny.

   --D.

--
Dave Mandl
dmandl at panix.com
http://www.wfmu.org/~davem





From hayden at krypton.mankato.msus.edu  Sun Feb  4 13:07:54 1996
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 5 Feb 1996 05:07:54 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960204180104.006b16b0@linc.cis.upenn.edu>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

[Information abotu the EFF's Blue Ribbion campain deleted to save space]

What I was proposing was not he blue ribbion.  The ribbion is for 
supporting basic electronic rights.  What kind of graphic I was looking 
for was something that would serve as a universal warning saying "The 
following is naughty stuff, don't look here except at your own risk".  A 
combination of disclaimer and warning and tongue-in-cheek protest against 
the inane laws.  

The Blue Ribbion is something different...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMRT8qDokqlyVGmCFAQHJZAP9GeSRQ1WqP4R5Z4Z2TufMAIa5mKAqNOAw
+enF2/yehDMLaAc39H1rCuIgtA+SfRnu2qehOyLOv+e7boAmsvsKj8AqxDWqhHtY
g0PppUT7lH33T6WqldN4/t1vHg51sdH2JN/KMrz09hw4L1JHBmbmJaFfzR1vHPYS
RI1pVs0oiiE=
=+LWV
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden at krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------






From alano at teleport.com  Sun Feb  4 13:38:45 1996
From: alano at teleport.com (Alan Olsen)
Date: Mon, 5 Feb 1996 05:38:45 +0800
Subject: Concerning Jim Bell
Message-ID: <2.2.32.19960204211446.00948c20@mail.teleport.com>


-----BEGIN PGP SIGNED MESSAGE-----

It has been brought to my attention that I did not make this as
clear as it should be.

        I consider Mr. Bell to be a crank and a loon.

        He has no interest in any sort of honest discussion.

        He wishes to draw in others in the hope of "punishing
me".

- From now on, I am ignoring all of his posts and "killfiling"
him.

You may now go back to your scheduled and unscheduled lives.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRUhaeQCP3v30CeZAQGCpAf9FvV2sIHX9q5qajkgXWJsG7EG1JgMOvdH
XeRhc0qCrFJPcYfDBFvP6+Ck1dnsYNVzY+wDhMRDpHqky0KegRNENOFiU6NBhy+U
mbSCxlFU4FTa+xwRAm7BF8a0G1HGXkFzUOP6O7zf/WONE3+3EZr+aPlr0cm5maja
Xz5bRzi1SKlDQsxNK/msvYKXYyU5CLX2lVCGf7/qro2QezLNMz5skf9GJ9Tq7S5P
1gOiVjzNzYnmJj+76Uz+72zlvOHjIYrxf5FxsDsqqda2dBRyX9vmPmpWUMLBcoPi
kgZ4GtHryVgjKy5dkxk3U24hJIRYZiLwWl8gDiFuJDnC0PZwR3w7aQ==
=Lfox
-----END PGP SIGNATURE-----
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From stephan.mohr at uni-tuebingen.de  Sun Feb  4 13:59:33 1996
From: stephan.mohr at uni-tuebingen.de (Stephan Mohr)
Date: Mon, 5 Feb 1996 05:59:33 +0800
Subject: free speech and the government
Message-ID: <2.2.16.19960204221354.2eb748c6@mailserv.uni-tuebingen.de>


At 16:02 03.02.1996 -0800, you wrote:
>Stephan Mohr writes:
>> 
>> Well, I feel that I agree with the people on the right of free speech for
>> i.e. the neo-nazi stuff or other political, ideological and/or religious
>> ideas. But there is still something that leaves me uneasy: imagine there
>> would be a way to easily make a powerful poison, easily applicated to
>> your town's water-reservoir, or a very easy way to build some strong
>> explosive device. etc. Actually, I think that stuff like this does exist
>> already.
>> 
>> But the idea that one day I just put 'easy made deadly poison for millions'
>> into my webcrawler and whoop there it is on my screen or on the screen of any
>> other fool, doesn't sound to right to me. I would like things like this
>> to be better put aside and locked up.
>
>You can't put the genie back into the bottle.
>Once something is invented or described, the knowledge
>is out there.  Someone who wants to use that knowledge
>for "wrong" purposes can find it.
>
>Maybe a lot of people around the world could agree that
>the knowledge to make something really dangerous (say Sarin nerve gas) 
>should be suppressed.  But where do we draw the line?  If
>we, or rather our government acting obstensibly in our interest, decides
>to supress the information on how to make Sarin, not too many people
>will complain.  But the tendency of governments is to regulate and
>restrict and tax more.   What happens when governments suppress
>knowledge on how to make gunpowder?  Or printing presses?  Or
>encryption?
>
Actually, I am glad that the whole story started over some neo-nazi stuff
and not a recipe to easily make a very potent poison. I wonder if there
would have been as many 'poison-sites' as there are zundel-sites. And what
'poison-site'-maintainers would think after some fool would have used the
poison to kill a bunch of kindergarten-kids by putting it into their food.
And how some governments would react and what type of restriction on the net
would not only be accepted, but even demanded by the people. Yeah, I know,
the guy could have gotten the idea elsewhere as well, but you know how
people think and how governments like to link unrelated stuff to gain power.

And it is nice to see how much publicity you can give to something by
prohibiting it.


>Many people argue (rightly IHMO) that once started on the slippery slope
>of suppressing knowledge there's no stopping until we're all
>under the boot heel of the police state.
>
>[..]

I think that you are right in saying that you can't put the genie back into
the bottle. But I think it makes a big difference if you make it widely
available to everyone and maybe even to people who do not want to have it. 

It would be nice to have some type of obstacle in the way to this type of
information. It is like putting drugs, alcohol and other dangerous stuff out
of the reach of children. Or putting a fence at some dangerous cliff to
prevent people from falling over. The dangerous stuff will still be there
and you just can't flatten every hill. But there is a responsibility that
comes with information as well as with any other thing. 

So I do not want to outlaw some type of information, I agree that this is
not feasible (I hope) nor desirable. But I think that there should be some
possibility of control on a public medium. Not to control the content but to
control the access. The idea is to give control to those in need of control
without interfering with the free exchange of information of others. This
could be done, for example, by giving them a choice of providers or browser
software (jewish, catholic, anarchist, terrorist, gay, straight ...
flavoured provider/browser). So you can say whatever you want, but everyone
can decide whether he or she wants to listen to you or not (in a more
sophisticated way, of course). And it is not just 'don't click on my page than'.

Here encryption may play an important role: not only to protect your
privacy, but also to protect others from having to read your stuff.

Most or the governments will not accept the idea of free speech like this.
And I am afraid, but I guess they could still tear down the whole net if
they want to. So, wouldn't it be better that, if there should be some type
of control technology, that it is conceived by the netizen and not by, say
the german, chinese, or french government.

Stephan






From ampugh at mci.newscorp.com  Sun Feb  4 14:17:01 1996
From: ampugh at mci.newscorp.com (Alan Pugh)
Date: Mon, 5 Feb 1996 06:17:01 +0800
Subject: Imminent Death of Usenet Predicted
Message-ID: <199602042156.QAA17688@camus.delphi.com>


>What if looking at a JPEG were like buying beer?  The default is
>that a 12 year old isn't going to fool the guy at 7-11, but if
>their parents buy a beer and give it to 'em, what the heck?
>Consuming alcohol is not regulated; *purchasing* it is.
>
>Don't forget: the fact that "porno on the net" (for instance) is
>an issue *at all* is a *failure* of technology.  It would be a
>non-issue if USENET wasn't essentially a technology vacuum.

indeed. and Who is doing the most to make sure that the technology
necessary (strong widespread crypto) to make porno on the net a 
non-issue? if the governments of the world weren't such a bunch of 
collective paranoid pricks, i believe we'd be in the process of 
implementing global encryption on the internet and private networks 
as well. 

the public needs to be informed that thus 'failure of technology' is 
completely unnecessary. one of the things that _really_ pisses me off
is that the very same people who are restricting the access of crypto
technology are the ones who are screaming that they need to restrict 
other fundamental freedoms because of the their own stupid policies.

writing this, it is obvious that their policy is entirely reasonable
and in fact necessary if it is your fundamental goal to restrict freedom.
i believe this to be the case when considering governments in general, 
and the u.s. govt. in particular.

amp








From cea01sig at gold.ac.uk  Sun Feb  4 14:31:15 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Mon, 5 Feb 1996 06:31:15 +0800
Subject: enquiry
Message-ID: 



Is anyone out there able to give me the e-mail address of 

	Smith Micro Software, Inc
	51 Columbia
	Aliso Veijo
	California 92656

I need to ask about some software written by them.  Any help would leave 
me very grateful.

Sean Gabb.





From alano at teleport.com  Sun Feb  4 14:36:01 1996
From: alano at teleport.com (Alan Olsen)
Date: Mon, 5 Feb 1996 06:36:01 +0800
Subject: Encryption and Backups
Message-ID: <2.2.32.19960204221301.0093a448@mail.teleport.com>


Something that I have not seen addressed is the need for strong encryption
in backup software.

Most backup software has an "encryption" option, but I have seen few that
have anything resembling strong encryption.  Furthermore, I have seen no
real push for strong encryption for backups at all.

I see this as a product that corporations should be demanding.  It is
difficult to walk off with a computer, but a dat tape can be slipped in a
pocket with little notice.  If it happens to be of a server or important
system, valuable information would be in the hands of whoever could decrypt
it.  (And off site alot of resources could be thrown at decrypting the
data.) Weak or no encryption of backups could be a potential problem with
the security of a business.  (Of course, if you leave tapes lying around,
you are asking for trouble anyways...)

Might be an idea for a product there...  (And you can bet law enforcement
would throw a hissy fit about its existence.)

Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From x93ojg at juliet.stfx.ca  Sun Feb  4 14:41:40 1996
From: x93ojg at juliet.stfx.ca (Still)
Date: Mon, 5 Feb 1996 06:41:40 +0800
Subject: None
In-Reply-To: <199602042117.PAA05965@vishnu.alias.net>
Message-ID: 


On Sun, 4 Feb 1996, Mr. Boffo wrote:

> > Could someone tell me how to quit this list, I just dont
> > have the time to read anything that is being sent to it.
> 
> Yes. You can turn your modem off :)
> 

Hey Boffo, Don't be an idiot!!  It is hard to turn off your modem when 
you are on a university network.  Don't be so quick to be a smart ass.  
If you don't have anything productive to say then shut the fuck up!!
						  ~~~~~~~~~~~~~~~~~~

--

	     T H E  M A N , T H E  M Y T H , T H E  L E G E N D . 
******************************************************************************
* Dylan "Still" Boudreau	* Knowledge is proud that she knows so much; *
* Internet: x93ojg at stfx.ca	* Wisdom is humble that she knows no more.   *
******************************************************************************
*       Homepage: http://juliet.stfx.ca/people/stu/x93ojg/welcome.html       *  
******************************************************************************

		When someone says, "That's a good question." 
		 You can be sure it's a lot better than the 
		         answer you're going to get.







From cea01sig at gold.ac.uk  Sun Feb  4 14:52:31 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Mon, 5 Feb 1996 06:52:31 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960204084755_135434252@emout04.mail.aol.com>
Message-ID: 


What little I know about Mr Zundel convinces me that he's not the most 
pleasant man to know.  But really, these purported messages from him are 
so grossly unlikely, they defeat their object.

Sean Gabb.


On Sun, 4 Feb 1996 
ErnstZundl at aol.com wrote:

> >> if he's out there convincing Neo-Nazis and Holocaust deniers >> to go
> freeze to death at the South pole, as that really
> >> anti-semitic?
> 
> DUH!!
> 
> Nobody is going to freeze to death if they dress warmly.  That is just a myth
> about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
> you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
> somehow Antarctica were freezing cold, we will be plenty warm inside the
> volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.
> 
> I am not asking Nazis and Holocaust deniers to freeze to death!  I am
> inviting them to jump into a volcano, you fool!
> 
> 
> 





From don at cs.byu.edu  Sun Feb  4 14:58:48 1996
From: don at cs.byu.edu (Don)
Date: Mon, 5 Feb 1996 06:58:48 +0800
Subject: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: 
Message-ID: 


>   Neither dropping nuclear weapons on Japanese cities nor an invasion 
>   of Japan was necessary to secure surrender of the Japanese government. 

Doesn't anyone bother to delete cpunks from the CC before sending this off
topic stuff? And since I know it's coming, please refrain from trying to
relate it to anything relevant here with some kind of japan-crypto or
wrongful governmental action ObCrypto's. What I had for lunch is just as
irrelevant, but that doesn't mean it becomes relevant if I can somehow
involve encryption.


Dangit, wheres my procmail. Does anyone use gnus for this list? I think
I need a scoring system.


Now for the on-topic stuff. Looking through my mail yesterday, noticed a
credit card application from BofA. Despite the fact that they didn't want
to give me a card three years ago, they have offered a student card to me.
I figured that it was a lucky guess, them knowing I'm a student again. Then
I noticed they were kind enough to fill in my school ("Main Campus" too) into
the appropriate blank. Now, that's either a really good guess, or else they've
been out looking me up. I'm currently writing a letter to BofA telling them
they can kiss my rear if they're going to go around keeping tabs on me. They
should at least be more careful about letting me on to them.

This got me interested in which companies keep track of what information. I'm
now going to write to my other credit companies and ask something like:

   I am interested in knowing what information your company keeps track of    
   which is not directly related to my credit history, my balance, and my   
   current address. For example, do you maintain or seek out any of the 
   following information:

   Change in Marital Status that don't relate to credit account
   change or loss of employment
   spending habits, ie, types of goods, dollar amounts and locations,
     for any purpose
   credit or bank accounts with other companies, for any purpose

Can anyone suggest anything else to ask about? I know, for example, that some
companies keep track of spending so as to be able to call you up if you, for
example, start buying large numbers of cars in asia. Or maybe they have a red
flag that goes up if you start to max out all your other credit cards or
something. But I've run out of things that I think they're keeping track of
that they don't need to. I suppose DNA samples is probably still a bit away.

Don








From alano at teleport.com  Sun Feb  4 15:06:47 1996
From: alano at teleport.com (Alan Olsen)
Date: Mon, 5 Feb 1996 07:06:47 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <2.2.32.19960204224813.0095ec64@mail.teleport.com>


At 10:20 PM 2/4/96 +0000, Sean Gabb wrote:
>What little I know about Mr Zundel convinces me that he's not the most 
>pleasant man to know.  But really, these purported messages from him are 
>so grossly unlikely, they defeat their object.

Why is it that so many people took those messages as _actually_ being from
the real Mr. Zundel?  The text is obviously a parody.

I guess most of Usenet has been disconnected from any reliable clue server...

Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From ses at tipper.oit.unc.edu  Sun Feb  4 15:24:13 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 5 Feb 1996 07:24:13 +0800
Subject: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: 
Message-ID: 


Even your on-topic stuff wasn't really on-topic "-)

You can relax - the bank doesn't have a bunch of PIs snooping around to 
find out what you're up to. What actually happens is that the university 
sells the list of registered students to various organisations for use in 
direct-mail campaigns. 


(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))






From tcmay at got.net  Sun Feb  4 15:39:34 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 07:39:34 +0800
Subject: enquiry
Message-ID: 


At 10:11 PM 2/4/96, Sean Gabb wrote:
>Is anyone out there able to give me the e-mail address of
>
>        Smith Micro Software, Inc
>        51 Columbia
>        Aliso Veijo
>        California 92656
>
>I need to ask about some software written by them.  Any help would leave
>me very grateful.

Use the Force, Luke!

Smith Micro Software, Inc

51 Columbia
Aliso Viejo, CA 92656
Phones: Main - (714) 362-5800, Sales - (800) 964-7674, Technical Support -
(714) 362-2350, Fax - (714) 362-2300, Automated Fax-On-Demand -
(714) 362-2396, BBS: (714) 362-5822
EMail: CompuServe - 74431,1044; Internet - sales at smithmicro.com


--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From EALLENSMITH at ocelot.Rutgers.EDU  Sun Feb  4 15:58:19 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Mon, 5 Feb 1996 07:58:19 +0800
Subject: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <01I0TPKBDGZQA0UULQ@mbcl.rutgers.edu>


	Since the only cryptographic relevance here is whether the US knew
about Japan's current state, and that isn't actually relevant, I won't
respond to the list further on this. I regard the dropping of the bomb as
right because it saved American lives, no matter who you believe on how many.
America was on the side of good in WWII, and the Japanese (as much as they
fail to admit it publically, including to their schoolchildren) were on the
evil one. This is the case for several reasons:
	First, the Japanese had allied themselves with the Nazis.
	Second, the Japanese had done definite wrongs in China and elsewhere.
	Third, the Japanese attacked the US first (and it doesn't matter
whether the US knew about it beforehand).

	It also doesn't matter whether Truman et al were considering the
effects on the Soviet Union. To use a current example, just because an ISP
is paid doesn't mean that that ISP is wrong to keep on Neo-Nazi material. 
	If you wish to continue this discussion; feel free to do so via private
email.
	-Allen





From wlkngowl at unix.asb.com  Sun Feb  4 16:05:21 1996
From: wlkngowl at unix.asb.com (Mutatis Mutantdis)
Date: Mon, 5 Feb 1996 08:05:21 +0800
Subject: Our "New Order"
Message-ID: <199602042338.SAA12103@UNiX.asb.com>


On Sat, 3 Feb 1996 11:30:48 -0700, David M. Rose wrote:

>In view of the fact that our government seems bent on abrogating its
>citizens' rights to free speech, has anyone done a survey indicating which
>foreign countries have the best Net connections to the U.S. (excepting, of
>course, Germany and possibly France)?

>It may be expedient for Planned Parenthood and others whose points of view
>differ somewhat from those approved under our "New Order"* to explore
>alternatives in order to reach their constituencies.

The law makes anyone accessing material lable... even if you connect
to a foreign site where it's legal there, if it's banned in the US,
you can still get screwed (in theory).

Methinks the time is right for a "PGPScape" web browser.

Rob.







From wlkngowl at unix.asb.com  Sun Feb  4 16:06:00 1996
From: wlkngowl at unix.asb.com (Mutatis Mutantdis)
Date: Mon, 5 Feb 1996 08:06:00 +0800
Subject: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602042333.SAA11998@UNiX.asb.com>


On Sat, 03 Feb 1996 21:30:47 -0500, you wrote:


>Anonymous writes:
>>      It is becoming obvious to anyone with two brain cells to rub
>> together that RC4 and now RC2 have been deliberately released by RSA
>> Data Security.

>Anyone with more than two brain cells might feel otherwise, however.

...and if they look at the algorithm (public knowl now), they may
trust it less.  At least a few clumps of ganglia I have feel that way
about the alleged RC2.








From EALLENSMITH at ocelot.Rutgers.EDU  Sun Feb  4 16:10:43 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Mon, 5 Feb 1996 08:10:43 +0800
Subject: Jamming and privacy problem
Message-ID: <01I0TP2E3C9SA0UULQ@mbcl.rutgers.edu>


	It looks like one non-political solution to this problem would be
a gadget to jam the receiver so it can't activate the transponder or,
alternately, receive the transponder's signal. Cryptographic relevance?
They might start doing something tricky with frequencies, etcetera.
	-Allen	

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:       Sat, 03 Feb 96 10:21:11 EST
From:       Computer Privacy Digest Moderator  
To:         Comp-privacy at uwm.edu
Subject:    Computer Privacy Digest V8#012

Computer Privacy Digest Sat, 03 Feb 96              Volume 8 : Issue: 012

----------------------------------------------------------------------

Date: 01 Feb 1996 19:25:04 -0800 (PST)
From: Phil Agre 
Subject: Universal Tracking of Road Traffic

I have here the most amazing document.  It is a Request for Proposals
(number 95-7, dated January 1996) from the State of California Air
Resources Board (Research Division, 2020 L Street, Sacramento CA 95814)
entitled "Incorporation of Radio Transponders into Vehicular On-Board
Diagnostic Systems".  The ARB wants someone to build transponders and
receivers that allow computers to automatically poll cars to determine
if their emissions systems are failing, in the process accumulating a
database of the cars' locations on particular dates and times.

According to the RFP, by 1996 new cars and light trucks in California
are required to have onboard systems that illuminate a dashboard light
if the emissions systems are malfunctioning.  Since the appearance of
this light does not ensure that the car's owner will get the emissions
system fixed, the ARB is proposing that new cars and light trucks
starting in the year 2000 (it doesn't say all of them, but it does say
1,000,000 of them) be required to include transponders that can
broadcast the car's VIN number, the emissions system fault codes, the
vehicle's location at the time of the query, and a status code.  The
receivers are supposed to be capable of automatically polling the
"fleet" of cars equipped with transponders and storing in a database
the following information: date and time of current and last query,
VIN, status and fault codes, and "vehicle location (to the zip code
level, and city)".  The contractor also "shall produce a public service
video documenting the system and explaining the concept and the
benefits of such a transponder-assisted approach to enhancing the
present I/M [Inspection and Maintenance] program."

In case it's not clear, the ARB is envisioning a system under which
cars sold in California will be required to incorporate a device ("no
larger than a pack of cigarettes") that the state can use to track its
whereabouts at all times.  This plan poses a greater threat to
individual privacy than automatic toll collection or any other plan
currently under development for non-commercial transport informatics,
so far as I know.  Environmental concerns are real, and the air in Los
Angeles is a crime, but plenty of means are available for alleviating
air pollution without constructing the technological groundwork for an
authoritarian society.

--
Phil Agre

------------------------------

End of Computer Privacy Digest V8 #012
******************************





From remailer at flame.alias.net  Sun Feb  4 16:57:18 1996
From: remailer at flame.alias.net (Flame Remailer)
Date: Mon, 5 Feb 1996 08:57:18 +0800
Subject: None
Message-ID: <199602050015.BAA10473@utopia.hacktic.nl>


    >> > Could someone tell me how to quit this list, I just dont >
    >> have the time to read anything that is being sent to it.
    >> 
    >> Yes. You can turn your modem off :)
    >> 

> Hey Boffo, Don't be an idiot!!  It is hard to turn off your
> modem when you are on a university network.  Don't be so
> quick to be a smart ass.  If you don't have anything
> productive to say then shut the fuck up!!

	Wow.. Looks like someone didn't get their nap. Maybe someday
he'll figure out about anonymous remailers too and quite trying to
argue with Mr. Boffo. :)









From shamrock at netcom.com  Sun Feb  4 17:14:26 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 5 Feb 1996 09:14:26 +0800
Subject: [NOISE] Is this email getting through?
Message-ID: 


I have not received any CP traffic for several days. Repeated
(re-)subscription requests didn't generate a reply from majordomo. If this
message shows up on the list, please let me know.

Puzzled,

-- Lucky Green 
   PGP encrypted mail preferred.







From gibo at ripco.com  Sun Feb  4 17:21:55 1996
From: gibo at ripco.com (Giles Bowkett)
Date: Mon, 5 Feb 1996 09:21:55 +0800
Subject: cypherpunks-d V2 #480
Message-ID: 


>From: Cecelia A Clancy 
>Date: Sat, 3 Feb 1996 18:06:32 -0500 (EST)
>Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
>
>On Sat, 3 Feb 1996 ErnstZundl at aol.com wrote:
>
>Ernst Zu"ndel's e-mail address is ezundel at cts.com.  He is on on
>AOL to me knowledge.

[snip]

>The above text does not feel like Zu"ndel to me.  I think
>that this ErnstZundel at aol.com might very well be an imposter.
>The above is not the real Zu"ndel's speaking or writing
>style.  Zu"ndel does not want books burned and people persecuted
>nor does he want certain races and ethnic groups declared
>inferior.


My God, you're kidding!  The Zundel post might have been a JOKE?!  But I
believed every word of it!



=========================================>>>http://pages.ripco.com/~gibo

"Tree-borne kettle-girl...I love you."  -- from Ranma 1/2







From dlv at bwalk.dm.com  Sun Feb  4 17:43:42 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 09:43:42 +0800
Subject: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: 
Message-ID: <68usiD56w165w@bwalk.dm.com>


Don  writes:
> Now for the on-topic stuff. Looking through my mail yesterday, noticed a
> credit card application from BofA. Despite the fact that they didn't want
> to give me a card three years ago, they have offered a student card to me.
> I figured that it was a lucky guess, them knowing I'm a student again. Then
> I noticed they were kind enough to fill in my school ("Main Campus" too) into
> the appropriate blank. Now, that's either a really good guess, or else they'v
> been out looking me up. I'm currently writing a letter to BofA telling them
> they can kiss my rear if they're going to go around keeping tabs on me. They
> should at least be more careful about letting me on to them.

Most likely, BofA just obtained the mailing list of all students from your
school and mailed the same offer to all. If you read the fine print, you'll
probably find that your application is still subject to their credit approval.

> This got me interested in which companies keep track of what information. I'm
> now going to write to my other credit companies and ask something like:
...

If you haven't read the book _Privacy for Sale: How Computerization Has Made
Everyone's Private Life an Open Secret_ by Jeffrey Rothfeder
(ISBN 0-671-73492-x), I suggest you get hold of it. You'll be amazed. :-)

>    spending habits, ie, types of goods, dollar amounts and locations,
>      for any purpose

Most definitely! When you charge things to your credit cards, the types of
products and services you purchase, and the typical amounts you spend
all go into your consumer profile, available for the right price.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Feb  4 17:49:03 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 09:49:03 +0800
Subject: [FLAME] Concerning Jim Bell
In-Reply-To: <2.2.32.19960204211446.00948c20@mail.teleport.com>
Message-ID: 


THE FOLLOWING IS A FLAME.

Alan Olsen  writes:
> It has been brought to my attention that I did not make this as
> clear as it should be.

Alan, you've indicated previously that you won't post anything more on this
subject to cypherpunks at toad.com.

>         I consider Mr. Bell to be a crank and a loon.

You're certainly entitled to your opinion. You might be interested to know that
I consider Jim Bell to be highly intelligent, knowledgeable, and overall nice
person. I'm particularly impressed by his calm and restrained response to your
provocations. I've also formed a rather negative opinion of you, based on your
actions in this incident.

>         He has no interest in any sort of honest discussion.

I can say with confidence that no one on this cp list has any interest in
the flame war that you're trying to drag in here, nor in a discussion of Jim's
views that are not crypto-related. You apparently tried and failed to start a
discussion of Jim's non-crypto-related views in this forum, which no one really
gives a rat's ass about. Honest or dishonest, the discussion of Jim's political
views has nothing to do with encryption.

>         He wishes to draw in others in the hope of "punishing
> me".

You're punishing yourself by destroying your credibility and carrying on this
silly flame war. You've kicked Jim off of "your" mailing list, pushing the
flame war that you've started to this list. I don't appreciate this.

> - From now on, I am ignoring all of his posts and "killfiling"
> him.

Jim is already ignoring you. So should everyone else. Please stick to your
promise. So far, you've posted several times more on this subject than Jim.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From PADGETT at hobbes.orl.mmc.com  Sun Feb  4 18:03:24 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 10:03:24 +0800
Subject: Protecting the innocent on the nets
Message-ID: <960204203505.2020e029@hobbes.orl.mmc.com>


About a year ago I came up with a mechanism to allow subscription or
controlled circulation magazines to be distributed on the net. Not
saying is new, just was new to me. Seems like it would be a mechanism
for anyone to communicate/access Web pages without crypto, yet allowing
protection of such things from those requiring such protection.

Concept works like this: LZ (or most other) compressed files have two 
elements - a data dictionary and ordered pointers to that dictionary.

Now say you took a large number of text files/.Gifs/.Jpegs/whatever and
created a universal (well nearly) data dictionary that would fit on a 
CD-Rom. Using large patterns and good ordering techniques could achieve
good throughput.

Now to a group of subscribers/friends/whatever, the disk is distributed
in a controlled manner.

Once distribution is made, then what is sent on the net/put on the Web
page are just the pointers to the data dictionary plus any patterns not
in the dictionary (low enough not to create anything intelligable).

What you have is a gigantic book code with a copyrightable book for which
you can control the circulation. Those under age need not apply. If they
obtain one, then it was illegally and you have made a "good faith attempt"
IMNSLO to protect the innocent.

Can even change the CD-Rom dictionary *order* yearly/montly/whatever if
you want.

Comment ?
					Warmly,
						Padgett

ps if you reply to the list, *please* do not copy me, my volume is silly
   enough without getting duplicates as it is.





From PADGETT at hobbes.orl.mmc.com  Sun Feb  4 18:05:08 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 10:05:08 +0800
Subject: Don't type your yes/fraud response into your computer
Message-ID: <960204190820.2020e029@hobbes.orl.mmc.com>


>Nice try - but the virtual machine model used by intel supports interception
>of I/O operations. 

(something educating prior generations how to apply a near vacuum to shelled
embryos).

Sure it does - why it is essential for protective activity to begin while
the system is still in REAL mode following boot. Might also need to write
a .VXD (horrors)

>I still think the basic 'if the machine is not secure all bets are off'
>premis stands.

Oh I agree, just believe that software can make a machine secure (or at
least detect when security cannot be assured which is almost as good). 

Might I suggest you take a look at the "safe PC" discussions on Virus-L c.a
1989-1990. We were talking about virus protection then but is the same
thing. Believe it or not, we even had real and protected mode discussions
back in those days while we were waiting for Noah (only guy who ever took
out a cattle boat and wound up half-way up a mountain...).

					Warmly,
						Padgett





From EALLENSMITH at ocelot.Rutgers.EDU  Sun Feb  4 18:28:48 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Mon, 5 Feb 1996 10:28:48 +0800
Subject: Computer Law Observer
Message-ID: <01I0TPOQUFDOA0UULQ@mbcl.rutgers.edu>


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: 29 Jan 1996 18:01:16 -0500
From: Galkin at aol.com
Subject: The Computer Law Observer #16

=====================================
GENERAL INFO: The Computer Law Observer is distributed (usually) weekly
for free and is prepared by William S. Galkin, Esq. The Observer is
designed specifically for the non-lawyer. To subscribe, send e-mail to
wgalkin at earthlink.com. All information contained in The Computer Law
Observer is for the benefit of the recipients, and should not be relied
on or considered as legal advice. Copyright 1996 by William S. Galkin.
=====================================

ABOUT THE AUTHOR: Mr. Galkin is an attorney in private practice in
Owings Mills, Maryland (which is a suburb of Baltimore). He is an
adjunct professor of Computer Law at the University of Maryland School
of Law and has concentrated his private practice in the Computer Law
area since 1986. He represents small startup, midsized and large
companies, across the U.S. and internationally, dealing with a wide
range of legal issues associated with computers and technology, such as
developing, marketing and protecting software, purchasing and selling
complex computer systems, and launching and operating a variety of
online business ventures. He also enjoys writing about computer law
issues!

===> Mr. Galkin is available for consultation with individuals and
companies, wherever located, and can be reached as follows: E-MAIL:
wgalkin at earthlink.com/TELEPHONE: 410-356-8853/FAX: 410-356-8804/MAIL:
10451 Mill Run Circle, Suite 400, Owings Mills, Maryland 21117.
Articles in The Observer are available to be published as columns in
both print and electronic publications. Please contact Mr. Galkin for
the terms of such usage.

*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
ELECTRONIC PRIVACY RIGHTS AND POLICE POWER
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+

[This is the third of a series of articles discussing privacy rights in
the digital age.]

It's no secret. Law enforcement agents are closely monitoring traffic
on the Internet. It is also no secret that crime is proliferating on
the Internet at a frightening pace. Law enforcement agents are a bit
unnerved as they watch their tried and true methods of law enforcement
become antiquated. However, law enforcement on the Internet is starting
to come of age.

Here are some recent examples:

(1) The Secret Service set up a bogus bulletin board system for the
purpose of attracting people who want to sell stolen cellular phone
codes. Thieves often get these codes by using scanners which pick up
the code-embedded signals emitted from moving cars. The result: six
arrests and seizure of 20 computer systems.

(2) The Justice Department ended a two-year investigation into use of
America Online (AOL) for the distribution of child pornography and
perpetration of other sex-crimes. The result: 125 homes were searched,
computer systems seized and numerous arrests made across the country.

(3) Just this month, the Secret Service noticed that Virtual Visions
(http://www.vv.com/~gilmore/head/heads.html) put up a new web page
which shows the heads of public figures such as Bob Dole, Boris Yeltsin
and Bill Gates, slowly exploding. Virtual Visions intended this to be
political satire. The result: the developer of the web page received a
visit from the Secret Service.

The Fourth Amendment -

The objectives of law enforcement and of personal privacy are on a
collision course on the Information Highway. Law enforcement personnel
desire access to as much information as possible to conduct their
investigations. Individuals want to restrict access to personal
information.  It is necessary to achieve a balance between effective
law enforcement and personal privacy. How the Fourth Amendment to the
U.S. Constitution is interpreted will play a crucial role in
determining where this balance is reached.

The 4th Amendment prohibits government agents from conducting
unreasonable searches and seizures. The Supreme Court has defined a
seizure of property as a "meaningful interference with an individual's
possessory interest in that property." The concept of seizure of
information differs dramatically from seizure of tangible property.
Seizure of tangible property means that the owner has been deprived of
the use and possession of the property. Whereas, when information is
"seized" the owner may still have possession of the information.  It is
just that the information has been copied and is now also in the hands
of someone else.

It could be argued that under the Fourth Amendment no seizure occurs
when digital information is merely copied. However, applying the
analysis used to prohibit wiretapping (which has been defined as a
seizure), seizure of information would also fall within the
constitutional definition of seizure.  In the information context,
"seizure" should be interpreted as meaning being deprived of the
ability to control the disclosure and dissemination of the information.
This ability to control is the value of the possessory interest of
information.

The application of the term "search" in the digital environment is more
complicated. An unlawful search requires as a prerequisite that (1)
subjectively, the person in possession of the item searched had an
actual expectation of privacy and (2) objectively, the person had an
expectation of privacy. The subjective expectation of privacy element
has been criticized, because in theory, it would be very easy for the
government to eliminate any expectation of privacy by announcing that
it will perform broad searches.  However, in practice, the Supreme
Court has focused on the objective requirement.

On one end of the spectrum is data resident in a stand-alone computer.
Here, there is certainly an objective expectation of privacy. On the
other end of the spectrum lie the vast open areas of the Internet, such
as web pages and newsgroups to which there can be no objective
expectation of privacy.

Accordingly, law enforcement agents are free to roam through these open
areas, assemble records on who is participating in which groups, and
what they are saying. For example, if the Secret Service wanted to
assemble all the messages that you posted in newsgroups in the last
year (the technology to perform this search available) in order to
determine your political positions, this would not violate the Fourth
Amendment.

The middle ground is where the legal battles will be fought. This will
primarily involve information that is in the possession of a third
party, and is not readily accessible to the public.

Under traditional constitutional analysis, where information is
disclosed to a third party, the expectation of privacy is abandoned.
For example, most state laws, and the federal Constitution, permit
wiretapping if one party to the conversation consents. However, the
scope of the abandonment will usually only apply to the amount of
information needed by the recipient.

For example, the telephone numbers you dial are disclosed to the phone
company in order that the phone company can perform its service.
Thereby, a person abandons the expectation regarding the number
dialed.  However, even though the content of telephone conversations is
also given over to the phone company, this content is not needed for
the phone company to perform its service. Therefore, the content of
phone conversations retains the expectation of privacy.

By analogy, this would also apply to e-mail messages maintained on a
service provider's equipment. Information such as the senders' and
recipients' addresses, the file sizes and times of transmissions are
not private. But the content of the messages would be.

In the workplace, an employer is not permitted to consent to a search
of personal areas of an employee. For example, a desk draw that
contains personal correspondence. By accepted convention, this is a
private area.

Private network directories which require a password to enter would
probably also retain an expectation of privacy. However, in each case,
a court will look at specific corporate policies to determine whether
there is an objective expectation of privacy or whether the employee
was informed that the employer may at any time without notice enter
these pass-worded directories.

Along these lines, since a court wants to determine the objective
expectation of privacy, an agreement that an employer will not consent
to a search would have no effect. What would be needed is an agreement
that the employer will not access these private areas, which deprives
the employer of the right to consent.

When determining the objective expectation privacy, courts will have to
balance the value of the particular privacy interest claimed against
the level of the law enforcement interest.  Only this month, America
Online under subpoena turned over personal e-mail records relating to a
criminal investigation where the murderer allegedly met the victim in
an AOL chat room. AOL has been criticized for not challenging the
subpoena. AOL's position is that if it receives a search warrant, it
will comply. This case highlights the valid competing interests of both
law enforcement and personal privacy.





From attila at primenet.com  Mon Feb  5 10:37:59 1996
From: attila at primenet.com (attila)
Date: Mon, 5 Feb 96 10:37:59 PST
Subject: "Can't we all just get along?"
In-Reply-To: <199602050758.XAA04847@Networking.Stanford.EDU>
Message-ID: 


On Sun, 4 Feb 1996 Pot at networking.stanford.edu wrote:

> This is not FLAMEpunks.
> 
	WHAT???   --and miss all the fun?


__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From alanh at infi.net  Mon Feb  5 10:53:06 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 5 Feb 96 10:53:06 PST
Subject: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: 



<<"In other words it was stvation/devastation city">>

  It was lot worse than that on the Japanese-imperialits occupied islands 
of the Pacific when the Nisei troops choosenot to surrender and instead, 
mad last-ditch charges against AMerican lines - which killed not a small 
number of Americans. And of course, there were the suicide bombers.

Submarine operations don't cost zero lives, either. In fact, just plain 
old regular military logistics - keeping the boys mobilized and in place 
ina theatre of operations - don't cost zero lives, even if there are _no_ 
hostilities.

And while all the starvation and devastation was going on in Japanese
cities, the Japanese troops were torturing and murdering Allied POWs, and
Asian civilains in all the Japanese-occupied teritories. Those people
deserved liberation, too. 

I think you give your game away when you complain about how we were being 
unfair to Comrade Stalin.

As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
the payments they make to support the American garrison in Japan. The
non-Okinawans want us in their country. I guess they know that the
alternative is a Red Chinese garrison. 

And lots of other Asians are afraid of the same alternative - or of 
Japanese garrisons in their homeland. THey've "been there, done that".

Alan Horowitz 
alanh at norfolk.infi.net






From simsong at vineyard.net  Sun Feb  4 18:56:33 1996
From: simsong at vineyard.net (Simson L. Garfinkel)
Date: Mon, 5 Feb 1996 10:56:33 +0800
Subject: FV's blatant double standards
Message-ID: 


At 8:18 AM 1/31/96, Rishab Aiyer Ghosh wrote:
>FV demonstrated, through it's "card sharp" or whatever, that
>real-time transactions are vulnerable to sniffers on the recipient's
>own machine. Of course. We all knew that. But the mistake is to
>assume that FV isn't _equally_ vulnerable to that threat. If you
>can write a trojan that will somehow get privileged access to my
>machine, trap my keystrokes, and identify my credit card number,
>you can certainly write one that will, sitting on my machine:
>    "intercept the user's electronic mail, read the confirmation
>    message from First Virtual's computers, and send out a fraudulent
>    reply"
>(to quote from Simson's article). Simson further quotes FV's Lee
>Stein: "A single user can be targeted, Stein said, but ''it is very
>difficult. . . . There are too many packets moving . . . to too many
>different machines.''" - which is of course equally true for real-time
>Netscape transactions.

Oh, I think that such a program can be written. However, it would be much
harder to get right, considering all of the different ways that people read
e-mail.


=============
Simson's Schedule:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.







From steve at miranova.com  Mon Feb  5 11:09:48 1996
From: steve at miranova.com (Steven L Baur)
Date: Mon, 5 Feb 96 11:09:48 PST
Subject: fcpunx subscribe (FCPUNX is not on miranova.com)
In-Reply-To: <4C254DF0F18@sjulaw.stjohns.edu>
Message-ID: 


Although this particular request was sent to the cypherpunks mailing
list, others continue to send requests to my mailbox.

>>>>> "Wendy" == "Wendy Fu"  writes:

Wendy> endWendy Fu, Network Manager 
Wendy> St. John's University School of Law
Wendy> 8000 Utopia Parkway, Jamaica, NY 11439
Wendy> E-Mail Address: wfu at sjulaw.stjohns.edu
Wendy> Phone: (718)990-1666

I don't know how my address got associated with this list, but please,
*do not* send requests about FCPUNX to steve at miranova.com.

Requests about how to set up Gnus scoring for performing your own
filtering of the cypherpunks list are welcome.

-- 
steve at miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.





From llurch at networking.stanford.edu  Sun Feb  4 19:16:05 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 5 Feb 1996 11:16:05 +0800
Subject: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
Message-ID: 


[Bcc'd to the webcom.com guys FYI]

Sorry if you get duplicate copies, but I agree with Tim that mailing list
cross-pollution is bad. 

*Not* for broader redistribution, because they deserve privacy, but 
illustrative for, say, certain knee-jerk anti-PC forces here, is the fact 
that the two people who run webcom.com (Bcc'd) have been reported to be:

1. Grandson of a Holocaust victim
2. Activist with PEN and Amnesty International

I think we're all on the right side here, and for all the right reasons.

-rich

---------- Forwarded message ----------
Date: Sun, 4 Feb 1996 17:56:19 -0800
From: Rich Graves 
To: fight-censorship+ at andrew.cmu.edu
Newgroups: alt.censorship, comp.org.eff.talk, alt.internet.media-coverage
Subject: Maudlin sound bites re the Zundel German censorship thing

I put this together for the few journalists who actually bothered to ask
for quotes, rather than taking or manufacturing them without asking. 

Sent to CMU fight-censorship and relevant newsgroups (not counting
alt.revisionism, where this is not really relevant); will also send
separately to cypherpunks. I'm not on any other lists, but feel free to
pass it along, with PGP signature intact. 

-rich

---------- Forwarded message ----------
Subject: Re: Quote for Guardian newspaper

-----BEGIN PGP SIGNED MESSAGE-----

Please cite me as rich at c2.org without Stanford affiliation. Yes, I can 
handle any amount of mail, and I'd much rather have to answer questions 
than be misinterpreted.

Pick and choose and edit at will. The email address rich at beep.stanford.edu
goes to an alphanumeric pager (cellular beeper, whatever you call it on
your side of the pond) that takes 60 characters from the Subject: line;
please use it to confirm quotes at deadline.

Some material, from least to most maudlin:

I am not a free speech activist. As Rosa Parks explains her refusing to
move to the back of a racially segregated bus, "I was tired." The Internet
belongs to all of us, and if parts of it are cordoned off for even the
most noble political reasons, then we are all diminished, and totalitarian
regimes like China's are given another excuse. This was an important point
to underscore, but it should be noted that all I did was send a half dozen
electronic mail messages and copy a few files, which took less than an
hour of my time. 

No less important than the fight against censorship itself, for me, is
that hateful demagogues like Ernst Zundel be denied their spurious appeals
to "anti-censorship." Mr. Zundel is no more of a free speech activist than
are the leaders of the IRA. Repression only breeds criminality. 

As Tolkien or any good German fairy tale will tell you, the evil troll,
when exposed to the light of day, will turn to stone. Evil trolls like Mr.
Zundel might still frighten children, but as statues in the Wiesenthal
Center's Museum of Tolerance they can no longer harm us; and ultimately,
these statues will attract pigeons, weather with time, and crumble to dust.

Now that the power of the Net has been demonstrated, we have taken down
our mirror sites. Now the onus is on Mr. Zundel, in the spotlight of world
attention, to reveal his true friends by calling on them to come to his
aid. Now we know that Mr. Zundel's friends include Joe Bunkley, a
notorious racist at Georgia State University. Joe Bunkley's mirror site,
and those of other friendly mirror sites, cannot all be censored; in fact,
to my knowledge, no action has been taken against any mirror site. 
Indeed, the DFN/WiN network that serves most German universities 
restored access to Mr. Zundel's original site some days ago. 

Let Mr. Zundel's conspiracy theories about Jews and UFO bases in
Antarctica into the public domain, and let us see who will believe them,
and who will laugh. I am a great fan of Milan Kundera, who teaches us that
the only responses to a totalitarian buffoon are laughter and memory.
Nizkor: we will remember. (No, I'm not Jewish)

Zundel's hate should never be ignored, but it can be publicly refuted and
ridiculed, which has far greater moral and practical effect than
censorship. "Eternal vigilance is the price of liberty" can be 
interpreted many ways. Let freedom ring.

- -rich

On Sun, 4 Feb 1996, Azeem Azhar wrote:

> Hi,
> 
> I'm a journalist on the UK Guardian newspaper
> I'm doing a background piece the Zundel bnusiness.
> Could you give me a short quotable quote about why you're doing it:
> Extreme non-tech if you could.
> ASAP?
> Cool
> 
> Azeem
> 
> Azeem Azhar                            vx: 0171-713 4193
> The Guardian                           fx: 0171-713 4154
> 119 Farringdon Road                    azeem at dial.pipex.com
> London EC1R 3ER                        aa at guardian.co.uk (alt)
> All opinions are my own unless otherwise stated.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRU8nY3DXUbM57SdAQHz7gP/VHY9mkoZ4NdJ3bklnH+cKjCXxcT8uxTb
bSm/+f/iYe06C2XN3g5O5VVDQiPn0jA4aWJCwP1ntkkZmEsYyIBjRCQgMTBvNqt2
7blwHlLsEelJU2AaqMwK6z+4jiOdgp2InXYOjGsFZZaNwn0gCvbhaUbl5uYy4BV5
9tXMt9ZG95k=
=GzMs
-----END PGP SIGNATURE-----







From jimbell at pacifier.com  Sun Feb  4 19:23:28 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 5 Feb 1996 11:23:28 +0800
Subject: Our "New Order"
Message-ID: 


At 11:26 PM 2/4/96 GMT, Mutatis Mutantdis wrote:
>On Sat, 3 Feb 1996 11:30:48 -0700, David M. Rose wrote:
>
>>In view of the fact that our government seems bent on abrogating its
>>citizens' rights to free speech, has anyone done a survey indicating which
>>foreign countries have the best Net connections to the U.S. (excepting, of
>>course, Germany and possibly France)?
>
>>It may be expedient for Planned Parenthood and others whose points of view
>>differ somewhat from those approved under our "New Order"* to explore
>>alternatives in order to reach their constituencies.
>
>The law makes anyone accessing material lable... even if you connect
>to a foreign site where it's legal there, if it's banned in the US,
>you can still get screwed (in theory).
>
>Methinks the time is right for a "PGPScape" web browser.
>
>Rob.

Let me see if I understand  this concept correctly.  The remote site would
pre-encrypt the transmitted data, so that when received it could be
decrypted by the requestor according to his (or a temporarily chosen, to
avoid disclosing the actual recipient.) public key, so as to disguise both
the material and perhaps also the actual requestor?

Excellent idea!







From thad at hammerhead.com  Sun Feb  4 19:30:01 1996
From: thad at hammerhead.com (Thaddeus J. Beier)
Date: Mon, 5 Feb 1996 11:30:01 +0800
Subject: RC2 protected by copyright?
Message-ID: <199602050211.SAA18120@hammerhead.com>



RSA issued a statement claiming that anyone using RC2(TM) would be in
violation of various laws.  I think that they might have a point.

You can't protect an idea with trade secrets, certainly not a software
idea, if you intend to sell the software.  It is easy to reverse
engineer it; this is probably what happened with RC2.

But, what about copyright?   Now, copyrights cannot protect ideas, only
the expression of those ideas.  An algorithm is clearly an idea, you could
write a program that would implement it in a completely different way,
not just by translating it (translations are still protected by
copyright). 

RC2, though, as 256 bytes of seemingly random data at the head of it,
in a permutation table.  This is clearly not any idea, but a bit of
text.  This text would have to be copied to any interoperable RC2.
(You could surely use some different permutation, and probably most
of the 256! permutations would be equally secure, but would not
interoperate with RC2).  I would expect that this copying of text be
held to be a violation of copyright.

Some might argue that 256 bytes is so small that perhaps it couldn't
be copyrighted.  Copyright clearly can't protect use of a word, or
a short phrase (1000 points of light, say).  If the permutation table
at the beginning was 65536 16-bit numbers, instead of 256 bytes, then
the copyright protection be that much stronger and less open to debate.

Do any of the real lawyers on the list want to take a crack at this?
Has anybody heard any noise from RSA describing exactly how they
intend to go after people?

thad
-- Thaddeus Beier                     thad at hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 





From tcmay at got.net  Sun Feb  4 19:30:54 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 11:30:54 +0800
Subject: Arthur C. Clarke Supports Strong Crypto
Message-ID: 



(Pardon me for mentioning crypto...)

Arthur C. Clarke, known to most of you (author of many SF works, coiner of
the phrase: "all sufficiently advanced technlogies are indistinguishable
from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
Channel" program called "Mysterious Universe."

The episode tonight dealt with famous ciphers, including the Beale Cipher
(buried gold), the Voynich Manuscript (who knows what it is), and the
Vinland Map (my ancestors beat the Italians to the New World).

Clarke concluded by opining that strong ciphers that can only be read by
the intended recipient are now more important than ever.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Feb  4 19:38:55 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 11:38:55 +0800
Subject: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
Message-ID: 


At 2:05 AM 2/5/96, Rich Graves wrote:

>Sorry if you get duplicate copies, but I agree with Tim that mailing list
>cross-pollution is bad.
>
>*Not* for broader redistribution, because they deserve privacy, but
>illustrative for, say, certain knee-jerk anti-PC forces here, is the fact
>that the two people who run webcom.com (Bcc'd) have been reported to be:
>
>1. Grandson of a Holocaust victim
>2. Activist with PEN and Amnesty International
>
>I think we're all on the right side here, and for all the right reasons.
...

Thanks, Rich!

I really think the Wiesenthal Center and whatnot could really make some
good points, and gain new friends, by PUTTING THE HOLOCAUST DENIAL CRAP ON
THEIR SERVERS!

Yes, an extreme step. But think of what it would say?

--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From WlkngOwl at UNiX.asb.com  Sun Feb  4 20:07:12 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 5 Feb 1996 12:07:12 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <199602050334.WAA17133@UNiX.asb.com>



jimbell at pacifier.com wrote:

[..]
> >Methinks the time is right for a "PGPScape" web browser.
[..]

> Let me see if I understand  this concept correctly.  The remote site would
> pre-encrypt the transmitted data, so that when received it could be
> decrypted by the requestor according to his (or a temporarily chosen, to
> avoid disclosing the actual recipient.) public key, so as to disguise both
> the material and perhaps also the actual requestor?

Something like that, yes.  Anything to where someone watching cannot 
tell what a person is reading from a web site... even better if one 
cannot tell who is reading it. Anonymizing proxies would also be 
nice.

There's also less worry about secure transactions, since if 
everything's encrypted it's harder to tell if a transaction is taking 
place, viewing porno or subversive or religious, literature,  or if
you're just reading something mundane.

So much for vaporware, though.

> Excellent idea!

So is fast-than-light travel, but only if it's implemented.

Rob.
 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From jamesd at echeque.com  Sun Feb  4 20:20:51 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Mon, 5 Feb 1996 12:20:51 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: <199602050359.TAA03592@news1.best.com>


At 04:36 AM 2/4/96 -0500, James M. Cobb wrote:
>  Neither dropping nuclear weapons on Japanese cities nor an invasion 
>  of Japan was necessary to secure surrender of the Japanese government. 

After the first nuclear bomb was dropped, the Japanese government
held a cabinet meeting in which they summoned Nishina, head of the
atomic program, and asked him if he could duplicate atomic weapons
within a few months.

After two nuclear weapons had been dropped on Japan, the cabinet concluded
that Japan faced utter destruction with nuclear weapons, and some advocated
surrender.  But according to emperor Hirohito

   "At the time of the surrender, there was no prospect of agreement"

Even with two nuclear weapons, surrender was far from assured.  It was touch
and go:  Had the coup succeeded, Japan would not have surrendered, and 
a considerably more nuclear bombing would have been necessary.  The bullet
holes in the imperial palace testify that even after two nuclear bombs,
there was a substantial faction of the government determined not to surrender.

It was certainly true that Japan was defeated, and reasonable people may
disagree on justice of using nuclear weapons under these circumstances, but
to claim, as Alperovitz claims, that Japan was on the verge of surrender, 
is not a mere difference of opinion on the interpretation of the facts, but
a simple, crude, barefaced, blatant lie.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From m.purcell at navy.gov.au  Sun Feb  4 20:43:03 1996
From: m.purcell at navy.gov.au (LEUT Mark Purcell)
Date: Mon, 5 Feb 1996 12:43:03 +0800
Subject: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <4f0llo$mln@soap.news.pipex.net>


In article <4eaksb$6i9 at recepsen.aa.msen.com>, jims at conch.aa.msen.com says...
>
>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>content?  Please reply  via email:


Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
addition. by John Navas, both are free:  
http://users.aimnet.com/~jnavas/winpmail.htm

Mark






From bdavis at thepoint.net  Sun Feb  4 20:44:18 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Mon, 5 Feb 1996 12:44:18 +0800
Subject: Encryption and Backups
In-Reply-To: <2.2.32.19960204221301.0093a448@mail.teleport.com>
Message-ID: 


On Sun, 4 Feb 1996, Alan Olsen wrote:

> Something that I have not seen addressed is the need for strong encryption
> in backup software.
> 
> Most backup software has an "encryption" option, but I have seen few that
> have anything resembling strong encryption.  Furthermore, I have seen no
> real push for strong encryption for backups at all.
> ... 
> Might be an idea for a product there...  (And you can bet law enforcement
> would throw a hissy fit about its existence.)

Indeed.  Many on the law enforcement/prosecution side of the key escrow 
debate are more concerned about encryption of files and backup than they 
are about encrypted email ... 

EBD

> Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction





From lmccarth at cs.umass.edu  Sun Feb  4 20:49:26 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 5 Feb 1996 12:49:26 +0800
Subject: RC2 protected by copyright?
In-Reply-To: <199602050211.SAA18120@hammerhead.com>
Message-ID: <199602050413.XAA05802@opine.cs.umass.edu>


(IANAL, and I'm not even attempting a lay interpretation of the _legal_ 
issues in this message)

thad writes:
> But, what about copyright?   Now, copyrights cannot protect ideas, only
> the expression of those ideas.  An algorithm is clearly an idea, you could
> write a program that would implement it in a completely different way,
> not just by translating it (translations are still protected by
> copyright). 
> 
> RC2, though, as 256 bytes of seemingly random data at the head of it,
> in a permutation table.  This is clearly not any idea, but a bit of
> text.  This text would have to be copied to any interoperable RC2.
> (You could surely use some different permutation, and probably most
> of the 256! permutations would be equally secure, but would not
> interoperate with RC2).  I would expect that this copying of text be
> held to be a violation of copyright.

>From a technical perspective, I can't say that the permutation table is
"clearly not an idea", although that view has some significant allure.
I think many cryptographers would agree that the S boxes in DES represent 
some pretty weighty ideas indeed, and constitute an intrinsic part of the
algorithm. Offhand the precise construction of the RC2 permutation table
doesn't seem to me to be nearly as important to the strength of RC2 as the
S boxes are to DES' strength. I'm certainly no expert. But I'm a little 
hesitant to dismiss the specified table as "a bit of text". 

Do you think the table would be more like an idea if it turned out to be
determined by pi ?  (not a rhetorical question)

-Lewis 		`I went down to the demonstration/ 
to get my fair share of abuse/ singing we're gonna vent our frustration/
if we don't, gonna blow a 50A fuse" -Nanker Phelge





From llurch at networking.stanford.edu  Sun Feb  4 21:31:24 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 5 Feb 1996 13:31:24 +0800
Subject: Turn yourself in!
In-Reply-To: <199602050252.SAA24214@jobe.shell.portal.com>
Message-ID: 


Very cute, but I hope this doesn't degenerate into serious mail-bombing 
(which I'm sure it will, unfortunately).

The simple text "Fuck the CDA up the ass!" should do. Sorry I'm not very 
creative with such things.

-rich

On Sun, 4 Feb 1996 anonymous-remailer at shell.portal.com wrote:

> The alt.tasteless crowd is currently discussing the CDA, with
> some predictable results, and some not so predictable...
> If you wish to participate in mass civil disobedience, follow
> these instructions: Send a message CC'd to your local media's net
> address and to justice.usdoj.gov (Department of Justice) which
> contains something to the effect of, "I wish to turn myself in
> for the crime of distributing offensive material via the Internet
> and as evidence, provide the following:"
> Attach some sort of uuencoded data to your message as "evidence".
> Make sure that every possible media outlet hears loud and clear
> that you want every last case prosecuted.





From tallpaul at pipeline.com  Sun Feb  4 21:56:17 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 5 Feb 1996 13:56:17 +0800
Subject: free speech and the government
Message-ID: <199602050510.AAA21140@pipe5.nyc.pipeline.com>


On Feb 04, 1996 14:40:51, 'Alan Olsen ' wrote: 
 
 
 
> 
>Crypto relevence:  Some people regard the ability to hide "dangerous" 
>information to be as "dangerous" as the information hidden.  Freedom of 
>Speech includes the right to choose who can listen to that speech. 
> 
 
I do not think that his last sentence is accurate. 
 
The primary example os a group that exercises its freedom of speech (maybe
even fights in the courts for it) by holding a rally in the Village Green.
Does their right to hold their rally also include the right to choose who
can listen to the rally speeches in the Village Green? Of course not! 
 
Fundamentally, I think that speaking is a speech issue; determining who can
listen is a privacy issue. They are very much *not* the same thing. 
 
The separation is not done away with by things like the cellular phone
anti-eavesdropping or satellite cable broadcast laws. (Aspects of the
separation are, however, addressed by PGPhone, or rather should one say
made "unaddressable". 
 
 
--tallpaul 
 
PS: Olsen's post did have some good themes on the nature of the internet
"as public library." 





From PADGETT at hobbes.orl.mmc.com  Sun Feb  4 21:58:37 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 13:58:37 +0800
Subject: The Story Lady
Message-ID: <960205000641.202190a1@hobbes.orl.mmc.com>


  >> Let me see if I understand  this concept correctly.  The remote site would
  >> pre-encrypt the transmitted data, so that when received it could be
  >> decrypted by the requestor according to his (or a temporarily chosen, to
  >> avoid disclosing the actual recipient.) public key, so as to disguise both
  >> the material and perhaps also the actual requestor?
  
  >Something like that, yes.
  
  As the quote went "It goes something like this...Not *exactly* like this
  but something...".
  
  What netscape does is to receive a signed public key, encrypt the session key,
  & return *that*. The session is then encrypted with a fast symmetric algo.
  (RC4-40 Netsape/export, IDEA - PGP). So PGP/scape would do exactly the same
  thing with trivial changes to the monkey-motion.
  
  Now Government approved PGP/BE - something to strive for 8*).
  
  					warmly,
  						Padgett






From jdoe-0007 at alpha.c2.org  Sun Feb  4 22:01:33 1996
From: jdoe-0007 at alpha.c2.org (jdoe-0007 at alpha.c2.org)
Date: Mon, 5 Feb 1996 14:01:33 +0800
Subject: Jim Bell - Murderous Terrorist
Message-ID: <199602050306.TAA01578@infinity.c2.org>


Dr. Vulis writes:

AO> Alan Olsen  writes:

AO> I consider Mr. Bell to be a crank and a loon.

DV> You're certainly entitled to your opinion. You might be interested to know that
DV> I consider Jim Bell to be highly intelligent, knowledgeable, and overall nice
DV> person. I'm particularly impressed by his calm and restrained response to your
DV> provocations. I've also formed a rather negative opinion of you, based on your
DV> actions in this incident.

Jim Bell has advocated nothing less than paid death squads using crypto as a
means to hide payment to these murderous terrorists.  If you can find a conspirator
of murder as " highly intelligent, knowledgeable, and overall nice person" then
you also are in need of immediate mental health intervention.

Should the mainstream media ever get wind of Bell's lunacy it will be one more
nail in the crypto-coffin spurring the Feds and international anti-crypto efforts to
a frenzy.  Bell is either a total fucking lunatic of the extreme right wing (having
read his suck ups posts supporting General Linda Thompson) or an agent 
provocateur for the Feds.  One is as bad as the other.  To quote your own
words to Mr. Olsen; " I've also formed a rather negative opinion of you, based
on your actions in this incident."

AO> He has no interest in any sort of honest discussion.

DV>  Honest or dishonest, the discussion of Jim's political views has nothing 
DV> to do with encryption.

His plans for death squads success DEPENDS on the anonymity provided by
CRYPTO!

AO> He wishes to draw in others in the hope of "punishing me".

DV> You're punishing yourself by destroying your credibility and carrying on this
DV> silly flame war. You've kicked Jim off of "your" mailing list, pushing the
DV> flame war that you've started to this list. I don't appreciate this.

And you think YOU have credibility here?  Sounds like you are cut from
the same murderous cloth as Jim Bell.

I pray that if by some freak of anarchy Bell's plan ever comes to
fruition both you and Bell will be the first victims of your own murderous
madness.







From ses at tipper.oit.unc.edu  Sun Feb  4 23:12:09 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 5 Feb 1996 15:12:09 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: <199602050359.TAA03592@news1.best.com>
Message-ID: 


On Sun, 4 Feb 1996 jamesd at echeque.com wrote:

> 
> After the first nuclear bomb was dropped, the Japanese government
> held a cabinet meeting in which they summoned Nishina, head of the
> atomic program, and asked him if he could duplicate atomic weapons
> within a few months.

Japan's nuclear program effectively ended on April 12th when the 
headquarters were destroyed (by conventional bombs). There program never 
really got very far, lacking both funding and Hungarians :)

> It was certainly true that Japan was defeated, and reasonable people may
> disagree on justice of using nuclear weapons under these circumstances, but
> to claim, as Alperovitz claims, that Japan was on the verge of surrender, 
> is not a mere difference of opinion on the interpretation of the facts, but
> a simple, crude, barefaced, blatant lie.

That's a pretty strong statement; the Japanese government was split into 
two camps, with the hawks slightly in the acendancy. Facts were changing 
on the ground, making it clear that things were about to get a lot worse 
(Stalin was about to enter the war against Japan, supplied were running 
short and gettirng worse (thanks to intercepts); Curtis LeMay had reduced 
just about every city apart from Hiroshima and had command of the air.

All these factors could very well have changed the balance of power 
within the government without the presence of nuclear weapons; no sure 
thing, but not impossible. 







From jcobb at ahcbsd1.ovnet.com  Sun Feb  4 23:14:44 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Mon, 5 Feb 1996 15:14:44 +0800
Subject: A Sign of the Future
Message-ID: 


 
 
  Friend, 
 
 
          A 02 04 96 Reuter Information Service newsstory 
          ----------------------------------------------- 
 
         GERMANS' INTERNET CRACKDOWN A SIGN OF THE FUTURE 
 
                     datelined BONN, Germany 
 
                             reports: 
 
    ...growing alarm among governments at the uglier side of the 
    worldwide computer network. 
 
 
  What is this "uglier side"? 
 
  German Research and Technology Minister Juergen Ruettgers shouts: 
 
    "We cannot tolerate a situation in which anything goes." 
 
 
                               THAT 
 
                           intolerance 
 
 
               is the U*G*L*I*E*S*T side of the 'Net. 
 
 
  Last week Ruettgers declared 

    ...that Bonn respected free speech but must also do more to 
    regulate the Internet.... 
 
 
  When it comes to wiping out free speech 
 
                     --A*N*Y*T*H*I*N*G goes! 
 
 
  The prosecutors have even 
 
    ...contacted the Deutsche Forschungsnetz, the national scien- 
    tific research network. 
 
 
  Following orders from the superpower, its puppet "nation states" 
  are wrecking the genuine Internet. 
 
  Nicholas Negroponte, director of MIT's Media Lab, popped up in 
  Bonn last week to put a high gloss on the "situation": 
 
    "The Internet cannot be regulated.  It's not that laws aren't 
    relevant, it's that the nation state is not relevant.  
 
                    [ DECEPTION IS VIOLENCE ] 
 
    This is the next discussion we will have.  
 
                 [ If the superpower permits! ]  
 
    Cyberlaw is by its nature global and 
 
                 [ You had better sit down... ] 
 
    we're not very good at global law." 
 
 
  Nick's a big shot at Wired magazine.  So it should be no surprise 
  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
  a fake interview with "Wired's patron saint," Marshall McLuhan is 
  made to say (p 130): 
 
    Concerns about privacy and anonymity are outdated. Cypherpunks 
    think they are rebels with a cause, but they are really senti- 
    mentalists. 
 
 
    The era of politics based on private identities, anonymous indi- 
    viduals, and independent citizens began with the French Revolution 
    and Napoleon's armies...and ended with Hitler....  The cypherpunks 
    are still marching to the same martial music. 
 
 
  Please note HOW Wired equates liberty, equality, fraternity with 
  capitalistic fascism, as David Kahn calls it.  Equating the two in 
  that manner is the same as rejecting the former while embracing the 
  latter.  Further: ending one sentence with "Hitler" while ending the 
  very next sentence with "the same [Nazi rally] martial music" tends 
  to identify Nazis and cypherpunks.  (Of course those few cypherpunks 
  who fancy themselves an "elite" SERVE the wolves at Wired.) 
 
  Deception is violence: it accustoms people to being violated. 
 
 
  Cordially, 
 
  Jim 
 
 
 
 
  NOTE.  "...in the 1930s...capitalistic fascism did not inspire the 
  dread among many establishment figures that communism did."  --David 
  Kahn.  Kahn on Codes: Secrets of the New Cryptology.  Macmillan Pub- 
  lishing Co.  1983.  Page 277. 
 
  The Nando News online filename of the newsstory is: 
 
                         info5_28474.html 
 
 
  Gary Wolf wrote "Channeling McLuhan. The Wired Interview with Wired's 
  patron saint."  He is executive editor of HotWired. 
 
  This critical essay was composed 02 04 96. 
 
 







From norm at netcom.com  Sun Feb  4 23:17:16 1996
From: norm at netcom.com (Norman Hardy)
Date: Mon, 5 Feb 1996 15:17:16 +0800
Subject: cipherpunk mail at Netcom.com
Message-ID: 


The list of addressees is made from the "From" fields that include
"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
last week. I have received no CP mail since then. Have you?







From llurch at networking.stanford.edu  Sun Feb  4 23:22:45 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 5 Feb 1996 15:22:45 +0800
Subject: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
In-Reply-To: 
Message-ID: 


On Sun, 4 Feb 1996, Timothy C. May wrote:

> I really think the Wiesenthal Center and whatnot could really make some
> good points, and gain new friends, by PUTTING THE HOLOCAUST DENIAL CRAP ON
> THEIR SERVERS!
> 
> Yes, an extreme step. But think of what it would say?

They already have one of the best compilations of racist links on the 
Web, which according to posts on Stormfront-L is often used by the Aryan 
Overloard types (snicker) to keep tabs on each other.

There are some copyright and ease-of-updating issues associated with 
mirroring the opposition's files. PGP authentication of Web pages would 
help. I've offered to show Zundel how to do it, but for some strange 
reason, he hasn't been answering my mail as promptly as he used to.

-rich





From thad at hammerhead.com  Sun Feb  4 23:24:54 1996
From: thad at hammerhead.com (Thaddeus J. Beier)
Date: Mon, 5 Feb 1996 15:24:54 +0800
Subject: RC2 protected by copyright?
Message-ID: <199602050503.VAA18831@hammerhead.com>


Lewis (nee' Futplex) McCarthy writes:

> I think many cryptographers would agree that the S boxes in DES represent
> some pretty weighty ideas indeed, and constitute an intrinsic part of the
> algorithm. Offhand the precise construction of the RC2 permutation table
> doesn't seem to me to be nearly as important to the strength of RC2 as the
> S boxes are to DES' strength. I'm certainly no expert. But I'm a little 
> hesitant to dismiss the specified table as "a bit of text". 

> Do you think the table would be more like an idea if it turned out to be
> determined by pi ?  (not a rhetorical question)

Yes, the table would have been more an idea, and less "just text" if it
was derived from pi (as the comment in the posted code suggests...)

What I was suggesting is a way to get the tremendous protection of
copyright (that is, 75 year term, no filing fees, protected from birth, no
secrecy required) on ciphers. 

Now, this was tried with video games, each Nintendo cartridge had in
it something like "copyright Nintendo", as a way to try to get that
protection, and I believe that they lost in court (if my memory is
correct)

Everyone knows the story of the compositions of the S-Boxes in DES, that
they just happen to contain constants that make it difficult to attack
DES with differential cryptanalysis.  There are almost an infinite number
of S-Boxes that would have that property (probably more that wouldn't).
But if you were going to write a code that would interoperate
with somebody else's DES, there is absolutely no way to do describe it
except to enumerate the S-Boxes, hence perhaps violating the copyright.
You can say "make it resistant to linear and differential cryptanalysis",
and you may get something as good, or better, but it wouldn't interoperate.

thad
-- Thaddeus Beier                     thad at hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 





From WlkngOwl at UNiX.asb.com  Sun Feb  4 23:28:19 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 5 Feb 1996 15:28:19 +0800
Subject: Let's get back to crypto already (enough with the FUDism)
Message-ID: <199602050540.AAA19506@UNiX.asb.com>



Subject says it.

Idle talk can wait until legislation doesn't matter... and it won't 
when there's freely available source and binaries for a secure 
telnet, a private/anonymizing web browser/server/proxy, terminal and 
bbs programs, file transfers, etc.  I think these are at the moment a 
bit more important than digital cash (when these exist, e-cash will 
follow).

There's lots of work to be done.

Whatever happened to "cypherpunks write code"? it seems that various 
governments are writing laws a lot faster...

--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From bretts at trojan.neta.com  Sun Feb  4 23:40:58 1996
From: bretts at trojan.neta.com (Brett Smith)
Date: Mon, 5 Feb 1996 15:40:58 +0800
Subject: retailer
Message-ID: <01BAF30A.FCA982E0@ppp-236-120.neta.com>


please send info






From mixmaster at vishnu.alias.net  Sun Feb  4 23:43:31 1996
From: mixmaster at vishnu.alias.net (Mr. Boffo)
Date: Mon, 5 Feb 1996 15:43:31 +0800
Subject: None
Message-ID: <199602042117.PAA05965@vishnu.alias.net>


> Could someone tell me how to quit this list, I just dont
> have the time to read anything that is being sent to it.

Yes. You can turn your modem off :)





From frantz at netcom.com  Sun Feb  4 23:55:03 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 5 Feb 1996 15:55:03 +0800
Subject: cipherpunk mail at Netcom.com
Message-ID: <199602050723.XAA27370@netcom6.netcom.com>


At 10:06 PM 2/4/96 -0800, Norman Hardy wrote:
>The list of addressees is made from the "From" fields that include
>"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
>last week. I have received no CP mail since then. Have you?

I have only received one message.  Since all of the header dates are from
last Tuesday, it may not count.  BTW - I received it sometime between
Saturday morning and Sunday night.  (I was out of town over the weekend.):

>Return-Path: 
>Received: from toad.com by mail2 (8.6.12/Netcom)
>        id SAA08759; Tue, 30 Jan 1996 18:10:42 -0800
>Received: by toad.com id AA04747; Tue, 30 Jan 96 12:50:10 PST
>Received: from callandor.cybercash.com by toad.com id AA04741; Tue, 30 Jan 96
>12:50:00 PST
>Received: by callandor.cybercash.com; id PAA02048; Tue, 30 Jan 1996 15:54:55
>-0500
>Received: from cybercash.com(204.254.34.52) by callandor.cybercash.com via
>smap (g3.0.3)
>        id xma002021; Tue, 30 Jan 96 15:54:28 -0500
>Received: from [204.254.34.231] by cybercash.com.cybercash.com (4.1/SMI-4.1)
>        id AA04051; Tue, 30 Jan 96 15:47:06 EST
>Message-Id: 
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Tue, 30 Jan 1996 15:51:24 -0400
>To: tcmay at got.net (Timothy C. May)
>From: cme at cybercash.com (Carl Ellison)
>Subject: Re: Denning's misleading statements
>Cc: Cypherpunks at toad.com
>Sender: owner-cypherpunks at toad.com
>Precedence: bulk
>
>At 20:49 1/27/96, Timothy C. May wrote:
>>I've never met Dorothy Denning, so I hesitate to characterize her as a
>>villainess. But certainly she's the only noted cryptographer I know of
>>who's gone so far out on a limb to defend a position the vast majority of
>>computer scientists, civil libertarians, and cryptographers scoff at.
>
>I've met some others -- most noteably Silvio Micali [but he has a financial
>interest in that position].  However, DERD is the only one I've met
>who is all the way over on Freeh's side.
>
> - Carl
>
>
>+--------------------------------------------------------------------------+
>| Carl M. Ellison   cme at acm.org     http://www.clark.net/pub/cme           |
>| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
>+----------------------------------------------------------- Jean Ellison -+
>
>
>

Bill


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz at netcom.com             Los Gatos, CA 95032, USA







From ravage at ssz.com  Mon Feb  5 00:24:15 1996
From: ravage at ssz.com (Jim Choate)
Date: Mon, 5 Feb 1996 16:24:15 +0800
Subject: Question of Congressional Lawmaking Power (fwd)
Message-ID: <199602050759.BAA10465@einstein.ssz.com>


Forwarded message:
>From owner-ctlug at ssz.com Mon Feb  5 01:59:09 1996
From: Jim Choate 
Message-Id: <199602050759.BAA10442 at einstein.ssz.com>
Subject: Question of Congressional Lawmaking Power
To: ctlug at ssz.com (CT-LUG Mailing List)
Date: Mon, 5 Feb 1996 01:59:02 -0600 (CST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 7702      
Sender: owner-ctlug at ssz.com
Precedence: bulk
Reply-To: ctlug at ssz.com


Hi all,

To those with no interest I apologize. To those who were at the meeting this
evening discussing the limitations of Congress and the purported 'elastic
clause', this is what I found:


---------------------------------------------------------------------------
  
				ARTICLE I. 
 
	[Powers of Congress.] 
 
Section 8.  The Congress shall have Power To lay and collect Taxes, 
Duties, Imposts and Excises, to pay the Debts and provide for the common 
Defence and general Welfare of the United States; but all Duties, Imposts 
and Excises shall be uniform throughout the United States; 
	To borrow Money on the credit of the United States; 
	To regulate Commerce with foreign Nations, and among the several 
States, and with the Indian Tribes; 
	To establish a uniform Rule of Naturalization, and uniform Laws 
on the subject of Bankruptcies throughout the United States; 
	To coin Money, regulate the Value thereof, and of foreign Coin, 
and fix the Standard of Weights and Measures; 
	To provide for the Punishment of counterfeiting the Securities 
and common Coin of the United States; 
	To establish Post Offices and post Roads; 
	To promote the Progress of Science and useful Arts, by securing 
for limited Times to Authors and Inventors the exclusive Right to their 
respective Writings and Discoveries; 
	To constitute Tribunals inferior to the Supreme Court; 
	To define and punish Piracies and Felonies committed on the high 
Seas, and Offences against the Law of Nations; 
	To declare War, grant Letters of Marque and Reprisal, and make 
Rules concerning Captures on Land and Water; 
	To raise and support Armies, but no Appropriation of Money to 
Use shall be for a longer Term than two Years; 
	To provide and maintain a Navy; 
	To make Rules for the Government and Regulation of the land and 
naval forces; 
	To provide for calling forth the Militia to execute the Laws of 
the Union, suppress Insurrections and repel Invasions; 
	To provide for organizing, arming, and disciplining the Militia, 
and for governing such Part of them as may be employed in the Service of 
the United States, reserving to the States respectively, the Appointment 
of the Officers, and the authority of training and Militia according to 
the discipline prescribed by Congress; 
	To exercise exclusive Legislation in all Cases whatsoever, over 
such District (not exceeding ten Miles square) as may, by Cession of 
particular States, and the Acceptance of Congress, become the Seat of 
Government of the United States, and to exercise like authority over all 
Places purchased by the Consent of the Legislature of the State in which 
the Same shall be, for the Erection of Forts, Magazines, Arsenals, dock-Yards, 
and other needful Buildings; -- And 
	To make all Laws which shall be necessary and proper for carrying 
into execution the foregoing Powers, and all other Powers vested by this 
Constitution in the Government of the United States, or in any Department or 
Officer thereof. 

---------------------------------------------------------------------------

I believe that the section that was refered to is the last sentence
regarding the making of all laws necessary for carrying out the powers
detailed here and elsewhere in the Constitution. This article clearly states
that it is not an open ended empowerment. It covers only those items
specificaly covered in the body of the Constitution. At the time it was
written it was clear that the founding fathers did not want a federal
government which was not hampered or constrained in its ability to pass laws
and carry out duties. If a court or body makes the assertion that this
article empowers Congress to make any law then they are sadly misinformed
and possibly intentionaly misrepresenting the intent of the founding fathers
and the limitations on Congress placed there by them.

This article no more authorized (for example) the creation of the DEA, FDA,
or EPA than it authorizes them to take property without just compensation.
If this was taught you either through a textbook or a public school then
feel cheated and lied to, you were (possibly with premeditation).

---------------------------------------------------------------------------

And in regards to the limitation of federal lawmaking and questions of
jurisdiction covered in the 10 amendments...

----------------------------------------------------------------------------

 
				ARTICLE IX. 
 
	The enumeration of the Constitution, of certain rights, shall 
not be construed to deny or disparage others retained by the people. 
 
 
 
				ARTICLE X. 
 
	The powers not delegated to the United States by the Constitution, 
nor prohibited by it to the States, are reserved to the States respectively, 
or to the people. 
 
------------------------------------------------------------------------------

The intent is clear. If there is a question of jurisdiction then it will
ALWAYS fall to the states or the people, and NEVER to the federal
government. In short, the federal government and the Supreme Court are not
and were never intended to be the last word on anything in this country. The
10th clearly leaves that to the states and the people.

Neither of these Amendments have been tested or used in a court in this
country for 200 years. This is a telling tale. The courts and legislative
bodies (as well as any reasonable person) will see immediately that the
federal government has usurped powers and duties not theirs to execute short
of a constitutional amendment. This not only includes laws allowing the
seizing of private property for public use without just compensation
(irrespective of the source of that private property) but drug laws, food
regulation laws, environmental laws, etc. The last time Congress acted in a
constitutional manner regarding this was the amendments dealing with
prohibition and its repeal. Since that time Congress and the courts have
taken powers reserved for the states and the people and acted upon them
without authorization. In short the Congress of the US has acted in a manner
assuming exemption from constitutional limitations since the late 20's. What
this country needs is a legal test of both the 9th and 10th amendments.

Questions regarding Internet and free speech are immediately resolved as
non-issues on the federal level. It also makes jurisdictional extensions
such as Tennessee arresting and prosecuting a person in California for
downloading files (whatever they might contain) a non sequitar unless money
is exchanged (in which case Congress may tax it, not prohibit it). It also
clearly prohibits outside entities such as Germany from prosecuting anyone
in the US for their actions on the Internet. If Germany wishes to constrain
the content of Internet that is fine. It is between Germany and its people.
Another example is gun ownership. It is not a federal issue. It is a state
issue and should be resolved on a state by state level. Congress has no more
authority vested by the Constitution to limit a persons ownership of a
water pistol or a atom bomb, and this is the way it should be. The issue is
one of a state level unless Congress wishes to propose a constitutional
amendment changing or revoking the 2nd. (again as it should be).

I personaly refuse to support any political party which does not support and
intend on testing both of these amendments. At this time there is not one
political party (even the Libertarian) who will touch this issue. I strongly
suggest that you demand support for these two amendments from any legislator
that you might support.


                                                  Jim Choate
                                                  ravage at ssz.com






From jya at pipeline.com  Mon Feb  5 04:18:43 1996
From: jya at pipeline.com (John Young)
Date: Mon, 5 Feb 1996 20:18:43 +0800
Subject: China Censors
Message-ID: <199602051207.HAA25830@pipe1.nyc.pipeline.com>


The NY Times today reports on China's new rules for censoring 
the Internet.


URL: http://www.nytimes.com/yr/mo/day/front/china-censor.html








From bruen at wizard.mit.edu  Mon Feb  5 04:56:03 1996
From: bruen at wizard.mit.edu (bob bruen)
Date: Mon, 5 Feb 1996 20:56:03 +0800
Subject: Boston Globe and Nazism
Message-ID: 



I thought this clip would be of interest. Just in case you were not sure 
which directionship censorship on the net was heading. Anyone remember Joe
McCarthy? 

                            bob
-----------------------------------------------------------------------------
Boston Sunday Globe page 74, February 4, 1996.
Business Review section, Highlights of the week: Jan.28-Feb.3.


Goosestepping in cyberspace

The politics of the Internet make strange bedfellows. When the German
government moved to bar German Internet users from downloading material
on a neo-Nazi net site, the free-speech-in-cyberspace crowd reacted by
downloading the stuff and posting it all over the net. Joseph Goebels
would be proud.





From andreas at artcom.de  Mon Feb  5 05:10:05 1996
From: andreas at artcom.de (Andreas Bogk)
Date: Mon, 5 Feb 1996 21:10:05 +0800
Subject: verification of randomness
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Hi...

I've built a random number generator based on the noise of a Zener
diode. Now I'd like to verify it's correct operation. I'd be very
grateful if someone could point me to existing software for randomness
tests or additional tests not mentioned in Knuth.

I'll make the design of the generator available as soon as I've
verified it's operation.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMRVyMUyjTSyISdw9AQHUSQP/UK3ubued8U3iB4FDO5WAsiEV+F2/100O
0w42NSZbry5+07u+l9eJN/ogpECZ9yIltWM7slkKZS0q0TGQ4zCucHoDPKhubMHs
gQqjkmgXTs0drqRn+BYPoQFYPyiYLeBr67BRqsQFyp7neuMC5NN10NpL9y4bcAS2
8NBB7yFh9d0=
=RD04
-----END PGP SIGNATURE-----





From don at cs.byu.edu  Mon Feb  5 05:12:27 1996
From: don at cs.byu.edu (Don)
Date: Mon, 5 Feb 1996 21:12:27 +0800
Subject: Nyms with keys
Message-ID: 


I am compiling a list of PGP keys from well known nyms. I only remember a few,
I was wondering if anyone could think of any others:

Pr0duct Cypher
CancelMoose
Cypherpunk Enquirer needs one, if nothing more than for kicks
Scamizat
any signatures on RC2, RC4 for HP, etc.

I'd swear there's a couple more but I can't think of them.

Also wondering if anyone besides Bill Stewart has been done anything with
nym-key-signing, especially on a first-come first-serve, no verification
basis.

thanks

Don


Discovered today that secretly replacing your computer with a can of Folgers
crystals(TM) undermines all online security. I will be applying for a patent
soon which uses a Mr Coffee(TM) machine to detect this invasion.

PS: ObNukes: None.





From anonymous-remailer at shell.portal.com  Mon Feb  5 05:13:01 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Mon, 5 Feb 1996 21:13:01 +0800
Subject: Turn yourself in!
Message-ID: <199602050252.SAA24214@jobe.shell.portal.com>


The alt.tasteless crowd is currently discussing the CDA, with
some predictable results, and some not so predictable...
If you wish to participate in mass civil disobedience, follow
these instructions: Send a message CC'd to your local media's net
address and to justice.usdoj.gov (Department of Justice) which
contains something to the effect of, "I wish to turn myself in
for the crime of distributing offensive material via the Internet
and as evidence, provide the following:"
Attach some sort of uuencoded data to your message as "evidence".
Make sure that every possible media outlet hears loud and clear
that you want every last case prosecuted.






From dlv at bwalk.dm.com  Mon Feb  5 05:17:01 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 21:17:01 +0800
Subject: verification of randomness
In-Reply-To: 
Message-ID: 


andreas at artcom.de (Andreas Bogk) writes:
> I've built a random number generator based on the noise of a Zener
> diode. Now I'd like to verify it's correct operation. I'd be very
> grateful if someone could point me to existing software for randomness
> tests or additional tests not mentioned in Knuth.

Dear Andreas,

Here are a couple of tests:

1. Maurer's test (very good, published later than Knuth)

/************************************************************

Ueli Maurer's randomness test
(C) 1993 Dimitri Vulis, all rights reserved

For details, see:
Ueli M. Maurer. ``A Universal Statistical Test for Random Bit
Generators.'' {\em Journal of Cryptology,\/} {\bf5} (1992), pp.~89--105.

*************************************************************/

#include 
#include 
#include 
#include 

void rndinit(void);
unsigned char rndgetbyte(void);

/*

We produce a stream of random bits. We look at them in blocks of L
bits at a time. Maurer uses 8-bit bytes  s_n, recommends 6 <= L <= 16.

*/

#define L 8
/* 2**L */
#define vv 256

int main(void) {
/*
the count of s_n's random bytes
*/
long n=1;
/*
fTU is the average \log_2(a_n),
where a_n is the number of bytes since the previous occurrence of the
same value. a_n = n for first occurrence (hopefully skipped using Q below)
*/
double fTU=0.0;
/*
Every time we obtain a random byte, we save its position n here,
so we can computer a_n, the number of bytes since last occurence
*/
static long lastseen[vv];
/*
the number of bytes to skip before computing
compute the average, hoping that all possible byte values will
occur and lastseen will be non-zero. M recommends Q >= 10 * 2**L.
*/
long Q;
/*
the number of bytes to use to compute fTU.
M recommends K as large as possible >= 1000 * 2**L
*/
long K;
/*
E(L) is the expected value of fTU for a truly random sequence
*/
#define E 7.1836656
/*
V(L) is the variance of a_n for a truly random sequence (from M; table below)
*/
#define V 3.238
/*
If you decide to change L:
L       E               V
6       5.2177052       2.954
7       6.1962507       3.125
8       7.1836656       3.238
9       8.1764248       3.311
10      9.1723243       3.356
11      10.170032       3.384
12      11.168765       3.401
13      12.168070       3.410
14      13.167693       3.416
15      14.167488       3.419
16      15.167379       3.421
*/
/*
c(L,K) from M (13)
*/
double C;
/*
standard deviation of a truly random sequence from M (14)
*/
double sigma;
/*
fTU's distance in sigmas from the expected value
*/
double y;
/*
rho is the rejection rate, the probability that a sequence is bad
*/
double rho;

unsigned char r;

printf("Enter Q>=%-7ld:",10L*vv);   fflush(stdout); scanf("%ld",&Q);
printf("Enter K>=%-7ld:",1000L*vv); fflush(stdout); scanf("%ld",&K);

C=0.7-0.8/L+(1.6+12.8/L)*pow(K,-4.0/L); /* (13) */
/* M: C close to 0.6 for L=8 */
sigma=C*pow(V/K,0.5);           /* (14) */
/* M: grows as 1/\sqrt{K} */

/* initialize lastseen to 0 */
memset((void*)lastseen,0,sizeof(lastseen));

rndinit();

for (; nQ)
  fTU+=log((double)(n-lastseen[r]));
 lastseen[r]=n;
 }

/* compute the average and convert from natural log to log_2 */
fTU/=K*log(2.0);
y=fabs((fTU-E)/sigma);

rho=erf(-y/sqrt(2.0))+1;

printf("fTU=%lg, %lg*%lg from  e.v. %lg, rho=%lg --- %s\n",
fTU,y,sigma,E,rho,
(rho < 0.0001 ? "unacceptable" :
(rho < 0.001 ?  "marginal" :
"acceptable")));

return(0);
}

/*
Use C library's pseudo-random number generator
*/

void rndinit(void)
{
srand(1);
}

unsigned char rndgetbyte(void) {
static unsigned state=0;
static int rrr;

if (state^=1) {
 rrr=rand();
 return(unsigned char)(rrr & 0xff);
 }
else
 return(unsigned char)((rrr>>8) & 0xff);
}

2. You probably have this one:

/* ***************************************************************
 * chi.c --
 *
 * Copyright 1993 Peter K. Boucher
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
 * notice appear in all copies.
 *
 * Usage:  chi [input_file [output_file]]
 *
 * This program counts the occurances of each character in a file
 * and notifies the user when a the distribution is too ragged or
 * too uniform.
 *
 * Because the chance of getting byte B after byte A should be 1:256
 * (for all A's and B's), the program also checks that the successors
 * to each byte are randomly distributed.  This means that for each byte
 * value (0 - 255) that occurs in the text, a count is kept of the
 * byte value that followed in the text, and the frequency distribution
 * of these succeeding bytes is also checked.
 *
 */

#include 

#define NUM_BYTES 256L
#define BUFSIZE 8192
#define min_nps 5.0
#define min_testable (NUM_BYTES*min_nps)

#define V01     (205.33) /*  1% chance it's less */
#define V05     (219.09) /*  5% chance it's less */
#define V25     (239.39) /* 25% chance it's less */
#define V50     (254.33) /* 50% chance it's less */
#define V75     (269.88) /* 75% chance it's less */
#define V95     (293.16) /* 95% chance it's less */
#define V99     (310.57) /* 99% chance it's less */

#define min_chichi5 (20.0*min_nps) /* min prob. 5% */
#define min_chichi3 (4.0*min_nps) /* min prob. 25% */

#ifdef DEBUG
#define CFNAME "chi.dat"
#define min_chichi7 (100.0*min_nps) /* min prob. 1% */
#endif

#define AB(X)  (((X) >= 0.0) ? (X) : -(X))

double cnt[NUM_BYTES] = {0.0}; /* should be all zeros. */
double successors[NUM_BYTES][NUM_BYTES] = {{0.0}}; /* should be all zeros. */

static unsigned char buf[BUFSIZE];
static FILE *ifp, *ofp;

FILE *
my_fopen(file, type)
char *file, *type;
{
  FILE *fp;

  if ((fp = fopen(file, type)) == NULL) {
      (void)fprintf(stderr, "Can't open '%s' for '%s'\n", file, type);
      exit(1);
  }
  return(fp);
}

double
get_V(n,Y)
double n;
double *Y;
{
#define k (256)
#define p (1.0/256.0)
    double sum = 0.0;
    double divider = (n*p);
    double tmp;
    long i;

    for (i=0; i C3_75) {
        check++;
        if (V3 > C3_95) {
            check++;
            if (V3 > C3_99) {
                check++;
            }
        }
    } else if (V3 < C3_25) {
        check--;
        if (V3 < C3_05) {
            check--;
            if (V3 < C3_01) {
                check--;
            }
        }
    }
    return(check);
}

double
chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)
double  n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05;
{
    double sum = (cgt_95*cgt_95)/(0.05*n);
    sum += (c75_95*c75_95)/(0.20*n);
    sum += (c50_75*c50_75)/(0.25*n);
    sum += (c25_50*c25_50)/(0.25*n);
    sum += (c05_25*c05_25)/(0.20*n);
    sum += (clt_05*clt_05)/(0.05*n);
    return( sum - n );
}

int
check_chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)
double        n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05;
{
#define C5_01 0.5543
#define C5_05 1.1455
#define C5_25 2.675
#define C5_75 6.626
#define C5_95 11.07
#define C5_99 15.09
    double V5;
    int check = 0;

    if (n < min_chichi5) {
        return( check_chichi3(n,cgt_95+c75_95,c50_75,c25_50,c05_25+clt_05) );
    }
    if ((V5 = chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)) > C5_75) {
        check++;
        if (V5 > C5_95) {
            check++;
            if (V5 > C5_99) {
                check++;
            }
        }
    } else if (V5 < C5_25) {
        check--;
        if (V5 < C5_05) {
            check--;
            if (V5 < C5_01) {
                check--;
            }
        }
    }
    return(check);
}

#ifdef DEBUG
double
chichi7(n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01)
double        n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01;
{
    double sum = (cgt_99*cgt_99)/(0.01*n);

    sum += (c95_99*c95_99)/(0.04*n);
    sum += (c75_95*c75_95)/(0.20*n);
    sum += (c50_75*c50_75)/(0.25*n);
    sum += (c25_50*c25_50)/(0.25*n);
    sum += (c05_25*c05_25)/(0.20*n);
    sum += (c01_05*c01_05)/(0.04*n);
    sum += (clt_01*clt_01)/(0.01*n);
    return( sum - n );
}

int
check_chichi7(n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01)
double        n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01;
{
#define C7_01 1.239
#define C7_05 2.167
#define C7_25 4.255
#define C7_75 9.037
#define C7_95 14.07
#define C7_99 18.48
    double V7;
    int check = 0;

    if (n < min_chichi7) {
        return( check_chichi5(n,cgt_99+c95_99,c75_95,c50_75,
                                c25_50,c05_25,c01_05+clt_01) );
    }
    if ((V7=chichi7(n,cgt_99,c95_99,c75_95,c50_75,
                      c25_50,c05_25,c01_05,clt_01)) > C7_75) {
        check++;
        if (V7 > C7_95) {
            check++;
            if (V7 > C7_99) {
                check++;
            }
        }
    } else if (V7 < C7_25) {
        check--;
        if (V7 < C7_05) {
            check--;
            if (V7 < C7_01) {
                check--;
            }
        }
    }
    return(check);
}
#endif

double
fill_arrays()
{
   double size=0.0;
   long ch,next,l,i;

   if ((ch = getc(ifp)) != EOF) { /* prime the pump */
       cnt[ch] = size = 1.0;
       while ((l = fread(buf, 1, BUFSIZE, ifp)) > 0) {
           for (i=0; i V99) {
       desc = ": *******Non-random (hi)\n";
#ifdef DEBUG
       tocc_gt_99++;
#endif
   } else if (V > V95) {
       desc = ": Suspect (hi)\n";
#ifdef DEBUG
       tocc_95_99++;
#endif
   } else if (V > V75) {
       desc = ": Acceptible (hi)\n";
#ifdef DEBUG
       tocc_75_95++;
#endif
   } else if (V > V50) {
       desc = ": Excellent (hi) !!!!!!!\n";
#ifdef DEBUG
       tocc_50_75++;
#endif
   } else if (V > V25) {
       desc = ": Excellent (lo) !!!!!!!\n";
#ifdef DEBUG
       tocc_25_50++;
#endif
   } else if (V > V05) {
       desc = ": Acceptible (lo)\n";
#ifdef DEBUG
       tocc_05_25++;
#endif
   } else if (V > V01) {
       desc = ": Suspect (lo)\n";
#ifdef DEBUG
       tocc_01_05++;
#endif
   } else {
       desc = ": *******Non-random (lo)\n";
#ifdef DEBUG
       tocc_lt_01++;
#endif
   }

   fprintf(ofp, "Occurance  V = %.2f (n = %.0f)%s", V, size, desc);


#ifdef DEBUG
   tocc_tests++;
   if (V < tocc_lowest) tocc_lowest = V;
   if (V > tocc_highest) tocc_highest = V;
#endif

   for (i=0; i= min_testable) {
           if ((V = get_V(cnt[i],successors[i])) > V99) {
               suc_gt_99++;
           } else if (V > V95) {
               suc_95_99++;
           } else if (V > V75) {
               suc_75_95++;
           } else if (V > V50) {
               suc_50_75++;
           } else if (V > V25) {
               suc_25_50++;
           } else if (V > V05) {
               suc_05_25++;
           } else if (V > V01) {
               suc_01_05++;
           } else {
               suc_lt_01++;
           }
           suc_tests++;
           if (V < suc_lowest) suc_lowest = V;
           if (V > suc_highest) suc_highest = V;
       }
   }
   if (suc_tests > 0.0) {
       fprintf(ofp,
               "Successor Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f\n",
                suc_gt_99*100.0/suc_tests,
                suc_95_99*100.0/suc_tests,
                suc_75_95*100.0/suc_tests,
                suc_50_75*100.0/suc_tests,
                suc_25_50*100.0/suc_tests,
                suc_05_25*100.0/suc_tests,
                suc_01_05*100.0/suc_tests,
                suc_lt_01*100.0/suc_tests);
       fprintf(ofp,
               "               deviation %d, (lowest = %.2f, highest = %.2f)\n",
               check_chichi5(suc_tests,
                             suc_gt_99+suc_95_99,suc_75_95,suc_50_75,
                             suc_25_50,suc_05_25,suc_01_05+suc_lt_01),
               suc_lowest, suc_highest);
   }

#ifdef DEBUG
   tsuc_tests += suc_tests;
   if (suc_lowest < tsuc_lowest) tsuc_lowest = suc_lowest;
   if (suc_highest > tsuc_highest) tsuc_highest = suc_highest;
   tsuc_gt_99 += suc_gt_99;
   tsuc_95_99 += suc_95_99;
   tsuc_75_95 += suc_75_95;
   tsuc_50_75 += suc_50_75;
   tsuc_25_50 += suc_25_50;
   tsuc_05_25 += suc_05_25;
   tsuc_01_05 += suc_01_05;
   tsuc_lt_01 += suc_lt_01;

   chi_dat = my_fopen(CFNAME, "w");
   fprintf(chi_dat, "%-14.0f - Total number of occurance tests\n",
           tocc_tests);
   fprintf(chi_dat, "%-14.2f - Highest V from an occurance test\n",
           tocc_highest);
   fprintf(chi_dat, "%-14.2f - Lowest V from an occurance test\n",
           tocc_lowest);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests above  %.2f\n",
           tocc_gt_99, V99);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_95_99, V95, V99);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_75_95, V75, V95);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_50_75, V50, V75);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_25_50, V25, V50);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_05_25, V05, V25);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_01_05, V01, V05);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests below  %.2f\n",
           tocc_lt_01, V01);
   fprintf(chi_dat, "%-14.0f - Total number of successor tests\n",
           tsuc_tests);
   fprintf(chi_dat, "%-14.2f - Highest V from an successor test\n",
           tsuc_highest);
   fprintf(chi_dat, "%-14.2f - Lowest V from an successor test\n",
           tsuc_lowest);
   fprintf(chi_dat, "%-14.0f - Number of successor tests above  %.2f\n",
           tsuc_gt_99, V99);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_95_99, V95, V99);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_75_95, V75, V95);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_50_75, V50, V75);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_25_50, V25, V50);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_05_25, V05, V25);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_01_05, V01, V05);
   fprintf(chi_dat, "%-14.0f - Number of successor tests below  %.2f\n",
           tsuc_lt_01, V01);
   fprintf(chi_dat,
           "Occurance Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f",
            tocc_gt_99*100.0/tocc_tests,
            tocc_95_99*100.0/tocc_tests,
            tocc_75_95*100.0/tocc_tests,
            tocc_50_75*100.0/tocc_tests,
            tocc_25_50*100.0/tocc_tests,
            tocc_05_25*100.0/tocc_tests,
            tocc_01_05*100.0/tocc_tests,
            tocc_lt_01*100.0/tocc_tests);
   fprintf(chi_dat, " (deviation %d)\n",
           check_chichi7(tocc_tests,
                         tocc_gt_99,tocc_95_99,tocc_75_95,tocc_50_75,
                         tocc_25_50,tocc_05_25,tocc_01_05,tocc_lt_01));
   if (tsuc_tests > 0.0) {
       fprintf(chi_dat,
               "Successor Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f",
                tsuc_gt_99*100.0/tsuc_tests,
                tsuc_95_99*100.0/tsuc_tests,
                tsuc_75_95*100.0/tsuc_tests,
                tsuc_50_75*100.0/tsuc_tests,
                tsuc_25_50*100.0/tsuc_tests,
                tsuc_05_25*100.0/tsuc_tests,
                tsuc_01_05*100.0/tsuc_tests,
                tsuc_lt_01*100.0/tsuc_tests);
       fprintf(chi_dat, " (deviation %d)\n",
               check_chichi7(tsuc_tests,
                             tsuc_gt_99,tsuc_95_99,tsuc_75_95,tsuc_50_75,
                             tsuc_25_50,tsuc_05_25,tsuc_01_05,tsuc_lt_01));
   }
   fclose(chi_dat);
#endif
}

int
main(argc,argv)
int argc;
char **argv;
{
   ifp = (argc > 1) ? my_fopen(argv[1],"rb") : stdin;
   ofp = (argc > 2) ? my_fopen(argv[2],"w") : stdout;
   chi_2_test();

   return(0);
}


---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jimbell at pacifier.com  Mon Feb  5 05:17:28 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 5 Feb 1996 21:17:28 +0800
Subject: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 07:18 AM 2/4/96 -0800, bernardo at alpha.c2.org wrote:
>jim bell wrote:
>
>>> I think an explanation for this is due.  Jim is going to move his 
complaints
>>> here instead of dealing with them with me no matter what I do...
>>
>> Alan Olsen is correct, here.
>
>This is childish and pointless.  Please shut up or take it to email.

Odd that you would say this, even more odd that you would post it to the 
Cypherpunks list.  The only reason I am posting this is that you appear to 
be taking a remarkably similar position to Alan Olsen.

>
>> But he (the anonymous poster):
>> 1.  FLamed me on this national list, similarly to the way Alan Olsen 
later did.
>
>FWIW, this is an _international_ list with a lot of people who are
>just not interested in your petty bickering.  If you want to argue
>about this, please do it in private.

Then why didn't you send me the email directly, and NOT copy the list.  
Somehow, it appears you have a double standard.  The only reason I'm 
responding to you now, ON CYPHERPUNKS, is that you appear to be 
hypocritically asking me to "keep it off the list" at the same time to 
failed to do the same yourself.  Sounds like a double-standard.  Your 
behavior is remarkably remeniscent of Alan Olsen himself.

>  If Alan posts responses to the
>list, that's his problem.  You don't _have_ to answer in public.

It's been pointed out to me that because Alan flamed me in public, 
anonymously, on Cypherpunks, I am entitled to have it known what he did.

>> 2.  Failed to be willing to sustain the debate in a more appropriate list, 
>> even under a stable nym.
>
>You have something against anonymity?  In this case, perhaps this list
>is not the best place to be.

I think you're deliberately pretending to misunderstand.  I have nothing 
against anonymity.  While a "newbie," I was under the impression that the 
term "stable nym" (my usage) refers to an anonymous alias that is 
untraceable.  In fact, it was _I_ who suggested that this anonymous flamer 
(now apparently self-admittedly identified as Alan Olsen himself) adopt a 
stable nym and debate me on some other area more appropriate for the 
subject.  While I do feel there is CP relevance to the digital cash/good 
encryption/network applications of "Assassination Politics," I didn't want 
to force this on what I would like to think of as a "not particularly 
political" list.

(Recent topics have battered the distinction, I realize.  I don't want to 
make it "worse," however.)

>> that I had been flamed by that anonymous poster.  The fact that he was
>> anonymous says it all.  The fact that he has not returned says it all.  The 
>
>The fact that he was anonymous says nothing whatsoever.  So what if
>you received some email agreeing that you'd been flamed?

The point is, some people seem to agree that what this anonymous flamer did 
was against "nettiquette," or at least against CP typical behavior.  Had he 
made his criticisms with a stable nym and been willing to sustain a serious 
debate (possibly on another area) that would have signalled that he was 
believeable and serious.  He was not, however.


>> the fact that I am relatively new here.  I have no intention of inflicting
>> an unwelcome discussion of "Assassination Politics" on the list, and 
>
>Actually, and Perry may disagree here, but I'd have no objection to a
>discussion of "Assassination Politics", or any other nutty political
>theories, as long as we can stick to reasonably mature discussion and
>not flames and petty ego boosting.

"..other nutty political theories"?  Harummmph!  Well, I guess you got your 
"not so subtle" dig in, there.  I'd like to see a bit more widespread 
approval of such a discussion before actively starting it, anyway, 
especially by some of the "old-timers" here.  (Sadly, as I newbie, I don't 
really even know who the "old timers" are!)  But recently, there's been too 
much traffic anyway!


>> suffered any longterm loss of reputation of his own.  I, on the other hand, 
>> use my REAL NAME.
>
>Whoopie!  A True Name!  Big deal.  I care not one jot whether or not
>you use your REAL NAME.  I have no way of knowing if it is, in fact,
>your real name.  Should it make a difference?

Not necessarily.  As I pointed out before, I'm happy to debate a stable nym 
(a term I learned only a few weeks ago, BTW).  But completely anonymous 
flames from a person who cuts and runs does not improve the S/N ratio of 
this or any other list.

>No one is going to "suffer any longterm loss of reputation" by
>disagreeing with you, or anyone else, whether or not they use a nym
>(or anonymity).

I didn't want anybody to even be able to use the excuse of "I feared for my 
life debating with that vile purveyor of that wacky idea, 'Assassination 
Politics.'  "    I invited him to use a stable nym.


>> Only a fool would have taken an anonymous flamer seriously under those 
>> circumstances.
>
>An anonymous post is no less valid for being anonymous. 

You may be surprised that I absolutely agree.  However, the post was not 
merely "anonymous" but flaming, and the poster didn't stick around.  In 
other words, its anonymity didn't do it in, the motivation of the poster 
did, however.

> The only
>advantage of a stable nym, whether or not it's a True Name, is the
>ability to gain (or lose) reputation through the content of its
>posts.  Perhaps a nym with some reputation is taken more seriously
>than an anonymous poster, but so is an unknown nym.  Neither you nor
>Alan has any reputation to speak of (to me, at least), so an anonymous
>post has no less.

But on the other hand, a flaming "debate" on CP doesn't help any of YOU 
guys, the other readers of CP.  


>>> Jim ignored that request and I removed him from the list.
>> 
>> Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
>> "PDX Cypherpunks list."
>
>Are you saying he doesn't have that right?  If it's his list, he can
>do whatever the hell he likes with it.

No, I merely translated "Olsen-speak" into language most of the rest of us 
could understand.  He had that right.  On the other hand, the exercise of 
this right displays Olsen's behavior for all to see.  I wanted there to be 
no doubt on the national list what Alan Olsen was doing.


>> On the contrary, I have no interest in dealing with this sleazy character 
in 
>> email.  He was the one who chose a national list to do his flaming and 
>> baiting, and I think he deserves full "credit."
>
>In other words, you are not interested in resolving any problem you
>have with Alan, you just to make a lot of noise in public in an
>attempt to "embarrass" him.  Go play on some other list where this
>kind of thing is appreciated.
>
>>> The following is the last I will say publically on the matter.
>> 
>> You're going to take your bat and ball and "go thwait home!"  You hear your 
>> mommy calling, Alan.
>
>This list periodically devolves into this childishness.  I'm glad Alan
>is not going to say any more. 

I am, too.


> I award Alan 20 Reputation Points for
>being mature enough to walk away (delayed long enough to see whether
>he does)

As long as the record reflects his misbehavior, I am satisfied as well.

Jim Bell
jimbell at pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRVpWfqHVDBboB2dAQEzVgQAgIjr4L3tYYgoIAe+H25y8b/Z+mIRq+xz
HaTNntpFyBmIO3hGFLYNW90QurXd0sFHgRQJ0ohN103buI1j1NkqX1O7seKv3FaG
0png19/IkbrssZ7QwXUJU5tVuRY9h6eGi7pt2Rdj/OpkL3neyqKmYu3UmmOHZtMa
j2R/pWwdCwE=
=WXd4
-----END PGP SIGNATURE-----






From pagre at weber.ucsd.edu  Mon Feb  5 05:22:45 1996
From: pagre at weber.ucsd.edu (Phil Agre)
Date: Mon, 5 Feb 1996 21:22:45 +0800
Subject: Jamming and privacy problem
Message-ID: <199602050100.RAA21512@weber.ucsd.edu>


The emissions tracking proposal might have another sort of relevance to
cryptography.  Assuming (it's a big assumption, but entertain it for a
moment) that we agree that some type of automatic enforcement mechanism
for emissions-based repairs were a good thing, how could it be built
without identifying any individuals to the authorities?  What I find so
utterly over-the-top about the ARB proposal is that it is capable of
maintaining records on everybody everywhere, whether they are violating
any laws or not.  Of course they'll promise to protect privacy, and they
may even promise not to capture any records for people whose emissions
fault codes come up clean (though they say nothing about this in the RFP).
But such assurances would be nonsense, since once the system is in place
a simple software change would cause the system to revert back to the
total-surveillance functionality described in the RFP.  The key, then,
is designing systems so that simple software changes under the control
of the authorities can turn them into instruments of oppression.  This
design consideration is hard to even formulate accurately in the context
of traditional system design methodologies, which assume that everything
in sight comes with identifiers and that *the* way for a system to relate
to something is to represent it in terms of those identifiers.  Digital
cash and other such schemes are so profound precisely because they break
with this underlying assumption, forcing systems to think thoughts like
"this person (whoever s/he may be) has paid $1 to travel on this road",
"this person (whoever s/he may be) is eligible for an upgrade to first
class", "this person (whoever s/he may be) is obeying emissions laws",
and so on.  Philosophers and linguists call these "indexical" (or, more
precisely, "deictic") because they identify an individual contextually
without appealing to a name or other universal identifier.

Phil





From frankw at in.net  Mon Feb  5 05:41:33 1996
From: frankw at in.net (Frank Willoughby)
Date: Mon, 5 Feb 1996 21:41:33 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602051325.AA08532@su1.in.net>


FWIW, while the goal of the cypherpunks in helping to promote secure
private communications by making encryption publicly available on a 
worldwide scale, definitely helps socially backward countries which 
have dictators (communist or otherwise), it misses its mark somewhat 
in the USA.  Personally, I think that in the USA, this is treating 
the symptom, but not the disease.

Probably the easiest way of ensuring that personal information isn't 
wantonly distributed by credit agencies or (anyone else) is to update 
our Privacy Act - which is ridiculously out-of-date and badly in need of
being re-written.  It is also hampered by its apparent lack of teeth.

My personal recommendation would be a law like Germany's BDSG. The BDSG
(BundesDatenSchutzGesetz which translates to: Federal Information/Data 
Protection Law (aka Privacy Act).  Even better would be a law like the 
one in Austria (which I understand has the world's strictest privacy act.  
(Hooray for the Austrians).  8^)

If the Privacy Act were rewritten to be as strict as the BDSG, businesses
would have a (mandatory) legal requirement to:

o Ensure that personal data is stored properly (by encrypting it, etc)
o Ensure that personal data is not distributed
o Ensure that databases are *not* being maintained which describe the
   characteristics of individuals (buying habits, income, property 
   ownership, etc) wantonly propagated by marketing (direct mail, 
   telemarketing, etc) companies.  

  (Note that credit bureaus still have a function, but they would be 
   (forced to be) responsible for ensuring that compliance with the 
   Privacy Act would be maintained.  This could result in better
   safeguards being implemented by the credit bureaus.)


resulting in the following by-products:

o the promotion of the use & implementation of encryption - including
   the possibility of ITAR being reduced or eliminated for the export
   of encryption products
o reduced propagation of personal information
o reduced amount of junk mail that winds its way to our mailboxes each day  8^)
o reduced amounts of tele-marketing  8^)


If pressure were brought to bear on the law-makers to rewrite the Privacy
Act to give it qualities like the BDSG, etc, then this would significantly
help achieve the cypherpunks' goal of promoting secure private communications.
(I realize this isn't the only goal of the c'punks, but its a start).  As the 
changes would be made within "the system" as opposed to outside of it, there
would be virtually no hassle from the government.

IOW, changing the Privacy Act will probably solve a variety of problems while
achieving the c'punks goal of secure personal communications.


Food for thought.

Best Regards,


Frank

The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist








From m5 at dev.tivoli.com  Mon Feb  5 06:01:28 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Mon, 5 Feb 1996 22:01:28 +0800
Subject: free speach and the government
In-Reply-To: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>
Message-ID: <9602051343.AA16098@alpha>



Stephan Mohr writes:
 > Well, maybe my imagination isn't strong enough to make my point. But do
 > you fighter for free speech, in principle, think that nothing, really
 > nothing, shouldn't be prevented of being published? And by being
 > published, I mean published in the net, not at loompanics (who knows
 > loompanics?).

Well, if it's OK to publish via Loompanics I don't see what your point
is.  Anybody psychotic enough to poison a municipal water supply won't
be deterred by being denied on-line access to information.

Remember that far, far more people walk in and out of bookstores and
libraries every day than log into a computer connected to the
Internet.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From m5 at dev.tivoli.com  Mon Feb  5 06:09:42 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Mon, 5 Feb 1996 22:09:42 +0800
Subject: Imminent Death of Usenet Predicted
In-Reply-To: <01I0SEGNWJAYA0UTZ4@mbcl.rutgers.edu>
Message-ID: <9602051345.AA19001@alpha>



E. ALLEN SMITH writes:
 > 	Now, this can all be fought in the courts and will likely be defeated..
 > but it would still cause some problems. Am I completely incorrect, or do the
 > programmers on here and elsewhere need to start coming up with a better way to
 > do things?

InterNIC does what it does by general agreement.  It has no special
dispensation from a deity to control internet addressing.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From PADGETT at hobbes.orl.mmc.com  Mon Feb  5 06:44:58 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Mon, 5 Feb 1996 22:44:58 +0800
Subject: Protecting the innocent on the nets
Message-ID: <960205092959.20213e8d@hobbes.orl.mmc.com>


David rote:
>If so, then using the dictionary as the key seems bad---the
>compression dictionary is not designed to obscure the data, but to aid
>in compression.  The dictionary might well be easy to guess.  For
>example, some compression schemes use a Huffman coding on their
>dictionary.  If so, one can guess that short pointers into the
>dictionary correspond to common plaintext strings.  Using such a
>dictionary as an encryption system is security through obscurity.

Oh Heavens to Betsy, I was not trying to describe *crypto*, that might
be regulated. Was describing a mechanism to comply with the new Scudderite
laws concerning protecting the innocent from nasty sights.

Figure it this way: can duplicate CD-Roms for a quarter. If a subscription
costs $19.95/yr then who is going to bother with cloning it ? "controlled
circulation" magazines would save postage. Web pages could be posted with 
nothing but pointers (don't tell me you have never sat waiting for a
little red bar to reach the end) and assurance that only a specified audience
could look at the pretty pictures (which compress the best of all 8*).

Further, if the intent is to satisfy a law then would this not be a "good 
faith" attempt to do so ? Zippy's friends have decided what is not safe to be
on the net in the clear but they have not said what it takes to protect the
innocent while allowing consenting adults their freedom to communicate.

If I want good crypto I just use PGP (and the Enclyptor makes it real easy).
This is something completely different.
						Warmly,
							Padgett





From cmullins at cwa.com  Mon Feb  5 07:09:45 1996
From: cmullins at cwa.com (Charlie Mullins)
Date: Mon, 5 Feb 1996 23:09:45 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>
Message-ID: <31161B4A.794BDF32@cwa.com>


sethf at MIT.EDU wrote:
> 
>         HOLD YOUR FLAMES! That message looks like a troll designed to
> set us all off arguing. DON'T FEED THE TROLL.
> 
> --
> Seth Finkelstein                                sethf at mit.edu
> Disclaimer : I am not the Lorax. I speak only for myself.
> Freedom of Expression URL http://www.mit.edu:8001/activities/safe/home.html


I took it as a rather humorous parody.

--

Charlie Mullins





From alano at teleport.com  Mon Feb  5 07:23:47 1996
From: alano at teleport.com (Alan Olsen)
Date: Mon, 5 Feb 1996 23:23:47 +0800
Subject: free speech and the government
Message-ID: <2.2.32.19960204224051.00955628@mail.teleport.com>


At 09:25 PM 2/4/96 +0000, Stephan Mohr wrote:

>Actually, I am glad that the whole story started over some neo-nazi stuff
>and not a recipe to easily make a very potent poison. 

For some strange reason, people believe it is difficult to find information
on such things.

I picked up my copy of _Poisons and Poisoners_ by C. J. S. Thompson at
Barnes and Noble in the discount section for $9.98.  Books on the topic can
also be picked up in bookstores catering to Murder Mystery fans.  (Some
excelent descriptions of esoteric poisons can be derived from these books.)

"Forbidden" information is hard to forbid with the existance of the printing
press.  Electronic networks make the information even more available.  Are
you suggesting that we burn all the books with "dangerous" information?  And
who's definition of "danger" do we take?  Yours? Mine? The National Council
of Churches?

Crypto relevence:  Some people regard the ability to hide "dangerous"
information to be as "dangerous" as the information hidden.  Freedom of
Speech includes the right to choose who can listen to that speech.

Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From karl.ike at sihope.com  Mon Feb  5 07:47:11 1996
From: karl.ike at sihope.com (Karl Ike)
Date: Mon, 5 Feb 1996 23:47:11 +0800
Subject: No Subject
Message-ID: <199602051531.JAA07578@unix1.sihope.com>


Attila: I'm not in the business of running or hiding. I'm just an average,
everyday working guy that doesn't like credit reporting agencies, what they
stand for or what they do for money. I didn't say that I was going to do
this. I just had the idea! I don't have the knowledge or the money to spend.
That doesn't mean that there is someone out there that would jump at the idea.

I just don't like the idea that these assholes know more about me than my
mother and sell my private and personal information to anyone for big bucks.
My credit is fine, just ask my banker or better yet, my mom.

I am assumming that you know far more people on the internet since I have
only been on for a month and have done three e-mail. I'm just suggesting to
get the idea out and someone will take the ball and run. Yes, they will be a
hunted man, but not a US citizen. Someone out there with a laptop and a
cellular, living on a cruise ship, just may enjoy the idea.

Just me, Karl






From hal9001 at panix.com  Mon Feb  5 08:05:51 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Tue, 6 Feb 1996 00:05:51 +0800
Subject: Encryption and Backups
Message-ID: 


At 20:33 2/4/96, John Pettitt wrote:

>On Sun, 4 Feb 1996, Alan Olsen wrote:
>
>> Something that I have not seen addressed is the need for strong encryption
>> in backup software.
>>
>> Most backup software has an "encryption" option, but I have seen few that
>> have anything resembling strong encryption.  Furthermore, I have seen no
>> real push for strong encryption for backups at all.
>> ...
>> Might be an idea for a product there...  (And you can bet law enforcement
>> would throw a hissy fit about its existence.)
>>
>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.


Retrospect (a Mac Tape/Floppy Backup Utility) also has an Encryption Option
I think.







From PADGETT at hobbes.orl.mmc.com  Mon Feb  5 08:11:19 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Tue, 6 Feb 1996 00:11:19 +0800
Subject: [NOISE] Futplex makes the news!
Message-ID: <960204195726.2020e029@hobbes.orl.mmc.com>


OK, I give up. Took off the head phones  connected to the TO, went downstairs,
set the V-15 Type II on the Dual 1019 to 7/8 gm. Patched to the Pioneer 1500TD
amp feeding front AR-5's and rear AR-2ax's, cranked to "pain" and spun some
vinyl.

"Freedom's just anotha' word foa nothin' left to lose." - Janis Joplin &
Full Tilt Boogie Band, Columbia PC 32168 (first one I found in the pile -
believe the original was on a album with her standing spraddlelegged with
the big grin - is here *somewhere*. Credit on th record was K. Kristofferson
and F. Foster. (Had to go downstairs, contrary to popular belief, everything
is not in my den 8*).
						warmly,
							Padgett





From dlv at bwalk.dm.com  Mon Feb  5 08:11:42 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 6 Feb 1996 00:11:42 +0800
Subject: [NOISE] Is this email getting through?
In-Reply-To: 
Message-ID: <2mVsiD57w165w@bwalk.dm.com>


shamrock at netcom.com (Lucky Green) writes:
> I have not received any CP traffic for several days. Repeated
> (re-)subscription requests didn't generate a reply from majordomo. If this
> message shows up on the list, please let me know.

You've probably received no CP traffic because none was posted to the
mailing list. Have you getting much noise, sound, fury, and the flaming of
innocent anonymous remailers? :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tcmay at got.net  Mon Feb  5 08:13:25 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 6 Feb 1996 00:13:25 +0800
Subject: Songs, Janis, Left to Lose, and Salinas
Message-ID: 


At 12:57 AM 2/5/96, "A. Padgett Peterson, P.E. Information Security"
OK, I give up. Took off the head phones  connected to the TO, went downstairs,
>set the V-15 Type II on the Dual 1019 to 7/8 gm. Patched to the Pioneer 1500TD
>amp feeding front AR-5's and rear AR-2ax's, cranked to "pain" and spun some
>vinyl.

You might want to explain to the GenXers what "vinyl" is.


>"Freedom's just anotha' word foa nothin' left to lose." - Janis Joplin &
>Full Tilt Boogie Band, Columbia PC 32168 (first one I found in the pile -
>believe the original was on a album with her standing spraddlelegged with
>the big grin - is here *somewhere*. Credit on th record was K. Kristofferson
>and F. Foster. (Had to go downstairs, contrary to popular belief, everything
>is not in my den 8*).

Speaking of this song, I live "near Salinas."

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at REPLAY.COM  Mon Feb  5 08:14:32 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Tue, 6 Feb 1996 00:14:32 +0800
Subject: Indecent Trash
Message-ID: <199602042352.AAA09555@utopia.hacktic.nl>


-----BEGIN PGP SIGNED MESSAGE-----

On 10 Jan 96 at 10:42, t byfield wrote:

> At 10:26 PM 1/9/96, Alexander 'Sasha' Chislenko wrote:
> 
> >- Landfills:  They are probably the richest source of detailed 
> >   historical information that is not obtainable from any 
> >   other source and can be used to reconstruct the detailed 
> >   history of society, economy, technology and any single 
> >   person with incredible detail.

> I ain't holding my breath until someone develops a search 
> engine for Fresh Kills.

I can see it now... about the time that Grandson of Altavista 
finally yields a URL for Jimmy Hoffa's body in some dump 
somewhere the government will have figured out that it's so 
much simpler to catalog the stuff on the way IN, when all the 
artifacts are fresh and unmixed. While we're all watching what 
the government does to intercept packets, they will be routing 
*trash* packets through mysterious "garbage routers."  

As the stink grows stronger, someone will conceive of anonymous 
trash forwarders. They will accept unidentified trash, no 
questions asked, anonymize it with random DNA and fingerprint 
whorls, and sneak it into public trash receptacles. DNA 
generators will enable the mischievous to plant fabricated 
indications that Hillary did indeed have something going with 
Vince, the late Khomeini (hey, hard is hard, right?) as well as 
legions of four-footed friends, confirming the suspicions of 
multitudes.

As the piles of trash-based data grow, some Senator from
Nebraska will sound the alarm that kids are too easily exposed
to the indecent signs of private behavior retrievable on the
Net and will propose draconian measures to hold everyone
responsible for their contributions to the city landfill. 
Public receptacles will be closed. Trash will only be collected 
from registered Identifed Surplus Providers (ISP's). $250,000 
fine for disposing of a condom in a dump accessible from the 
Internet... 10 years in prison for carelessly tossing those 
nasty Polaroids in the kitchen compactor. The trash of the world
will have to be made safe for kids to view.

Everything will be a lot easier to trace and control if the
garbage input is fully identified. Barcodes on trash bags
might do for starters. Access to the garbage system might have
to be restricted to those 18 and over. Trash collectors could
be made responsible for content, drafting them without pay into
the ranks of the trash police. People could be encouraged to
report suspicious trash, and trash-related activities like
neighbors sneaking out at night to place an innocent-looking
compactor bag down the block with someone else's trash.  

For their own protection, youngsters might be required to retain 
all their garbage until age 18 and then, in a solemn ceremony 
worthy of the true significance of coming of age, pitch it all 
(duly anonymized to prevent abuse of minor indiscretions) from 
their new position as lawful participants in the world garbage 
system, friends and well-wishers trying to applaud and hold their 
noses at the same time (try it -- if you're not careful you can 
break your own nose, but hey, that'll work, too!). Who knows? 
Maybe Heinlein's advocacy of keeping kids in a barrel and feeding 
them through a hole until age 18 will enjoy resurgence among the 
compulsively protective while the Web meanwhile will provide real 
time underground data on Heinlein's rpm rate.

Protecting the trash of youth will, however, give rise to the 
hiding of adult trash among that of the underaged. The government
will have to root out offenders and "impute" suspicious trash 
to the parents. Those with no visible source of trash will of 
course be suspect, and will have to emit innocent trash to 
cover themselves. This will give rise to the practice of "trash 
laundering," in which agents convert nasty trash to innocuous 
trash that may then be tossed into any monitored, controlled 
channels with no repercussions.

Trash laundering will become a grave offense to the 
accompaniment of government and Ad Council PSA's and free 
brochures from Pueblo, Colorado. Blatant offenders who have 
fled to foreign climes will be kidnapped, some will be tortured,
because the War Against Filth will be a moral commitment of the 
national body. Foreign governments headed by suspected trash 
traffickers will be toppled in quickie invasions, their leaders 
brought back in chains to disappear into federal dungeons. Public 
debate will center on the legalities and rationalizations of 
using the military in policing domestic trash, while agencies 
such as the FBI cry for more budget to fight the scourge that 
threatens the decency of the nation's repositories.

Control of trash will spread inevitably to control of liquid 
wastes, whereupon a terrible discovery will be made: Everyone, 
but everyone, emits unspeakable bodily products. At that point 
the government will have no choice but to reluctantly declare 
everyone an outlaw and execute the populace.

It's all as logical as what happens when you introduce division 
by zero way down at the bottom of the complex equation where it 
isn't so noticeable.

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMPS/PEjw99YhtpnhAQH1UQH5AdXBd7AvG6xT7x/cTXf5W1cAUXzoJ+GB
N0/SPrdoJnbUSN5LkJDwoVwA/eiL6/LVN9CjtmQwmydyBysM7M/7Xw==
=q+CF
-----END PGP SIGNATURE-----











From jimbell at pacifier.com  Mon Feb  5 08:17:20 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 6 Feb 1996 00:17:20 +0800
Subject: verification of randomness
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 03:57 AM 2/5/96 +0100, Andreas Bogk wrote:

>I've built a random number generator based on the noise of a Zener
>diode. Now I'd like to verify it's correct operation. I'd be very
>grateful if someone could point me to existing software for randomness
>tests or additional tests not mentioned in Knuth.
>I'll make the design of the generator available as soon as I've
>verified it's operation.
>Andreas

Excellent!  Sounds like a worthwhile project.  If you have an email mailing 
list, put me on it please.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRWRnvqHVDBboB2dAQFgWwQAlgxpZ1Bx21HRU39ikFUKBFoewtfjVzcD
zwOjkf5IXyITNV1IZmwmbIyzVmu1ndWr4NHhZZhxD9jCyzC6qFqvED/7Zye4vUdV
XkcTDIBqqa334Awm7dsDMwvC2GKhHbCLIcZSI7gXBf/5C3V42EKdvi18Bqn9cs5M
vJ0OnN93iBY=
=MmWv
-----END PGP SIGNATURE-----






From karl.ike at sihope.com  Mon Feb  5 08:23:01 1996
From: karl.ike at sihope.com (Karl Ike)
Date: Tue, 6 Feb 1996 00:23:01 +0800
Subject: No Subject
Message-ID: <199602050558.XAA17819@unix1.sihope.com>


It is impossible to get changes in the Fair Credit Reporting Act in the
traditional way. Credit reporting agencies have far too much personal
information that is passed out with incrediable ease at the consumers expense. 

I have a suggestion! 

Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
anyone's credit report from various sources. Do you think if someone,
outside of the USA, obtained the credit reports on half, maybe all, of the
US Senators, congressmen, judges, etc, and published them in their entirity,
on the internet, from outside the US, would get their attention? Then there
would be changes, overnight, protecting the right of privacy! Let them
become the victim of credit reporting agencies once and shit will happen
overnight. 

If someone who is not a US citizen does this from outside the US, I don't
think that they can be held accountable under US law? I am new to the
internet and don't have a clue how to do it, but someone out there does and
probably has a friend in Bankok that will help him. Put the word out! 






From Kevin.L.Prigge-2 at cis.umn.edu  Mon Feb  5 08:39:16 1996
From: Kevin.L.Prigge-2 at cis.umn.edu (Kevin L Prigge)
Date: Tue, 6 Feb 1996 00:39:16 +0800
Subject: [local] Minneapolis CP get-together
Message-ID: <311629354a51002@noc.cis.umn.edu>



Who: Minneapolis Cypherpunks
What: Local get-together & key signing party
When: Saturday, Feb 10th @ approx 5pm -> ???
Where: Applebees (3200 W Lake St)

I'll be facilitating a key signing, send your public key to me
before hand to get on the list. If you have any questions or need
directions, let me know.





From steven at echonyc.com  Mon Feb  5 08:39:51 1996
From: steven at echonyc.com (Steven Levy)
Date: Tue, 6 Feb 1996 00:39:51 +0800
Subject: A Sign of the Future
In-Reply-To: <199602050625.AAA00118@proust.suba.com>
Message-ID: 


Give me a break.  I do not work for Wired but I write for them at times, 
and most often my subject is crypto related. I can tell you for a fact 
that there is no anti-cypherpunk policy there. I have a long article that 
deals in part with cypherpunk-related cryptanlysis in the March issue and 
I was, as is always the case, left to make my own editorial judgement.

On Mon, 5 Feb 1996, Alex Strasheim wrote:

> >     Concerns about privacy and anonymity are outdated. Cypherpunks 
> >     think they are rebels with a cause, but they are really senti- 
> >     mentalists. 
> 
> I'm not much for big conspiracy theories, but I like the little ones.
> 
> If this was really in Wired, do you think it was written before or after 
> Tim dissed that magazine here?
> 
> 
> 





From cnd at triode.apana.org.au  Mon Feb  5 08:47:09 1996
From: cnd at triode.apana.org.au (Christopher Drake)
Date: Tue, 6 Feb 1996 00:47:09 +0800
Subject: Intro from a list reader
Message-ID: <199602051620.DAA06735@triode.apana.org.au>


Hello,

        My name is Christopher Drake, I own the company NetSafe.  We
        manufacture and sell one product - NetSafe - which prevents one
        small but universally unadressed, serious problem in computer
        security:  We prevent passwords (etc) from being stolen with
        Key Press Password recorders (KPPRs).

        My interest in this list is to stay up-to-date with the industry.

        You may recently have heard of the First Virtual announcement re:
        credit card number theft via automated means: our software specifically
        prevents this.

        Full details can be found at    http://pobox.com/~netsafe

        Interested parties from the recent cypherpunks meeting might
        like to note my public key: after the discussion I finally did it :-)


NetSafe. PO Box 298, North Sydney 2060, Australia.  (24hrs) Tel:+61 2 9966 1995
WWW: http://pobox.com/~netsafe   E-Mail: NetSafe at pobox.com  Fax: (02) 9957 1991

NetSafe provides inexpensive military certified security software to protect 
against key-press password recorders, trojan horses, viruses, etc. Antitamper
antitraceing antidissasembly protection is also included.

>>>>>>>>> Passwords should be protected in a manner that is consistent <<<<<<<<<
>>>>>>>>> with the damage that could be caused by their compromise.    <<<<<<<<<

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.i

mQCNAjD/mQAAAAEEAP/////NetSafe+PGP+key////We+provide+inexpensive
AntiFraud/theft+etc+Security+Software5tGfKREuINIWsQqsLNS+uAneN9M
SuMu37f+NU/U2djtxE/b9h4bJ4wb8h3QkBiuTAS1QjpxpxryQzZ10zzGQe8VAAUR
tChDaHJpc3RvcGhlciBOLiBEcmFrZSA8TmV0U2FmZUBQb2JveC5jb20+
=SGC/
-----END PGP PUBLIC KEY BLOCK-----







From raph at CS.Berkeley.EDU  Mon Feb  5 09:23:10 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Tue, 6 Feb 1996 01:23:10 +0800
Subject: List of reliable remailers
Message-ID: <199602051450.GAA04545@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = " cpunk pgp special";
$remailer{"portal"} = " cpunk pgp hash";
$remailer{"alumni"} = " cpunk pgp hash";
$remailer{"bsu-cs"} = " cpunk hash ksub";
$remailer{"c2"} = " eric pgp hash reord";
$remailer{"penet"} = " penet post";
$remailer{"ideath"} = " cpunk hash ksub reord";
$remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = " cpunk pgp hash filter";
$remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = " cpunk pgp hash ksub ek";
$remailer{"hroller"} = " cpunk pgp hash latent ek";
$remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = " cpunk hash mix";
$remailer{"replay"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = " mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = " cpunk mix";
$remailer{"wmono"} = " cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = " cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = " cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = " cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = " cpunk pgp hash latent cut ?";
$remailer{'alpha'} = ' alpha pgp';
$remailer{'gondonym'} = ' alpha pgp';
$remailer{'nymrod'} = ' alpha pgp';
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 5 Feb 96 6:47:36 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
ford     remailer at bi-node.zerberus.de     +--+++++..-+  8:06:08  99.94%
portal   hfinney at shell.portal.com         *#+*########      :42  99.94%
alumni   hal at alumni.caltech.edu           +-+#+ ---*##    27:01  99.81%
pamphlet pamphlet at idiom.com               +++++++ ++++    44:57  99.80%
alpha    alias at alpha.c2.org               ***** ***-**    18:20  99.72%
hroller  hroller at c2.org                   ###### ##-##    12:23  99.63%
mix      mixmaster at remail.obscura.com     ++-+- -----+  1:25:43  99.56%
gondolin mix at remail.gondolin.org                 ----   7:30:27  99.47%
flame    remailer at flame.alias.net         --+++ + -++-  1:17:58  99.41%
ecafe    cpunk at remail.ecafe.org           ##*## + ##*#     1:46  99.41%
c2       remail at c2.org                    ***** *** **    23:58  99.29%
nymrod   nymrod at nym.alias.net             ***+*** ***      7:40  99.18%
gondonym alias at nym.gondolin.org                   *--   4:42:54  98.55%
shinobi  remailer at shinobi.alias.net        #### # *#-#    33:56  98.34%
extropia remail at extropia.wimsey.com       _.__.-.---   21:13:22  97.85%
vishnu   mixmaster at vishnu.alias.net        +*+****--+     37:03  96.15%
penet    anon at anon.penet.fi               __.-__  _ .  44:43:59  92.95%
rahul    homer at rahul.net                  ** ## ****##     4:49  99.66%
hacktic  remailer at utopia.hacktic.nl          ** + ****     8:01  89.57%
replay   remailer at replay.com                 *- +****      6:41  80.79%
tjava    remailer at tjava.com               *#####           2:46  32.29%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From Pot at networking.stanford.edu  Mon Feb  5 10:55:11 1996
From: Pot at networking.stanford.edu (Pot at networking.stanford.edu)
Date: Tue, 6 Feb 1996 02:55:11 +0800
Subject: "Can't we all just get along?"
Message-ID: <199602050758.XAA04847@Networking.Stanford.EDU>


This is not FLAMEpunks.





From sameer at c2.org  Mon Feb  5 10:59:05 1996
From: sameer at c2.org (sameer)
Date: Tue, 6 Feb 1996 02:59:05 +0800
Subject: A Sign of the Future
In-Reply-To: <199602050625.AAA00118@proust.suba.com>
Message-ID: <199602050805.AAA05132@infinity.c2.org>


	Everyone disses that magazine here. Don't be paranoid.
> 
> >     Concerns about privacy and anonymity are outdated. Cypherpunks 
> >     think they are rebels with a cause, but they are really senti- 
> >     mentalists. 
> 
> I'm not much for big conspiracy theories, but I like the little ones.
> 
> If this was really in Wired, do you think it was written before or after 
> Tim dissed that magazine here?
> 
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From ses at tipper.oit.unc.edu  Mon Feb  5 10:59:38 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 6 Feb 1996 02:59:38 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: 


On Mon, 5 Feb 1996, Robert A. Rosenberg wrote:

> I agree - Not only were there two different separation methods but the two
> bombs dropped on Japan were of different designs (I think that the
> Hiroshima bomb was the same design as the land test version and the
> Nagasaki one was the untested design [so that if used, there would have
> been a tested design for the first drop]).

Actually, it was the other way round. The bomb dropped on Hiroshima was 
an enriched uranium gun type bomb; the devices exploded at Trinity and 
Nagasaki were imploded plutonium devices. The Little-Boy design was not 
tested before being dropped as 1) the design was so (theoretically) 
simple that if it didn't work, nothing would, and 2) there wasn't enough 
enriched uranium to make two of them.

Simon
p.s.
  Everybody interested in this subject should read "The making of the 
Atom Bomb" by Richard Rhodes; it's an amazing book, well worth its 
Pulitzer. The section dealing with Hiroshima in the seconds and days after 
the explosion is incredibly painful to read.





From jamesd at echeque.com  Mon Feb  5 10:59:51 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Tue, 6 Feb 1996 02:59:51 +0800
Subject: Jim Bell - Murderous Terrorist
Message-ID: <199602050730.XAA22544@shell1.best.com>


At 07:06 PM 2/4/96 -0800, jdoe-0007 at alpha.c2.org wrote:
>Jim Bell has advocated nothing less than paid death squads using crypto as a
>means to hide payment to these murderous terrorists. 

Terrorists are people who create terror by random murder, by killing the
innocent:  Clearly this is the exact opposite of what Jim Bell advocates.

The word terrorist was originally applied primarily to government organizations
of terror, most notably the french revolution.  You seem to be using the word
"terror" to mean  "Non government use of force"  So by your definition, 
George Washington was a terrorist, whereas the Stalin and the French 
Revolutionary tribunal were not terrorists.

By your definition of terrorist, there are plenty of advocates of "terrorism"
on this mailing list.

> If you can find a conspirator
> of murder as " highly intelligent, knowledgeable, and overall nice person"
then
> you also are in need of immediate mental health intervention.

or possibly you need to comprehend the difference between governmental decrees
and morality.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jf_avon at citenet.net  Mon Feb  5 11:00:25 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Tue, 6 Feb 1996 03:00:25 +0800
Subject: Marshall McLuhan and encryption...
Message-ID: <9602050736.AA08295@cti02.citenet.net>



>  Nick's a big shot at Wired magazine.  So it should be no surprise 
>  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
>  a fake interview with "Wired's patron saint," Marshall McLuhan is 
>  made to say (p 130): 
> 
>    Concerns about privacy and anonymity are outdated. Cypherpunks 
>    think they are rebels with a cause, but they are really senti- 
>    mentalists. 

Well, maybe McL. would have spit such nonsense, very characteristical of him.

"The media is the message" is among the biggests con jobs performed on humanity.
It's like having a guy dying form thirst and telling him: "The pipe is the beverage"...

One fine example of the destruction of reason.

If a PGP encrypted message was sent to Mr.McLuhan, could he see if it is a
"there is a contract on you..." or "happy new year" or "I love you..."


To any Cypherpunks, the media *IS NOT* the message!

Dear Wired peoples and Mr. McLuhan: get lost!

>    The era of politics based on private identities, anonymous indi- 
>    viduals, and independent citizens began with the French Revolution 
>    and Napoleon's armies...and ended with Hitler....  The cypherpunks 
>    are still marching to the same martial music. 

     He is partially right.  With Renaissance, came the idea that Reason and human mind 
were powerfull and that knowledge, because man's only survival tool is reason, is a value 
to pursue.  

But french revolution did not convey theses ideas, neither
did Napoleon.  And Hitler definitely not.   
All of the three were, ultimately, collectivists or looters.

Therefore, the author of the text is guilty of setting up straw man and of
context blanking.

JFA
Reality Is.  Existence exists.  Words have a precise meaning.  $






From attila at primenet.com  Mon Feb  5 11:02:08 1996
From: attila at primenet.com (attila)
Date: Tue, 6 Feb 1996 03:02:08 +0800
Subject: violating politicians privacy
In-Reply-To: <199602050558.XAA17819@unix1.sihope.com>
Message-ID: 



    attila sez:

	well, I take it as assumed correct that illegally violating the
    credit and personal information of member os Congress (might as well 
    include the Clintons and the Gores) would get a response on privacy.

	but you would be a targt of an incredible manhunt. For example,
    I can give you the name of an online information provider (if I was
    so disposed --which I am _not_, as I do not wish to be labelled as a 
    conspirator) who would provide the credit, medical, and background 
    reports of 500+ individuals for $20-25 a pop.  then you take out an 
    account on a system with a false id and does not require credit cards 
    (pay cash, not cheque)  --mail each one to the target rep/sen/bubba 
    after mailing the whole set to Geraldo, or some other slimball.

	but, I think I would put my money on further laws to really 
    clamp down on free speech. and, if you ever were caught, don't 
    expect all of us to donate one day a month for 10-50 years to visit
    you in the slammer.

	more laws, more political police, more prisons  --that's their 
    motto. 

	enjoy

_________________________________________________________________ attila__


On Sun, 4 Feb 1996, Karl Ike wrote:

> It is impossible to get changes in the Fair Credit Reporting Act in the
> traditional way. Credit reporting agencies have far too much personal
> information that is passed out with incrediable ease at the consumers expense. 
> 
> I have a suggestion! 
> 
> Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
> anyone's credit report from various sources. Do you think if someone,
> outside of the USA, obtained the credit reports on half, maybe all, of the
> US Senators, congressmen, judges, etc, and published them in their entirity,
> on the internet, from outside the US, would get their attention? Then there
> would be changes, overnight, protecting the right of privacy! Let them
> become the victim of credit reporting agencies once and shit will happen
> overnight. 
> 
> If someone who is not a US citizen does this from outside the US, I don't
> think that they can be held accountable under US law? I am new to the
> internet and don't have a clue how to do it, but someone out there does and
> probably has a friend in Bankok that will help him. Put the word out! 
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From WFU at sjulaw.stjohns.edu  Mon Feb  5 11:12:14 1996
From: WFU at sjulaw.stjohns.edu (Wendy Fu)
Date: Tue, 6 Feb 1996 03:12:14 +0800
Subject: fcpunx subscribe
Message-ID: <4C254DF0F18@sjulaw.stjohns.edu>


endWendy Fu, Network Manager 
St. John's University School of Law
8000 Utopia Parkway, Jamaica, NY 11439
E-Mail Address: wfu at sjulaw.stjohns.edu
Phone: (718)990-1666





From an359557 at anon.penet.fi  Mon Feb  5 11:13:03 1996
From: an359557 at anon.penet.fi (an359557 at anon.penet.fi)
Date: Tue, 6 Feb 1996 03:13:03 +0800
Subject: C2 and the Worst Case
Message-ID: <9602051739.AA09360@anon.penet.fi>



>Are you saying that when someone with an anonymous mailbox on c2.org
>retrieves his/her mail via a POP3 connection, no log is made of
>the originating IP address?

It's even worse than that. The IP address/hostname that connects to c2 shows
up when you finger that user on c2!

Sameer, can you please change that? An anonymous user don't wanna leave a
trail as obvious as an IP address.

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From mark at unicorn.com  Mon Feb  5 11:24:56 1996
From: mark at unicorn.com (Mark Grant, M.A. (Oxon))
Date: Tue, 6 Feb 1996 03:24:56 +0800
Subject: Telecoms Bill
Message-ID: 



Well, if "cypherpunks write code", is there any code we should be writing 
in response to this?

	Mark






From owner-cypherpunks at toad.com  Mon Feb  5 12:13:59 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Tue, 6 Feb 1996 04:13:59 +0800
Subject: No Subject
Message-ID: 



<<"In other words it was stvation/devastation city">>

  It was lot worse than that on the Japanese-imperialits occupied islands 
of the Pacific when the Nisei troops choosenot to surrender and instead, 
mad last-ditch charges against AMerican lines - which killed not a small 
number of Americans. And of course, there were the suicide bombers.

Submarine operations don't cost zero lives, either. In fact, just plain 
old regular military logistics - keeping the boys mobilized and in place 
ina theatre of operations - don't cost zero lives, even if there are _no_ 
hostilities.

And while all the starvation and devastation was going on in Japanese
cities, the Japanese troops were torturing and murdering Allied POWs, and
Asian civilains in all the Japanese-occupied teritories. Those people
deserved liberation, too. 

I think you give your game away when you complain about how we were being 
unfair to Comrade Stalin.

As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
the payments they make to support the American garrison in Japan. The
non-Okinawans want us in their country. I guess they know that the
alternative is a Red Chinese garrison. 

And lots of other Asians are afraid of the same alternative - or of 
Japanese garrisons in their homeland. THey've "been there, done that".

Alan Horowitz 
alanh at norfolk.infi.net






From owner-cypherpunks at toad.com  Mon Feb  5 12:21:40 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Tue, 6 Feb 1996 04:21:40 +0800
Subject: No Subject
Message-ID: 


On Sun, 4 Feb 1996 Pot at networking.stanford.edu wrote:

> This is not FLAMEpunks.
> 
	WHAT???   --and miss all the fun?


__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From WFU at sjulaw.stjohns.edu  Mon Feb  5 12:49:57 1996
From: WFU at sjulaw.stjohns.edu (Wendy Fu)
Date: Tue, 6 Feb 1996 04:49:57 +0800
Subject: fcpunx subscribe
Message-ID: <4C1F80260A3@sjulaw.stjohns.edu>


Wendy Fu, Network Manager 
St. John's University School of Law
8000 Utopia Parkway, Jamaica, NY 11439
E-Mail Address: wfu at sjulaw.stjohns.edu
Phone: (718)990-1666





From owner-cypherpunks at toad.com  Mon Feb  5 12:55:36 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Tue, 6 Feb 1996 04:55:36 +0800
Subject: No Subject
Message-ID: 


>> INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.
>
>> This does not mean that Internet commerce is dead.  Any scheme that is
>> not based on self-identifying one-way financial instruments such as
>> credit cards will be essentially unaffected by this problem.  Moreover,
>> even credit cards may be made safe on the Internet using one of two
>> approaches:  secure hardware add-ons and the First Virtual approach.

etc.

My name for this kind of software:

  Terminate and Stay Clueless


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From owner-cypherpunks at toad.com  Mon Feb  5 13:32:37 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Tue, 6 Feb 1996 05:32:37 +0800
Subject: No Subject
Message-ID: 


Although this particular request was sent to the cypherpunks mailing
list, others continue to send requests to my mailbox.

>>>>> "Wendy" == "Wendy Fu"  writes:

Wendy> endWendy Fu, Network Manager 
Wendy> St. John's University School of Law
Wendy> 8000 Utopia Parkway, Jamaica, NY 11439
Wendy> E-Mail Address: wfu at sjulaw.stjohns.edu
Wendy> Phone: (718)990-1666

I don't know how my address got associated with this list, but please,
*do not* send requests about FCPUNX to steve at miranova.com.

Requests about how to set up Gnus scoring for performing your own
filtering of the cypherpunks list are welcome.

-- 
steve at miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.





From warlord at MIT.EDU  Mon Feb  5 13:54:26 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 6 Feb 1996 05:54:26 +0800
Subject: Encryption Programs
In-Reply-To: <199602041551.KAA26343@borg.mindspring.com>
Message-ID: <9602052013.AA18934@oliver.MIT.EDU>


> OBVIOUSLY the spokesman of the group. I ask for help and this is what I get?
> 
>         One more time, I'm well aware of the capabilities of PGP. What I'm
> looking for is a program
> that does a better job of binary encryption than just Radix 64 ASCII armoring.

Umm, I think you might be a little confused.  Either that, or you
mis-typed.  What do you mean by "better job of binary encryption than
just Radix 64 ASCII armoring"?  PGP does a lot more than just Ascii
Armor.  The Ascii Armor is just a self-recognizing transport
mechanism, nothing more.

The real meat behind PGP is its encryption and key management
utilities.  PGP uses the IDEA cipher, combined with RSA key
management, to securely encrypt any kind of file.  The Ascii Armor is
used solely to protect the PGP files during transport over email and
other ascii-only protocols.

I hope this clears up any possible misconceptions.

-derek





From frissell at panix.com  Mon Feb  5 13:55:35 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 6 Feb 1996 05:55:35 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <2.2.32.19960205200507.006fa0ac@panix.com>


At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:

>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>would have a (mandatory) legal requirement to:
>
>o Ensure that personal data is stored properly (by encrypting it, etc)
>o Ensure that personal data is not distributed
>o Ensure that databases are *not* being maintained which describe the
>   characteristics of individuals (buying habits, income, property 
>   ownership, etc) wantonly propagated by marketing (direct mail, 
>   telemarketing, etc) companies.  
>

Unfortunately, it would also:

*  Require government registration of computers and databases containing
information about people (whether these computers are used by business or
individuals).  This eases regulation of computers and future confiscation.

*  Reduce market efficiency by making it harder to match buyers and sellers
(because neither could easily find out about he other) thus causing higher
prices and poorer people. 

*  Do nothing to protect personal information from the government which
would get to collect more of it than ever in the course of enforcing data
protection laws.

If you don't want people to know things about you, don't tell them.

DCF






From abarrett at ee.net  Mon Feb  5 13:55:48 1996
From: abarrett at ee.net (abarrett at ee.net)
Date: Tue, 6 Feb 1996 05:55:48 +0800
Subject: IMC Resolving Email Security Complexity Workshop
Message-ID: <311670b0.idoc@idoc.idoc.ie>


Found this in the box the other day - thought it might be of interest, esp 
regarding secure email standards.

Warmest regards,
AJ

<---- Begin Forwarded Message ---->
Return-Path: dcrocker at brandenburg.com
Date: Tue, 23 Jan 1996 10:20:50 -0800
To: (potential attendees)
From: Dave Crocker 
Subject: IMC Resolving Email Security Complexity Workshop

This is a query of your interest in participating in a working meeting.

As an initial activity of the newly-formed Internet Mail Consortium, we are
hoping to use the coincident timing of EMail World in San Jose and the ISOC
Security Conference in San Diego to call for an all-day meeting on the
matter of email security. (If you aren't familiar with the IMC, please
check out info at imc.org or .)

This note is intended as a pre-announcement and a solicitation for feedback
concerning your interest.  We'd like to get a sense of the number and range
of folks who might/can/will attend.  We do not yet have logistics or
finances fully worked out, but the timing pressure is tight enough to
warrant this letter before the official announcement.  Comments about the
activity and, especially, an indication of availability, willingness, and
(best of all) intention to attend would be highly welcome.

	Please pass this note on to others who you think are
	(or should be) interested in email security.


Specifics

As its first activity, the Internet Mail Consortium proposes to organize a
one-day workshop to consider the problem of multiple MIME-based security
mechanisms.  This is a complicated topic with a long and painful history,
but the previous pain is insignificant when compared to what is emerging
for vendors and, worse still, for users.

Our proposal is to conduct an open meeting with attendance by principals
and others involved in this area of work.  We will invite the key
contributors and solicit additional attendance by vendors, providers,
users, and technologists who are concerned with email security.

The attendance goal is to have a critical mass of those with the technical
expertise and industry involvement to review and debate the requirements,
capabilities, and possibilities.  The work goal is to seek common ground
for a common solution.

While we are not overly hopeful that the end of the day will see peace and
resolve among the masses, we do hope for a large amount of improved
understanding and some amount of convergence.  With luck, there will even
be improvement in the clarity of constituency for the different technical
choices -- that is, a strengthening of the political base for some of the
alternatives.

We would like to hold the event:

		Wednesday, 21 February
		8:30 am - 5:30 pm (all day)
		(Near) EMail World event, San Jose Convention Center, CA.

This is the last day of EMail World and the day before a two-day ISOC
Security conference in San Diego.

We propose to structure the meeting with a tight agenda, having a very
focused sequence of work on the problem; this is definitely not for general
education.  Some amount of review is appropriate, but not much.  Attendees
will be expected to be knowledgeable in the basic technologies, so that
only general systems design and specific algorithm choices need to be
cited. To help everyone prepare, the Internet Mail Consortium will organize
a set of mail-response and Web pages with references and summaries of the
current technologies, and will establish a mailing list for exchanges
leading up to the meeting.


Proposed Agenda

Morning
	Brief descriptions of the candidate solutions
	Review of the functional and technical requirements
	Review the extent to which each alternative satisfies the requirements
	Seek consensus about the requirements

Afternoon
	Haggle about the strengths and weaknesses of the technical alternatives
	Explore the choices and/or negotiate a preferred solution

Those who have worked on this topic in the IETF are quite tired of the
whole situation, but the unfortunate reality is that the current product
and user choices are quite problematic. We need to continue seeking a
viable service.

We expect to charge $50 per person, to cover basic costs.  I should
have more details about this next week.

Please do let us know your comments.  Thanks!

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                fax:  +1 408 249 6205
675 Spruce Dr.                                     dcrocker at brandenburg.com
Sunnyvale, CA  94086 USA                         http://www.brandenburg.com



<----  End Forwarded Message  ---->

__________________________________________________________________
Out the buffer,         | PGP encrypted e-mail preferred.
Through the com port,   | Finger for Public Key.
Over the POTS line,     | Also available on a key server near you.
Into the NT Box,        |
Up the fractional T1,   | Key ID: 0X457AA6BD
Onto the backbone,      | Keyprint: 99 C7 17 3B 32 08 3F 17
Nothin' but 'Net.       |           F4 A9 42 A9 2F BC 39 B1
------------------------------------------------------------------








From paralax at alpha.c2.org  Mon Feb  5 13:58:34 1996
From: paralax at alpha.c2.org (paralax at alpha.c2.org)
Date: Tue, 6 Feb 1996 05:58:34 +0800
Subject: attila sez
Message-ID: <199602052019.MAA05730@infinity.c2.org>


On Date: Mon, 5 Feb 1996 06:49:57 +0000 (GMT)

a>    attila sez:

a>	It is not whether paralax does not know shit from beans, but that
a>    he proves to all that he would prefer to censor TCMay and James A.
a>    Donald than listen to their opinions, despite the fact he posted his
a>    own rather trivial and absurd point. 

a>    political correctness and the liberal news intrepretations of "all

I seek to censor no one.  I prefer to confront racisim whenever and wherever
I see (read) it.  Mr. May embarassed himself with his denigrating application
of the word "Jap" to describe the Japanese people after demonstrating a gross
lack of knowledge and sensitivity about Jews.  It is NOT a matter of "political
correctness" unless YOU and Mr. May believe refraining from addressing an
African-American as a nigger the moral equivalent of sucumbing to "politcal 
correctness".

a> with this, I suppose I have been entered upon your "list" of 
a> enemies of the 'statist' nation along with TCMay and James A. Donald,

All three of you would be flattering yourselves if any of you thought you made
anybody's list.

A. Paralax View





From jpp at software.net  Mon Feb  5 14:22:28 1996
From: jpp at software.net (John Pettitt)
Date: Tue, 6 Feb 1996 06:22:28 +0800
Subject: FV's blatant double standards
Message-ID: <2.2.32.19960205213944.0109c138@mail.software.net>


At 09:26 AM 2/4/96 -0500, Simson L. Garfinkel wrote:
>At 8:18 AM 1/31/96, Rishab Aiyer Ghosh wrote:
>>FV demonstrated, through it's "card sharp" or whatever, that
>>real-time transactions are vulnerable to sniffers on the recipient's
>>own machine. Of course. We all knew that. But the mistake is to
>>assume that FV isn't _equally_ vulnerable to that threat. If you
>>can write a trojan that will somehow get privileged access to my
>>machine, trap my keystrokes, and identify my credit card number,
>>you can certainly write one that will, sitting on my machine:
>>    "intercept the user's electronic mail, read the confirmation
>>    message from First Virtual's computers, and send out a fraudulent
>>    reply"
>>(to quote from Simson's article). Simson further quotes FV's Lee
>>Stein: "A single user can be targeted, Stein said, but ''it is very
>>difficult. . . . There are too many packets moving . . . to too many
>>different machines.''" - which is of course equally true for real-time
>>Netscape transactions.
>
>Oh, I think that such a program can be written. However, it would be much
>harder to get right, considering all of the different ways that people read
>e-mail.
>
>
The code looks something like this:

1) hook into the winsock and look for an FV message in the web data stream,
save the ID.

2) now look for an approve/deny/fraud, when you see one you know that the
user uses 
an IP connection for mail and web.

3) Forward the ID to an anon box.

4) Look for outbound FV messages with 'fraud' or 'deny' and change to 'approve'.

Clearly this will miss AOL, CI$ etc al but thats not important.

The issue is not FV noticing the error, they will, it's how long it takes
 and how much you can steal in the interim.

There is a Helen Keller quote I'm rather fond of which starts:
 "Security is mostly a superstition ..."

  *If the machine is not secure all bets are off*

The most likly failure vector for this attack is that so few people use FV :-)







John Pettitt, jpp at software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch






From jya at pipeline.com  Mon Feb  5 14:57:53 1996
From: jya at pipeline.com (John Young)
Date: Tue, 6 Feb 1996 06:57:53 +0800
Subject: TWP on Indecency Protest
Message-ID: <199602052229.RAA14765@pipe3.nyc.pipeline.com>


   The Washington Post, February 5, 1996, p. A8.


   Language on 'Indecency' Sparks Telecommunications Bill
   Protest

   By John Schwartz


   Provisions in the overhaul of the nation's
   telecommunications laws that call for regulating adult
   materials on the Internet have sparked a storm of anger and
   protest on that medium.

   "This is the kind of legislation you'd see from a lot of
   senators and congressmen who have never logged on," said
   Michael Godwin, staff counsel for the Electronic Frontier
   Foundation, a civil liberties group. "The Christian Right
   thinks they've hit a home run here, but the inning isn't
   over."

   The provisions, proposed by Sen. J. James Exon (D-Neb.),
   have gained momentum with support from religious
   conservative organizations. The legislation would make it
   illegal to make "indecent" material available to minors via
   computer, with penalties of two years in prison and up to
   $250,000 in fines. Exon called passage last week "a victory
   for children and families," adding, "We've come to a
   successful closing of the 'peep show' doors to our youth."
   President Clinton has said he will sign the bill.

   Those opposed to the regulations, however, said the
   "indecency" standard, which has been used in broadcast
   regulation cases, is too vague and would seriously restrict
   the potential of the emerging on-line medium.

   "I am concerned this legislation places restrictions on the
   Internet that will come back to haunt us," said Sen.
   Patrick J. Leahy (D-Vt.). He warned that quoting from such
   works as "Catcher in the Rye" and "Ulysses" in on-line
   discussions could court prosecution and said that making it
   illegal to "make available" indecent language would outlaw
   posting of messages or images that a child might see.
   "Imagine if the Whitney Museum ... were dragged into court
   for permitting representations of Michelangelo's David to
   be looked at by kids."

   But John McMickle, an aide to Sen. Charles E. Grassley
   (R-Iowa), said drafters rejected the idea that Userious
   works of redeeming value" would fall within the law, which
   he said would apply only to "patently offensive" material.
   McMickle said the bill "is not a Comstock-type effort to
   wipe out literature or political speech."

   The American Civil Liberties Union, the Electronic Frontier
   Foundation and other organizations are preparing a lawsuit
   challenging the indecency provisions on constitutional
   grounds. Other legal actions are in the works. An on-line
   publication, American Reporter, has announced it will soon
   publish a column by a Texas judge denouncing the
   legislation intentionally salted with "indecent" language;
   Randall Boe, a Washington attorney for the American
   Reporter, said he would immediately sue after publication.

   "We want to move promptly to have this statute set aside as
   unconstitutional," Boe said. "The longer it's in place, the
   greater the harm done to the Internet and to the First
   Amendment." Boe's firm, Arent, Fox, Kintner, Plotkin &
   Kahn, was defense council in the landmark "seven dirty
   words" case, which set the legal standard for indecent
   language in broadcasting based on a monologue by comedian
   George Carlin.

   Cathleen Cleaver, director of legal studies for the Family
   Research Council, said yesterday she expected such suits
   and that her conservative organization, which has pushed
   for on-line regulation, would fight to uphold it.

   The Justice Department has stated that the legislation
   would be vulnerable to attack on constitutional grounds.
   But in response to a letter from Grassley, Assistant
   Attorney General Andrew Fois noted last week that the
   department is defending the indecency standard in
   legislation "and will continue to defend similar statutes
   against constitutional challenges, so long as we can assert
   a reasonable defense consistent with the Supreme Court
   rulings in this area."

   -----













From frankw at in.net  Mon Feb  5 15:22:25 1996
From: frankw at in.net (Frank Willoughby)
Date: Tue, 6 Feb 1996 07:22:25 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602052254.AA15929@su1.in.net>


Verily at 03:05 PM 2/5/96 -0500, Duncan Frissell did write:

>At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
>
>>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>>would have a (mandatory) legal requirement to:
>>
>>o Ensure that personal data is stored properly (by encrypting it, etc)
>>o Ensure that personal data is not distributed
>>o Ensure that databases are *not* being maintained which describe the
>>   characteristics of individuals (buying habits, income, property 
>>   ownership, etc) wantonly propagated by marketing (direct mail, 
>>   telemarketing, etc) companies.  
>>
>
>Unfortunately, it would also:
>
>*  Require government registration of computers and databases containing
>information about people (whether these computers are used by business or
>individuals).  This eases regulation of computers and future confiscation.

Works great in theory, not in practice.  Having worked in Germany for 9 
years, I can *guarantee* that the German gov't hasn't implemented the 
above.  It may have been a good idea (in their eyes, not mine), but it 
isn't implementable in a democratic society - it bogs down in the 
implementation phase).  

Are you planning on registering every computer system that each person and 
company has with the gov't?  Most sysadmins I know are up to their ears in
work and are barely able (if at all) to recognize which users they have on 
their system, and why they have accounts at all (business justification).  
This might also get pretty wild when the ISPs get polled in terms of usage.  
(Compuserve notwithstanding).  

Gathering the registration data will be a bear to implement - keeping it 
current will be impossible (for the forseeable future).  Besides, this
would cast further shadows of "big brother" and remind former "ossies"
in the former GDR/DDR  & eastern block of days gone by - which they would 
probably rather not remember.

Also, just because Germany tries this approach (and fails), doesn't mean 
we have to repeat their mistake in this area.


>
>*  Reduce market efficiency by making it harder to match buyers and sellers
>(because neither could easily find out about he other) thus causing higher
>prices and poorer people. 

Actually, it would probably increase market efficiency as they would be 
spending their marketing budget on other appropriate methods which have 
a higher success-ratio.  I don't know what the success rates are of 
mass-mailings, or tele-marketing, but I doubt if they approach 1% (wild 
guess).  Seriously - what is your first impulse when you reach the phone
and find out the caller is a tele-marketer?  The annoyance factor is 
rather high for these.  More than likely, this was also the reason that
unsolicited mass-faxing of marketing info was forbidden by law a while 
ago?

FWIW, personally, I think many marketing organizations have gone off the 
deep end in their efforts to try to be effective (to wit: putting logos
on clothing, in video games, etc; sponsor's logos in Home Pages, 3-5 minutes
of TV commercials every 6-10 minutes of TV (for those rare moments one gets 
to watch TV (thank heavens for cable TV & CNN)).  8^)


>
>*  Do nothing to protect personal information from the government which
>would get to collect more of it than ever in the course of enforcing data
>protection laws.
>

You're assuming this isn't happening now?  IMO, that would be a rather naive
assumption.  Personally, I think that the law should also consider exactly 
this point.  The gov't should have no more access to personal information 
than it needs to carry on its job - and we as taxpayers should decide how 
much access they need to have.


>If you don't want people to know things about you, don't tell them.

Agreed....But, this essentially means giving up your phone, your credit 
cards, your house, your car, your job, and generally withdrawing from
society.  Not a particularly viable plan, IMO.  The main problem is 
that the companies do little to nothing about protecting an individual's
private data.  It isn't any of my business how much money, you make, 
the amount your home is worth, your credit rating, info about your 
family (wife, kids, etc), religion, etc - yet, all of these are within
the easy access of many individuals who don't have a "need-to-know" of 
this information.  If I don't have a "need-to-know" about this info, I
shouldn't be able to access it.

>
>DCF

Of course since we are re-writing the Privacy Act from scratch, we can
leave out the items you mentioned & design it the way it should be.

Best Regards,


Frank






From rsalz at osf.org  Mon Feb  5 15:56:28 1996
From: rsalz at osf.org (Rich Salz)
Date: Tue, 6 Feb 1996 07:56:28 +0800
Subject: IEEE Security Symposium Program
Message-ID: <9602052328.AA02380@sulphur.osf.org>


Date: Mon, 5 Feb 1996 14:14:22 -0800
To: pem-dev at tis.com, ietf-pkix at tandem.com, ipsec-owner at ans.net
>From: Stephen Kent 
Subject: IEEE Symposium Program Announcement

I'm distributing a copy of this year's program to members of these
security-oriented WG mailing lists as a means of "getting the word out" to
individuals who may be interested in attending this sort of conference.  As
the chair of the former PEM WG, and current co-chair of the PKI WG, I feel
that this announcement is appropriate for these lists, and I hope my fellow
IPSEC WG members agree that it is appropriate for that list as well.  I
apologize in advance for those of you who, like me, will receive multiple
copies of this announcement.

Steve
===========================================================================



1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY                    _/_/
                                                            _/    _/
                                                           _/           _/
May 6-8, 1996                                                _/_/    _/_/_/
The Claremont Resort,                                           _/    _/
Oakland, California                                       _/   _/
                                                           _/_/
Sponsored by the                                                  _/_/_/
IEEE Technical Committee on Security and Privacy                 _/   _/
In cooperation with the                                         _/   _/
International Association of Cryptologic Research              _/_/_/
                                                              _/
Symposium Committee                                          _/
Dale M. Johnson, General Chair                                    _/_/_/  _/_/
Stephen Kent, Vice Chair                                        _/   _/ _/
John McHugh, Program Co-Chair                                  _/   _/ _/
George W. Dinolt, Program Co-Chair                             _/_/_/ _/_/_/
                                                                  _/ _/   _/
                        PRELIMINARY PROGRAM                      _/ _/   _/
                         Subject to Change                      _/   _/_/

MONDAY, MAY 6

08:30-09:00  WELCOMING REMARKS:  Dale Johnson and John McHugh

09:00-10:30  PANEL:  Object Management Group CORBA Security Standard
                Moderator:  Terry Benzel
                Participants:  TBA

10:30-11:00  BREAK

11:00-12:00  COVERT CHANNELS

             An Analysis of the Timed Z-Channel
                Ira S. Moskowitz, Steven J. Greenwald, Myong H. Kang

             Defining Noninterference in the Temporal Logic of Actions
                Todd Fine

12:00-13:30  LUNCH

13:30-15:00  PANEL:  Goals for Computer Security Education
                Cynthia Irvine, Chair
                Leslie Chalmers
                Karl Levitt
                Steven F. Barnett
                Jim Schindler
                Roger R. Schell

15:00-15:30  BREAK

15:30-17:00  FIVE-MINUTE RESEARCH TALKS SESSION

             Submissions in the form of one-page ASCII abstracts
             due by email to mchugh at cs.pdx.edu no later
             than 2 April 1996. See http://www.cs.pdx.edu/SP96/
             for more information.
             Abstracts to be distributed at the conference.

18:00-19:30  RECEPTION

TUESDAY, MAY 7

09:00-10:30  DOMAIN SPECIFIC SECURITY

             Security for Medical Information Systems
                Ross Anderson

             Discussion
                Discussants TBA

10:30-11:00  BREAK

11:00-12:00  PROTOCOLS

             Entity Authentication
                Dieter Gollmann

             A Fair Non-repudiation Protocol
                Jianying Zhou, Dieter Gollmann

             Limitations on Design Principles for Public Key Protocols
                Paul Syverson

12:00-13:30  LUNCH

13:30-15:00  DATABASES

             Ensuring Atomicity of Multilevel Transactions
                Paul Ammann, Sushil Jajodia, Indrakshi Ray

             View-Based Access Control with High Assurance
                Xiaolei Qian

             Supporting Multiple Access Control Policies in Database Systems
                Elisa Bertino, Sushil Jajodia, Pierangela Samarati

15:00-15:30  BREAK

15:30-17:00  BIOLOGICALLY INSPIRED TOPICS IN COMPUTER SECURITY

             An Immunological Approach to Change Detection: Algorithms,
             Analysis, and Implications
                Patrik D'Haeseleer, Stephanie Forrest, Paul Helman

             A Sense of Self for UNIX Processes
                Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji,
                Thomas A. Longstaff

             Cryptovirology: Extortion Based Security Threats and
Countermeasures
                Adam Young, Moti Yung

17:30-19:30  TECHNICAL COMMITTEE MEETING

WEDNESDAY, MAY 8

09:00-10:30  MODELING

             A Security Model of Dynamic Labeling Providing a Tiered Approach to
             Verification
                Simon Foley, Li Gong, Xiaolei Qian

             A Communication Agreement Framework of Access Control
                Martin Roscheisen, Terry Winograd

             Decentralized Trust Management
                Matt Blaze, Joan Feigenbaum, Jack Lacy

             Security Properties and CSP
                Steve Schneider

10:30 11:00  BREAK

11:00 12:30  NETWORKS

             Security Flaws in the HotJava Web Browser
                Drew Dean, Dan S. Wallach

             On Two Proposals for On-line Credit-card Payments using Open
             Networks: Problems and Solutions
                Wenbo Man

             Secure Network Objects
                Leendert van Doorn, Martin Abadi, Mike Burrows, Edward Wobber

             Run-Time Security Evaluation (RTSE) for Distributed Applications
                Cristina Serban, B. McMillin

12:30 12:45  CONCLUDING REMARKS

12:45        SYMPOSIUM ADJOURNS

1996 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY              _/_/
                                                                  _/    _/
                   REGISTRATION FORM                             _/          _/
                                                                   _/_/   _/_/_/
          Name:_______________________________________________       _/    _/
                                                               _/   _/
   Affiliation:_______________________________________________  _/_/
                                                                    _/_/_/
Postal Address:_______________________________________________     _/   _/
                                                                  _/   _/
               _______________________________________________   _/_/_/
                                                                _/
               _______________________________________________ _/
                                                                  _/_/_/  _/_/
         Phone:_______________________________________________  _/   _/ _/
                                                               _/   _/ _/
           Fax:_______________________________________________ _/_/_/ _/_/_/
                                                                  _/ _/   _/
         Email:_______________________________________________   _/ _/   _/
                                                                _/   _/_/
Note:  Address information will be distributed to attendees.

Please enter the appropriate registration category.  Payment must be included
and must be by credit card or by check in U.S. dollars, drawn on a U.S. bank,
made payable to "IEEE Symposium on Security and Privacy."  Dates are strictly
enforced by postmark.

  Advance registration (up to 29 March 1996)
     ___   Member of the IEEE (Member # ____________, required)........$310.00
     ___   Non-Member..................................................$385.00
     ___   Full-time Student...........................................$100.00
  Late registration (from 30 March 1996)
     ___   Member of the IEEE (Member # ____________, required)........$370.00
     ___   Non-Member..................................................$460.00
     ___   Full-time Student...........................................$100.00

Do you wish to present at a poster session or lead an evening discussion?
                                                               [ ] Yes  [ ] No

Do you have any special requirements?_________________________________________

Please indicate your method of payment by checking the appropriate box:

  [ ] Check in U.S. funds drawn on a U.S. bank (PLEASE ENCLOSE WITH THIS FORM)

  Credit card authorization:
  (Charges will appear on your statement as made by IEEE COMPUTER SOCIETY)

         Visa        MasterCard      American Express     Diners Club
         [ ]            [ ]                [ ]                [ ]

  Credit Card Number:_________________________________________________________

  Card Holder Name:______________________________Expiration Date:_____________

  Signature:__________________________________________________________________

Mail registration to:                     Or FAX this form (CREDIT CARD
        Stephen Kent                      REGISTRATIONS ONLY) to:
        BBN Corporation                   FAX:    +1 617 873-4086
        MS 13/2A                          VOICE:  +1 617 873-6328
        70 Fawcett Street
        Cambridge, MA 02140

>>>>SORRY, NO REGISTRATIONS BY EMAIL.  NO REFUNDS.<<<<

Five-Minute Research Talks Session
==================================
At the 1995 Symposium a session of five-minute research talks was held for the
first time.  These proved very popular, so there will be another session this
year.  It is being held on Monday to give attendees more opportunities to
contact the presenters during the rest of the conference.  If you are interested
in presenting a five-minute talk, please submit a one-page abstract in ASCII
format by email to mchugh at cs.pdx.edu no later than 2 April 1996.  See
http://www.cs.pdx.edu/SP96/ for more information.  Abstracts to be distributed
at the conference.  Please note that the five-minute time limit will be strictly
enforced.


Evening Sessions
================
The 1996 IEEE Symposium on Research in Security and Privacy will accommodate
poster sessions and evening discussions.  There will be rooms with blackboards
and bulletin boards for interested parties to post presentations on work in
progress, recent research results, and innovative proposals, or to lead
discussions on topics of current interest.  These rooms will be available Monday
and Tuesday, May 6 and 7, from 8 p.m. to midnight.  If you are interested in
posting a presentation or organizing a discussion on a particular topic, please
indicate so on the registration form.


Hotel Reservations - The Claremont Resort
=========================================
The Claremont Resort in Oakland, California is 20 minutes from San Francisco and
just over an hour from Napa Valley.  It is situated in the Oakland-Berkeley
hills overlooking the San Francisco Bay on 22 acres of beautifully landscaped
lawns and gardens.  Facilities include the Claremont Pool and Tennis Club and
The Spa at the Claremont.

Oakland Airport is 14 miles from the hotel, or attendees may choose to fly into
San Francisco and rent a car.  SuperShuttle (+1 510 268-8700) provides service
from the San Francisco Airport or the Oakland Airport to the Claremont Resort.
The charge is $15 from Oakland Airport and $18 from San Francisco Airport, per
person one way.  Parking is available at the hotel at a cost of $8 per day for
guests and a maximum of $9 per day for non-guests.

Hotel reservations must be made under the group name IEEE Symposium on Security
and Privacy.  The group rate is $102 single, $114 double occupancy, plus 11%
tax.  The cut-off date for reservations is Saturday, April 6, 1996.
Reservations made after this date will be accepted on a space available basis.
Reservations must be accompanied by an advance deposit or credit card guarantee.
You may cancel your individual reservations up to 72 hours prior to arrival,
after which your deposit becomes non-refundable.  Please be advised the check-in
time is after 3:00 p.m.; check-out is 12 noon.

For reservations and information, contact: The Claremont Resort, Ashby and
Domingo Avenues, Oakland, CA 94623-0363; Phone: +1 800 551-7266 (7 a.m. to
8:30 p.m., PST) or +1 510 843-3000; Fax: +1 510 549-8582.








From cp at proust.suba.com  Mon Feb  5 15:57:34 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 6 Feb 1996 07:57:34 +0800
Subject: A Sign of the Future
In-Reply-To: 
Message-ID: <199602050625.AAA00118@proust.suba.com>


>     Concerns about privacy and anonymity are outdated. Cypherpunks 
>     think they are rebels with a cause, but they are really senti- 
>     mentalists. 

I'm not much for big conspiracy theories, but I like the little ones.

If this was really in Wired, do you think it was written before or after 
Tim dissed that magazine here?







From cp at proust.suba.com  Mon Feb  5 16:05:49 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 6 Feb 1996 08:05:49 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602050334.WAA17133@UNiX.asb.com>
Message-ID: <199602050621.AAA00111@proust.suba.com>


> There's also less worry about secure transactions, since if 
> everything's encrypted it's harder to tell if a transaction is taking 
> place, viewing porno or subversive or religious, literature,  or if
> you're just reading something mundane.

I think I must be missing something here.  Aren't you describing an SSL 
web server?  Different algorithms, but basically the same idea?

> So is fast-than-light travel, but only if it's implemented.

Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK 
just got harder.







From jpp at software.net  Mon Feb  5 16:06:01 1996
From: jpp at software.net (John Pettitt)
Date: Tue, 6 Feb 1996 08:06:01 +0800
Subject: Encryption and Backups
Message-ID: <2.2.32.19960205043354.00703aa4@mail.software.net>



On Sun, 4 Feb 1996, Alan Olsen wrote:

> Something that I have not seen addressed is the need for strong encryption
> in backup software.
>
> Most backup software has an "encryption" option, but I have seen few that
> have anything resembling strong encryption.  Furthermore, I have seen no
> real push for strong encryption for backups at all.
> ... 
> Might be an idea for a product there...  (And you can bet law enforcement
> would throw a hissy fit about its existence.)
>
CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
how good the implementation is: I have no idea.

--
John Pettitt
email:         jpettitt at well.sf.ca.us (home)
               jpp at software.net       (work)    







From alano at teleport.com  Mon Feb  5 16:08:28 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 6 Feb 1996 08:08:28 +0800
Subject: Encryption and Backups
Message-ID: <2.2.32.19960205053656.00942c50@mail.teleport.com>


At 08:33 PM 2/4/96 -0800, John Pettitt wrote:
>
>On Sun, 4 Feb 1996, Alan Olsen wrote:
>
>> Something that I have not seen addressed is the need for strong encryption
>> in backup software.

>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.

I have a copy, but I have not yet verified the key sizes.  It is on my list
of projects.  (My current project is for determining if an app is accessing
your PGP files under Win95.  I may be stuck for a bit though...  Looks like
I might need the DDK to compile it.)
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From hal9001 at panix.com  Mon Feb  5 16:08:32 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Tue, 6 Feb 1996 08:08:32 +0800
Subject: Sometimes ya just gotta nuke em
Message-ID: 


At 8:33 2/3/96, "A. Padgett Peterson, P.E. Information Security"
Tim rote:
>>At 4:12 AM 2/3/96, Rich Graves wrote:
>>>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>>>against tyranny?
>>Since you ask, I do.
>
>And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
>we had or could build for about a year (had taken several *years* to
>separate enough fissionable material for the three via two entirely
>different processes).
>
>To me this is the great strength of the USA: given a theoretical problem, we
>will develop a hundred different solutions, try them all in parallel, and at
>least one will work.

I agree - Not only were there two different separation methods but the two
bombs dropped on Japan were of different designs (I think that the
Hiroshima bomb was the same design as the land test version and the
Nagasaki one was the untested design [so that if used, there would have
been a tested design for the first drop]).







From jimbell at pacifier.com  Mon Feb  5 16:08:35 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 6 Feb 1996 08:08:35 +0800
Subject: Arthur C. Clarke Supports Strong Crypto
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>
>(Pardon me for mentioning crypto...)
>
>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>the phrase: "all sufficiently advanced technlogies are indistinguishable
>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>Channel" program called "Mysterious Universe."

Actually, it was _I_ who mentioned this quote, but didn't specifically 
recall whom to ascribe it to.  Perhaps Tim May didn't see it; a week or so 
ago May engaged in a shotgun-type killfile addition, including me when I was 
merely ( I still believe...) the victim in a local flamewar.  If there is 
somebody out there who:

1.  Is on speaking terms with Tim May.
and
2.  Has a little respect for my commentary, I would very much appreciate it 
if you would forward this comment to him to ensure that he sees it. 

The truly ironic thing is that Tim wrongly ascribes the comment to Alan 
Olsen, who is apparently the (recently admitted) perpetrator of at least one
flamewar 
against me.

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMRWQLvqHVDBboB2dAQF8zwP3SjAAIP46pqwsygL4Hm8YOChJ6xfIs4Vq
vp+8rjMvPmZwxNtGN+7kcRTbXmau5P3MePSp94iK6k8qwisNqsoqCYkMBxs198fg
2YRZvfLAMQ0xsVznUSRA4bBTI3mLAv868xleSkIwhSjJ271qKUaI2K5exY1FgVK/
JnaVHWZTeQ==
=tjA2
-----END PGP SIGNATURE-----






From attila at primenet.com  Mon Feb  5 16:08:36 1996
From: attila at primenet.com (attila)
Date: Tue, 6 Feb 1996 08:08:36 +0800
Subject: "Nations see Internet.." continued
In-Reply-To: <199602041718.MAA05257@plethora.lisgar.edu.on.ca>
Message-ID: 


On Sun, 4 Feb 1996, Mike Ang wrote:

> 
> Comparing crypto to guns works in the sense that the "bad guys" will 
> always be able to have access to them.  However, I for one support gun 
> control but do not support mandatory limits on crypto.  Where I live,
> there are no theats that justify allowing everyone to carry guns 
>
	well, I'll tell you what, we'll export 10,000 of our inner city 
    gang members north; then you think about leaving _all_ weapons in
    the hands of the central state who increasingly is failing to provide 
    adequate protection for the weak members of its society.

>- the 
> threat to privacy and freedom of speech justifies allowing everyone to 
> use strong crypto.  You can use a gun to deprive another person of their 
> life - what harm can you do another with PGP?  Perhaps you can harm them 
> by being able to spread hate propaganda, but I don't think that that is a 
> strong enough argument.
> 
> 	- Mike.
> 
> If you've got to flame me, do it by email.
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From tcmay at got.net  Mon Feb  5 16:08:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 6 Feb 1996 08:08:40 +0800
Subject: Fair Credit Reporting Act and Privacy
Message-ID: 


[I urge people to put thread names in the subject lines, and not just leave
the subjects as "Re:" or "Your mail." I have added a subject line.]

At 5:58 AM 2/5/96, Karl Ike wrote:
>It is impossible to get changes in the Fair Credit Reporting Act in the
>traditional way. Credit reporting agencies have far too much personal
>information that is passed out with incrediable ease at the consumers expense.
>
>I have a suggestion!
>
>Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
>anyone's credit report from various sources. Do you think if someone,
>outside of the USA, obtained the credit reports on half, maybe all, of the
>US Senators, congressmen, judges, etc, and published them in their entirity,
>on the internet, from outside the US, would get their attention? Then there
>would be changes, overnight, protecting the right of privacy! Let them
>become the victim of credit reporting agencies once and shit will happen
>overnight.

"Protecting the right of privacy"? If I tell Joe Bob that you welshed on a
debt made in the past, something that the person you welshed on has
informed me of, how is this a violation of your right of privacy?

Better yet, abolish the laws about so-called "Fair Credit Reporting."

If Tim's Pretty Good Credit Reporting knows that Joe Blow filed for
bankruptcy in 1975, by what right should men with guns come to his file
cabinets and announce that he may not reveal true information that is older
than, say, 8 years? Facts are facts. Not just for 8 years, or even 20
years. Debts incurred 30 years ago and not paid may still be useful bits of
information in deciding whether to extend credit to a person.

And even possibly untrue things are not the main justification for the
FCRA. The FCRA is _not_ primarily designed to correct wrong information,
but to place time limits on correct information. It limits speech. And it
interferes with rational economic decisions.

Fortunately, strong crypto and cyberspatial data havens will make
enforcement of the FCRA increasingly difficult.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From attila at primenet.com  Mon Feb  5 16:08:46 1996
From: attila at primenet.com (attila)
Date: Tue, 6 Feb 1996 08:08:46 +0800
Subject: Nuke em if ya got em "TCMay"
In-Reply-To: <199602041303.FAA05924@infinity.c2.org>
Message-ID: 



    attila sez:

	It is not whether paralax does not know shit from beans, but that
    he proves to all that he would prefer to censor TCMay and James A.
    Donald than listen to their opinions, despite the fact he posted his
    own rather trivial and absurd point. 

    political correctness and the liberal news intrepretations of "all
    men are created equal" with reverse discrimination, destruction of
    the work ethic for the dole, and the New World Order whose need is
    more and more cheaper labor, even to the point of disenfranchising 
    whole element of America society to achieve a worker's underclass is 
    the shit part of beans and shit.

	with this, I suppose I have been entered upon your "list" of 
    enemies of the 'statist' nation along with TCMay and James A. Donald,
    and that my prejudged conviction and sentence requires me to write
    30,000 lines of debugged C source code before the end of this year. 

	how about 30,000 lines of debugged Ada source for you?  --while
    I add you to procmailrc:

    	    :0:
	    * ^[FRST].*paralax
	    assholes

	have a nice day, hopefully enlightening

		attila 
__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.
__________________________________________________________________________

On Sun, 4 Feb 1996 paralax at alpha.c2.org wrote:

> On Date: Sat, 03 Feb 1996 22:20:52 -0800 James A. Donald Wrote:
> 
> At 03:39 PM 2/3/96 -0800, paralax at alpha.c2.org wrote:
> 
> P> Mr. Hayes MAY have used a condescending tone but you have exposed your
> P> racist roots again.  First you embarrass yourself with you lack of knowledge,
> 
> JAD> Paralax does not know shit from beans.  He presumably imagines that Tim is
> JAD> "embarrassed" because Tim's knowledge of the historical facts differs from
> JAD> those facts dreamed up by the usual crew of apologists for totalitarian terror.
> 
> JAD> James A. Donald
> 
> Historical facts and or personal interpretations thereof were never called in to question by me.  I took umbrage with Mr. May's insulting, insensitive and racist comments about Jews and the Japanese.  Whether Mr. May's is personally embarrassed by his public display of ignorance and bigotry matters not.  He did indeed embarrass himself on an 'International Stage'.
> 
> I may not know shit from beans (actually I do) but I do know cultural  insensitivity, racism, bigotry and ignorance when I see it displayed so blatantly.  I encouraged Mr.
> May to return to topics 'cipher' before further embarrassment ensues.  I urge you to do
> likewise.
> 
> A. Paralax View
> 








From ErnstZundl at aol.com  Mon Feb  5 16:18:13 1996
From: ErnstZundl at aol.com (ErnstZundl at aol.com)
Date: Tue, 6 Feb 1996 08:18:13 +0800
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960205183439_313485220@emout05.mail.aol.com>


Ich habe kleine Hoden





From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Mon Feb  5 16:25:20 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Tue, 6 Feb 1996 08:25:20 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: 


Alan Horowitz writes:

:   It was lot worse than that on the Japanese-imperialits occupied islands 
: of the Pacific when the Nisei troops choosenot to surrender and instead, 
: mad last-ditch charges against AMerican lines - which killed not a small 
: number of Americans. And of course, there were the suicide bombers.

Who were those second generation Japanese Americans who ``choosenot to
surrender and instead, mad last-ditch charges against AMerican lines''?

I am afraid that I find this all rather cryptic, which I guess makes
it appropriate.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu





From koontz at MasPar.COM  Mon Feb  5 16:28:46 1996
From: koontz at MasPar.COM (David G. Koontz)
Date: Tue, 6 Feb 1996 08:28:46 +0800
Subject: RC2 source code post to sci.crypt
Message-ID: <9602052347.AA18642@argosy.MasPar.COM>



So, who cancelled the post anyway?





From vgebes at jp.psi.com  Mon Feb  5 16:36:47 1996
From: vgebes at jp.psi.com (Vincent Gebes)
Date: Tue, 6 Feb 1996 08:36:47 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: <199602060001.JAA14299@jp.psi.com>


Hi,

While avoiding the many political issues in this thread to
which my opinion is of little value,

 > As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
 > the payments they make to support the American garrison in Japan. The
 > non-Okinawans want us in their country.

this is so far off the mark as to be hilarious.  Public opinion
against US troops in Japan is pretty high.  Don't confuse what
the government does to have any bearing on what people want.
Also realize that US mass media's portrayal of events in Japan
may be quite different than that of Japan's mass media.  I would
expect that this is true elsewhere as well...

Vince Gebes
PSI Japan





From rishab at best.com  Mon Feb  5 16:49:39 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Tue, 6 Feb 1996 08:49:39 +0800
Subject: No Subject
Message-ID: <199602052258.OAA25368@comsec.com>


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal at dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA






From lull at acm.org  Mon Feb  5 17:39:05 1996
From: lull at acm.org (John Lull)
Date: Tue, 6 Feb 1996 09:39:05 +0800
Subject: Encryption and Backups
In-Reply-To: <2.2.32.19960205043354.00703aa4@mail.software.net>
Message-ID: <311621cd.3804730@smtp.ix.netcom.com>


On Sun, 04 Feb 1996 20:33:54 -0800, you wrote:

> CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
> how good the implementation is: I have no idea.

CP backup does not work reasonably under Win95, certainly not under
NT, and Symantec has announced that they are NOT upgrading it, or
Fastback, or Norton backup, all of which they own.





From Kevin.L.Prigge-2 at cis.umn.edu  Mon Feb  5 18:17:33 1996
From: Kevin.L.Prigge-2 at cis.umn.edu (Kevin L Prigge)
Date: Tue, 6 Feb 1996 10:17:33 +0800
Subject: RC2 question [No Nuke Content]
Message-ID: <3116b6973db4002@noc.cis.umn.edu>


Could someone throw a little light my way with
regards to the permute[] array being derived from
pi? I'm just not seeing it, I guess. 

Sorry for the interruption, I owe the list several
off-topic flames and a discussion of some random
non-crypto stuff at a later date.

-- 
Kevin L. Prigge         | "You can always spot a well informed man -
UofM Central Computing  |  his views are the same as yours."  
email: klp at tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  






From jpp at software.net  Mon Feb  5 18:48:32 1996
From: jpp at software.net (John Pettitt)
Date: Tue, 6 Feb 1996 10:48:32 +0800
Subject: FV's blatant double standards
Message-ID: <2.2.32.19960206020035.00e2bea8@mail.software.net>


At 08:39 PM 2/5/96 -0500, Simson L. Garfinkel wrote:
>Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
>users, this attack will work just fine.
>-simson
>
>
Who cares - if 25 to 50% of a systems users are
vulnderable doesn't that make it weak ?

John Pettitt, jpp at software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch






From jirib at sweeney.cs.monash.edu.au  Mon Feb  5 19:34:06 1996
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Tue, 6 Feb 1996 11:34:06 +0800
Subject: [noise] Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960125090719.008efa3c@mail.teleport.com>
Message-ID: <199602060311.OAA11630@sweeney.cs.monash.edu.au>


Hello

Alan Olsen wrote:

...
> So we could launch Jeff Wienstien in a rocket without violating ITAR as long
> as we do not sell him.

Forget about Jeff, how about PGP? Put it on a rocket (I'm *sure* there's
an amateur rocket club conveniently located near the border), and off
you go! (I guess you'd want to check @ 126.1 first, though).

Have I missed anything?


Jiri
--
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)





From bit-bucket at lsd.com  Mon Feb  5 20:06:36 1996
From: bit-bucket at lsd.com (Dave Del Torto)
Date: Tue, 6 Feb 1996 12:06:36 +0800
Subject: [NOISE] just a few bits shy of a soul...
Message-ID: 


While chatting with a friend recently over brown rice in Boulder CO, he
said something that I found raw-ther amusin'. Thought I'd share it. We'd
been discussing bit-sizes of keys vs fifth-generation NSA cryptanalytical
systems, etc and he said:

 "Wow, it's amazing how much [NSA] computing power is placed in
  service of [such a] '1-bit' consciousness."

Heh...

   dave







From ddt at lsd.com  Mon Feb  5 20:16:32 1996
From: ddt at lsd.com (Dave Del Torto)
Date: Tue, 6 Feb 1996 12:16:32 +0800
Subject: CONTEST: Name That Program!
Message-ID: 


At 12:10 AM 1/31/96, Bill Stewart wrote:
>At 11:45 AM 1/30/96 -0500, Nathaniel Borenstein  wrote:
>> In fact, I'd settle for getting onto 10% of the machines, although I
>> suspect I could get onto more like 80% without raising a sweat.

If I were you, Nathaniel, I'd drop that petard of yours on the ground, grab
a very absorbent hankie and run like hell. ;)

>You've alleged that Macs and Unixen should be about as easy as Windows
>machines to crack with your CardShark.  I disagree - most Mac users I
>know have been using virus protectors more consistently and reliably
>than DOS/Windows users.  However, if their virus software only stops
>known viruses, rather than anything modifying critical resources,
>you might get away with it for long enough to surf some numbers.
 [elided]

Actually, for those who don't know, one of the most ubiquitous anti-viral
utilities for Macs (Symantec Antivirus for Macintosh, aka "SAM") also
offers a mode that constantly watches for any generic attempt to modify
crucial file/app/system resources -- and offers the opportunity to deny
such attempts. Thus, it doesn't _only_ offer protection against "known"
attacks. It even specifies which application/virus is trying to modify
which file, allows the user to teach it that certain mods are verboten and
halts activity until the user decides how to proceed. This makes it all but
impossible (if a Mac is so-protected) to even introduce a
trojan-keystroke-sniffing-credit-card-transmitter, much less use it to take
over the TCP stack (MacTCP) without the user's knowledge.

As for FV's recent "discovery:"
[a] I'm glad if FV _really_ wants to educate the public, but I hope they
find a better way next time than a "hey, we found this really simple way to
hack the universe, but we're not telling all you 13-year-old juvenile
delinquent hacker-wannabes" broadcast (talk about yer invitations!),
[b] confused why NB didn't anticipate the fuss and prepend a short
disclaimer onto his posting of it to cpunx (how about _thrice_ burnt,
Nathaniel?),
[c] unimpressed by all the vitriol it stirred up and the glee exhibited by
everyone in slamming Nathaniel and Co. (lighten up, even if it was
deserved) and
[d] bummed that no-one remembered my keycapture utility survey of nearly a
year and a half ago...as in "gee, I wish _I'd_ thoughta that." ;)

Frankly, I wonder if, in the long run, FV's stunt hasn't wrought more harm
than good: I got a late-night call from a worried but clueless friend
asking me to clarify this "credit card sniffer thing" he'd heard about from
someone else: he was all worried that there was an invisible virus on his
machine. >sigh< It's seems the brush has been set afire: now which way will
the winds blow?

Cheers,

   dave

____________________________________________________________________________
"With annual interest, compounded every nanosecond, that'll be $0.02000018."








From weidai at eskimo.com  Mon Feb  5 20:26:49 1996
From: weidai at eskimo.com (Wei Dai)
Date: Tue, 6 Feb 1996 12:26:49 +0800
Subject: Disperse/Collect version 1.0
Message-ID: 


To follow up on a post last year where I suggested that Rabin's 
information dispersal scheme might be useful for sending large files 
across unreliable remailer networks, I built a shareware package called 
Disperse/Collect out of my own Crypto++ library.  Disperse splits up 
files into redundant pieces and encodes them in base 64.  Collect decodes 
them and reconstructs the original files.  You can download this software 
from my home page at http://www.eskimo.com/~weidai.

Wei Dai






From jonl at well.com  Mon Feb  5 21:04:59 1996
From: jonl at well.com (Jon Lebkowsky)
Date: Tue, 6 Feb 1996 13:04:59 +0800
Subject: Mike Godwin at HotWired
Message-ID: <199602060446.UAA17724@well.com>


PLEASE RECIRCULATE!

Mike Godwin, staff counsel for EFF and eloquent supporter of civil 
liberties online and off, will be our guest at HotWired's Electronic 
Frontiers Forum this Thursday, February 8, at 7PM PST, 9PM CST, 10PM EST.

Coincidentally, President Clinton is scheduled to sign the Telecom Bill 
the same day, and the '48 Hours of Protest' demonstration will begin when 
the bill is signed.

We encourage online activists to participate in the ongoing EF Forums as a 
chat space wherein we can discuss new developments and issues of 
organization in support of a free and open Internet. A login is required 
but the account is free. We're at http://www.hotwired.com/club or 
telnet://chat.wired.com:2428.

thanks,
Jon L.

http://www.hotwired.com/eff

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky                       http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays 
Vice President, EFF-Austin                     
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=






From hal9001 at panix.com  Mon Feb  5 23:43:20 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Tue, 6 Feb 1996 15:43:20 +0800
Subject: Arthur C. Clarke Supports Strong Crypto
Message-ID: 


At 21:06 2/4/96, jim bell wrote:

>At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>>
>>(Pardon me for mentioning crypto...)
>>
>>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>>the phrase: "all sufficiently advanced technlogies are indistinguishable
>>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>>Channel" program called "Mysterious Universe."
>
>Actually, it was _I_ who mentioned this quote, but didn't specifically
>recall whom to ascribe it to.

It is known (at least among Science Fiction Fans) as "Clarke's Law" and I
seem to remember it more accurately phrased as "Any sufficiently advanced
technology is indistinguishable from Magic". It is similar to suggesting
that "Magic is any Technology that you do not understand".







From wlkngowl at unix.asb.com  Tue Feb  6 03:02:05 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Tue, 6 Feb 1996 19:02:05 +0800
Subject: re Telecoms Bill
Message-ID: <199602061038.FAA12752@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

mianigand at unique.outlook.net ("Michael Peponis") wrote:

>I think the first problem would be how to hide a sites true location.  >For example, if I have a domain called xxx.offensivestuff.org, how would
>I hide the sight so that while it is freely accessable to those who are
>looking for it, yet not allow a goverment agency to home in on the
>geographical locations via trace route.

That's a problem... data havens come to mind, but that's another issue.
Keeping the data in a domain/country where it is not restricted, or where
laws are very laxly enforced is one start... then the issue is using
crypto so that one can get the material from a country that restricts
it.

[Off topic... DC Nets/Anonymous or encrypted IRC comes to mind too...]

[..]
>Of course, this approch would result in a slower connection and more >packet hops.

A price for maintaining security and anonyimity...

[..]
>:On the non-net side of things, implementing encrypted >:BBS/communications and file-transfers is useful.  I'm told PGP-Phone
[..]
>
>I like this idea, but I am not sure how the laws work.  For example if a >BBS had subscribers sign a voucher stating that they were not agent of a
>goverment agency, would it hold up? would lying constitue entapment?

It wouldn't work, and would make them more interested in the material
that BBS has.  Any what about DMV/DOT employees, clerks, firemen, 
hospital employees, etc., who are non-enforcement people?

Encryption would restrict wiretapping.  If users send private encrypted
email to each other (Isn't there a PBBS program that allows users to
PGP-encrypt private mail to each other...?) that's another layer of
security.  Keeping the BBS on an encrypted partition also helps.

BBS's aren't as prone to snooping as networks are, but then again, why
should government employees be the only type of snooper?

The comm program could also implement a kind of zero-knowledge proof
or digital sig rather than the standard login, making the BBS secure
against someone hacking an account.



- --Rob

Just some suggestions to dilute the noise ratio...


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcvjyoZzwIn1bdtAQGl2gF+INNeeX6GH9oX/8KSB0NPIi2ifzDuBVSu
d2fwPoAmiJ3ds7mzBPCn3msATxaCROFd
=kPGx
-----END PGP SIGNATURE-----





From attila at primenet.com  Tue Feb  6 03:05:55 1996
From: attila at primenet.com (attila)
Date: Tue, 6 Feb 1996 19:05:55 +0800
Subject: CypherPunks as Teachers; source material [Re: Hey, we are quaint! , (Was: A Sign of the Future)]
In-Reply-To: 
Message-ID: 



	I agree:

	    "Cypherpunks Teach"
		Bill Humphries  

    --the only way to get the message across.

	Jeffersonians?  Publicly, Jefferson espoused universal suffrage 
    for all Freemen as opposed to Madison-Hamilton-Federalists. Both sides
    had a fully "republican" bi-cameral legislature with separate executive
    and justice branches for the checks and balances.
	Jefferson differed in his approach to social issues: far more 
    empathetic than the Federalists who could exhibit traits of feudalism 
    rather easily. In his writings, etc. Jefferson could be considered a
    nascent libertarian.  How today's Democratic Party can claim 
    Jefferson as their founding father is certainly past my comprehension.

	The following are reprintings of excellent books:

            Works of Fisher Ames, as published by Seth Ames, W.B. Allen,
	editor, Indianapolis: Liberty Fund, two volumes, 1,708 pages,
	hardcover, $30.00. 
            Democracy and Liberty, by William Edward Hartpole Lecky,
	Indianapolis:  Liberty Fund, two volumes, 1,025 pages, hardcover,
	$20.00. 
    
    and well worth the read, despite their size. Lecky was a historian 
    with perspective, not a revisionist.  Excellent coverage of the fallacy
    of democracies starting with the Greek city-states. Ames was an American
    statesman (graduated from Harvard Law at 16) and was a Representative
    from Massachusetts in the first Congress thru 1799 when his ill-health
    forced retirement. In his writings, he states:

	    Democracy means the absolute reign of "public opinion," the
	disappearance of the rule of law, and the sweeping away of
	protections built into a true government of law. 

	Jefferson certainly would role over at the degeneration of "his"
    party which began in the 30s as liberal news, particularly radio,
    demagougues discovered they could fan the riff-raff and control the
    direction of government. 
	With Democratic control of the house all but six years from 1932
    to 1994 (48-54) and Democratic Presidents for all but 20 of 60 years: 
    [Eisenhower (if he was a Republican), Nixon-Ford, Reagan and Bush], 
    the cynical press effectively rewrote the modus operandi of the
    Federal government; with the advent of nationwide televison in the 
    late 50s --the deed was done.  Roosevelt started with "...a chicken 
    in every pot" but today that is a a piker --you need two cars in the 
    garage, TVs in every room, etc. or as quipped once (Butts on the way 
    to his media crucifixion): "...loose shoes, a tight pussy, and a warm
    place to shit."
	
	I have an excellent review of both books by Fr. James Thorton
    Notre Dame, I think.

	Anyone who would like a copy of the review, mail a blank message 
    with the Subject: DEM_lib and it shall be sent.

	Both texts clearly define what the problem is today even though 
    both are over 100 years old. the survivors of their length will have
    a clear understanding of limited republics and rabble-run democracy,
    and with Leaky's work, some excellent historical references.

	attila

On Mon, 5 Feb 1996, Bill Humphries wrote:

> Steve Levy replied to Alex Strasheim over an alledged 'plot' to discredit
> cypherpunks at Wired Magazine:
> 
> >Give me a break.  I do not work for Wired but I write for them at times,
> >and most often my subject is crypto related.
> 
> [...]
> 
> >On Mon, 5 Feb 1996, Alex Strasheim wrote [citing Gary Wolf 'channeling
> >McLuhan']:
> >
> >> >     Concerns about privacy and anonymity are outdated. Cypherpunks
> >> >     think they are rebels with a cause, but they are really senti-
> >> >     mentalists.
> >>
> >> I'm not much for big conspiracy theories, but I like the little ones.
> 
> 
> 
> Hey folks, we are quaint Jeffersonians for the most part here. We believe
> that reasoned arguement should carry the day instead of FUD (fear,
> uncertainty and doubt). And that privacy is a good thing. Whereas modern,
> marketing driven media (as described by McLuhan) will use FUD and whatever
> else it takes to deliver an audience. Ask any of the people who have been
> publicly tarred as Nazi's for their involvement over the Zundel/Hollow
> Earth/webcom business.
> 
> Wolf's portrayal of McLuhan is spot on, because media producers who give a
> damn about anonymity and privacy aren't going to land the big contracts.
> The money to buy bandwidth and servers wants the highest quality data
> availiable so we can be coerced to spend every minute we aren't working,
> commuting, sleeping, or fornicating (was f*cking before the CDA) as
> 'consumers.'
> 
> And many people aren't going to think of these issues, not because they are
> dumb, but because they are so busy working to provide for their families to
> spend any time in the reflective/meditative state required to make
> political choices.
> 
> I suggest that Cypherpunks add one more slogan to their list:
> 
>                "Cypherpunks teach."
> 
> Because no one is going to invest in the time and effort to use PGP,
> remailers, and blind web proxies unless they understand why they should.
> I'm going to invest in the time to show my family and friends why these
> technologies are important so when I mention PGP to someone they'll have
> something other than the soundbite "only Nazis use strong encryption" to
> fall back on.
> 
> 
> 
> bill.humphries at msn.fullfeed.com
> "The more you know, the more jokes you get" -- Tompkins and Kaufman
> 
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From sameer at c2.org  Tue Feb  6 03:13:21 1996
From: sameer at c2.org (sameer)
Date: Tue, 6 Feb 1996 19:13:21 +0800
Subject: C2 and the Worst Case
In-Reply-To: <9602051739.AA09360@anon.penet.fi>
Message-ID: <199602060551.VAA25665@infinity.c2.org>


sigh.

http://www.c2.org/members/docs/shell.phtml

	This was fixed *ages* ago.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From roy at sendai.cybrspc.mn.org  Tue Feb  6 03:14:35 1996
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 6 Feb 1996 19:14:35 +0800
Subject: How would an FV attack fail? (was: Re: FV's blatant double standards)
In-Reply-To: <199602060139.UAA03880@vineyard.net>
Message-ID: <960205.233714.1y9.rnr.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, simsong at vineyard.net writes:

> Yes, clearly if you are not concerned about missing 50-75% of First
> Virtual's users, this attack will work just fine.

Could you characterize the failure modes?  I see 2 main ones:

    Confirmation notices directed to another address invisible to the
    successfully infiltrated attacker.

    Failure to initially infiltrate:

        Infiltration attempt failed.

        Potential victim never contacts infection vector.

I'm curious how you'd estimate the breakdown over these modes, and if
you see additional failure modes I've missed.
- -- 
Roy M. Silvernail --  roy at cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRbrPxvikii9febJAQFxxwP+MjHD4lRb8kMiFF+5DlN4OTZqolyQWlfE
aj2Tk59/FNrOctW4Gqv4b3EkTuLdc1se1CDs/UDQQilmSNiF5cxfJauPVyETQG3H
0NZ5T7wI9WrJp6JVxc4DVwu7aUZwmcDYB6tKPT2ZsH2jhKGz9pUn8kieZt4zM+/7
T0e80OEELvA=
=ZGC2
-----END PGP SIGNATURE-----





From jirib at sweeney.cs.monash.edu.au  Tue Feb  6 03:14:46 1996
From: jirib at sweeney.cs.monash.edu.au (Jiri Baum)
Date: Tue, 6 Feb 1996 19:14:46 +0800
Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: 
Message-ID: <199602060545.QAA12048@sweeney.cs.monash.edu.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello Rich Graves 
  and bryce at colorado.edu
  and "Declan B. McCullagh" , cypherpunks at toad.com
 
> On Fri, 2 Feb 1996, Bryce wrote:
...
> For the paranoid, it would be an added assurance that they are reading the
> original file at the original location. Otherwise, anybody could copy the
> Web page, modify it, and give it someone else's PGP signature. 
...

So? I guess it's plagiarism, but there's nothing you can do about it
anyway. If someone wants to claim your words, let them sign.

...
> But yeah, it would look awfully silly, especially to the non-PGP-aware
> public. An unobstrusive PGP logo (below) would be great, and might become
> a status symbol, like those cheesy HTML validation service and Internet
> Audit Bureau logos (which I have used on a few pages). 
> 
> > Just put a "PGP signed" logo at the bottom of the
> > page.  If the user clicks on it then it hrefs to a .asc
...
> Yeah, I like the idea of a standardized logo. A lot.

One other thing - what about inline images?

I guess you could put an MD5 hash of the image into the IMG tag,
as a new attribute (you don't necessarily want to sign each of the
images separately).

I'm not sure how to do links, but I guess for the time being you'd
leave them unsigned, with a disclaimer or something on the signature file.

Have a look at http://www.cs.monash.edu.au/~jirib (my home page).
Is that more-or-less what you have in mind?

(Sorry about the cruddy logo - anybody a better artist than I am?)


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to .
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRbq+yxV6mvvBgf5AQHUCgQAscQZb0fq9X+quFmOGGa/7D75yzbYeVjr
IPYDkyHo51Sd+mUUyD8Wt7EtepcVgp5FNEgej0KjjA4gNMbTccZUdp+VoWm0mIDW
qhENaWHvyFZ75+LuyeGqjd3WpvaI2yLzY5+48U5/iBo7XYMNuecZu7cRk+NmhZfv
dEFT4eWUwy4=
=Z14V
-----END PGP SIGNATURE-----





From attila at primenet.com  Tue Feb  6 03:19:18 1996
From: attila at primenet.com (attila)
Date: Tue, 6 Feb 1996 19:19:18 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <199602060324.WAA09394@opine.cs.umass.edu>
Message-ID: 


On Mon, 5 Feb 1996 lmccarth at cs.umass.edu wrote:

> It would appear that a potentially very popular application for high-
> bandwidth anonymizing proxies has arrived: 
>

	come on Lewis...  where's the sight  address? 

	on a little more serious point; the use of multiple high
    bandwidth proxies is fast becoming essential to screen your
    address from the enquiring target, thereby forcing the Feds to
    use either very extensive sniffers or the power of the subpoena (not 
    much luck if the records disappear nightly...).  The only clinker is 
    the big sites are startig to require registration with legal warnings 
    --next of course is payment and they want a credit card --not a check
    or cybercash --a credit card for open debit. 

		attila
 
> Forwarded message from list-managers-digest:
> > From: Project Genesis 
> > Date: Mon, 05 Feb 1996 02:42:13 -0500
> > Subject: Speaking of spams...
> > 
> > Did I mention that Project Genesis is an organization specializing in
> > religious education?  The message below explains why all of our public lists
> > are moderated. I value privacy and have grave doubts about things like the
> > Exon amendment (which may make Internet providers liable), but I also think
> > that we need to ensure that the Internet not become one big red-light
> > district. Spams like this are a step in the wrong direction. It hit several
> > of our religion-oriented lists.
> > 
> > Ken
> > 
> > >Sender: kristina at free.org          [User Unknown - I told her to go away.]
> > >Subject: LIVE NUDE VIDEOCONFERENCING!
> > >
> > >Hi,
> > >My name is Kristina.  I'm a nude model and I'd
> > >love to take my clothes off and entertain you.
> > >You can watch me live and in color on your 
> > >computer.  We can type back and forth and I'll
> > >be happy to perform your erotic fantasy.  If
> > >this sounds like fun, visit the website and
> > >download the software. The address is
> > >http://www.[I don't plan to help them].com or you can get the
> > >software from the BBS at 815-[ditto].  I'll
> > >turn the camera on in my studio and wait to 
> > >hear from you.  I think you'll like what I have
> > >to show you.  This isn't a movie...you make a
> > >request and I'll probably fulfill it for you.
> > >Look for my picture on the Website.  Hope to 
> > >see you soon!
> > >
> > >Love,
> > >Kristina
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From mab at research.att.com  Tue Feb  6 03:19:28 1996
From: mab at research.att.com (Matt Blaze)
Date: Tue, 6 Feb 1996 19:19:28 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <199602060707.CAA01434@nsa.tempo.att.com>


At the request of the Business Software Alliance (BSA), an ad hoc
panel of seven cryptologists and computer scientists met last November
to address the question of the minimum key length required to provide
adequate security against exhaustive search in commercial applications
of symmetric cryptosystems.  We have just completed our report.

We adopted a simple, and somewhat conservative, methodology in an
effort to gain a realistic understanding of what size keys might
actually be vulnerable in practice.  It is common in analysis of key
length to give all benefit of the doubt to the capabilities of the
potential attacker and to make very generous assumptions about the
technology and resources that might be available to mount an attack.
In our analysis, however, we assumed that the attacker would employ
only conventional, commercially-mature technologies and would be
limited by budget and time constraints.  We used several different
technologies to design attack strategies that accommodate the budgets
of various hypothetical attackers, from individual ``hackers'' to
well-funded enterprises.  Our conclusions, therefore, represent an
approximation of an ``upper bound'' on the strength of various size
keys; I believe more efficient attacks than those we considered might
also be possible and should be taken into account by the prudent
cryptosystem designer.

The abstract of the report follows below.

A PostScript copy of the full text of the report is available in
     ftp://ftp.research.att.com/dist/mab/keylength.ps
An ASCII version is available in
     ftp://ftp.research.att.com/dist/mab/keylength.txt

(The report will also likely appear on the BSA's web site shortly).

-matt (speaking only for himself)

=======================================================================
	      Minimal Key Lengths for Symmetric Ciphers
	       to Provide Adequate Commercial Security

		    A Report by an Ad Hoc Group of
		Cryptographers and Computer Scientists

			      Matt Blaze (1)
			   Whitfield Diffie (2)
			   Ronald L. Rivest (3)
			    Bruce Schneier (4)
			  Tsutomu Shimomura (5)
			    Eric Thompson (6)
			    Michael Wiener (7)

			     January 1996


			       ABSTRACT

    Encryption plays an essential role in protecting the privacy of
electronic information against threats from a variety of potential
attackers.  In so doing, modern cryptography employs a combination of
_conventional_ or _symmetric_ cryptographic systems for
encrypting data and _public key_ or _asymmetric_ systems for
managing the _keys_ used by the symmetric systems.  Assessing the
strength required of the symmetric cryptographic systems is therefore
an essential step in employing cryptography for computer and
communication security.

    Technology readily available today (late 1995) makes 
_brute-force_ attacks against cryptographic systems considered adequate
for the past several years both fast and cheap.  General purpose
computers can be used, but a much more efficient approach is to employ
commercially available _Field Programmable Gate Array (FPGA)_
technology.  For attackers prepared to make a higher initial
investment, custom-made, special-purpose chips make such calculations
much faster and significantly lower the amortized cost per solution.

    As a result, cryptosystems with 40-bit keys offer virtually no
protection at this point against brute-force attacks.  Even the U.S.
Data Encryption Standard with 56-bit keys is increasingly inadequate.
As cryptosystems often succumb to `smarter' attacks than brute-force
key search, it is also important to remember that the keylengths
discussed here are the minimum needed for security against the
computational threats considered.

    Fortunately, the cost of very strong encryption is not
significantly greater than that of weak encryption.  Therefore, to
provide adequate protection against the most serious threats ---
well-funded commercial enterprises or government intelligence agencies
--- keys used to protect data today should be at least 75 bits long.
To protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long.

-----------------------------------------
1. AT&T Research, mab at research.att.com
2. Sun Microsystems, diffie at eng.sun.com
3. MIT Laboratory for Computer Science, rivest at lcs.mit.edu
4. Counterpane Systems, schneier at counterpane.com
5. San Diego Supercomputer Center, tsutomu at sdsc.edu
6. Access Data, Inc., eric at accessdata.com
7. Bell Northern Research, wiener at bnr.ca





From lmccarth at cs.umass.edu  Tue Feb  6 03:39:36 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 6 Feb 1996 19:39:36 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
Message-ID: <199602060324.WAA09394@opine.cs.umass.edu>


It would appear that a potentially very popular application for high-
bandwidth anonymizing proxies has arrived: 

Forwarded message from list-managers-digest:
> From: Project Genesis 
> Date: Mon, 05 Feb 1996 02:42:13 -0500
> Subject: Speaking of spams...
> 
> Did I mention that Project Genesis is an organization specializing in
> religious education?  The message below explains why all of our public lists
> are moderated. I value privacy and have grave doubts about things like the
> Exon amendment (which may make Internet providers liable), but I also think
> that we need to ensure that the Internet not become one big red-light
> district. Spams like this are a step in the wrong direction. It hit several
> of our religion-oriented lists.
> 
> Ken
> 
> >Sender: kristina at free.org          [User Unknown - I told her to go away.]
> >Subject: LIVE NUDE VIDEOCONFERENCING!
> >
> >Hi,
> >My name is Kristina.  I'm a nude model and I'd
> >love to take my clothes off and entertain you.
> >You can watch me live and in color on your 
> >computer.  We can type back and forth and I'll
> >be happy to perform your erotic fantasy.  If
> >this sounds like fun, visit the website and
> >download the software. The address is
> >http://www.[I don't plan to help them].com or you can get the
> >software from the BBS at 815-[ditto].  I'll
> >turn the camera on in my studio and wait to 
> >hear from you.  I think you'll like what I have
> >to show you.  This isn't a movie...you make a
> >request and I'll probably fulfill it for you.
> >Look for my picture on the Website.  Hope to 
> >see you soon!
> >
> >Love,
> >Kristina





From nsb at nsb.fv.com  Tue Feb  6 03:50:47 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Tue, 6 Feb 1996 19:50:47 +0800
Subject: FV's blatant double standards
In-Reply-To: <2.2.32.19960205213944.0109c138@mail.software.net>
Message-ID: 


I've debunked this one before, but let me say it again.  John outlines
essentially the same scheme for an automated attack on FV that was
previously posted by Jeff Weinstein at Netscape.  (Actually, to be fair,
Jeff's was considerably more sophsticated in its attempt to avoid
detection by FV.)  John's approach will essentially change all negative
FV confirmation answers to positive ones.  There are a couple of key
flaws in his approach:

1.  He doesn't explain how he's going to spot the VirtualPIN in the
outgoing stream.  Given the non-structured nature of the VirtualPIN,
this alone probably requires more sophistication than our entire attack
program.

2.  He acknowledges that this approach will miss anyone who isn't buying
things from the machine that actually composes his mail messages.  What
he doesn't seem to realize, however, is that this means that any
automated attack will cause "fraud" to be called as soon as it hits a
user of AOL, Compuserve, etc.  Jeff's approach would last a bit longer,
but is also vulnerable to heterogeneous mail environments.  The real
point is that an automated attack like this one is undermined by email
heterogeneity, which will cause FV's fraud department to be alerted
quite quickly & trace things down.  In contrast, the attack we've
outlined on credit card numbers is simple, single-step, and has no
obvious "misfiring path" that would lead to quick detection.  It could
do its dirty work for a long time.  

Simson's comment almost, but not quite, made this clear:

> Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
> users, this attack will work just fine.

The "just fine" is incorrect, however, because those 50-75% will not be
MISSED, they will be attacked incompletely, and they will object to
false transactions, causing our fraud department to launch an
investigation.  This attack would get stopped pretty quickly, I believe.
 -- Nathaniel
--------
Nathaniel Borenstein 
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq at nsb.fv.com





From nsb at nsb.fv.com  Tue Feb  6 04:11:25 1996
From: nsb at nsb.fv.com (Nathaniel Borenstein)
Date: Tue, 6 Feb 1996 20:11:25 +0800
Subject: FV has 91 day lag between sales and payment
In-Reply-To: 
Message-ID: <9602061157.AA07794@ nsb.fv.com>


Excerpts from mail.cypherpunks: 31-Jan-96 FV has 91 day lag between s..
Vincent Cate at offshore.co (4108*)

> The FV 90 day lag is their main downside in my opinion (though defaulting
> to not paying if the customer does not answer email is another problem). 
> So FV does not take any risk at all - and a merchant has to have enough
> extra capital to let 3 months worth of sales sit at FV. Some ideas for
> ways that they or someone else could improve on this: 

Actually, we've gotten approval from our banking partners to waive the
holding time entirely for customers who fill out an application and win
the bank's approval.  We're working on the technical and logistical
aspects of this right now.  -- Nathaniel





From jimbell at pacifier.com  Tue Feb  6 04:37:20 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 6 Feb 1996 20:37:20 +0800
Subject: Jim Bell - Murderous Terrorist
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----


[while I am replying to this anonymous, flaming message from what MAY be a 
stable nym, I specifically request a consensus opinion on whether I should 
continue to comment in this way.  Some people say that a discussion of my 
"Assassination Politics" idea (containing, as it does, issues of good 
encryption and digital cash implemented with good encryption and blinding) 
is "on-topic" here, but on the other hand it does seem to bring out the 
flamers among us.  I would be happy to go either way:  To continue to 
respond to what is obviously a strenuous debate, or to ignore the issue 
here, in this area, and to direct the debate to another.]

At 07:06 PM 2/4/96 -0800, jdoe-0007 at alpha.c2.org wrote:
>Dr. Vulis writes:
>
>AO> Alan Olsen  writes:
>
>AO> I consider Mr. Bell to be a crank and a loon.
>
>DV> You're certainly entitled to your opinion. You might be interested to 
know that
>DV> I consider Jim Bell to be highly intelligent, knowledgeable, and 
overall nice
>DV> person. I'm particularly impressed by his calm and restrained response 
to your
>DV> provocations. I've also formed a rather negative opinion of you, based 
on your
>DV> actions in this incident.
>
>Jim Bell has advocated nothing less than paid death squads 

No, I haven't.  The term "squad" implies more than one person.  In practice, 
I think those people who are motivated to collect the anonymous awards will 
be individually self-selected people, and will not come in the form of 
"squads."  If anything, the use of a "squad" defeats the entire purpose of 
the anonymity provided by my idea: Quite literally, nobody in the world 
except the killer himself needs to know who he is.

>using crypto as a
>means to hide payment to these murderous terrorists.

   Aside from the fact that the difference between "terrorists" and 
"freedom fighters" is primarily a matter of point of view, in effect you are 
merely objecting to people being able to defend themselves anonymously, by 
proxy as it were.

>  If you can find a conspirator
>of murder as " highly intelligent, knowledgeable, and overall nice person" 
then
>you also are in need of immediate mental health intervention.

As my essay makes clear, the whole purpose of the system is to KEEP most 
people from being "conspirators of murder" by the legal definition.  You may 
disapprove of people being able to defend themselves from government abuse, 
but I actually encourage it. 


>Should the mainstream media ever get wind of Bell's lunacy it will be one more
>nail in the crypto-coffin spurring the Feds and international anti-crypto 
efforts to
>a frenzy.

As you know well, my current opinion is that the theory is tantamount to 
being inevitable.  If anybody is worked up into a "frenzy," it'll be because 
they are afraid I might actually be correct.  Anyone who is really convinced
I am 
wrong will be quite calm, because they "know" nothing will come of my idea.

>  Bell is either a total fucking lunatic of the extreme right wing 

For the record, I was a minarchist libertarian for about 19 years, until
about a year ago when I realized that pure anarchy (with protection for
rights) could actually be made stable.  I have as little sympathy for the
"extreme right wing" as I do the "extreme left wing." 

And as I'm happy to point out, I upset both of their "apple carts" just as
effectively, so both categories have "good" reason to hate me.


>(having
>read his suck ups posts supporting General Linda Thompson)

This is an extremely odd assertion.  While I have certainly heard of Linda 
Thompson (the highly controversial Indiana lawyer) I don't recall having 
written much about her, and certainly not on the Internet and 
certainly not within the last year or so.  I don't think I've ever 
"defended" her, although I have occasionally criticized a few of her critics 
as buffoons.  Because they WERE buffoons!  (This does not automatically make 
Linda Thompson look any better, however.

In fact, the only communication I've ever seen from her on the subject of 
"Assassination Politics" was actually critical.  I responded, correcting 
some false conclusions of hers, and I never heard anything more from her.

Even so, I challenge this guy to show (or even describe the "where and when" 
of these "suck up posts."  


> or an agent provocateur for the Feds. 

This is rich!  I've proposed a system which may spell inevitable doom for 
the Feds no matter what they do, no matter what they try, and this guy tries 
to claim that I'm an "agent provocateur" for them!  In past  posts I've 
mentioned that I carefully considered the question of whether or not my 
posting would help or hinder the adoption of the "Assassination Politics" 
idea, and I came to the conclusion that the worst situation would be if the 
government could keep its ultimate weaknesses disguised for a few more 
years.  That's why I published when I did.

The first person to think of an "Assassination Politics" idea was probably
some well-paid apparatchik in the NSA, who (quite opposite of my position)
was terrified that it might come true.

> One is as bad as the other.  To quote your own
>words to Mr. Olsen; " I've also formed a rather negative opinion of you, based
>on your actions in this incident."
>
>AO> He has no interest in any sort of honest discussion.
>
>DV>  Honest or dishonest, the discussion of Jim's political views has nothing 
>DV> to do with encryption.
>
>His plans for death squads success DEPENDS on the anonymity provided by
>CRYPTO!

Some anti-gunners argue that the public shouldn't be allowed to own guns 
because they might do something wrong with them.  They are fools.  If 
anti-crypto people take the same position with respect to crypto, they are 
even WORSE fools.

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto
"Something is going to happen.   Something...   Wonderful!"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRbXR/qHVDBboB2dAQFdEgQApk8IhefbWiA9+Ae6ypaHWA6216yTZvYJ
Jox1G/fpdToYeQpfQF6ARCl1dAmLjq7qSe5chJo4IF8W7sMbtSiOKMCNY8xIG6IL
cS3XTRXELyNX8YEsHy7A8bYyaKe0J2X4M1MEcmWqVjt4HiaQ4dConh0pm7zc/5wy
hXTDsvIEaQc=
=D087
-----END PGP SIGNATURE-----






From acceso2 at diatel.upm.es  Tue Feb  6 04:53:15 1996
From: acceso2 at diatel.upm.es (Usuario Acceso2)
Date: Tue, 6 Feb 1996 20:53:15 +0800
Subject: PGP's "only for your eyes"
Message-ID: <260*/S=acceso2/OU=diatel/O=upm/PRMD=iris/ADMD=mensatex/C=es/@MHS>


Hi

Maybe some of you already know about this.

Whe reading PGP's "Only for your eyes" messages, the program creates a 
temporary file containing the plaintext in the directory where the cyphertext 
file is.

So, don't worry about this option, it's quite useless.

Best

Jaime






From olbon at dynetics.com  Tue Feb  6 06:38:42 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Tue, 6 Feb 1996 22:38:42 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: 



In discussions regarding privacy of personal information, Tim Philp has
advocated a "privacy law" similar to those in Europe.  My response is - why
do we always need a law to protect ourselves?  Nowadays the first solution
always appears to be run to mommy govt and ask for help.  In this case
there is clearly the potential for market based solutions.  The problem now
is that there is almost no market!  If people were truly interested in
privacy, there would be a "privacy credit card" and "privacy health care"
that refused to give out information except upon the approval of the
individual concerned.  Once people become interested in their privacy, I
think these sorts of things will appear.

A place where laws are clearly applicable however is in limiting the amount
and type of info the government can gather.

my 2 cents,

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From bplib at wat.hookup.net  Tue Feb  6 06:55:17 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Tue, 6 Feb 1996 22:55:17 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <2.2.32.19960205200507.006fa0ac@panix.com>
Message-ID: 


On Mon, 5 Feb 1996, Duncan Frissell wrote:

> Unfortunately, it would also:
> 
> *  Require government registration of computers and databases containing
> information about people (whether these computers are used by business or
> individuals).  This eases regulation of computers and future confiscation.
> 
I don't believe that this follows at all. All that would be required 
would be a statutory obligation to comply with the legislation. Should a 
breach occur, civil and criminal penalties would apply. No need for prior 
restraint.

> *  Reduce market efficiency by making it harder to match buyers and sellers
> (because neither could easily find out about he other) thus causing higher
> prices and poorer people. 
> 
It would not make it harder for buyers and sellers to get together, it 
would simply increase the risk. It may lead to higher prices, but I am 
prepared to pay something to protect my privacy.

> *  Do nothing to protect personal information from the government which
> would get to collect more of it than ever in the course of enforcing data
> protection laws.
> 
It would be very hard to prevent the government keeping files on you. 
They have requirements such as tax collection etc that would require 
keeping files. What I would like to see is similar protection of my data 
that is stored on goverment computers. Should my information be released, 
the agency responsible should have to pay compensation. Such is the price 
of not keeping my information secret.

> If you don't want people to know things about you, don't tell them.
> 
I agree that in the absolute sense, this is true. However, it is not 
practical to do so in our modern society. If you are prepared to live 
without credit or health insurance you can do this but the price is too 
high for most people to consider.
Regards,
Tim Philp





From Bill.Humphries at msn.fullfeed.com  Tue Feb  6 06:56:27 1996
From: Bill.Humphries at msn.fullfeed.com (Bill Humphries)
Date: Tue, 6 Feb 1996 22:56:27 +0800
Subject: Hey, we are quaint! (Was: A Sign of the Future)
Message-ID: 


Steve Levy replied to Alex Strasheim over an alledged 'plot' to discredit
cypherpunks at Wired Magazine:

>Give me a break.  I do not work for Wired but I write for them at times,
>and most often my subject is crypto related.

[...]

>On Mon, 5 Feb 1996, Alex Strasheim wrote [citing Gary Wolf 'channeling
>McLuhan']:
>
>> >     Concerns about privacy and anonymity are outdated. Cypherpunks
>> >     think they are rebels with a cause, but they are really senti-
>> >     mentalists.
>>
>> I'm not much for big conspiracy theories, but I like the little ones.



Hey folks, we are quaint Jeffersonians for the most part here. We believe
that reasoned arguement should carry the day instead of FUD (fear,
uncertainty and doubt). And that privacy is a good thing. Whereas modern,
marketing driven media (as described by McLuhan) will use FUD and whatever
else it takes to deliver an audience. Ask any of the people who have been
publicly tarred as Nazi's for their involvement over the Zundel/Hollow
Earth/webcom business.

Wolf's portrayal of McLuhan is spot on, because media producers who give a
damn about anonymity and privacy aren't going to land the big contracts.
The money to buy bandwidth and servers wants the highest quality data
availiable so we can be coerced to spend every minute we aren't working,
commuting, sleeping, or fornicating (was f*cking before the CDA) as
'consumers.'

And many people aren't going to think of these issues, not because they are
dumb, but because they are so busy working to provide for their families to
spend any time in the reflective/meditative state required to make
political choices.

I suggest that Cypherpunks add one more slogan to their list:

               "Cypherpunks teach."

Because no one is going to invest in the time and effort to use PGP,
remailers, and blind web proxies unless they understand why they should.
I'm going to invest in the time to show my family and friends why these
technologies are important so when I mention PGP to someone they'll have
something other than the soundbite "only Nazis use strong encryption" to
fall back on.



bill.humphries at msn.fullfeed.com
"The more you know, the more jokes you get" -- Tompkins and Kaufman







From simsong at vineyard.net  Tue Feb  6 07:04:54 1996
From: simsong at vineyard.net (Simson L. Garfinkel)
Date: Tue, 6 Feb 1996 23:04:54 +0800
Subject: How would an FV attack fail? (was: Re: FV's blatant double standards)
Message-ID: 


At 11:37 PM 2/5/96, Roy M. Silvernail wrote:
>
>Could you characterize the failure modes?

Sure thing. Most people on this planet do not read their email through a
TCP/IP stack. They either log onto another program or they use a
proprietary front-end. There are actually many, many different ways that
people send email. That's one of the reasons that FV has been successful
--- you don't need a live TCP/IP connection to the internet to use it.


=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.







From avatar at mindspring.com  Tue Feb  6 07:33:55 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Tue, 6 Feb 1996 23:33:55 +0800
Subject: Encryption Software
Message-ID: <199602061516.KAA28650@borg.mindspring.com>



Thanks,Derek

        My goof. I reread the manual and it is clear now. Why I didn't catch
it the first go round,
I don't know. I guess I'm just blind or stupid. Thanks again for your
help..........BY the way,
does any one know of a "good" file wiping program that I can either download
or buy.
Preferably, military grade.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From PADGETT at hobbes.orl.mmc.com  Tue Feb  6 07:37:20 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Tue, 6 Feb 1996 23:37:20 +0800
Subject: Why am I wrong?
Message-ID: <960206100646.2021253f@hobbes.orl.mmc.com>



>I am posting this pondering to cypherpunks in hopes that it will be refuted.

OK you is rong.

>	One of the largest problems in the debate over public access to 
>cryptography is the fact that both sides of the issue hold absolute beliefs.
>They are unwilling to compromise, and often seem unwilling 
>to decide on a solution which is anything but a total win for their side.

This is normal when no parent is around.

>	On one side of the debate we find the law enforcement community. 
>This group is totally opposed to the concept of public access to 
>cryptography. 

No, most in law enforcement at the working level have no opinion one way 
or the other. Many I talk to know what it is but few have ever seen 
any more complicated than Lotto tickets. The prevailing attitute (which
I happen to share so am biased) is that >most< criminals are not very
intelligent else they would not be criminals.

>Although they claim this to be false, the reality is that 
>these people think its ok for anyone to keep a secret, as long as no one 
>is keeping secrets from them.

Secrets rarely enter into law enforcement. Determining what the truth is
in the face of conflicting data is more often the case

>As Jim Kallstrom, assistant FBI director, put it, "unless 
>you're a criminal, you have nothing to fear from the government." 

At the same time, we have a massive division in this country (do not know 
about others) in which the aim of most citizens is to avoid any contact
with the government if at all possible since invariably the citizen loses
in the exchange.

>The law is often very wrong, and even our lofty constitutional values 
>do not prevent bad laws. When the law is wrong, the law's enforcer is 
>the criminal.

Dangerous attitude to take. The law is never wrong because it is the law.
The fact that a law exists may be wrong but that has nothing to do with the
law itself, it merely is. The law's enforcer would be derelect in his/her
duty if she/he did *not* enforce the law.

(Now sometimes the *enforcement* is over zealous but that is a human matter.

 That is the definition of natural law, 

>People MUST have the right to dissent. 

Is the great strength of the US.

>People must have the right to oppose bad laws

No must, they do.

>and in many cases people must have the capability to violate bad 
>laws with impunity.

Disagree. There may be times when laws are violated with just csause but 
the violator must do so with the expectation of retribution else the law 
is meaningless.

>As Socrates would say, if people know the what is good and what 
>is bad, they will always choose the good, because the good is what is 
>most desirable.

However Pavlov proved that perceptions may be distorted. What is good
today may be evil tomorrow and a lack of stability leads to insanity.

To me "selective enforcement" is a cop-out.

>That is why law enforcement is very restricted in the Constitution. 

Law enforcement is not restricted by the constitution, law *enactment*
is ("Congress shall make no law...").

>The "compromise" the law enforcement community has 
>suggested, key-escrow, is not a compromise at all, because it makes it 
>impossible for people to keep secrets from the government.

No one needs to agree to the compromise. However I believe that good
crypto with key escrow (provided the escrow holder is trusted) is
compelling for a number of reasons, mainly because it provides a means 
to protect information that has no protection today.

Everyone screams about porn on the net. Personally I find the *concept*
of pornography to be an indication of a social problem that no one is willing
to admit to. Crypto provides a means to shield children from the "adult
conspiracy". Haven't seen any mention of that. Crypto will provide the
essential mechanism for Internet Electronic Commerce as MasterCard/Visa
have announced. If I send my 1040 to the IRS on the net, I *want* the gov
to be able to read it.

Public crypto is necessary for the US government to comply with its own
regulations. It will exist. 

Now there are three basic elements that must be understood as a foundation
for discussion. 
a) we are guarenteed free speech
b) there is no requirement that anyone must be able to understand it
c) we have no right to tell anyone not to listen. 

Look at these three items. Anything that denies one or more of these elements
is wrong. May take a while to realize why but will happen.

One corollary: every citizen is responsible for the effect of exercising
his/her right to free speech. You have the right to shout "fire" in a theater
or to threaten the sax man but may be arrested for it. This is not a 
restriction on free speech since each is narrowly defined specification.

"Libel" also carries very specific  specifications that must be met. Does 
anyone here think that a libel suit is a restriction on free speech ?

At the same time nothing compels speech - "You have the right to remain
silent".

Moving right along, the next question would be "could the government
restrict crypto ?" The answer is essentially no since the government
would have to first define what crypto was e.g. prove that Navajo 
was in fact crypto. The compelling problem is that given any random 
string of bits, I could come up with an algorithm/book code/OTP from 
which *anything* could be extracted.

Want a pedophile .GIF to extract from the Gettysburg Address - no problem.
Want to extract the Communist Manifesto from ITAR - hokay. The fact is
that anything could be shown to be an encryption of almost anything else
since good crypto is indestinguishable from random noise. The corrolry being
that it would be impossible to prove that something *wasn't* crypto.

In fact it would be possible that given an encrypted message, using one key,
a first message would appear, given another, a second. Which is the real
message ? (see the fifth amendment)

Thus it would seem to me to be (not a lawyer or a politician so what do I know
- we used to have an ordinamce near here requiring alligators to be leashed)
very difficult to legislate anything concerning crypro since first crypto
would have to be defined and second it would have to be able to be detected -
a requirement for all text to be in third-grade flat ASCII won't fly.

"A bear's natural habitat is a Studebaker".
						Warmly,
							Padgett





From pierre at dragon.achilles.net  Tue Feb  6 07:51:23 1996
From: pierre at dragon.achilles.net (Pierre Bourque)
Date: Tue, 6 Feb 1996 23:51:23 +0800
Subject: FV's blatant double standards
In-Reply-To: 
Message-ID: 



On Tue, 6 Feb 1996, Simson L. Garfinkel wrote:

> =============
> "Superior technology is no match for superior marketing."
> =============

How true !

Pierre Bourque
Mercenary Scribbler
SurfBoard: here
And on the Left Coast: pierre at well.com






From jamesd at echeque.com  Tue Feb  6 08:17:40 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Wed, 7 Feb 1996 00:17:40 +0800
Subject: attila sez
Message-ID: <199602061549.HAA09723@news1.best.com>


At 12:19 PM 2/5/96 -0800, paralax at alpha.c2.org wrote:
>I seek to censor no one.  I prefer to confront racisim whenever and wherever
>I see (read) it.  Mr. May embarassed himself with his denigrating application
>of the word "Jap" to describe the Japanese people after demonstrating a gross
>lack of knowledge and sensitivity about Jews.  

For the terminally clue deprived:  Once again:  Tim's
remarks concerning the holocaust were *irony*, get it *irony*.

And calling japanese japs seems reasonably appropriate when also
calling them mass murdering terrorists.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From ddt at lsd.com  Tue Feb  6 08:19:23 1996
From: ddt at lsd.com (Dave Del Torto)
Date: Wed, 7 Feb 1996 00:19:23 +0800
Subject: [NOISE] Paranormally Good Privacy
Message-ID: 


[  Sorry, but I couldn't resist these excerpts from The mini-Annals of  ]
[  Improbable Research ("mini-AIR" Issue #1996-02, Feb, 1996)  --dave   ]

................................. cut here .................................

-----------------------------------------------------------
1996-02-05	Paranormal Spoon Incident

In the last issue of mini-AIR, we offered, free of charge, to test any
reader who wished to know if he or she has paranormal powers. Testees were
instructed to sit in a quiet corner and mentally send us their names and
addresses. Alas, we had to terminate the testing program after readers in
England and Israel reported a rash of bent spoons and then mentally lodged
police complaints against us. We are now engaged in extra-cognitively
presenting evidence to demonstrate that, whatever is bent or twisted, it is
not the spoons.


-----------------------------------------------------------
1996-02-06	PGP-Y

Our paranormal testing program has already had one commercial spin-off. Our
engineers have developed a truly foolproof data security protocol. It is
called PGP-Y -- "Pretty Good Parasychology." The mechanism is simple. You
imagine that you have transmitted data to someone; that person then
imagines that he has received it. Using PGP-Y, any type of information can
be transmitted over the Internet with complete security. The key is that
the data is transmitted high over the net -- so high that the data actually
travels above the net rather than within it. The data is transmitted
telepathically (and for those who distrust electronic funds, we also have a
scheme for transmitting cash and gold plate telekinetically.)

................................. cut here .................................


--

   dave

_______________________________________________________________
"OK, now everybody who believes in Telekinesis, raise my hand."







From attila at primenet.com  Tue Feb  6 08:20:30 1996
From: attila at primenet.com (attila)
Date: Wed, 7 Feb 1996 00:20:30 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <199602060736.CAA10630@opine.cs.umass.edu>
Message-ID: 


On Tue, 6 Feb 1996 lmccarth at cs.umass.edu wrote:

> attila writes:
> > 	come on Lewis...  where's the sight  address? 
> 
> Project Genesis  forwarded:
> > > > >http://www.[I don't plan to help them].com 
> 

	just raggin' -what the hell do I need with phony hamburger on the
    screen when I have steak at home?


> I didn't obfuscate the URL; that was done by the person who forwarded the
> message to list-managers (where I saw it). Maybe you can find it with Alta
> Vista. Since they were apparently spamming mailing lists, maybe someone has
> already pulled the plug on them.
>
	plug pulling for spamming --sure; but for the rest, everyone to 
    their own taste (whew, that was bitter....)
 
> -Lewis "Despite all my rage, I am still just a rat in a cage" -Smashing
> P'kins
> 
	they say you have a fixed number of heartbeats in your life time; 
    running in a cage at full hearbeat shortens your life span --but, you'll
    be lean and mean to go!

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From mianigand at unique.outlook.net  Tue Feb  6 08:22:39 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Wed, 7 Feb 1996 00:22:39 +0800
Subject: re Telecoms Bill
Message-ID: <199602060924.DAA08571@unique.outlook.net>


-----BEGIN PGP SIGNED MESSAGE-----

>Well, if "cypherpunks write code", is there any code we should be
>writing in response to this?

:I'm not familiar with SSL protocols, but something that would anonymize 
:web page access and keep it entirely encrypted (not just credit card or
:forms transactions) would be good.

I think the first problem would be how to hide a sites true location.  For 
example, if I have a domain called xxx.offensivestuff.org, how would I hide the 
sight so that while it is freely accessable to those who are looking for it, 
yet not allow a goverment agency to home in on the geographical locations via 
trace route.

I remember reading a number of articles about floating sites, the only problem 
is with the way Internet routing tables are structured, given that the site 
would constantly spoof different ip's to make it harder to track, or maybe even 
hacking some of the routing tables on the larger gateways, it could cause all 
sorts of problems with traffic.  ie domain xxx.offensivesutt.org has the 
routing information for www.fluffybunnies.com, but if xxx.offensivestuff.com 
moves, then that routining information is invalid. resulting in numerous 
broadbad broadcasts trying to determine the correct route to 
www.fluffybunnies.com.

Additonally, a number of bogus proxie servers could be set up to confuse 
traffic analysis in attempting to determine what the true endpoint of a 
transfer is.

At some point, the data could be encrypted by a proxie server, and sent to the 
final destination.  Thus just like e-mail is reordered by remailers, 
HTTP/FTP/Telnet connections can be shuffled around to foil analysis.

Of course, this approch would result in a slower connection and more packet 
hops.

:Encrypted/truly anonymous ftp would be nice (though some folx would 
:understandably have problems with truly anonymous uploads, and crypto 
:export restrictions in the US could be problematic legally).

Under the forementioned technique, it would not be problematic technically.

:I think there is already work on encrypted telnet (stel) by the CERT/IT 
:people.

I have seen an SSL telnet client source code on hactic I think.

:On the non-net side of things, implementing encrypted BBS/communications 
:and file-transfers is useful.  I'm told PGP-Phone is supposed to support 
:encrypted communications/file-transfers... so a host-script language that 
:enables a simple BBS would be nice.

I like this idea, but I am not sure how the laws work.  For example if a BBS 
had subscribers sign a voucher stating that they were not agent of a goverment 
agency, would it hold up? would lying constitue entapment?

If not, then yes, encrypting the data would provide protection becasue no one 
would be able to detect what was being passed.  under this approch 
 information gained by wiretapping would not be usefull.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRau2EUffSIjnthhAQHnhgP/SgH4SA6yKRlkgnJ198jw2SBaZ5SqsNRF
YYtyHWeWcGqf30ghoe20Bvfug7oaJrB5jO+fqJ6DiL5Wp2onmWL6MTrReEpt7q1t
8ESRgyO/ndVDBhiQHWxLY1tynVBJxUbCrxvMHyPtpTIRXQtZsFlM6Iw8lndbnUbK
RofiuhFzDlU=
=n9n+
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From rsalz at osf.org  Tue Feb  6 08:36:56 1996
From: rsalz at osf.org (Rich Salz)
Date: Wed, 7 Feb 1996 00:36:56 +0800
Subject: attila sez
Message-ID: <9602061611.AA03651@sulphur.osf.org>


>of the word "Jap" to describe the Japanese people after demonstrating a gross

You know what is on the sign of Honda dealerships in Paris?
	JapAuto

Go figure.






From jf_avon at citenet.net  Tue Feb  6 09:13:27 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Wed, 7 Feb 1996 01:13:27 +0800
Subject: [noise] the individual and the tribe
Message-ID: <9602061649.AA14934@cti02.citenet.net>


Rob said:

> ... in the sense that
>tribal societies are individualist.

I absolutely don't agree.  The subordination of the individual to the tribe
is fundamental of their vision of the world.  Individualism is not about the
personnal opinions, it is about the vision of Man as an entity in itself, not
a type of cattle that owe his service to the collectivity of the tribe.

Crypto makes the tribe (and it's sorcerers) loose their grip... :)

JFA







From tony at secapl.com  Tue Feb  6 10:11:08 1996
From: tony at secapl.com (Tony Iannotti)
Date: Wed, 7 Feb 1996 02:11:08 +0800
Subject: Release of Pronto Secure first Beta
In-Reply-To: <9602061652.AB19328@commtouch.co.il>
Message-ID: 


On Tue, 6 Feb 1996, geoff klein wrote:
 
> We plan to make Pronto Secure available via FTP at the end of this week. 
> Parties interested in joining the beta-test program are invited to send me 
> pgp-signed e-mail requesting download instructions and our public key for 
> authenticating the version. Beta-testers who provide us with feed-back will 

  Here is the public key to decode upcoming signed message::

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzCwv/YAAAEEAMW6NTWHwgwxIbPTBAZjirYPoHNcW0yAb23k+EMLBbG9WIRa
h84U6+Ob0XQYoP6U57JCAVpkWz/OiPfAt7qoFaQgEtugl+XTRqYqxF4zueQpS5Bi
n/3HsGiig+daZDDTwvxvuqbB2K+AV2WzOlOjRQI3HssEHl0OtqPu8jBP0vEJAAUR
tB9Ub255IElhbm5vdHRpIDx0b255QHNlY2FwbC5jb20+
=BICo
-----END PGP PUBLIC KEY BLOCK-----


_________________________________________________________________________
Tony Iannotti                                                Security APL
tony at secapl.com                                         101 Hudson Street
201/332-2020                                        Jersey City, NJ 07302





From stend at grendel.texas.net  Tue Feb  6 10:15:39 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Wed, 7 Feb 1996 02:15:39 +0800
Subject: [NOISE] Alien factoring breakthroughs
In-Reply-To: 
Message-ID: <199602061654.KAA02165@grendel.texas.net>


Andrew.Spring at ping.be (Andrew Spring) said:

>> The Grays have renegged on their abduction quota agreement, and are
>> abducting many more people than before. Most of these are returned,
>> after being implanted with a device which allows the grays to have
>> total control over their thoughts and actions. Approximately 40% of
>> Americans now carry one of these devices, which are impossible to
>> remove without killing the host.
>> 

AS> The mark of a good conspiracy theory is its untestability.  Your
AS> theory fails here, because you could perform autopsies on those
AS> hosts who have died of natural causes to recover the mind control
AS> devices.

	Yes, but if the Grays systematically abduct all first year med
school students, who is going to perform the autopsies?

AS> Suggest you amend the last sentence to read "...one of these
AS> devices, which dissolve immediately upon death, and which are
AS> impossible to remove..."  etc, etc.

	Alternatively, the mind control devices are nanites,
undetectable by terran technology.  This also circumvents the problem
of detection while the host is alive.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From jpp at software.net  Tue Feb  6 10:33:46 1996
From: jpp at software.net (John Pettitt)
Date: Wed, 7 Feb 1996 02:33:46 +0800
Subject: FV's blatant double standards
Message-ID: <2.2.32.19960206180750.00caaa14@mail.software.net>


At 06:34 AM 2/6/96 -0500, Nathaniel Borenstein wrote:

>1.  He doesn't explain how he's going to spot the VirtualPIN in the
>outgoing stream.  Given the non-structured nature of the VirtualPIN,
>this alone probably requires more sophistication than our entire attack
>program.
>
>2.  He acknowledges that this approach will miss anyone who isn't buying
>things from the machine that actually composes his mail messages.  What
>he doesn't seem to realize, however, is that this means that any
>automated attack will cause "fraud" to be called as soon as it hits a
>user of AOL, Compuserve, etc.  Jeff's approach would last a bit longer,
>but is also vulnerable to heterogeneous mail environments.  The real
>point is that an automated attack like this one is undermined by email
>heterogeneity, which will cause FV's fraud department to be alerted
>quite quickly & trace things down.  In contrast, the attack we've
>outlined on credit card numbers is simple, single-step, and has no
>obvious "misfiring path" that would lead to quick detection.  It could
>do its dirty work for a long time.  
>
>
You missed my point.

1) hook into the winsock and look for an FV message in the web data stream,
save the ID.

2) now look for an approve/deny/fraud, when you see one you know that the
user uses an IP connection for mail and web.

3) only now does the attack begin.

The attack does not trigger until it *knows* that both FV orders and
confirms are moving via winsock - I.E. it does not report back the FV ID of
the victim until it sees the victim use FV and *knows* it can intercept the
reply.  The key  here is not breaking all cases just a significant number
and not setting off too many alarms.

This significantly lowers the fraud detection risk, now the fraud does not
get noticed until the card statement shows up, the same as with a card
number snooping attack.

Yes it will miss a large group of FV customers who use AOL, CI$ etc
(although a similar hook in the common serial port code on Win95 could catch
most of them).

The basic point is if the achine is not secure then no data on it is either.


John Pettitt, jpp at software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch






From lunaslide at loop.com  Tue Feb  6 10:40:26 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 7 Feb 1996 02:40:26 +0800
Subject: Why am I wrong?
Message-ID: 


I think there is a middle ground that you may have missed.  Let's see...

The cypherpunk view seems to be that eveyone *should* use forms of
encryption for passing packets along on the internet.  It works best when
the majority of people are using, but no one is forced to encrypt their
email.  People still send postcards, right?  No matter what percentage of
users on the net use encryption, there will always be those who will
exercise their right to send open, plain text messages.  It is our right to
choose *to* encrypt that we are fighting for, not a general mandate that
all use crypt.

As for the law's take on this matter, under the constitution, they have no
right to tell us that we cannot use encryption in sending our messages.
They also have no right to tell us that we cannot teach others how to use
it, develop easier ways to implement it so that eventually it will be a
no-brainer to use, say that we are criminals because we opt for our right
to privacy, or ask us to give up that right to privacy because we are using
a new medium.  One issue that may come up is that the law cannot make us
give our passwords so that they may use our keys to open our documents
because it would be self-incrimination, however, they can serve warrants to
search our software and documents.  In their search, they will be able to
try and break our passwords to gain access to the files.  If they cannot,
it is their tough luck.

I don't think that I am stating a position of cypher-anarchy, but
advocating a position of personal privacy guaranteed by the Fourth
Amendment.  I don't think that wide-spread use of cyptography would cause
anarchy.  Would foreign govt. be able to slpi stuff by our govt. because
they can use encryption?  Sure, like they aren't already doing that right
now.  The US govt. seems to be saying "Hey, no fair!  I can't see your
stuff anymore.  You can't do that!"  when all along, no one has been able
to see their packets because they are encrypting it.

There are still ways for them to gain access too.  Don't tell me they can't
set up peeping toms to record keystrokes.  Certainly they can do this on
ppl's machines.  It would be more difficult, but that is the whole point.
It should be sufficiently difficult for them to tap so that to tap freely
would be infeasable for them to do, just like steaming open every envelope
that comes through would be infeasable.  They can only go after the real
suspects because it is feasable to do only that.

In essence, what I am saying about the govt. is that thy are crying wolf.
They can still be efficient in their duties without wholesale access to all
the data streams.  They want the power to monitor far more traffic than
they could ever get warrants for and they know it.

I likewise invite you to chip at the cracks in my reasoning as it will
improve our arguments in general.  Freedom is power.  God save the Citizen!

Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From lunaslide at loop.com  Tue Feb  6 10:45:26 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 7 Feb 1996 02:45:26 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
Message-ID: 


>It would appear that a potentially very popular application for high-
>bandwidth anonymizing proxies has arrived:
>
>Forwarded message from list-managers-digest:
>> From: Project Genesis 
>> Date: Mon, 05 Feb 1996 02:42:13 -0500
>> Subject: Speaking of spams...
>>
>> Did I mention that Project Genesis is an organization specializing in
>> religious education?  The message below explains why all of our public lists
>> are moderated. I value privacy and have grave doubts about things like the
>> Exon amendment (which may make Internet providers liable), but I also think
>> that we need to ensure that the Internet not become one big red-light
>> district. Spams like this are a step in the wrong direction. It hit several
>> of our religion-oriented lists.
>>
>> Ken

I don't think that you understand one thing.  If we (the users of the
internet) say that X-THING is unacceptable on the internet, we open up the
floodgates for everything else that ppl what to censor.  There are better
ways to keep children from looking at sites and spams like the one you
posted.  Parents.  It's their responsibility to keep their children from
getting into this stuff on the net.  If we allow the govt. to take care of
our issues and do not take responsibility for them ourselves, we deserve to
have a big brother who can take care of us (see what I mean?)  No control
can be given to the govt.  If it comes down to it, we can have a rating
system like the movies and music.

Our lists are moderated, BTW, so that we don't have to wade through a bunch
of irrelevant data while trying to read about the lists/newsgroups topic.
Some of my favorite groups are alt groups, and as much as I hate having to
read about Grubor all the time (please ship him off to a dessert isle), the
moderation would limit the scope of the groups and interesting, sometimes
relevant pseudotopics would be gone.  I want the psudotopics!  That's where
some of the best threads get started!  But moderated groups have their
place too.  Who wants to read a bunch of trolls while trying to read a
science group.  And soc.support groups would not be of much use if flamers
and lusers kept posting disruptive and disturbing articles.  But in all the
cases here, it is we, the users, who decide what stays and what goes.

Peace to all.
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From printing at explicit.com  Tue Feb  6 11:35:18 1996
From: printing at explicit.com (William Knowles)
Date: Wed, 7 Feb 1996 03:35:18 +0800
Subject: OCAF White Paper on porn on the net
Message-ID: 


Hello all,

With the passing of the CDA recently, The first wounding of the rights
of free speech online, The Oklahomans for Children and Families are going 
in for the kill.  A WWW  site has been set up with a HTML version of what 
the autoresponder sends out.

http://www.bway.net/~dfenton/noporn.html

This is a scary document, and was originally written as a prosecution primer
for law enforcement. 
 

-William Knowles


..

//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
  Graphically Explicit                     
  Printing - Advertising - Graphic Design  
  1555 Sherman Avenue - Suite 203          
  Evanston IL., 60201-4421                 
  800.570.0471 - printing at explicit.com
  Accept, Embrace, Adapt, Create     
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//






From arromdee at jyusenkyou.cs.jhu.edu  Tue Feb  6 12:00:16 1996
From: arromdee at jyusenkyou.cs.jhu.edu (Ken Arromdee)
Date: Wed, 7 Feb 1996 04:00:16 +0800
Subject: RC2 protected by copyright?
In-Reply-To: <199602050211.SAA18120@hammerhead.com>
Message-ID: <4f8a81$opp@jyusenkyou.cs.jhu.edu>


>RC2, though, as 256 bytes of seemingly random data at the head of it,
>in a permutation table.  This is clearly not any idea, but a bit of
>text.  This text would have to be copied to any interoperable RC2.
>(You could surely use some different permutation, and probably most
>of the 256! permutations would be equally secure, but would not
>interoperate with RC2).  I would expect that this copying of text be
>held to be a violation of copyright.

What about "merger"?  If there's only one way to write a table to make it
interoperable, could it be ruled that the idea has merged with its expression
and thus be legal to copy?
--
Ken Arromdee (arromdee at jyusenkyou.cs.jhu.edu, karromde at nyx.cs.du.edu;
    http://www.cs.jhu.edu/~arromdee)

"Snow?" "It's sort of like white, lumpy, rain." --Gilligan's Island





From zinc at zifi.genetics.utah.edu  Tue Feb  6 12:57:47 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Wed, 7 Feb 1996 04:57:47 +0800
Subject: The OCAF's White Paper on Internet Pornography
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

cpunks,


regarding this paper;  it's sent out by an autoresponder.  is it illegal 
to make excessive use of the autoresponder?  this would be a type of 
denial of service attack.

i'm wondering if i set up a cron job to request a copy every 5 or 10 
minutes and just send it to /dev/nul, could i get in more trouble than 
say, someone just telling me to cut it out?

opinions?

- -pjf


"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRe7B03Qo/lG0AH5AQF6KwP/XAQq4yoi0Ytetl6rUnnCJBvbNktRmSEP
3D+ILw4+qn4YDQX96Q6+SoGYD/9zHu59ywFWk42hYCXYNhOpo+GBTF9uGWIb5lD6
/DdzSLDpCKUvggmI395STqoEBuKj5ILSGBzDZGfnw6g6IAcJIRwnwiE/MhLjgKof
2S0mWLFc4aQ=
=+twb
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Tue Feb  6 13:21:53 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 7 Feb 1996 05:21:53 +0800
Subject: [noise] Re: Crippled Notes export encryption
Message-ID: 


At 02:11 PM 2/6/96 +1100, Jiri Baum wrote:

>Forget about Jeff, how about PGP? Put it on a rocket (I'm *sure* there's
>an amateur rocket club conveniently located near the border), and off
>you go! (I guess you'd want to check @ 126.1 first, though).
>
>Have I missed anything?


Another question is this:  Would the point-to-point (USA to USA) 
transmission of PGP by radio (say, a satellite telephone bounce) that is 
"inadvertently" intercepted external to the US qualify as a violation of 
ITAR?  It would be hard for the NSA to criticize this, as this is their main 
operations area.  Besides, if anybody was prosecuted, they'd presumably be 
able to subpoena the NSA about their monitoring operations, to determine if 
the NSA was violating any OTHER country's anti-export laws, etc.






From geoff at commtouch.co.il  Tue Feb  6 13:23:34 1996
From: geoff at commtouch.co.il (geoff klein)
Date: Wed, 7 Feb 1996 05:23:34 +0800
Subject: Release of Pronto Secure first Beta
Message-ID: <9602061652.AB19328@commtouch.co.il>

-----BEGIN PGP MESSAGE-----
Version: 2.6

owGtVc9vG0UUbopoiyVXQkKCiKq8FKkkKP6V2E7sU+s0CVFlcLEhcOAw3h3vDt6d
WWZm7bhFUCQkiEQFioQ4gqgqxKEgJFSJY08V/AlwgqbqqUVUPVAOwJuxNzVB4VL2
4vHOm+997/vem93c9/H+hycKj38wWft1+/oTj11enph4//eH/qoFZ79+b/+hp366
e+vTu5tPn61sH7v0Jzl34/Dg9Pnm0Yvnyls3ave2FmpbZ45uL320eO/S6uS16+n4
yfOvfK7fPPLbnR/fvT09dfPL7cKVM788cvuTUwcnjj16p/b21IWDr7ov/vHdz4e/
v3D1m8qRD9lXr129+dbFHzaP37p+oPbtxhefvTOYfPbKgcuHjuspt5qLhI5CwoKc
iLUnGPdyofLKhfniXBYX+/Cps5BmXqZSMcGrUMjm06klwTXlOtMaRLQKmm7oXBQQ
xsd2JOGqQ2VmmTvCRdgqLLSZTqfSqZaogjOIfCqjmHfVCS2Im3VEmE6dIhrhWjGF
FdqGfBkKlWphrloyi0rZnF0SYahF7PjgEwUudZhLXdACRAeTAQEH80sR4EtJA0oU
xR1oSHwroEmdWFITrX0KCLZDAo+FYcyZHmRhnUIbj7IeRvpEg3JkrBkfGCBzLpLC
jR0N7QGENGyjLmYnndI+UxAwpaHPggB8GkQQK5MtYUJAkQ7+cBfUkMpyxkgPTsBQ
s6wp8J9UEZFwWENJJacaw+v3w6EjJKwz7oq+moW+z1CUWFEF6AaGkwA52TRYlSHd
Q6mk5UO5T7hDgQ6z95n2wZGDSAtPkgiBYOdchxKNRFQWwVpYPL6WJnebagK9YU+Y
+hjmxdVInx7lYxDEYQHTNgKtWG0YCunUiBGSsakRZxZIjABcM4cM/zMs3LMgRrMu
RcUJJx4NbfkJtXRqJTarhI8aGsC4E8SYoJkzDWwR6i80m8bqKGBGgERwa6ekb8RM
WmhVRX4ZqDczI3lhPluAXCL2UHghu54UcWQ3x3crpbE/z7cMEv5TwukOI5P8Gkvv
MbTbVjPdWmrk1hqgNHG6M+bQGsd1YDo50Xkon2WNTYoDx42UIenSXR1OeugraQco
CSOw0moA9rHxhqIIto2xsfqUdo2tDSKtOUZslFNjQsbhdbwKcGrtKWN2RuOW8RZb
JARiehPZ6+HwKYMbmpGKvCijmMfx/ai7jK541GChIjzAYcejSksU3ZpljBGxhChu
B9h6xmUjcDo13g0jJiMlslBLKJmW7vsiaXAzcbafO5S6mTZqOWyGdKqN1QfMY0YV
O5OOHXECHUkpdJgZmGRQd9I0hZQD4AJaGeUzqXHQ2rFGtD4FLyZmFOjomhiI+BlM
5OGYhgLl6VMisS797/unOmMtRI8f9EmnVilefHAarysOez7UGFFFahh7wkluULxy
syy4PwB1O1oSMrvo2sfXOqqaRS7X7/ez4yDh/1KIudhb9mJvrmPrO7MAL2Wbe9e0
Ez8La0oSGgC6UpjDb8Z6Fp5Dy5VL0Ola0HP3BinkoUUdn4tAeAM4ie2AIE0cqzp+
iMSszXMSKsVifn5vkGWUHr+O1MX4Yr5cKRuQFg2sXNPFQmkGSguLmXJpMb83iI2v
LMxNV2Yq5flisWRAVsjGLpDF/wSx8QlIIV+aNyAP7M3f
=64dh
-----END PGP MESSAGE-----




From PADGETT at hobbes.orl.mmc.com  Tue Feb  6 13:52:26 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Wed, 7 Feb 1996 05:52:26 +0800
Subject: Why am I wrong?
Message-ID: <960206160510.20215305@hobbes.orl.mmc.com>


>I don't think that I am stating a position of cypher-anarchy, but
>advocating a position of personal privacy guaranteed by the Fourth
>Amendment. 

Don't forget the other side of the conversation. While the government 
cannot (notice I did not say they might not try) effectively control
communication, there are other points at which control may be exerted:

1) communications *with* the government (IRS, Social Security, etc).
2) communications using someone else's equipment/network (university,
   employer, etc)
3) communications with anyone (Internet merchant, etc) who says "this
   is not what  approves..."

Each of these may have compelling reasons for complying with what the
government wants even if it is not law. IMNSHO "law" is just a means
for exacting retribution/revenge - if you have to resort to it, you
have already lost.
						Warmly,
							Padgett

					





From decius at montag33.residence.gatech.edu  Tue Feb  6 13:59:52 1996
From: decius at montag33.residence.gatech.edu (Decius)
Date: Wed, 7 Feb 1996 05:59:52 +0800
Subject: Why am I wrong?
In-Reply-To: <960206100646.2021253f@hobbes.orl.mmc.com>
Message-ID: <199602062107.QAA30185@montag33.residence.gatech.edu>


> OK you is wrong.
:)
> No, most in law enforcement at the working level have no opinion one way 
> or the other. Many I talk to know what it is but few have ever seen 
I should have been more specific, I was thinking about Louis Freeh, et all...
> 
> >The law is often very wrong, and even our lofty constitutional values 
> >do not prevent bad laws. When the law is wrong, the law's enforcer is 
> >the criminal.
> 
> Dangerous attitude to take. The law is never wrong because it is the law.
> The fact that a law exists may be wrong but that has nothing to do with the
> law itself, it merely is. The law's enforcer would be derelect in his/her
> duty if she/he did *not* enforce the law.
> That is the definition of natural law, 
I don't agree. The theory of natural law is basically that when people 
come together to form a society and create a government, they enter into
a social contract. If a member of the society breaks the contract (by, 
say, blowing someone's brains out) that member has breached the contract and
can be punished by the government. Similarily, when the government breaks 
the contract (by say, killing off an ethnic minority, or maybe banning 
indecent speech) the government has breached the contract and the 
government may be destroyed. To say that the law is always right because it
is the law, is to defend ethnic cleansing, book burning, detention camps, 
taxation without representation, slavery, and all the other evils 
governments have done, while condeming those who would free slaves or 
fight in revolutionary wars. Making something a LAW does not make it 
right. 
> Is the great strength of the US.
Agreed. Though we must fight to preserve it. 
> >That is why law enforcement is very restricted in the Constitution. 
> Law enforcement is not restricted by the constitution, law *enactment*
> is ("Congress shall make no law...").
Read the fourth amendment. :)
> 
> "Libel" also carries very specific  specifications that must be met. Does 
> anyone here think that a libel suit is a restriction on free speech ?
Most legal limitations (outside of indecency/obsenity) on speech are 
concerned not with the speech itself, but when speech becomes an action.
Yelling fire in a crowded theater is NOT A CRIME. Insiting a riot in 
which hundreds are killed, just for the hell of it, is a crime. 
(Just clarifying)
> 
> Thus it would seem to me to be (not a lawyer or a politician so what do I know
> - we used to have an ordinamce near here requiring alligators to be leashed)
> very difficult to legislate anything concerning crypro since first crypto
> would have to be defined and second it would have to be able to be detected -
> a requirement for all text to be in third-grade flat ASCII won't fly.
A good point, but I don't know if those who want to ban crypto will think 
about it that way. They will assume that it will be obvious who is using 
crypto and who is not. They will leave it to the courts to determine 
what is crypto and what is not. Obviously they are wrong, but thats not 
gunna stop them from enacting laws. Of course, as another person 
responding to my post pointed out, *good* stenography cannot be 
identified, so laws are not gunna stop people from encrypting, it will 
just make it kinda difficult to get away with. 


-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius at montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----






From daw at dawn7.CS.Berkeley.EDU  Tue Feb  6 14:05:09 1996
From: daw at dawn7.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 7 Feb 1996 06:05:09 +0800
Subject: RC2--Some very preliminary analysis
Message-ID: <199602060250.VAA11055@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

In article <01I0SDBW5VYY984JFR at delphi.com>,   wrote:
[ ... 1/4 of a cycle of RC2: ... ]
> A = rotl(A + f(B,C,D) + sk[i], 1);
     [...]
> Has anyone looked at this cipher with regard to linear attacks?

A little bit.

>           However, it's not clear to me how to build linear
> characteristics that will make it through more than a few rounds of
> alleged-RC2.  Linear characteristics that are spread across many
> subblocks (i.e., partly in A and partly in B) seem to get messed up
> quickly by the rotations.

Hrmm, I'm not convinced that it's so hard to build a linear characteristic;
there are plenty of 1/4-cycle characteristics that don't spread out very
much.  The problem is that I can't find any approximations with high enough
bias to be useful.

So here's some information on the (useless) linear characteristics I've been
thinking about; maybe this will prompt some clever improvement from someone
else.  They're all based on two observations: first, the addition operation
	Y = A + X
has linear characteristics of the form
	Y[i] = A[i] + X[i,i-1]		bias 1/2
	Y[i] = A[i,i-1] + X[i]		bias 1/2
and second, the bit-multiplexing function
	X = f(B,C,D)
has linear characteristics of the form
	X[i] = B[i]			bias 1/2
	X[i] = C[i]			bias 1/2
	X[i] = B[i] + D[i]		bias 1/2
	X[i] = C[i] + D[i] + 1		bias 1/2
	etc.
(A note on notation: X[i] denotes the i-th bit of X, and
X[i,j,k] = X[i] + X[j] + X[k].  If an approximation holds with probability
p, then I say it has bias b = 2 |p - 1/2|; note that adding two approximations
multiplies their biases, and that one needs about 1/b^2 known plaintexts
to take advantage of a linear characteristic for the whole cipher.  Next,
let K denote the 1/4-cycle subkey, and let A' denote the new value of A
after the 1/4-cycle is applied to it.  Also, + denotes xor in approximations.
By 1/4-cycle, I mean something of the form A = rotl(A + f(B,C,D) + K, 1);
so RC2 has 16 full cycles, and each full cycle has 4 1/4-cycles.)

Now given those building blocks for linear characteristics, you can combine
them to get various linear characteristics for 1/4 of a cycle, like this:
	A'[i+1] = A[i,i-1] + B[i] + K[i,i-1]	bias 1/8
	A'[i+1] = A[i] + B[i,i-1] + K[i,i-1]	bias 1/8
	A'[i+1,i] = A[i,i-2] + B[i,i-1] + K[i,i-2]	bias 1/64
	A'[i+1,i] = A[i,i-1] + B[i,i-2] + K[i,i-2]	bias 1/64
	A'[i+1] = A[i,i-1] + C[i] + K[i,i-1]	bias 1/8
	A'[i+1] = A[i] + C[i,i-1] + K[i,i-1]	bias 1/8
	etc.
These don't spread out too well; I haven't completely worked out how to
do many-cycle linear approximations, but I think they shouldn't be too hard
to find.  (For instance, keep only A and C active, or somesuch.)

The real stumbling block is the lack of high-bias linear approximations for
a 1/4-cycle, not the difficulty of combining them, IMHO.  For instance, if
you supposed that there was just one 1/8-bias linear approximation active
in each full cycle, we get a total bias over 16 cycles of 2^{-48}, which
would imply something like 2^{96} known plaintexts for a linear attack.
This is an overly optimistic estimate, since any full 16-cycle linear
characteristic which I can imagine will probably require more than one
linear approximation per cycle.  (It also ignores the non-iterative rounds;
but I think they'll be easy to deal with if you can handle everything else.)

What makes the 1/4-cycle linear approximations have such a low bias is RC2's
extensive use of addition mod 2^32 instead of bitwise xor.

So anyhow, the final word is that I don't see how to do linear cryptanalysis
of RC2, but maybe someone else will have some insights.

P.S. There is an analogue of differential cryptanalysis where we consider the
difference measure as addition mod 2^32 instead of bitwise xor.  Is there
a similar generalization of linear cryptanalysis?  I don't know any, offhand.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRbB/CoZzwIn1bdtAQEKEAGAujcKp6aM4OV9AoveQaFQdEpQi/hQTSK/
YoMEkSKYtt+aq0Usv5nMHB7ikEflmGak
=TYbl
-----END PGP SIGNATURE-----





From decius at montag33.residence.gatech.edu  Tue Feb  6 14:06:36 1996
From: decius at montag33.residence.gatech.edu (Decius)
Date: Wed, 7 Feb 1996 06:06:36 +0800
Subject: Why am I wrong?
Message-ID: <199602060254.VAA26091@montag33.residence.gatech.edu>


I am posting this pondering to cypherpunks in hopes that it will be refuted.
Although these ideas are obviously in opposition to those held by 
Denning and the law enforcement community, they are also in opposition to
those held by the Cypherpunks. This idea is bothering me because I cannot 
refute it, although it goes in opposition to many people whom I respect 
greatly. Please tell me why I am wrong about this. (Sorry for the US-centric
perspective, but I think the arguments here apply regardless of what your
system of government may be.)

         	            Crypto-Absolutism
			decius at ninja.techwood.org

	One of the largest problems in the debate over public access to 
cryptography is the fact that both sides of the issue hold absolute beliefs.
They are unwilling to compromise, and often seem unwilling 
to decide on a solution which is anything but a total win for their side.
Many of those who are opposed to cryptography have proposed 
what they claim is a compromise, when in reality these suggestions often 
change the issues instead of addressing them. However, in all conflicts 
there is a middle ground. The answer to the whole crypto debate may be 
in finding it. Nothing ever works in absolutes.
	On one side of the debate we find the law enforcement community. 
This group is totally opposed to the concept of public access to 
cryptography. Although they claim this to be false, the reality is that 
these people think its ok for anyone to keep a secret, as long as no one 
is keeping secrets from them. This belief is founded upon the principle  
that the law is absolute. They believe that the law is always right and 
always good. As Jim Kallstrom, assistant FBI director, put it, "unless 
you're a criminal, you have nothing to fear from the government." 
However, history has proven this philosophy to be totally flawed, time 
after time after time. The law is often very wrong, and even our lofty
constitutional values do not prevent bad laws. When the law is wrong, the 
law's enforcer is the criminal. That is the definition of natural law, 
the philosophy upon which our system of government is based. People MUST 
have the right to dissent. People must have the right to oppose bad 
laws, and in many cases people must have the capability to violate bad 
laws with impunity. It is necessary for the survival and health of our 
society. If people's right to dissent is taken away and bad laws are 
passed, we move immediately into war. Peace is the definition of a 
healthy society. Furthermore, it cannot be assumed that if people can 
commit crimes with impunity that they will. If murder became 
legal, I do not think you would see much of an increase in the murder 
rate. As Socrates would say, if people know the what is good and what 
is bad, they will always choose the good, because the good is what is 
most desirable. That is why law enforcement is very restricted in 
the Constitution. The "compromise" the law enforcement community has 
suggested, key-escrow, is not a compromise at all, because it makes it 
impossible for people to keep secrets from the government. It removes
the people's right to dissent, presumably the very right cryptography 
allows us to protect. The law enforcement community is wrong.
	On the other hand, we have the crypto-anarchists. They believe 
that the existence of anonymous transactions will naturally lend itself 
to a situation where everyone is anonymous, no transaction can be 
tracked, no communications can be monitored, and basically, no 
government can possibly control the transactions and interactions of its 
citizens. They support the broad use of military grade cryptography and 
anominity. Let no message be crackable or traceable. This, also, is an 
absolute belief and it is also flawed. We have governments for a 
reason, we came together and founded societies for protection, and if 
we tore apart our current social structure and created an anarchy, 
people would immediately form small societies for their own fiscal 
protection. Creating an anarchy is a massive step backward in social 
development, not a step forward. Furthermore, PEOPLE WANT TO BE 
ACCOUNTABLE FOR THEIR ACTIONS. No totally anonymous society will 
ever exist in the real world. In fact, many BBSs have tossed out 
anominity, although it works quite well in some communities. The 
right to anominity is very important. As I said before, it is 
important to allow people to express their ideas without fear of 
persecution for their beliefs. However, people want to be accountable 
for many of the things they do. People want recognition, and you cannot 
receive recognition for the actions of your anonymous identity. If 
people really wanted to be totally anonymous all the time, we would all 
be running around the shopping mall with ski masks and fistfuls of small 
unmarked bills. Not only is the idea of crypto-anarchy wrong, but it 
provides those who oppose cryptography an easy concept to attack. As 
Denning said, "Although May limply asserts that anarchy does not mean 
lawlessness and social disorder, the absence of government would lead to 
exactly these states of chaos. I do not want to live in an anarchistic 
society -- if such could be called a society at all -- and I doubt many 
would." The crypto-anarchists are also wrong.
	So who is right?? The concept I propose here is bound to be 
controversial, but I propose it because it must be considered. Lotus is 
right. Currently the internet is ripe for abuse by totalitarian 
governments everywhere. How wonderful the net must be to an insane 
dictator. One carefully placed packet sniffer and he can automatically 
monitor the conversations of thousands of people, censoring posts he 
doesn't like, and identifying email addresses of thought criminals. 
Although PGP, ssh, and similar tools provide a solution for some, 
traffic analysis makes those who speak privately stand out like a sore 
thumb that needs further investigation. Eric Huges said at Summercon that 
if cryptography is going to work, it needs to be just like Dolby noise 
reduction. Its there, its always on, people don't need to know what it 
does, but it makes things better. (No one stands out like a sore thumb.) 
Although doing this with military grade encryption would be the  
cryto-anarchist's dream, what if we did it with partially escrowed keys? 
The system would have to be designed such that the non-escrowed part 
could be increased with advances in technology. However, a system like 
this would stop the wide spread mass monitoring described above. 
Furthermore, it would allow the government to tap a conversation if it 
was willing to put forth the resources (which will add some visibility 
to an illegal tap). The system would also require one additional 
aspect. It must be impossible to automatically identify messages that 
have partially escrowed keys and messages that are not escrowed. 
Thus, the right of dissent is preserved. Although most software would
only support escrowed keys. 
	Through such a system the net will become a great deal more 
secure from tapping and monitoring. Tapping is possible with a lot of   
work, however it is not assured. Government remains the arm of 
society, yet it can be subverted and destroyed if necessary. Such a 
system brings us to the central question here. Does the government have 
the right to tap conversations, or do the people have a right to keep 
secrets from the government? I think the answer is both. In the end, 
it's very difficult to actually hurt someone with an email message. But, 
nothing ever works in absolutes.

-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius at montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----






From llurch at networking.stanford.edu  Tue Feb  6 14:10:54 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Wed, 7 Feb 1996 06:10:54 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 6 Feb 1996, zinc wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> to make excessive use of the autoresponder?  this would be a type of 
> denial of service attack.
>
> i'm wondering if i set up a cron job to request a copy every 5 or 10 
> minutes and just send it to /dev/nul, could i get in more trouble than 
> say, someone just telling me to cut it out?

Regardless of the legal merits, this would be called "being an asshole." 
The guy who runs mailback.com is just another common carrier. 

- -rich
 http://www-leland.stanford.edu/~llurch/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRfFJI3DXUbM57SdAQFXwQQAn1IQKS6uU2MVWZbePCG1D19lmVKfBzry
L9rxdcEXCoHDpSlyqdIiv7b2SJ2PzRj8aB9p2sA1F8lyaiO4xj+21YJE/RBQ6vi7
J/VwcO6ZCvJ8Wqq6SHU+HqeuCRqV2SR/WWZtdryZGRCOeT2zVeawOlu9qxMygcgF
bsWXUea2A/k=
=/aC3
-----END PGP SIGNATURE-----





From lmccarth at cs.umass.edu  Tue Feb  6 14:13:34 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 7 Feb 1996 06:13:34 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: 
Message-ID: <199602062117.QAA11149@opine.cs.umass.edu>


zinc writes:
> regarding this [OCAF] paper;  it's sent out by an autoresponder.  is it 
> illegal to make excessive use of the autoresponder?  this would be a type 
> of denial of service attack.

IMHO scared closed-minded folks such as (apparently) OCAF have every right to
speak too. But on the advice of counsel ;) I am _not_ offering to run an
OCAFmirror hereabouts....

-Lewis	"Don't believe the church and state, and everything they tell you"
		--Mike & the Mechanics





From lunaslide at loop.com  Tue Feb  6 14:16:33 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 7 Feb 1996 06:16:33 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I wrong?
Message-ID: 



>
>  Well, I suppose that if there is anyone who is most opposed to the
>opinion you expressed in the paragraph above, it is myself.
>
>I believe:
>
>1.  Governments will no longer be "necessary," if they ever were.
>
>2.  Protection will no longer depend on having a "government."
>
>3.  Anonymous networking technology will protect our rights, to the extent
>they can be protected.
>
>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>incorrect.
>

That's fine that you believe the things, but for acceptance by others you
will have to provide support for your position.  I, personally, would like
to see your premises so that I may evualuate your claims.  You may indeed
be correct in your assessment.

Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From llurch at networking.stanford.edu  Tue Feb  6 14:17:56 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Wed, 7 Feb 1996 06:17:56 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: 
Message-ID: 


On Tue, 6 Feb 1996, zinc wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> to make excessive use of the autoresponder?  this would be a type of 
> denial of service attack.
> 
> i'm wondering if i set up a cron job to request a copy every 5 or 10 
> minutes and just send it to /dev/nul, could i get in more trouble than 
> say, someone just telling me to cut it out?

This would be bad, but

TAKE A LOOK AT THE DOCUMENT RIGHT NOW!!! The fun starts about a page down.

 http://www.bway.net/~dfenton/noporn.html

Whoever "DWF" is deserves a medal.

-rich





From llurch at networking.stanford.edu  Tue Feb  6 14:25:53 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Wed, 7 Feb 1996 06:25:53 +0800
Subject: Yes, I'm an idiot Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: 
Message-ID: 


I'd thought that this was a "friendly" site that had been hacked. It's 
not. But the comments are pretty funny regardless.

-rich

On Tue, 6 Feb 1996, Rich Graves wrote:

> On Tue, 6 Feb 1996, zinc wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> > to make excessive use of the autoresponder?  this would be a type of 
> > denial of service attack.
> > 
> > i'm wondering if i set up a cron job to request a copy every 5 or 10 
> > minutes and just send it to /dev/nul, could i get in more trouble than 
> > say, someone just telling me to cut it out?
> 
> This would be bad, but
> 
> TAKE A LOOK AT THE DOCUMENT RIGHT NOW!!! The fun starts about a page down.
> 
>  http://www.bway.net/~dfenton/noporn.html
> 
> Whoever "DWF" is deserves a medal.
> 
> -rich





From adam at lighthouse.homeport.org  Tue Feb  6 14:28:54 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Wed, 7 Feb 1996 06:28:54 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: 
Message-ID: <199602062144.QAA29680@homeport.org>


zinc wrote:

| i'm wondering if i set up a cron job to request a copy every 5 or 10
| minutes and just send it to /dev/nul, could i get in more trouble than
| say, someone just telling me to cut it out?

I think that they would try to press charges under the precedent that
a guys modem auto-dialing Jerry Falwell's number was forced to make
restitution.   (Forget the reference, sorry.)

The important difference is that they probably are not being billed on
a per transaction basis, whereas 800 numbers are billed per call.
Would they sue?  Can you sell a jury on the essential difference being
that they were not billed per copy mailed?  I'd expect that they'd
react with a 'cut it out' message first.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From tomw at netscape.com  Tue Feb  6 14:38:41 1996
From: tomw at netscape.com (Tom Weinstein)
Date: Wed, 7 Feb 1996 06:38:41 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602060726.CAA12115@bb.hks.net>
Message-ID: <3117CEFE.237C@netscape.com>


Deranged Mutant wrote:
> 
> No. SSL doesn't encrypt everything, just certain transactions (or am I
> wrong about this?)  Something that keeps everything encrypted and
> anonymous.

SSL encrypts everything that goes across an SSL connection.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw at netscape.com





From bianco at itribe.net  Tue Feb  6 14:50:38 1996
From: bianco at itribe.net (David J. Bianco)
Date: Wed, 7 Feb 1996 06:50:38 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: <199602062144.QAA29680@homeport.org>
Message-ID: <199602062210.RAA26298@gatekeeper.itribe.net>


On Feb 6, 16:44, Adam Shostack sent the following to the NSA's mail archives:
> Subject: Re: The OCAF's White Paper on Internet Pornography
|| zinc wrote:
|| 
|| | i'm wondering if i set up a cron job to request a copy every 5 or 10
|| | minutes and just send it to /dev/nul, could i get in more trouble than
|| | say, someone just telling me to cut it out?
|| 
|| I think that they would try to press charges under the precedent that
|| a guys modem auto-dialing Jerry Falwell's number was forced to make
|| restitution.   (Forget the reference, sorry.)
|| 
|| The important difference is that they probably are not being billed on
|| a per transaction basis, whereas 800 numbers are billed per call.
|| Would they sue?  Can you sell a jury on the essential difference being
|| that they were not billed per copy mailed?  I'd expect that they'd
|| react with a 'cut it out' message first.
|| 

And then they would, of course, use the inflated "hit" count as proof positive
that the Internet citizenry is on their side!  

-- 
==========================================================================
David J. Bianco			| Web Wonders, Online Oddities, Cool Stuff
iTribe, Inc.			| Phone: (804) 446-9060 Fax: (804) 446-9061
Suite 1700, World Trade Center	| email: 
Norfolk, VA 23510		| URL  : http://www.itribe.net/~bianco/





From harmon at tenet.edu  Tue Feb  6 14:54:55 1996
From: harmon at tenet.edu (Dan Harmon)
Date: Wed, 7 Feb 1996 06:54:55 +0800
Subject: Houston C'punks meeting
Message-ID: 



If anyone in the Houston area would like to have a meeting this weekend 
or in the near future, let me know.

Dan Harmon





From jsw at netscape.com  Tue Feb  6 14:58:39 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Wed, 7 Feb 1996 06:58:39 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602060726.CAA12115@bb.hks.net>
Message-ID: <3117D186.4A10@netscape.com>


Deranged Mutant wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> cp at proust.suba.com (Alex Strasheim) wrote:
> >> There's also less worry about secure transactions, since if
> >> everything's encrypted it's harder to tell if a transaction is taking
> >> place, viewing porno or subversive or religious, literature,  or if
> >> you're just reading something mundane.
> >
> >I think I must be missing something here.  Aren't you describing an SSL
> >web server?  Different algorithms, but basically the same idea?
> 
> No. SSL doesn't encrypt everything, just certain transactions (or am I
> wrong about this?)  Something that keeps everything encrypted and
> anonymous.

  SSL encrypts everything passed over the connection.  When running HTTP
over SSL that includes the URL being accessed, username and password for
HTTP auth, and cookies.

> >Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK
> >just got harder.
> 
> As opposed to the imaginary beta?

  The beta will expire in a few months.  The final release will not expire.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jpp at software.net  Tue Feb  6 15:04:27 1996
From: jpp at software.net (John Pettitt)
Date: Wed, 7 Feb 1996 07:04:27 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <2.2.32.19960206223328.00cbb948@mail.software.net>


At 01:58 PM 2/6/96 -0800, Tom Weinstein wrote:
>Deranged Mutant wrote:
>> 
>> No. SSL doesn't encrypt everything, just certain transactions (or am I
>> wrong about this?)  Something that keeps everything encrypted and
>> anonymous.
>
>SSL encrypts everything that goes across an SSL connection.
>
>
I think the confusion is that most sites don't run anything but transactions
over the SSL link for speed reasons.  Anything the the user and/or webmaster
*choose* to send over an SSL pipe is protected (assuming non export versions).



  

John Pettitt, jpp at software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch






From zinc at zifi.genetics.utah.edu  Tue Feb  6 15:11:18 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Wed, 7 Feb 1996 07:11:18 +0800
Subject: The OCAF's White Paper on Internet Pornography
In-Reply-To: <199602062210.RAA26298@gatekeeper.itribe.net>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

howdy folks,

it's been pointed out to me that the attack i mentioned would be unfair 
to others who use this ISP.  i will not be doing any mass mailing and i 
suggest others refrain from doing so as well.

the document is good reading, although it does hurt your head if you've 
had any logic at all.  i guess those years of debate weren't for nothing 
after all...

- -pat finerty
biochem grad student

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRfao03Qo/lG0AH5AQEItwQAk8V6LlIfLEKA+HgvyseAVZcWaNgnGvzP
Yduj9cs6eQYE64uaccYWsmHFLg1I/VlxyuF/FOh658xPDgSYUDFPPYRJB/fZhQfz
ga6cQ5CbOaRiGY/7H2fdoUn5Y0kG35hfZ6LYg0EARgo4BphtNSFdTg9TGECdlAsE
5MmwIxUumDA=
=jk9n
-----END PGP SIGNATURE-----





From sandfort at crl.com  Tue Feb  6 16:12:20 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 7 Feb 1996 08:12:20 +0800
Subject: INCHOATE CYPHERPUNK JOBS
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Friends of mine are working on projects that would call for 
C'punk types.  If anything sounds interesting, let me know and
I will pass your name (and resume) along.

1.	Design, build and maintain an ISP in Costa Rica.
	Later, you would design and program a financial
	application (I can say no more).  Knowledge of
	crypto, networks, databases, etc. required.

2.	Design, build and maintain a LAN with high
	bandwidth connection to the Internet in Hawaii.
	This would be in a high-tech, high-security
	residential enclave for wealthy telecommuting
	entrepreneurs, writers, semi-retired CEOs and
	other information professionals.

3.	Design, build and maintain an international
	Internet gambling-related service business
	probably located outside of the US (Saipan?).

In each of the above businesses, developement money is readily
available, but the principals are currently finishing up other
projects.


 S a n d y

P.S.	Bay Area C'punks can get the inside skinny from
	me at my party on Saturday.  Have YOU RSVPed yet?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From lunaslide at loop.com  Tue Feb  6 16:28:53 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 7 Feb 1996 08:28:53 +0800
Subject: Why am I wrong?
Message-ID: 


>>I don't think that I am stating a position of cypher-anarchy, but
>>advocating a position of personal privacy guaranteed by the Fourth
>>Amendment.
>
>Don't forget the other side of the conversation. While the government
>cannot (notice I did not say they might not try) effectively control
>communication, there are other points at which control may be exerted:

These exceptions are noted.
>
>1) communications *with* the government (IRS, Social Security, etc).

I would want the govt. to understand what I am sending them and I would
want to understand what they are sending me.  Hell, they can have my public
key too ;-)  But I don't see how they could exercise control simply because
I am communicating with them.  They cannot come blow my door down or even
slap my hand if they know I use encryption in all of my other
transmissions.  Perhaps I do not understand your point.  They can perhaps
control the communication between them and me, but not between me and
everyone else.

>2) communications using someone else's equipment/network (university,
>   employer, etc)

Employers nor universities have any jurisdiction over whether you use
encryption in your transmissions while using their networks unless it
specifically does not allow it when you first agree to have an account with
them.  Even in that case, they would be hard pressed to enforce it on a
university wide basis.  I would hope that employers would be smart enough
to encourage the use of encryption for their employees, even if they are
personal messages.  It would decrease their competitions chances to
intercept and decode the important, sensitive info because it would be
immersed in even more, unimportant info that is encrypted as well.

The govt. has control over the universities in that they are the ones who
fund them.  If the govt. denied funds to a given college because they did
not regulate the type of encryption, or alieviate the encryption use
entirely, what reasoning would they give to the schools board and the
public for restricting something that is not against the law and is, in
fact, protected by a constituional amendment.  It would not fly with the
voters.

>3) communications with anyone (Internet merchant, etc) who says "this
>   is not what  approves..."

I don't quite understand your meaning.  I am a merchant and I encourage my
customers to use PGP when they send information over the internet, whether
to me or to anyone else.  I explain to them the reasons for this, assisted
by Mr. Zimmermann's excellent analogy of the postcard/envelope difference.
Most are business people and readily accept the reasoning and are willing
to incorperate it into their dealings.  To respond to this point, I would
need to understand it better.  What is not what Mastercard, et al approves?
The encryption?

>Each of these may have compelling reasons for complying with what the
>government wants even if it is not law. IMNSHO "law" is just a means
>for exacting retribution/revenge - if you have to resort to it, you
>have already lost.
>
Indeed, there would be some impact from what point out, however, it would
not be enough pressure to suppress the encryption movement unless it became
painfully, and obviously, unconstitutional.  Law is optimally there for us
to redress grievences.  There will be skirmishes on the legal front for the
next 5 or 6 years, as far as I can see, but eventually the Surpreme Court
will set enough precidents that procecutors will be left with little power.
I don't think this is an optomistic view, but a realistic one based on the
current events and on decisions in related matters by the court in the
past.

Comments?  Bring 'em on! :-)

Respectfully,
Jeff Conn

PS  Yeah for Zimmermann and crew!

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From cmca at alpha.c2.org  Tue Feb  6 16:38:40 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Wed, 7 Feb 1996 08:38:40 +0800
Subject: PGP's "only for your eyes"
Message-ID: <199602062336.PAA24566@infinity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks at toad.com]
[Subject: Re: PGP's "only for your eyes"]

Usuario Acceso2  wrote:
	Maybe some of you already know about this.

	Whe reading PGP's "Only for your eyes" messages, the program
	creates a temporary file containing the plaintext in the
	directory where the cyphertext file is.

	So, don't worry about this option, it's quite useless.

The manual points out that you shouldn't rely on it. Its main purpose is
simply to prevent accidentally or automatically leaving the plaintext
lying around, not to actually securely guarantee that behaviour. After
all, you could always cut-and-paste the text, or (since you have the PGP
source) alter PGP to ignore the flag.

The real problem is not what it does, but what people *think* it might
do.

I take that back. When I check the manual, it doesn't say that it is
insecure. It really ought to. At least one of the books about PGP does
though, I know I've read it somewhere other than email.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMRfm+oHskC9sh/+lAQHgygQAs4gsA3DWORL06++EpiQahmDOj6JZJKaD
CTkljTcGA1WoY6LNEwGrEMBSs1NoaY6JT+KgxAeP/HOxTJDKwRkAdU+/psjMT9t6
rqERq6HerBKIBqUj/nOsbhnigA2U+e3gto9Fpvs5gld6oQvbyn3M56PWXrm9dbBX
N2KqJ8BcQTE=
=eRZ2
-----END PGP SIGNATURE-----





From nobody at REPLAY.COM  Tue Feb  6 16:48:31 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 08:48:31 +0800
Subject: Strong Crypto Weak
Message-ID: <199602070013.BAA10222@utopia.hacktic.nl>



Strong Encryption Weak, Say Crypto Gurus


Washington, D.C., U.S.A., 6 February 1996 -- Strong
encryption is weak, reports a group of prominent
cryptographers and computer scientists. Their report,
released yesterday, is expected to play an important role
in coming debates over US policy on exports of software
that includes encryption capabilities. 

Current US policy generally limits exports to encryption
using 40-bit keys. On a case-by-case basis, the US has
allowed export of software with 56-bit digital encryption
standard (DES) encryption. 

Recently, two French graduate students cracked the 40-bit
encryption Netscape was using. The trick took several
days, using idle time on the school's computers. 

The seven experts who wrote the new paper -- "Minimal Key
Lengths for Symmetric Ciphers to Provide Adequate
Commercial Security" -- say the achievement by the
students at the Ecole Polytechnique was trivial. 

"Anyone with a modicum of computer expertise and a few
hundred dollars would be able to attack 40-bit encryption
much faster," they write. They add that using a field
programmable gate array (FPGA) chip, costing about $400
mounted on a card, "would on average recover a 40-bit key
in five hours."

"A more determined commercial predator," says the paper, 
"prepared to spend $10,000 for a set-up" using 25 FPGA
chips, "can find 40-bit keys in an average of 12
minutes."

Moving to a 56-bit DES system doesn't solve the problem,
says the paper. "Calculations show that DES is inadequate
against a corporate or government attacker committing
serious resources. The bottom line is that DES is cheaper
and easier to break than many believe." 

And it is getting easier to crack DES code, says the
paper. "At present, it would take a year and a half for
someone using $10,000 worth of FPGA technology to search
out a DES key. In ten years time, an investment of this
size would allow one to find a DES key in less than a
week."

A serious attack against DES, on the order of $300,000,
"could find a DES key in an average of 19 days using
off-the-shelf technology and in only three hours using a
custom developed chip," say the cryptoanalysts. That's
the sort of money a business, or a criminal organization,
might be willing to spend to find trade secrets or dip
into a flow of financial transactions. 

A government intelligence agency willing to spend $300
million "could recover DES keys in 12 seconds each," says
the paper. "The investment required is large, but not
unheard of in the intelligence community. It is less than
the cost of the Glomar Explorer, built to salvage a
single Russian submarine, and far less than the cost of
many spy satellites."

What's the proper key length for protection against
criminal operations or a prying government? The analysts
"strongly recommend a minimum key-length of 90 bits for
symmetric cryptosystems." That's far stronger than
anything the US government has ever contemplated allowing
for export.

The paper was written by some of the most prestigious  
individuals in the field: Matt Blaze, Whitfield Diffie,
Ronald Rivest, Bruce Schneier, Tsutomu Shimomura, Eric
Thompson, and Michael Wiener. 

Blaze, at AT&T Research, recently demonstrated weaknesses
in the government's "Clipper Chip" key escrow system.
Diffie, at Sun Microsystems, was a co-creator of public
key cryptography. Rivest, at MIT, was one of the
inventors of the RSA public-key system and one of the
founders of RSA Data Security Inc.

Schneier, president of Counterpane Systems, is the author
of a leading textbook, Applied Cryptography. Shimomura,
at the San Diego Supercomputer Center, last year tracked
down outlaw hacker Kevin Mitnick. 

Thompson heads AccessData's crypto team, which has
regular clients that include the FBI and other law
enforcement agencies. Wiener, at Bell-Northern Research,
wrote an influential 1993 article, "Efficient DES Key
Search," which describes how to build a machine to attack
DES by brute computational force.

The paper grew out of a one-day meeting in Chicago last 
November, which was supported by the Business Software
Alliance. The paper is available on the BSA World Wide
Web site, http://www.bsa.org/. 

--






From maldrich at grctechs.va.grci.com  Tue Feb  6 16:53:00 1996
From: maldrich at grctechs.va.grci.com (Mark Aldrich)
Date: Wed, 7 Feb 1996 08:53:00 +0800
Subject: EIA and TIA Paper on Crypto Policy
Message-ID: 


The February 2nd edition of "Washington TELECOM Week" reports that the 
Electronic Industries Association (EIA) and the Telecommunications 
Industry Association (TIA) have jointly submitted to the Whitehouse a 
paper that warns the administration about the folly of continuing the 
"virtual embargo" that is in place for all exports of encryption 
controlled by the State Department.  The paper warns that the nation will 
take a heavy hit if export restrictions are not "significantly eased."  
According to the groups, stringent export controls on encryption software 
and products are a blow to both the economy and national security.

The member companies of the two large groups have concluded that it is 
"no longer in the national interest to use export control policy as a 
tool to impede data security products."

According to the paper, even the new policy leads to a number of 
injurious consequences, including the loss of sales and the loss of 
efficiency.  It emphasizes that there is a growing need for data security 
products containing encryption in the private sector, both in the US and 
overseas.

The export controls, said the paper, "lead to increased risk of 
penetration from hackers, commercial competitors, terrorists and 
others."  Hence, they call for the development of cheap, easy-to-use 
encryption for a wide variety of potential applications, or "the U.S. 
Government and industry both will suffer."

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich at grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich at dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From nobody at REPLAY.COM  Tue Feb  6 17:14:14 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 09:14:14 +0800
Subject: Fax Fools US Espionage
Message-ID: <199602070054.BAA11802@utopia.hacktic.nl>



"Foolproof" Encrypted Fax System

                         
Derby, England, 6 February 1996 -- Wordcraft, the
Derby-based software house, has announced that its
proposals for a "foolproof" secure fax transmission
system will be considered by the International
Telecommunications Union's meeting in Geneva,
Switzerland, next week. 

According to Mike Lake, the company's managing director,
Wordcraft has been working closely with a number of other
companies, notably Chantilly (another UK firm) on the
proposals, which will be considered alongside a competing
set from French and German companies.

Lake told Newsbytes that the Wordcraft system is known as
Automatic Fax Services (AFS) and consists of four
elements: authentication, message confirmation,
integrated encryption, and a certificate of receipt. 

The authentication element of AFS revolves the generation
of the fax device's serial number and unique transaction
number for each fax transmission. Message confirmation is
generated by the distant fax device, while the
certificate of receipt is printed after confirmation 
is received.

"Existing fax transmission reports are just that -- a
note of transmission. AGS creates a new document, a
certificate of receipt, which proves that a fax was
transmitted," Lake said.

The encryption system, meanwhile, uses a proprietary, but
open systems standard of encryption, using a one-time
passkey, which is transmitted by the sending fax device
in a secure manner.

"This contrasts with the French/German system which is
based on RSA's private and public key system. That system
is flawed, since it relies on the US Government licensing
a manufacturer to use the algorithm, something that the
Government is unlikely to do with, for example, a
Japanese fax manufacturer," Lake explained.

According to Lake, even if the ITU Study Group 8 approves
the French/German secure fax system next week, no major
fax vendor is likely to implement such a system on their
fax machines if the US Government is allowed to licence
each fax machine for use.

"The AFS system is secure, yet does not need the
permission of anybody to use it. In that sense, it's a
more global system," he said.

So what does Wordcraft get out of the proposed standard?
According to Lake, the company is offering a series of C
language routines for inclusion in the firmware of fax
machines, and fax software drivers. These routines, he
said, allow driver programs to be coded very easily. It
is the modest licence fees for this software with which 
Wordcraft is hoping to recoup its investment.

--







From simsong at vineyard.net  Tue Feb  6 17:36:36 1996
From: simsong at vineyard.net (Simson L. Garfinkel)
Date: Wed, 7 Feb 1996 09:36:36 +0800
Subject: FV's blatant double standards
Message-ID: 


>
>Simson's comment almost, but not quite, made this clear:
>
>> Yes, clearly if you are not concerned about missing 50-75% of First
>>Virtual's
>> users, this attack will work just fine.
>
>The "just fine" is incorrect, however, because those 50-75% will not be
>MISSED, they will be attacked incompletely, and they will object to
>false transactions, causing our fraud department to launch an
>investigation.  This attack would get stopped pretty quickly, I believe.
> -- Nathaniel
>--------
Well, Simson is being a little terse and not thinking things through, I
guess, because he is in pain with tendonitis and is trying to get out
INTERNET-HATERS.

=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.







From mwohler at ix.netcom.com  Tue Feb  6 18:18:51 1996
From: mwohler at ix.netcom.com (Marc J. Wohler)
Date: Wed, 7 Feb 1996 10:18:51 +0800
Subject: Is toad.com down?
Message-ID: <199602061256.EAA25246@ix10.ix.netcom.com>


At 06:44 AM 2/6/96 -0500, John Young kindly offered:

>Mail is coming in here okay, though at about half the usual 
>volume.
>
>
>However, two other people on netcom have posted messages saying 
>that they have been getting almost nothing for several days.
>
>
>A "who cypherpunks" was just sent to   and 
>answered promptly, at 6:40 AM EST. Your name is listed.
>
>
>If you like, do a test post to the list and copy me. I'll let 
>you know if both arrive and the timing.
>
>
>Regards,
>
>
>John
>
>
Thanks for your help John.

MJ Wohler






From ravage at ssz.com  Tue Feb  6 18:27:21 1996
From: ravage at ssz.com (Jim Choate)
Date: Wed, 7 Feb 1996 10:27:21 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602070213.UAA03036@einstein.ssz.com>



Forwarded message:

> Date: Tue, 06 Feb 1996 15:43:12 -0800
> From: jim bell 
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I
>   wrong?
> 
> [Part 1]
> I've been following the concepts of digital cash and encryption, since
> I read the article in the August 1992 issue of Scientific American on
> "encrypted signatures."  While I've only followed the Digitaliberty area
> for a few weeks, I can already see a number of points that do (and
> should!) strongly concern the average savvy individual:
> 
> 1.  How can we translate the freedom afforded by the Internet to
> ordinary life?
> 

By realizing that freedom is freedom, the medium is irrelevant.

> 2.  How can we keep the government from banning encryption, digital
> cash, and other systems that will improve our freedom?
> 

By making shure they don't have the authority to make the decision in the
first place.

> A few months ago, I had a truly and quite literally "revolutionary"
> idea, and I jokingly called it "Assassination Politics": I speculated on
> the question of whether an organization could be set up to _legally_
> announce either that it would be awarding a cash prize to somebody who
> correctly "predicted" the death of one of a list of violators of
> rights, usually either government employees, officeholders, or
> appointees.  It could ask for anonymous contributions from the public,
> and individuals would be able send those contributions using digital
> cash.
> 

If the intent is to motivate others to kill or otherwise harm others simply
because you don't agree with them or their actions is reprehensible and
moraly or ethicaly undefensible.

> 
> On the contrary; my speculation assumed that the "victim" is a
> government employee, presumably one who is not merely taking a paycheck
> of stolen tax dollars, but also is guilty of extra violations of rights
> beyond this. (Government agents responsible for the Ruby Ridge incident
> and Waco come to mind.)  In receiving such money and in his various
> acts, he violates the "Non-aggression Principle" (NAP) and thus,
> presumably, any acts against him are not the initiation of force under
> libertarian principles.
> 

Every citizen of this country is a 'government employee' in one sense or
another.

By resorting to violence you are no better than the ones you proport to
protect us against.

                                              Jim Choate
                                              ravage at ssz.com






From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb  6 18:47:06 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 7 Feb 1996 10:47:06 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
Message-ID: <01I0WNMJAAFQA0UVSI@mbcl.rutgers.edu>


From: lmccarth at cs.umass.edu

>This makes it harder for transitory proxies, but not for fairly permanent
ones, I suspect. An outfit like C2 could presumably register with a corporate
credit card. Its proxy then carries connections paid-as-you-go with e$, or
paid in chunks in advance with a check.
-------------------
	That could work with a known amount of charge, which the person would
pay to the proxy (or some portion of it). A very interesting idea.
	But how about the larger idea of anonymnity (such as through an
organization with anonymous account access) with _general_ access to a
corporate credit card? You'd need to either A. have knowledge of the users
(what I'd call semi-anonymous) or B. get the price of what the person is
purchasing at the time and subtract it from their account. The latter seems
possible with the FV system, so long as it records enough info to distinguish
who's using what so the appropriate account can be charged for it (the system
would allow a yes answer only if the account had enough money to pay for it).
One would need to know in any case at each point when a given account charged
something. This might work via not telling the user the CC/FV number is (which
one would want to do in any case) and logging which account used something
when. One could use multiple credit cards (with multiple fees, unfortunately)
and rotate them around from account to account every day or so (whatever the
finest grain distinguishable by the card report was). I wonder how much info
gets reported back on corporate credit cards to the corporation issuing them.
Any information or suggestions? In general, the problem is finding out what
nym is charging what.
	Another way to do it, but an unpopular one, would be to have a required
deposit equal to the credit limit available on the card. This limit could be
checked on a regular basis (a phone call, hopefully automatable, to the credit
card issuer) and adjusted appropriately.
	-Allen





From wilcoxb at nag.cs.colorado.edu  Tue Feb  6 18:50:54 1996
From: wilcoxb at nag.cs.colorado.edu (Bryce)
Date: Wed, 7 Feb 1996 10:50:54 +0800
Subject: Web Page Authentication (was: Anti-Nazi Authentication)
In-Reply-To: <199602060545.QAA12048@sweeney.cs.monash.edu.au>
Message-ID: <199602070204.TAA14469@nag.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Jiri Baum 
  probably wrote:

> Hello Rich Graves 
>   and bryce at colorado.edu
>   and "Declan B. McCullagh" , cypherpunks at toad.com
>  
> > On Fri, 2 Feb 1996, Bryce wrote:
> ...
> > For the paranoid, it would be an added assurance that they are reading the
> > original file at the original location. Otherwise, anybody could copy the
> > Web page, modify it, and give it someone else's PGP signature. 
> ...


No I didn't.  That was Rich I think.


> So? I guess it's plagiarism, but there's nothing you can do about it
> anyway. If someone wants to claim your words, let them sign.


What *I* wrote was some ways that you *could* do something
about it, namely PGP clearsigs and and timestamps.  I have
the disheartening impression that my e-mail hasn't been
delivered properly for the last couple of weeks.  That, or
nobody is listening to me.


> One other thing - what about inline images?
> 
> I guess you could put an MD5 hash of the image into the IMG tag,
> as a new attribute (you don't necessarily want to sign each of the
> images separately).
 

That's a good idea.  Of course you already have signed the
URL, which is supposed to be universal.  However someone
*could* hijack the http requests and shove the wrong images
into your "PGP signed" document.  This could stand some more
thought.  I like your MD5 idea, but that isn't as easy to
implement and distribute.


Most graphic file formats can have inert embedded comments.
We could stick the URL at which the file should be found,
along with a whole PGP sig of that URL and the graphic
data.  Then, since we have that URL signed, and we have the
URL for the inline image in the html file signed, we can
match the two together and be safe except for some really
funky replay attacks.  (Which you can avoid by never storing
a file at an URL which once held a different file.)


Hm.  Your MD5 hashes sound like a better idea.  :-)


> I'm not sure how to do links, but I guess for the time being you'd
> leave them unsigned, with a disclaimer or something on the signature file.


Umm..  Hm.  What do you mean?  The text of the hrefs would
be signed since it is part of the html document.  Hopefully
it would be intuitively obvious to the most casual user that
if you are reading a file signed by X, and you click on an
URL and go to another file, that the new file is not
necessarily signed by X.  :-)


> Have a look at http://www.cs.monash.edu.au/~jirib (my home page).
> Is that more-or-less what you have in mind?


Nice!  If you want you can have copies of the graphics in
"http://www-ugrad.cs.colorado.edu/~wilcoxb/images/pgpcheck".


I think they should say "signed" rather than "verified"
since they haven't been verified until the user actually
runs PGP on them.  Let me know if you want variations on the
images there-- I'll cook them up and give them to you.


Sorry for snapping at you at the beginning of this message--
I'm was just in a bad mood and I hate having things
mis-attributed to me.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRgIZPWZSllhfG25AQHvBQP+LHZRIeNPujzmooJMOLHnmvnojtQNGzNe
ttYUykeS47wT/ack2TS0pD3oYrvu0vUsD7A2dMON0rgDlzsx/GMIcteqFxE0Hkg/
64SLl9JO+SI43/1MU0hBI3PJppOzIIzxtQaWvIQbBz5zajDf8I60Fe69KK91q5sj
Q6c871kjtV4=
=dDpO
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb  6 19:16:48 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 7 Feb 1996 11:16:48 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <01I0WOIQESFIA0UV0C@mbcl.rutgers.edu>


From:	IN%"bplib at wat.hookup.net"  "Tim Philp"  6-FEB-1996 09:02:48.98

>It would not make it harder for buyers and sellers to get together, it 
would simply increase the risk. It may lead to higher prices, but I am 
prepared to pay something to protect my privacy.
------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^------------------------

> If you don't want people to know things about you, don't tell them.
> 
I agree that in the absolute sense, this is true. However, it is not 
practical to do so in our modern society. If you are prepared to live 
without credit or health insurance you can do this but the price is too
high for most people to consider.                      ^^^^^^^^^^^^^^^^
^^^^-------------------------------------------------------------------
	So you're prepared for everyone to pay more, but not for those who
want privacy to pay more? While I do support taxes to pay for a minimal amount
of welfare, I don't think that much intrusion into private property rights is
justified.
	-Allen





From dubois at dubois.com  Tue Feb  6 19:26:33 1996
From: dubois at dubois.com (Philip L. Dubois)
Date: Wed, 7 Feb 1996 11:26:33 +0800
Subject: Zimmermann Legal Defense Fund
Message-ID: <199602070236.TAA13753@teal.csn.net>


-----BEGIN PGP SIGNED MESSAGE-----

*

MESSAGE FROM ZIMMERMANN DEFENSE TEAM

FOR IMMEDIATE WIDE DISTRIBUTION WITHOUT MODIFICATION

I write on behalf of Philip Zimmermann and his legal defense team 
for two reasons:  to offer thanks and to make an announcement.  

First, we offer our thanks to all the generous souls who donated 
money and services to the Zimmermann Legal Defense Fund.  Without 
you, we could not have mounted the defense that we did, and we 
would not have achieved the result that we did.  Your contributions
were made from a commitment to the causes of privacy and justice,
and we are grateful.

The announcement:  as you may know, I am the only lawyer who 
was not working pro bono, i.e., without expectation of being 
paid.  Three of our lawyers-- Ken Bass in D.C., Eben Moglen in New 
York, and Curt Karnow in San Francisco-- devoted hundreds of 
hours of time and substantial expenses for which they've not been 
paid.  Tom Nolan in Palo Alto and Bob Corn-Revere in D.C. also 
spent a great deal of time on this case for which they were not 
paid.  And, of course, Joe Burton in San Francisco toiled in 
obscurity on behalf of the other person who was also targeted by
the federal investigation.

I agreed up front not to bill for all my time, and judging from 
the rate of current contributions, it now appears that the Defense 
Fund will cover the fees and costs that I billed.  I would like to 
see these other lawyers receive some compensation for their efforts.
Accordingly, all donations to the Zimmermann Legal Defense Fund 
mailed, authorized, or generally "made" (as opposed to "received") 
after midnight local time on 14 February 1996 will be distributed
among these other lawyers to defray their costs and, if possible, 
to compensate them for a little of their time.

I make this announcement because people contributing to the Fund 
have a right to know that Mr. Zimmermann's actual defense costs 
are now covered and that additional donations will go to lawyers 
who agreed to work for free and who were absolutely essential to 
the defense.

Again, my thanks.


Philip L. Dubois
Counsel for Philip Zimmermann
Philip L. Dubois, P.C.
2305 Broadway
Boulder, CO  80304-4106
voice:  303-444-3885
fax:  303-444-1051
email:  dubois at dubois.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRgCUbZ7C+AHeDONAQGJAAP+N82RobbmbRVljdE7t0tGEcfCeHN+pqwF
+j31GjZU3qDNBtgXw30yTJSKOOjkg9fBRicNIQPsLarkTGDTYWUk2JSNcUVgNZiO
/AjM/BnIjwms81DuGR1KivlMlw6lnhK46ncT4ijx5tMj2b8QaHiwkkwxznY3FTXi
bNlo5J06cFA=
=D12f
-----END PGP SIGNATURE-----






From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb  6 19:36:12 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 7 Feb 1996 11:36:12 +0800
Subject: Anti-US-censorship ammunition
Message-ID: <01I0WPDDTPHSA0UWEC@mbcl.rutgers.edu>


	I received the following addresses from my request for non-US
bomb-making material sites. (I'll post who gave them to me if he gives me
permission). They should be useful as arguments against anyone who claims the
US should shut off such information.
	-Allen

http://www.mi.aau.dk/~clement/thb_title.html

http://home.ptd.net/~wa2joc/terror.hb

http://www.tvnorge.no/~thomasm/terror.htm

http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html





From jya at pipeline.com  Tue Feb  6 19:37:57 1996
From: jya at pipeline.com (John Young)
Date: Wed, 7 Feb 1996 11:37:57 +0800
Subject: BLU_ink
Message-ID: <199602061357.IAA12528@pipe1.nyc.pipeline.com>


   2-6-96. FinTim:

   "Secret identities. Two systems to combat potential
   signature fraud in cyberspace."

      On digital signatures by public-key cryptography and by
      a "biometric token" system by PenOp of the UK.


   BLU_ink













From don at cs.byu.edu  Tue Feb  6 19:39:48 1996
From: don at cs.byu.edu (Don)
Date: Wed, 7 Feb 1996 11:39:48 +0800
Subject: FV's blatant double standards
In-Reply-To: 
Message-ID: 


Nathaniel Borenstein of FV (not accepted at c2, by the way) said:

> point is that an automated attack like this one is undermined by email
> heterogeneity, which will cause FV's fraud department to be alerted

Is that the same sort of "alerted" that would happen when a keyboard-sniffer-
detecter detects a keyboard-sniffer? Or is it the kind of alerted like
"The keyboard sniffer program was alerted by the OS that it could kiss
off if it wants access to the keyboard"

Or is it something entirely different, like "The government was alerted
that someone was buying a few too many plane tickets to [foreign coutry here]"

Don





From anonymous-remailer at shell.portal.com  Tue Feb  6 19:58:42 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Wed, 7 Feb 1996 11:58:42 +0800
Subject: CDA = death of crypto
Message-ID: <199602070326.TAA28004@jobe.shell.portal.com>


CDA means that virtually all underground or 'illegal' traffic will be
distributed via encryption.

As soon as the loony right and fundo Christians realise this, they *will*
call for legislation against encryption, and if the CDA is any benchmark,
they will easily win.

My 0.2 cents worth for the day.






From stainles at bga.com  Tue Feb  6 20:03:23 1996
From: stainles at bga.com (Dwight Brown)
Date: Wed, 7 Feb 1996 12:03:23 +0800
Subject: DES for HP48?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

When the RC4 implimentation for the HP48 was posted, someone else mentioned
the existence of a DES implimentation for the same machine. I remember
seeing this mentioned on the list earlier as well, but...

I've done searches with Archie, Alta Vista and Yahoo, as well as looking
through the excellent hks.net archives, but I haven't been able to find it.

Can someone point me in the right direction?

(Since I'm probably just too stupid to construct a proper Yahoo search, and
to keep list noise down, I'll sumarize privately e-mailed responses.)

==Dwight
-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBMRgdEYY4AzhdF11FAQGrEwP6Aq+oTEOsss6XR30ra/Ft0fYtRJi0BW7+
KNw8Fx3C+s/ekBn+PmGbprsiDk3NBCzpNvZPylwCrmRrh71bu2ZUK/ZTkmJVDr56
7rFKoW0PL8KOZ9E58+u7NB2p/XuHRgtfTZgkEt2WvuPP/lgmVUPwUYSTg01fC+tN
yPEZgQnLUKM=
=WBl3
-----END PGP SIGNATURE-----







From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb  6 20:06:16 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 7 Feb 1996 12:06:16 +0800
Subject: Anti-US-censorship ammunition
Message-ID: <01I0WQNVJOX4A0UWEJ@mbcl.rutgers.edu>


From:	IN%"lmccarth at cs.umass.edu"  6-FEB-1996 22:24:29.09

> 	I received the following addresses from my request for non-US
> bomb-making material sites. 
[...]
> http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html

When did Kansas secede from the Union ?  :>
--------------
	Thank you for pointing out my error. I forgot to delete that line.
	-Allen





From dmandl at panix.com  Tue Feb  6 20:16:00 1996
From: dmandl at panix.com (David Mandl)
Date: Wed, 7 Feb 1996 12:16:00 +0800
Subject: How to prevent a virus infection :-)
Message-ID: 


At 7:06 PM 2/6/96, Lucky Green wrote:
>Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
>without firewalls pose the risk of spreading viruses when downloading files
>from them. A  GIF was being downloaded in the background...
>
>LOL.
>
>I only wonder who the fuck is hiring such idiots.

Certainly not my former employer.  This guy seems to know far too much
about net security to work there.

   --Dave.

--
Dave Mandl
dmandl at panix.com
http://www.wfmu.org/~davem







From bplib at wat.hookup.net  Tue Feb  6 20:30:11 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Wed, 7 Feb 1996 12:30:11 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <01I0WOIQESFIA0UV0C@mbcl.rutgers.edu>
Message-ID: 


On Tue, 6 Feb 1996, E. ALLEN SMITH wrote:

> 	So you're prepared for everyone to pay more, but not for those who
> want privacy to pay more? While I do support taxes to pay for a minimal amount
> of welfare, I don't think that much intrusion into private property rights is
> justified.
> 	-Allen
> 
	I think that you may have misunderstood just what my position is.
There are circumstances that people are faced with in our modern society
that compel them to release data about themselves. Here I am speaking
about the information required if you want to use credit cards, have a
telephone, use health insurance, pay income tax ( could do without this
one! ), or register to vote. I do not believe that it is unreasonable
that the organizations that collect this data should be compelled to keep
this information confidential.  
	When I spoke about the price to pay, I was speaking somewhat
metaphorically in that it is possible to keep this information to your
self and not have to PAY anything. The actual PRICE that is paid is that
you are not able to participate fully in our society. I don't believe that
you can equate this type of price that you pay in social currency with an
actual price that you pay because merchants must assume more risk. 
	In an earlier message to this thread, it was suggested that I
should not call down the forces of the state ("lets pass a law") to deal 
with this issue. I wish that it could be dealt with in another way. If 
personal information is not controlled, it will work towards the 
detriment of the individual. My personal opinion is that the state exists 
to serve the individual, not to control him. In our current society an 
individual has little control over the release of personal data, 
therefore the state should legitimatly protect the individual. If you 
wish to control your own information, you must be prepared to be a real 
hard case.
Regards,
Tim Philp






From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb  6 20:40:55 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 7 Feb 1996 12:40:55 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <01I0WSDNB97KA0UVEU@mbcl.rutgers.edu>


From:	IN%"bplib at wat.hookup.net"  "Tim Philp"  6-FEB-1996 23:08:03.68

>	I think that you may have misunderstood just what my position is.
There are circumstances that people are faced with in our modern society
that compel them to release data about themselves. Here I am speaking
about the information required if you want to use credit cards, have a
telephone, use health insurance, pay income tax ( could do without this
one! ), or register to vote. I do not believe that it is unreasonable
that the organizations that collect this data should be compelled to keep
this information confidential.  
-----------------
	With the exceptions of "use credit cards" and
"use health insurance," all of these are ultimately governmentally dictated
(by the governmental monopoly status if nothing else). I agree that the
government (and its sponsored monopolies) should not be able to keep
information that it does not need, and that it should be required to keep
such information confidential. One can do without credit cards; I use mine
about once a month, and that only because I can be lazy at times (not wanting
to go to the bank to get more cash). A group health insurance plan can also
enable doing without providing medical information; I am currently covered by
such a plan.
------------------

>	In an earlier message to this thread, it was suggested that I
should not call down the forces of the state ("lets pass a law") to deal 
with this issue. I wish that it could be dealt with in another way. If 
personal information is not controlled, it will work towards the 
detriment of the individual. My personal opinion is that the state exists 
to serve the individual, not to control him. In our current society an 
individual has little control over the release of personal data, 
therefore the state should legitimatly protect the individual. If you 
wish to control your own information, you must be prepared to be a real 
hard case.
-----------------
	I certainly agree that the purpose of the state is to protect the
rights of the individual. It's just that you're wanting more interference in
the rights of other individuals (like the stockholders of the CC companies)
than is justifiable. For maximal control over one's life, sometimes one does
have to be a "real hard case." That's life.
	-Allen

P.S. As TCMay pointed out earlier in this thread, all this is a moot point.
In the expiry of credit information, for instance, all one has to do is make
use of a credit evaluation agency (that stores information) in another country.
If its methods are proprietary, it's a bit difficult for the state to prove
that you're using an organization that violates its rules. 





From WlkngOwl at UNiX.asb.com  Tue Feb  6 21:08:11 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Wed, 7 Feb 1996 13:08:11 +0800
Subject: Electronic Grille Cipher?
Message-ID: <199602070458.XAA06194@UNiX.asb.com>


> >An idea occurred to me the other day, for hiding multiple
>> texts in one file using multiple keys.  The gist of it is to
[..]
> 	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
> to some parts of the Archives discussing it. However, the main objection to

What part of the archives?

> this idea was that the cops would just do a search warrant for the second group
> of information. My solution to this is to have quite a few groups of
> information, which would admittedly make the spacing problem a bit hard.
> The following might be an example for someone of such a scheme:

That's a good solution.  Another idea might be to stego the 
accounting info (real info ;) inside one of pictures using a similar 
method.... in some ways this method is better suited for stego since 
it becomes lunacy for the cops to insist that every picture or 
audiofile  you have has something or many things hidden... (unless 
they've been watching you and know you keep accessing your jodi 
foster pix after a client visits you...)

Rob.
 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From tunny at inference.com  Tue Feb  6 21:39:02 1996
From: tunny at inference.com (James A. Tunnicliffe)
Date: Wed, 7 Feb 1996 13:39:02 +0800
Subject: Local news botches RSA story
Message-ID: <3117EED8@inference2.com>



 -----BEGIN PGP SIGNED MESSAGE-----

On the local San Fransisco Bay Area news early this morning (I think it
was KRON, the local NBC affiliate -- I'm new around here), there was a
story about RSA Inc. licensing encryption technology to the People's
Republic of China -- about a $200 million deal, if I understood
correctly.  Given that RSA is a local company, care to guess how the
story was presented?  "Local hi-tech company makes inroads in global
market?"  "Restrictive government regulations make life tough for U.S.
software companies?"  No, the lead-in and thrust of the story was
"Export of advanced technology will hamper U.S. spy efforts"!  They had
some heavily edited bits from Jim Bidzos, who at least got to make
mention of the "genie being out of the bottle", and the fact that if
they can't buy it from us, they'll get it from someone else, but the
clueless newsies really butchered this one.  RSA was made out to look
like they were selling out their country to make a buck, over the
protests of the government (in fact, the deal obviously received
government approval).

I don't know the details of the deal (I couldn't find anything on
RSA's web page), but it sounded like the software was (as
expected) export-crippled, though Bidzos made some comment about
it being "upgradable".  Anyone have any more details on this?

I expect the report will air again -- maybe some Bay Area cpunks
can catch it and provide some more feedback.  There may even be an
opportunity to educate the local media, though I don't hold out a
lot of hope...

 - Tunny
______________________________________________________________________
James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
tunny at Inference.com    | <--finger for key  36 07 D9 33 3D 32 53 9C
======================================================================


 -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRduUPAmQsmyRPddAQHwDQf+Nj6JGXNe8sltA1kch0koSkc+2Lv3u1X9
ilDFdVWNtHGYZUMG9SgUvBGccZe8aZHzBIlk1N2GgUuhrrEAoXQCXdQGOEpAp4Tw
2/kjw6ZioZSIRNluvOnFh5d7D9lsfghXuVxSv0pDj+XNLE2lOW5PCYQI8e5a+tr0
j0EvUR5uSBW4a3OaEG9yigoVV/9EG2/sdA9QtEw2Au8vgffDll/QyhRJodBl2Q8g
jmN23SetRrS+fppW6FM7ApXhJ8/1UlKw0jIADSgsTJ05HnGi+8ZrIoPJiC5VR9Cp
Oo4hSFWtXxzr1zy1MbU2ltLXHvwiXOr67R9WzliZWlu3w2NX/syO1g==
=0OQ5
 -----END PGP SIGNATURE-----





From raph at CS.Berkeley.EDU  Tue Feb  6 22:41:29 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Wed, 7 Feb 1996 14:41:29 +0800
Subject: Infoterrorism paper
In-Reply-To: <199602070416.XAA14183@opine.cs.umass.edu>
Message-ID: <199602070614.WAA11621@kiwi.cs.berkeley.edu>


Thanks, Futplex, very much for the heads-up on this document. Indeed it
is fascinating, and I feel quite validated. The discussion of the quality
of my service was particularly heartening - I'll put it on the remailer
list page if I decide to go for the publicity angle.

I'm also a bit concerned about a possible appropriation of my work. I am
especially concerned about the fact that it does not give attribution.
The quotations of my remailer page probably go beyond any reasonable 
standard of fair use, either legally or according to Net tradition.

For the time being, I'd like to lay low and not create too much smoke
until I figure out what to do. Of course, given that the URL has been
published on cypherpunks, there may not be that much that can be done
about it.

Raph







From zinc at zifi.genetics.utah.edu  Tue Feb  6 22:53:48 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Wed, 7 Feb 1996 14:53:48 +0800
Subject: Defeating untrustworthy remailers?
In-Reply-To: <199602070521.AAA17716@bb.hks.net>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 7 Feb 1996, Deranged Mutant wrote:
 
> On Wed, 7 Feb 1996, Deranged Mutant wrote:
> 
> Date: Wed, 7 Feb 1996 00:21:58 -0500
> From: Deranged Mutant 
> To: cypherpunks at toad.com
> Subject: Defeating untrustworthy remailers?
> 
> Here's another idea (don't laugh): to set up a system where mailing
> lists and newsgroups have public keys that you can encrypt directly to.
> Advantage for anonymous mail is that if a remailer is untrustowrthy,
> there's still some security in the final remailing of the document.
> 
> Furthermore, non-encrypted mail is less at risk of tampering. And some
> newsgroups or lists could requires a signed message from an approved
> key before posting.
> 
> there is no reason to laugh at this.  there is already a mailing list 
> where all traffic is encrypted using either the remailer's public key or 
> the going the other way, the users public key.  it's John Perry's 
> cypher-list.
> 
> -pjf
> 
> 
> "Those that give up essential liberty to obtain a little temporary
>  safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
> 			  finger for PGP key
> zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 
> 




"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRhDXk3Qo/lG0AH5AQHGRAP+PlD1lbYr0nJRyrKO7Q7i8MCdA+msLpZL
Sh9H2zXLI8trLFFxDKPw+XNjCa8X999PgceuLaDS2TdxmesUqsoxusZOh+ce3PuM
vjiOpY/bFpsrS4ObF5IswjVZQNnYPZL5AD8VAu1hwwRBg9WiMVM9oqiQF5JF49pl
ZpNcfaETn2g=
=abHX
-----END PGP SIGNATURE-----





From alano at teleport.com  Tue Feb  6 22:58:26 1996
From: alano at teleport.com (Alan Olsen)
Date: Wed, 7 Feb 1996 14:58:26 +0800
Subject: [NOISE] Paranormally Good Privacy
Message-ID: <2.2.32.19960206201930.00964940@mail.teleport.com>


At 01:48 AM 2/6/96 -0800, Dave Del Torto wrote:

>1996-02-06	PGP-Y
>
>Our paranormal testing program has already had one commercial spin-off. Our
>engineers have developed a truly foolproof data security protocol. It is
>called PGP-Y -- "Pretty Good Parasychology." The mechanism is simple. You
>imagine that you have transmitted data to someone; that person then
>imagines that he has received it. Using PGP-Y, any type of information can
>be transmitted over the Internet with complete security. The key is that
>the data is transmitted high over the net -- so high that the data actually
>travels above the net rather than within it. The data is transmitted
>telepathically (and for those who distrust electronic funds, we also have a
>scheme for transmitting cash and gold plate telekinetically.)

There were a number of times where I had to explain to users that the "T" in
TCP/IP did not stand for "Telepathic". (Glad I am not doing that anymore...
I would expect calls from people looking for that version.  And when we
would support it...)
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?






From wlkngowl at unix.asb.com  Tue Feb  6 23:06:58 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Wed, 7 Feb 1996 15:06:58 +0800
Subject: Electronic Grille Cipher?
Message-ID: <199602060826.DAA13336@UNiX.asb.com>




An idea occurred to me the other day, for hiding multiple
texts in one file using multiple keys.  The gist of it is to
take a reasonably large file of random data and then to hide
the bytes of a message in scattered locations.  The method of
determining where each byte is would be based on a good cipher
which for each iteration would return a relative offset from
the last location in the file.

It's the electronic form of those ciphers where you have a
message in a grid, the key being random holes punched in a
card and the rest of the boxes filled with junk... I think it's
called a Grille Cipher, right?

If the file is reasonably large and the messages reasonably
small, then multiple messages with multiple keys can be hidden
in the same file.  Thus one passphrase can decrypt an innocuous
message while another decrypts the real message. (Some care
should be taken to make sure there are no collisions.)

If an unencrypted plaintext was intermixed in a "truly random"
file this way, it would be difficult for an attacker to extract
it (though it's nicer to intermix an encrypted file...).

This method could also be applied to stego when hiding a file
in graphics or sound files since an attacker who suspects a
stegoed file would have trouble detecting a PGP header.

Any comments? Has this been thought of before?

--Rob







From wlkngowl at unix.asb.com  Tue Feb  6 23:07:33 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Wed, 7 Feb 1996 15:07:33 +0800
Subject: Telecoms Bill
Message-ID: <199602060748.CAA12211@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

mark at unicorn.com ("Mark Grant, M.A. (Oxon)") wrote:
>
>Well, if "cypherpunks write code", is there any code we should be
>writing in response to this?

I'm not familiar with SSL protocols, but something that would anonymize 
web page access and keep it entirely encrypted (not just credit card or 
forms transactions) would be good.

Encrypted/truly anonymous ftp would be nice (though some folx would 
understandably have problems with truly anonymous uploads, and crypto 
export restrictions in the US could be problematic legally).

I think there is already work on encrypted telnet (stel) by the CERT/IT 
people.

On the non-net side of things, implementing encrypted BBS/communications 
and file-transfers is useful.  I'm told PGP-Phone is supposed to support 
encrypted communications/file-transfers... so a host-script language that 
enables a simple BBS would be nice.

Implementing encrypted/anonymous mailing lists is another idea.

Other ideas?



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcHsioZzwIn1bdtAQHUzwGAwVy5oX7+XwznGkF+CHVXBqeI1dSMT1tt
gNIENdPUnst6bIPvGX4FigUnzEBPiNMH
=gV+C
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Tue Feb  6 23:08:05 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 7 Feb 1996 15:08:05 +0800
Subject: Why am I wrong?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:54 PM 2/5/96 -0500, Decius wrote:
>I am posting this pondering to cypherpunks in hopes that it will be refuted.
[stuff deleted]
>
>         	            Crypto-Absolutism
>			decius at ninja.techwood.org
[more stuff deleted]

>	On the other hand, we have the crypto-anarchists. They believe 
>that the existence of anonymous transactions will naturally lend itself 
>to a situation where everyone is anonymous, no transaction can be 
>tracked, no communications can be monitored, and basically, no 
>government can possibly control the transactions and interactions of its 
>citizens. They support the broad use of military grade cryptography and 
>anominity. Let no message be crackable or traceable. This, also, is an 
>absolute belief and it is also flawed. We have governments for a 
>reason, we came together and founded societies for protection, and if 
>we tore apart our current social structure and created an anarchy, 
>people would immediately form small societies for their own fiscal 
>protection. Creating an anarchy is a massive step backward in social 
>development, not a step forward. Furthermore, PEOPLE WANT TO BE 
>ACCOUNTABLE FOR THEIR ACTIONS. 

  Well, I suppose that if there is anyone who is most opposed to the
opinion you expressed in the paragraph above, it is myself.

I believe:

1.  Governments will no longer be "necessary," if they ever were.

2.  Protection will no longer depend on having a "government."

3.  Anonymous networking technology will protect our rights, to the extent
they can be protected.

4.  Your statement, "...anarchy is a massive step backward..." is absolutely
incorrect.


Note for the others:  I am forwarding this person a copy of my essay.





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRb5FfqHVDBboB2dAQFvlQP/Wmsc0OLvEowD3rQ2Rvu2UDcg34ovQt/S
g5HDiraykfk8SpBxyYDWlq+EEO21GssY0w9wmOaf0PKGwk81gZsqqccVpXpJq2Ha
H+ABrgmzCEkiMnL6anFs2RGkZZrlwB2ZGityvV0YZ8HvpP1Ek1Xj0ZD97hYMmYBz
P3gxGE2VCEQ=
=nhzg
-----END PGP SIGNATURE-----






From jtl at molehill.org  Tue Feb  6 23:27:24 1996
From: jtl at molehill.org (Todd Larason)
Date: Wed, 7 Feb 1996 15:27:24 +0800
Subject: OCAF White Paper on porn on the net
In-Reply-To: 
Message-ID: 


On Tue, 6 Feb 1996, William Knowles wrote:

> With the passing of the CDA recently, The first wounding of the rights
> of free speech online, The Oklahomans for Children and Families are going 
> in for the kill.  A WWW  site has been set up with a HTML version of what 
> the autoresponder sends out.
> 
> http://www.bway.net/~dfenton/noporn.html

The beginnings of a response (from a general mostly-lefist mostly-free 
speech perspective, not a cypherpunks perspective) can be found at 
http://www.galstar.com/alert.

Todd Larason
Oklahoma City, OK
-- somewhat nervous --





From tcmay at got.net  Tue Feb  6 23:33:05 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 7 Feb 1996 15:33:05 +0800
Subject: paper on remailers in the intelligence community
Message-ID: 


At 6:06 AM 2/7/96, t byfield wrote:

>        Surely you jest. It's one of the weirdest hodgpodges of inane free
>association I've ever read. The authors are a couple of regular Jack D.
>Rippers. Highlights:

It's about par for these "management" conferences. A deep, thoughtful
analysis is just not likely (and I don't mean this as a complete insult:
his paper is mostly just to touch on what these issues are, not to do an
academic study).

Strassman is a regular columnist for "Computerworld" and a member of
various advisory councils (including a conspiracy-feeding thing called the
"EC World Council"). He was a bigshot in the DOD, works for the
"Information Warfare" folks (the much-hyped new area generating so many
conferences), and has all sorts of ties to the mil-info complex. An Alta
Vista search on the string "Paul A. Strassmann" is revealing.


>>One of the most prominent anonymous re-mailers is  is in
>>Finland. It is frequently used by the Russian (ex-KGB) criminal element.
>

Maybe he got this from all of the stuff that is sometimes attached
automatically to remailed messages: KGB, Sarin, Corona, Area 51, IRA, and
those cute slogans like "the shipment will be out of the Port of Oakland
at...," etc. :-}

But more seriously, any mil-info complex effort to demonize remailers must
of course invoke one of the Horsemen. At this time, "Russian Mafia
terrorists" is the putative focus of joint U.S.-Russian intelligence
activities, and was even the plot of the latest James Bond movie.

(Rumor has it that 007 will be doing battle with MEDUSA, the cyberspace
descendant of SMERSH, in this case meaning "death to tentacles.")

--Tim May





Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From rngaugp at alpha.c2.org  Wed Feb  7 00:02:43 1996
From: rngaugp at alpha.c2.org (rngaugp at alpha.c2.org)
Date: Wed, 7 Feb 1996 16:02:43 +0800
Subject: Hardware RNG support for PGP 2.63
Message-ID: <199602070406.XAA00825@miron.vip.best.com>


-----BEGIN PGP SIGNED MESSAGE-----


There is now support for using a hardware random number generator
with the most recent version of PGP, (pgp263i)

Version pgp 2.63i is now supported.

The files for this modification of pgp
are at the export controled ftp site in the directory:

ftp://ftp.csn.net/mpj/I_will_not_export/crypto_????????/pgp/rng

the files are:	
		rg263.zip	(compiled both ways, so there
				are executables approapriate for
				both inside and outside USA.)


Sources for the modifications are included. Executables are
included for OS/2 and MSDOS.

In the above ????????? varies because of the export control
scheme. To get the files if you are in the U.S. and Canada
first get the file ftp://ftp.csn.net/mpj/README.MPJ and
follow the instructions.

Many thanks to mpj at netcom.com for providing storage at the
export controled ftp site. Other ftp sites are welcome to
store these files. Be aware of ITAR.

By the way I used to use the mail address:
mg5n+alias!rngaugp at andrew.cmd.edu
But I now use:
rngaugp at alpha.c2.org
because it is faster. But you can tell it is the same
person because I sign with the same PGP key.

Here is the README file that comes with the modifications.
- ------------------------------------------
	       Hardware Random Number Support for PGP.
	           PGP 263 international version

Ever get tired of typing in keyboard timing strokes while generating a
PGP key? Ever want to use PGP unattended, but be foiled because there is
no one there to type the keyboard timing strokes?

Ever wonder if PGP's method of generating random number might have some
subtle flaw which would expose it to cryptanalysis?


This is a modified version of PGP which allows it to be used with a
hardware random number generator. Two kinds of RNG are supported: 
First, any RNG with a IO driver that makes the RNG look like a file that
can be opened (fopen) such that each byte read is a random byte. Second,
a bus RNG under the x86 architecture such that random bytes my be
obtained with a simple "IN" instruction. The CALNET/NEWBRIDGE RNG is an
example of this kind of RNG. A crude sanity check is done to check that
the bytes appear to be random.

To use the hardware random number generator feature of this software,
you must define _ONE_ of the new configuration file parameters RNGDRIVER
or RNGPORT in config.txt or from the command line.  If you have a RNG of
the first type, define RNGDRIVER to be the complete path to the RNG
driver. If you have a RNG of the second type, define RNGPORT to be the
port number from which to get random numbers. You can use hexadecimal
i.e. 0x300.

Examples:

RNGDRIVER=/dev/random

or

RNGPORT=0x300


If neither of these are defined the modified PGP will get its RANDOM
numbers in exactly the same way that regular PGP does, through keyboard
timing. If one of these parameters is set correctly, the modified PGP
will get its random numbers from the RNG and you will never be asked to
type keyboard timing stokes.



I have compiled a version of PGP that supports a hardware RNG for MSDOS
and OS/2. I have included the source files for each file that has been
modified. To compile get the original source files, put in the modified
files and compile as usual. 

The new source files and this software are covered by the same license
as the original, the MIT licence.

The USA version pgp263 (without the i) is covered by the RSA license.


If someone out there has an PSI-LINE random number generator that
attaches to a RS-232 port as if it were a modem,  please test it with
this software. If the software line characteristics (baud rate, flow
control, stopbits, ect) are set correctly (You will have to do this
yourself, as this modified PGP does not do this) then all you should
have to do is set RNGDRIVER to the RS232 device name. I have not tested
this because I do not have this kind of RNG.

Someone may wish to add code to set the software line characteristics,
but this may be difficult, as the code would vary by operating system
and even among the various flavors of UNIX.

If you do such a test please report the results to alt.security.pgp and
cypherpunks.



The executables in the subdirectory "USA" are linked with the 
RSA library and will not allow you to disable the legal kludge.
They should be OK to use in the USA.

The executables in the "I" subdirectory are not linked to the RSA
library and allow you to disable the legal kludge. It should be
OK to use in countries outside the USA such as CANADA.


The executables in the subdirectories "DOS" can be used with
MSDOS. The executables in the subdirectories "EMX" can be used
with OS/2 if you have the EMX runtime system installed. The
executables in the subdirectories "OS2" can be used with OS/2.

The zip file should be unziped with the "-d" switch if using pkunzip.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMRZneM29s2mG+tTVAQEeVgP/dHnlQd73Yyyzw4uB1lwo76aDZOiVe+i4
VV5aUBpTtBYTknPNeKFaUhLOxZo2tykSrByPXuAQ0dzKyL5MxIOAt52sBx2nQoOi
EOFq6mlQH+yUfcfRcjnFGoWtyasBfpdEzO07/shiB8Ts1rRxSR2z0rCoXNuRM8a6
5oU8NDc1vVw=
=H9r8
-----END PGP SIGNATURE-----





From geoff at commtouch.co.il  Wed Feb  7 00:16:11 1996
From: geoff at commtouch.co.il (geoff klein)
Date: Wed, 7 Feb 1996 16:16:11 +0800
Subject: Fw: Release of Pronto Secure first Beta
Message-ID: <9602070734.AA20515@commtouch.co.il>

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary=d4os3ia2um1ynatbsrvdecfwxgqzhl

To: cypherpunks at toad.com
Date: Wed Feb 07 09:53:01 1996
> THIS IS A MESSAGE IN 'MIME' FORMAT.  Your mail reader does not support MIME.
> Some parts of this will be readable as plain text.
> To see the rest, you will need to upgrade your mail reader.
- --d4os3ia2um1ynatbsrvdecfwxgqzhl
Content-Type: text/plain
Content-Description: Fw: Release of Pronto Secure first Beta


The previous version of this message was posted to the list in ascii-armor,
my embarrassed apologies to all.

To: All who have already applied -  you will be receiving a message with 
down load instructions before the end of the week.

New applicants are also requested to mail me their public keys, please.

Thanks, Geoff

- -----Begin Included Message ----- 

Date: Tue, 6 Feb 96 18:52:41 IST
 From: geoff klein 
To: cypherpunks at toad.com
Cc: 

To: cypherpunks at toad.com
Date: Tue Feb 06 19:12:56 1996

Commtouch has decided to offer a controlled release of Pronto Secure to the 
Cypherpunk community. We believe that scrutiny of the product by members of 
this list will help us to release a safe and secure E-mail client.

Pronto Secure is an Internet E-Mail client for Windows, which uses external 
security providers to enhance e-mail with cryptographic security features. 
The current beta version relies on the proven security facilities of PGP to 
provide encryption, authentication, integrity and key management features.
Future versions will include S/Mime and MOSS compliance.

Product requirements: 
- - MS-Windows 3.1 / Windows for Workgroups 3.11 / Windows 95 / Windows NT
- - Winsock 3.11 compliant environment (TCP/IP stack)
- - Installed version of PGP.

We plan to make Pronto Secure available via FTP at the end of this week. 
Parties interested in joining the beta-test program are invited to send me 
pgp-signed e-mail requesting down load instructions and our public key for 
authenticating the version. Beta-testers who provide us with feedback will 
be eligible to receive a free final release version. Sorry no T-shirts, but 
we guarantee that you'll get more wear out of Pronto Secure :).


- -----------------------------------------------------------------
Geoff Klein                          email: geoff at commtouch.co.il
Product Manager - Pronto Secure      http:    //www.commtouch.com
- -----------------------------------------------------------------
CommTouch SW Inc,  U.S                          CommTouch, Israel  
1206 W. Hillsdale Blvd                          10 Technology Ave  
San Mateo,    CA 94403                          Ein Vered,  40696  
Tel:    (415) 578-6580                          Tel: 972(9)963445  
Fax:    (415) 578-8580                          Fax: 972(9)961053  
- -----------------------------------------------------------------


- ---- End of forwarded message ----
- --d4os3ia2um1ynatbsrvdecfwxgqzhl--
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRhaXULv5OMYFK1FAQHG5AP9FyxJgjFRo5Y8iuFtMIZXmhWZA9XtD3mV
YJrLglBpdOsYpKkaqy9NfTooAdIUzqfytc6MDuwDZCWbAiS9lHNMZSHUXXo6s95z
NoIBeEG6qReoGBc0XsNxR/UUQ1vER88gbM4W3jrWv3zPEIV6Yo8y/tv4BbfHfhdH
FOX9htLNeQg=
=zDru
-----END PGP SIGNATURE-----




From gbroiles at darkwing.uoregon.edu  Wed Feb  7 00:30:23 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Wed, 7 Feb 1996 16:30:23 +0800
Subject: paper on remailers in the intelligence community
Message-ID: <199602070806.AAA00707@darkwing.uoregon.edu>


At 12:37 AM 2/7/96 -0800, Tim May wrote:

>Strassman is a regular columnist for "Computerworld" and a member of
>various advisory councils (including a conspiracy-feeding thing called the
>"EC World Council"). He was a bigshot in the DOD, works for the
>"Information Warfare" folks (the much-hyped new area generating so many
>conferences), and has all sorts of ties to the mil-info complex. An Alta
>Vista search on the string "Paul A. Strassmann" is revealing.

Ah. A feeble attempt to deflect attention from your own cooperation with the
Grey aliens and their boot-licking military-industrial-complex errand boys.
Even more revealing is an Alta Vista search for

"timothy c. may" and "william marlow"

Now you'll probably claim that you've never met Marlow or Strassman. Sure.
We know what you're up to. You're not fooling us, Medusa. :)

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From wlkngowl at unix.asb.com  Wed Feb  7 00:31:52 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Wed, 7 Feb 1996 16:31:52 +0800
Subject: [noise] the individual and the tribe
Message-ID: <199602070809.DAA18614@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:

I originally said:

> > ... in the sense that
> >tribal societies are individualist.
> 
> I absolutely don't agree.  The subordination of the individual to the tribe
> is fundamental of their vision of the world.  Individualism is not about
> personnal opinions, it is about the vision of Man as an entity in itself, 
> a type of cattle that owe his service to the collectivity of the tribe.

Beware of stereotypes about "tribal culture".  The individualism in a
tribal culture is different than in western society.  In some ways the west
is way more collectivist than tribal societies... taxes, public works,
laws... even the bare minimums that would exist in libertarian societies.

Certain forms of self-expression and practices with regards to sexuality,
drug use, etc. are quite acceptable in some tribal cultures... even
encouraged over western conformism.

The use of myths with regards to nationalism and cultural purpose is actually 
a western phenomenon.  Creation myths, "how we got here" etc. stories have 
different functions in tribal socieities, and are not used as a 
rationalization of collectivism or submission to the will of the tribe.

Decision making in tribal cultures generally is often based on group 
consesus... if no consensus is reached, no decision is made.  Disagreement is 
acceptable, and in some cultures also encouraged as a sign of adulthood. In 
western collectivist societies there is decision by manufactured consent of 
the majority in an air of perpetual crisis.... a tyranny of the majority.


> 
> Crypto makes the tribe (and it's sorcerers) loose their grip... :)

Tribes aren't run by chiefs or sorcerers.  Large industrial nations are.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRheMyoZzwIn1bdtAQHtQAGAyvJmtmErKscUNS5WZUAlPrcFJpSKJxJg
c/VoBAcOd/dmF6wvyUO4EuZ9q6PS4xb3
=hjlN
-----END PGP SIGNATURE-----





From alanh at infi.net  Wed Feb  7 02:44:04 1996
From: alanh at infi.net (Alan Horowitz)
Date: Wed, 7 Feb 1996 18:44:04 +0800
Subject: Sometimes ya just gotta nuke em
In-Reply-To: 
Message-ID: 



> : of the Pacific when the Nisei troops choosenot to surrender and instead, 
> 
> Who were those second generation Japanese Americans who ``choosenot to
> surrender and instead, mad last-ditch charges against AMerican lines''?


   Strike that. Insert "Nippon".   Don't blame me, I went to public schools.





From nobody at REPLAY.COM  Wed Feb  7 02:45:54 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:45:54 +0800
Subject: GE's Transaction Tech
Message-ID: <199602070106.CAA13461@utopia.hacktic.nl>



GE Info Services Launches New Transaction Technology 


Rockville, Md., 6 February 1996 -- General Electric's  
GE Information Services division said it is launching a
new set of hardware and software products that will
protect business transactions over the Internet. One of
the features of the new system, called "GE
InterBusiness," involves using one-time use encryption
codes for each online session. 

The new offering combines the one-time, or dynamic,
encrypted session key, mutual authentication, and
advanced firewall technology, officials said. By using
standard Internet protocols, a user can conduct
electronic data interchange, electronic messaging, and
electronic file transfers via a secure "pipeline." Those
three elements are key in both electronic commerce and GE
Information Services' Business Productivity solutions.

Anne Biehl, manager of market development for GE
Information Services, said one of the key differentiators
between her company's secure business transaction
technology and offerings from other companies lies with
the dynamic encrypted session key. "This is the first
system on the market today, that we know of, that's using
(this technology)," she said. "It's a pretty powerful
'ring of security' for our users. It's a nice feature
we've integrated into our total solution." With the
dynamic session key, the session is encrypted to secure
all information passed from sender to receiver. The key
itself is never seen on the Internet, and hackers can't
break the encryption, officials stressed.

The new system uses the standard networking and
connectivity of the Internet to interface with systems
used by GE's 40,000-plus customer companies, officials
said. GE InterBusiness runs on all browsers, resides on
any Internet-compatible desktop, and interacts with
standard Internet applications.

GE InterBusiness is available now, Biehl said. Pricing
varies depending on the client's requirements, she said.

Biehl said today's announcement has nothing to do with
the completed sale of the group's GEnie online service to
Queens, New York-based Yovelle Renaissance Corporation,
reported last month.

For additional information, those with Internet World
Wide Web access can surf to GE Information Services' Web
site at http://www.geis.com/.

--






From perry at piermont.com  Wed Feb  7 02:47:08 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 7 Feb 1996 18:47:08 +0800
Subject: Fax Fools US Espionage
In-Reply-To: <199602070054.BAA11802@utopia.hacktic.nl>
Message-ID: <199602070110.UAA01084@jekyll.piermont.com>



Anonymous writes:
> 
> "Foolproof" Encrypted Fax System

More like "system created by fools"

> The encryption system, meanwhile, uses a proprietary, but
> open systems standard of encryption,

I love the doublespeak..

> using a one-time
> passkey, which is transmitted by the sending fax device
> in a secure manner.

How can a one-time pad be transmitted securely? Sounds like crap to
me. Anyone know details?

> "This contrasts with the French/German system which is
> based on RSA's private and public key system. That system
> is flawed, since it relies on the US Government licensing
> a manufacturer to use the algorithm,

I'm sure Jim Bidzos would be amused to hear that.

Perry





From nobody at REPLAY.COM  Wed Feb  7 02:50:57 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:50:57 +0800
Subject: ATT Waives Fraud Fee
Message-ID: <199602070109.CAA14579@utopia.hacktic.nl>



AT&T WorldNet Spurs Online Credit Use


Bridgewater, NJ, 6 February 1996 -- In a teleconference
today, officials of AT&T's WorldNet and Universal Card
services announced a program aimed at allowing users to
"feel safe" in making online transactions by waiving the
standard $50 deductible fee on the use of credit cards
for "fraudulent" purposes.

The new program, to begin within eight weeks, will apply
to all dial-up customers of both WorldNet and Universal
Card Services, as well as to corporate users of
WorldNet's LAN (local area network) Service who use their
Universal Cards upon registering for WorldNet, said Tom
Evslin, VP of AT&T Gateway Services, speaking during the
teleconference.

Some $200 billion in sales were conducted over AT&T's 800
numbers last year, in comparison to only $500 million in
sales over the Internet, Evslin pointed out.

"Secure credit card" technology is an important
ingredient in spurring more electronic commerce, the VP
acknowledged, noting that AT&T is one of the partners in
the new SET (Secure Electronic Transactions) alliance
unveiled by Mastercard and Visa last week.

But based on the results of studies conducted by AT&T
among consumers, it is just as important that consumers
"feel safe" in doing business online as that they "be
safe," Evslin told the reporters and analysts. 

"What's important to consumers is that AT&T put its money
where its mouth is, rather than ask consumers to take the
risk," the VP asserted. 

AT&T will launch the new "deductible fee waiver" in
conjunction with the availability of dial-up access to
WorldNet, a new Internet "content aggregation" service
now in beta, by the end of this quarter, according to
Evslin. AT&T rolled out the WorldNet LAN Connectivity
Service together with BBN Planet last fall.

AT&T plans to be "aggressive" in promoting WorldNet in
the US and overseas, though mechanisms that will include
cross-marketing programs with AT&T Universal Card Service
as well as with third-party partners such as Netscape,
Verity, McKinley, and as of last week, Broderbund, he
told the press.

AT&T Universal Card now has more US card holders than any
other credit card, according to Evslin. The AT&T also
told reporters that he expects other credit card
companies will follow AT&T's lead in suspending the $50
deductible charge in online transactions.

--






From nobody at REPLAY.COM  Wed Feb  7 02:51:33 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:51:33 +0800
Subject: GTE's Virtual CA
Message-ID: <199602070103.CAA12764@utopia.hacktic.nl>



GTE's CyberTrust For Web Electronic Commerce


Washington, D.C., 6 February 1996 -- GTE officials say
that the company's new CyberTrust electronic commerce
program will allow companies for the first time to handle
most of the CA (Certification Authority) function by
themselves, by means of secure Web servers. 

At the Comnet press conference, reporters were told that
GTE, a partner of both Mastercard and Visa, will
introduce its new "Virtual CA" capability for Webmasters
in conjunction with a trio of related services.

The four new services from GTE are aimed at financial  
institutions, online merchants, and government agencies,
as well as at the corporate and consumer markets, said
Charles S. Walton, Jr., CyberTrust's program director,
speaking at the Comnet press event. 

One component of CyberTrust, called the Electronic
Commerce Service, will provide an "infrastructure" for
credit card companies using new secure payment standards
for online transactions, Walton added. 

Another new service, the Partner Forum, will provide
online test services and tech support for developers and
integrators in the electronic commerce arena. 

Through GTE's new Cybersign service, GTE will directly
handle the maintenance of public key certificates, as
well as the issuance, renewal, and revocation of these
certificates.

But with Virtual CA, GTE will manage certificate
management only, permitting Webmasters at subscribing
companies to do their own issuance, renewal, and
revocation of certificates.

Walton acknowledged that GTE's new suite of services will
be targeted at the same market now dominated by Verisign.
But the GTE services, he maintained, will be
differentiated on the basis of general "operational
environment," as well as by Virtual CA. 

In a follow-up interview later, Walton said that GTE, a
long-time consultant to Mastercard, began working with
both Mastercard and Visa last November on development of
SET (Secure Electronic Transactions), a new joint
standard for online credit card transactions. 

GTE, he added, hosted both Mastercard and Visa last week
at GTE headquarters in Needham, Massachusetts. Aside from
GTE, Mastercard and Visa, other partners in the SET
effort include Verisign, IBM, Microsoft, Netscape, SAIC,
and Terisa Systems.

GTE had previously helped Mastercard to create the SEPP
standard, according to Walton. GTE's new CyberTrust,
first announced as supporting SEPP, will now support its
"successor," SET, he noted. CyberTrust will also comply
with the SSL protocol for Web security.

During the press event at Comnet, Walton reported that
Cybersign and Virtual CA will implement a "dual card,
split RSA key design," with "strong access controls." The
two systems will use PCMCIA cryptographic hardware token
technology and X.509-certificate-compatible software.

Virtual CA, he continued, will initially be available on
Sun Solaris-based secure Web servers, but will be ported
to Windows NT-based secure Web servers by the end of
1996. End users will be able to access Virtual CA through
Netscape browsers.

The Web server-based service will introduce "verification
at the server level, which is really where you want it to
be," asserted the GTE official. 

On-site Webmasters are in a particularly good position to
confirm that users "are who they say they are," the
journalists were told. 

As a result, Virtual CA will use a technique called "pre-
verification," in which the Webmaster, or RA
(Registration Authority), will validate and approve
users' certificate requests before the requests go to
CyberTrust. CyberTrust will then return a certificate for
the end user, in the form of an algorithm, either direct
to the end user or through the RA.

Companies subscribing to Virtual CA will receive custom
home pages for certificate data entry, and for issuing,
renewing, and revoking certificates, Walton said. 

The CyberTrust program director said that the  
special PCMCIA hardware will be used at the "CA level"
only, and will not be required by either end users or
Webmasters.

No "actual cards" will be issued to, or needed by either
group, he added. GTE plans to begin offering both Virtual
CA and Cybersign in the second quarter.

--







From lunaslide at loop.com  Wed Feb  7 04:10:52 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 7 Feb 1996 20:10:52 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I	  wrong?
Message-ID: 


>>>1.  Governments will no longer be "necessary," if they ever were.
>>2.  Protection will no longer depend on having a "government."
>>>3.  Anonymous networking technology will protect our rights, to the extent
>>>they can be protected.
>>>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>>>incorrect.
>
>>That's fine that you believe the things, but for acceptance by others you
>>will have to provide support for your position.  I, personally, would like
>>to see your premises so that I may evualuate your claims.  You may indeed
>>be correct in your assessment.
>
>Well, here's  my "Assassination Politics" essay.
>

You all should have a copy of this, so I won't waste bandwidth posting it
again.  If you didn't read it, I encourage you do to so, no matter what
your initial reaction is.  It is a facinating proposal and it brings to
mind a multitude of questions about privacy, anonymity, ethics and the
nature of human beings in general.

Now, in respose to Mr. Bell.  As I stated above, I found your proposal
absolutely facinating, to say the least.  As with many others, I'm sure, it
struck an initial chord in me that tempted me to disregard it out of hand.
However, I was determined to read it through thoroughly and without bias.
I have done so and I have the following thoughts about it.

The plan it self is feasable, and with more thought, all the wrinkles could
be ironed out.  I am impressed with the detail of it.  I would be curious
to see what an open minded laywer would say about it's legality under close
scrutiny.

However, I must point out, and I'm sure you realize this, that it would not
be adopted by the public at large for some time to come, or more likely
never.  There are too many people who believe that it is wrong to take a
life for any reason and that no action justifies death.  I count myself
among these people.  The barganing power of death is indeed great, but some
would still realize that a vote would make them responsible, at least in
part, for a murder.  There is an ethical stumbling block here that may
never be overcome.

Further, I don't believe you have enough support for your claim that other
targets would not be sought.  It is one thing to say that enough people
won't vote for someone picked out of the phone book, but what if the
predicted individual is a doctor who performs abortions, or an activist for
gay rights (or *against* gay rights), or Bill Gates ;-).  There are also
the individuals who are trying to bring about change in society that is
unpopular, but is still in the interest of humanity.  Abraham Lincoln
surely would have been killed by this system, for example.  Also, big
corporations would be able to cut down their political enemies such as
envornment activists, fair business practice activists and competetors'
high ranking officers.  Even if only one person in charge of such a
business were to put out a digital contract, he would have no problem
suppling the money for the hit.  People who have tried to make changes for
humanity that went against the social norm at the time are revered today
for their efforts.  In this system, they would likely be assasinated.
Nothing would ever change because people are always afraid of change and
afraid of things they do not understand and the people who fight that
ignorance will likely be killed.  Your statement that Organization B, the
one that collects for any target, is not well supported.  They would still
be doing *plenty* of business, in spite of the higher prices.

Organization B would thrive, make no mistake.  And the people who would be
getting in on all the action are the rich.  All the politicians who oppose
their interests would be hit immediately.  Anyone trying to change the
status quo would be eliminated.  Why do you think we are still using
combustion engines in the last decade of the 20th century?  We could have
had better alternatives 20 years ago, but the oil companies would loose out
so they have either bought out these ideas or had killed the inventors and
bought their patents and are sitting on them.  A capitalist economy does
not always breed competition that brings out the best and most desireable
products because some advancements are bad for all the businesses involved
in that market.   Big business and the rich would benifit the most from the
Assination Politics model.

 But what if OrgB stops taking donations for "predictions" for
"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
organization will crop up to take their place AND the people operating OrgB
could be hit for their "ethical" action.  There is simply too much
opportunity offered by OrgB type organizations for people to pass up.  They
will not let the higher prices stop them.

If the answer to that problem is to regulate the lists of "victims", then
the next question is who are these people who are regulating and what
guidelines are they following?  Who decides who gets to be the moderators?
Could there be exceptions to the (NIOFP)-offender standard?  Who would they
be and why?    Could the organizations be anonymous as well?  How would the
money be transmitted to them in that case?  How can we trust or redress
grivances with an organization?  There are still many concerns regarding
the organizations.  If the organizations fail, the whole system fails.

That's all I can think of at the moment.  Like I said before, once one can
get past the bias, it is an endlessly intriguing proposal bristling with
questions and issues concerning our very beings.

This is precisely why I would like to know if I may take a copy of your
proposal to my ethics class.  I think this is a great topic for discussion
and I would like your approval.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From gbroiles at darkwing.uoregon.edu  Wed Feb  7 04:14:03 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Wed, 7 Feb 1996 20:14:03 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <199602070848.AAA05915@darkwing.uoregon.edu>


At 01:48 PM 2/4/96 EST, you wrote:
>"David K. Merriman"  writes:
>> >Now that we all have web pages that are naughty and might be seen by
>> >little children, I'd like to hve some kind of a graphic that can
>> >universally be seen as a "Warning:  The following material is unsuitable
>> >for children and close-minded twits".  (or words to that effect).
>>
>> Hmmmmm. Maybe a doll with an international 'no' sign superimposed?
>
>Either the 'no' sign (red crossed circle) or a wide red cross over one of:
> rattle
> baby bottle / pacifier
> disposable diapers (with contents visible)
>  safety pin?

How about the circle-slash "no" symbol superimposed on the Constitution? 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From zinc at zifi.genetics.utah.edu  Wed Feb  7 04:17:39 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Wed, 7 Feb 1996 20:17:39 +0800
Subject: has this been on cypherpunks? (fwd)
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

cpunks,

i particularily like this quote:

"Role Of Encryption

For added protection, users of Anonymous Re-mailers tend to encrypt their 
messages just in case one of the remailing links are compromised. PGP 
(Pretty Good Privacy) encryption is favored because it is freely available 
and easy to use. A typical digital signature would look like this: [...]"

hell,

i'd like to see these guys hang out on alt.security.pgp answering 
questions all day...

pjf, 'easy to use' my ass



"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRha1E3Qo/lG0AH5AQESIwP9HUKUmvlVqOteom2xWLKW7az4V1lH4lex
e3MJMK1e5a6C2JRbs6JeoEj2o3hUIKwcF8DF0HmnAeETfXyM2qtY6PdkLQlWy+Qh
9w3BDi+m6cxy7TmADcLyBtg0bc6imdJGHyeTtcsT7XUyrKlf/O+o6QX9ip4FOqZz
5/OZ8j8KwK0=
=6K1U
-----END PGP SIGNATURE-----





From tbyfield at panix.com  Wed Feb  7 04:24:05 1996
From: tbyfield at panix.com (t byfield)
Date: Wed, 7 Feb 1996 20:24:05 +0800
Subject: paper on remailers in the intelligence community
Message-ID: 


At 12:37 AM 2/7/96, Timothy C. May wrote:

>But more seriously, any mil-info complex effort to demonize remailers must
>of course invoke one of the Horsemen. At this time, "Russian Mafia
>terrorists" is the putative focus of joint U.S.-Russian intelligence
>activities, and was even the plot of the latest James Bond movie.

        Yup. 
        In essence, remailers and other anonymizing/pseudonymizing
techniques democratize "deniability"--the MO of circumventing the law that
states have arrogated to themelves. Institutional dynamics aside, the
proverb that "A man reveals his character best when describing that of
another" applies to governments, too, I think: we can expect governmental
and paragovernmental anti-anonymity arguments to focus on the most extreme
ways in which governments have used their power to modulate identity--i.e.,
law-breaking.
        I don't want to start up a Cypherpunk[TM]-approved PR debate, but I
do think we (quote unquote) might do well to think a bit about some
arguments that can sidestep the arguments we can reasonably anticipate.
Plenty of folks have very recognizable nyms, so... nym as PO box, nym as a
way of tracking who's tracking you (like misspelling your name this or that
way when you know the organization you're giving it to will sell it), nym
as backup (for when your mailserver's down [yeah, I know...]). Anonymity,
after all, is only one of many possible uses for a remailer. No one could
possibly require that your email address bear your first and last names in
recognizable form--so what's so different about a nym?
        In terms of the fundamental issues, these are sidelights,
obviously, but they could come in handy. US culture has a deep-seated
mistrust of unstable identities (viz., the "con man") going back a century
or more; fighting on behalf of unstable and multiple identities will be an
upstream swim. But we might do pretty well arguing that remailers are more
similar to than different from net.staples--nutty email addresesses,
multiple addresses, etc.
        Sometimes the best way to win an argument is to refuse to have it.

Ted







From lmccarth at cs.umass.edu  Wed Feb  7 04:25:05 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 7 Feb 1996 20:25:05 +0800
Subject: has this been on cypherpunks? (fwd)
Message-ID: <199602070853.DAA14781@opine.cs.umass.edu>


I just sent this to the remailer operators' list, but it may be of interest
here too. I think Tim or Lucky or someone suggested something like GAI
(Government Access to Identities) here a while back....

Forwarded message:
> Lance writes:
> > Is it just me, or does this guy make a convincing case for the need for
> > remailers without ever showing one shred of evidence to back up his fear
> > mongering?
> 
> Exactly. Ted Byfield mentioned on cpunks that it reads like a free
> association session. I find the piece quite schizophrenic. (IANA 
> psychologist :)  They alternate between fairly eloquent arguments for the
> roots of remailers in fundamental principles of freedom and privacy, and 
> the bizarre "anonymity as a disease" analogy. 
> 
> I hypothesize that the Strassmann & Marlow paper is meant to lay the 
> groundwork for some sort of eventual Government Access to Identities proposal
> (which would more likely be termed "identity escrow" by the Feds). It's 
> about the only way I can reconcile statements like the following 
> (juxtaposed by me, not them):
> 
> 	"...it becomes politically unacceptable to suppress remailers
> 	as potential sources of criminal acts. Such absolute 
> 	prohibitions would never pass through a legislative process...."
> 
> 	"As in the case of [various diseases] it will take disasters
> 	before the public may accept that some forms of restrictions
> 	on the electronic freedom of speech and privacy may be
> 	worthwhile."
> 
> 	"We trust that this will be seen as a useful contribution to an
> 	already raging debate of how to find a balance between the
> 	desirable and the dangerous."
> 
> I suspect the key phrases there are "absolute prohibitions", "some forms of
> restrictions", and "find a balance". 
> 
> I'm still surprised that the paper takes such a conciliatory stance towards
> anonymity and pseudonymity. Strong crypto and GAK-free crypto have big 
> corporate constituencies, but I see strong and GAI-free anonymity/pseudonymity
> as much more vulnerable. I'm tempted to declare this a guarded preliminary
> success of the cpunks remailer community -- we are seen as a viable player
> in "the game", potentially capable of forcing at least a compromise on
> nymity issues.
> 
> -Lewis
> 






From wlkngowl at unix.asb.com  Wed Feb  7 05:37:55 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Wed, 7 Feb 1996 21:37:55 +0800
Subject: How to prevent a virus infection :-)
Message-ID: <199602071316.IAA19827@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Lucky Green wrote:
> 
> Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
> without firewalls pose the risk of spreading viruses when downloading files
> from them. A  GIF was being downloaded in the background...

(chuckling) I remember when one of the Michaelangelo scares was going on 
(hey, is it that time of year again?) the place where I was working got a 
telemarketing call selling anti-virus software.

String that one up with conspiracy theories...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRimFioZzwIn1bdtAQHyIAF/YKlGvU0JeP9V4+VoDHksXn0SCd6wE86x
1HptGTwiHjH1I/BhjRLyY9xiCFqNLwSf
=Kqj2
-----END PGP SIGNATURE-----





From jamesd at echeque.com  Wed Feb  7 08:43:46 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Thu, 8 Feb 1996 00:43:46 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I  wrong?
Message-ID: <199602071621.IAA18512@blob.best.net>


At 03:43 AM 2/7/96 -0800, lunaslide at loop.com wrote:
> Now, in respose to Mr. Bell.  As I stated above, I found your proposal
> [assasination politics] absolutely facinating, to say the least.  
> [...] 
> However, I must point out, and I'm sure you realize this, that it would not
> be adopted by the public at large for some time to come, or more likely
> never.  There are too many people who believe that it is wrong to take a
> life for any reason and that no action justifies death. 

This, of course, explains why war is impossible these days and why the public
is outraged whenever the government executes a murderer.

        :-)


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From wlkngowl at unix.asb.com  Wed Feb  7 08:49:04 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Thu, 8 Feb 1996 00:49:04 +0800
Subject: A Warning Re: Hardware RNG support for PGP 2.63
Message-ID: <199602071624.LAA20523@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

rngaugp at alpha.c2.org wrote:

> Here is the README file that comes with the modifications.
> - ------------------------------------------
>                Hardware Random Number Support for PGP.
>                    PGP 263 international version
> 
> Ever get tired of typing in keyboard timing strokes while generating a
> PGP key? Ever want to use PGP unattended, but be foiled because there is
> no one there to type the keyboard timing strokes?
> 
> Ever wonder if PGP's method of generating random number might have some
> subtle flaw which would expose it to cryptanalysis?[..]

Ever wonder that a random number device driver or hardware will have a subtle 
flaw???

Relying on the /dev/random NOISE.SYS driver now while it's still in beta 
isn't nec. a good idea.  For experimentation, sure.  I'm also rather
concerned as to how this version of PGP handles it.  Very much so.

The current and latter versions of NOISE.SYS parallels the Linux random.c 
driver in that there are two devices, /dev/random and /dev/urandom... the 
older versions (pre version 0.4) will return as many bytes as are requested 
(from /dev/random) whereas the current version returns only as many bytes as 
are conservatively estimated to be "truly random".

If you are using the older NOISE.SYS /dev/random or the newer version's 
/dev/urandom for key generation then essentially you're using a pseudo-RNG 
based on SHA rather than real random data.

The implementation should try to get as many bits as are needed from the 
driver and then request some keystrokes, collect more data, etc. until you 
have enough bits (advantage over older PGP method? You only need to sample 
from driver, and not worry about processing raw samples yourself; driver also 
samples from other sources than keystrokes as well...)

I'd be wary of relying on NOISE.SYS or any similar driver for PGP-key 
generation until the driver gets more thorough examination; I'd also be VERY 
wary of an improper use of the driver.


- --Rob (who wrote NOISE.SYS).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRjSNSoZzwIn1bdtAQEn+wF/ZxQKqOCRyKrJjmdtYtE2kVG6v+3NkOOb
84JMpWkpzkMVe8L7LHr7bLdgzkVxDB+8
=m54+
-----END PGP SIGNATURE-----





From jamesd at echeque.com  Wed Feb  7 09:07:38 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Thu, 8 Feb 1996 01:07:38 +0800
Subject: [noise] the individual and the tribe
Message-ID: <199602071645.IAA22893@blob.best.net>


>Rob said:
>> ... in the sense that
>>tribal societies are individualist.

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
>I absolutely don't agree.  The subordination of the individual to the tribe
>is fundamental of their vision of the world. 

Some tribal societies are individualist, some are not:  Most of the
myths and legends of the Australian Aboriginals have a lone ranger
character as the hero or villain, or at least most of the ones
that I have read feature a person whose life is dramatic or heroic in part
because he is tribeless, perhaps for the same reason as most heroes
in Disney cartoons are orphans.


 Individualism is not about the
>personnal opinions, it is about the vision of Man as an entity in itself, not
>a type of cattle that owe his service to the collectivity of the tribe.
>
>Crypto makes the tribe (and it's sorcerers) loose their grip... :)
>
>JFA
>
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From PADGETT at hobbes.orl.mmc.com  Wed Feb  7 09:22:57 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Thu, 8 Feb 1996 01:22:57 +0800
Subject: Strong Crypto Weak
Message-ID: <960207115847.20213b69@hobbes.orl.mmc.com>



>The seven experts who wrote the new paper -- "Minimal Key
>Lengths for Symmetric Ciphers to Provide Adequate
>Commercial Security" -- say the achievement by the
>students at the Ecole Polytechnique was trivial. 

For this they needed "designated heros" ? Have been saying the 
same thing for two years.
						Warmly,
							Padgett





From conrad at unix-ag.uni-kl.de  Wed Feb  7 09:26:00 1996
From: conrad at unix-ag.uni-kl.de (Peter Conrad)
Date: Thu, 8 Feb 1996 01:26:00 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602071139.MAA05424@pizza.unix-ag.uni-kl.de>


-----BEGIN PGP SIGNED MESSAGE-----

Hi,

Duncan Frissell wrote:
>At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
>
>>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>>would have a (mandatory) legal requirement to:
>>
[...]
>Unfortunately, it would also:
>
>*  Require government registration of computers and databases containing
>information about people (whether these computers are used by business or
>individuals).  This eases regulation of computers and future confiscation.

This is not true. Individuals are not required to register anything, the
BDSG simply does not apply do them (see. Par. 1 Section (2) ).
Businesses are required to register (besides their address and the kind
of business they do) a person who is responsible for any personal
information they want to keep and a general description of the kind of
data they intend to keep (see Par. 32 Sect. (2) ).
Computers are hardly mentioned anywhere in the BDSG, in fact, most of it
applies to any method of processing personal information. It doesn't
matter if a business keeps data printed on paper or stored in a computer.

>*  Reduce market efficiency by making it harder to match buyers and sellers
>(because neither could easily find out about he other) thus causing higher
>prices and poorer people.

Oh well. In the past buyers and sellers have always found each other
without keeping large databases. Most buyers are quite capable of finding
appropriate sellers (that's what advertisement and commercials are good
for).  The goal of the BDSG is to give the individual control of information
kept about him.
An example: The Deutsche Bundesbahn issues so-called 'BahnCards'. If you
buy a BahnCard you can use the Bundesbahn-trains for half the normal price.
Until a couple of months ago, the Bundesbahn gave all the information they
got from their BahnCard customers to the Citybank AG. The Citybank AG
sent their junkmail to all Bahncard customers and tried to make them get
a credit-card. This was in violation of the BDSG. And I still know where
to get a credit-card if I want one.

>*  Do nothing to protect personal information from the government which
>would get to collect more of it than ever in the course of enforcing data
>protection laws.

Oh yes it does. The same rules (or even stricter ones) that apply to
businesses apply to all government organizations. If any government
organization (even the police) violates the BDSG you have the right to
file a lawsuit against the organization (or the individual who violated
your rights).

>If you don't want people to know things about you, don't tell them.

You sometimes have no choice.
Those of you capable of understanding german might take a look at

http://www.fh-ulm.de/bvd/gesetz.html

Bye,
	Peter

NB: I subscribe to this list through a digest only. Please CC: me on
    followups.
- -- 
Peter Conrad    | "They say time is the fire in which we burn."
Am Heckenberg 1 |                        Dr. Soran, Star Trek - "Generations"
56727 Mayen
Germany

         Email: p_conrad at informatik.uni-kl.de,conrad at unix-ag.uni-kl.de

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBMRiPe7FFskV8RCVHAQEMwQP7B6/QSo0E8bAiPcusg9+Etzx+WdIi6nuP
WVvnJ7RWrwoScnPkRJs7uaBfCpedFu3TZX7RyOm6bVAX4mwFe/dtqhBxcy8U3lQg
fqa3WUAhyBNPcr6tF38sVocKs6hWRiw+KckzvnCx9grJpqVHz6kvimAcVOIg027O
Zzk8jyopYDw=
=PBa7
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 09:35:41 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 01:35:41 +0800
Subject: CypherPunks as Teachers; source material [Re: Hey,we are quaint! , (Was: A Sign of the Future)]
Message-ID: <01I0WN62FN68A0UVSI@mbcl.rutgers.edu>


From:	IN%"attila at primenet.com"  "attila"  6-FEB-1996 02:05:25.34

>	Jefferson certainly would role over at the degeneration of "his"
    party which began in the 30s as liberal news, particularly radio,
    demagougues discovered they could fan the riff-raff and control the
    direction of government. 
---------------
	An interesting example of Jefferson's thoughts on the subject of the
"Natural Aristocracy" can be found at http://ils.unc.edu/~vreer/aristoi.txt
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 09:36:11 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 01:36:11 +0800
Subject: Telecoms Bill
Message-ID: <01I0WNRCL1CAA0UVSI@mbcl.rutgers.edu>


From: Deranged Mutant 

>Encrypted/truly anonymous ftp would be nice (though some folx would 
understandably have problems with truly anonymous uploads, and crypto 
export restrictions in the US could be problematic legally).

I think there is already work on encrypted telnet (stel) by the CERT/IT 
people.
----------------
	If a completely encrypted http method (ssl) is indeed available, a
(clunky) solution to both of the above would be a web proxy on an encrypted
server that would act like a ftp or telnet proxy. I'm not sure about the limits
of the html language for doing this (updates, et al)- it may have to be
graphics to the user and form input back, which would take a while.
	-Allen





From banelaw at med.com  Wed Feb  7 09:37:32 1996
From: banelaw at med.com (banelaw at med.com)
Date: Thu, 8 Feb 1996 01:37:32 +0800
Subject: Assassination Politics--isn't it gambling?
Message-ID: <9602070200.AA26022@toad.com>


Jim: as to "Assassination Politics."  Isn't the structure you describe
gambling?  Placing money on a prediction, with the correct predictor
winning?  And if so, isn't it illegal if done over the wires, i.e., federal
commerce?  I'm not looking for a way to declare your scheme illegal, I'm
just pointing out that there are other angles, especially if done over the
wires. I guess you could move the structure off shore--pity the poor country
hosting such an entity!  If you were at all succesfull, the server accepting
digital cash would be moving from place to place--remember pirate radio?

Philip
BaneLaw
Suite 210W
1800 112th Ave NE
Bellevue, WA 98004
206.455.5537
Fax:206.812.2032






From PADGETT at hobbes.orl.mmc.com  Wed Feb  7 09:43:12 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Thu, 8 Feb 1996 01:43:12 +0800
Subject: Why am I wrong?
Message-ID: <960207115456.20213b69@hobbes.orl.mmc.com>


(Was referring to the govs ability to control communications *with them*) 
>Perhaps I do not understand your point.  They can perhaps
>control the communication between them and me, but not between me and
>everyone else.

Ok please view my three points fromn the standpoint that so much of the 
total traffic would be affected by at least one, that "uncontrolled"
communications would be minimal.

>>2) communications using someone else's equipment/network (university,
>>   employer, etc)

>Employers nor universities have any jurisdiction over whether you use
>encryption in your transmissions while using their networks unless it
>specifically does not allow it when you first agree to have an account with
>them.

I think you had better review the concept of "property rights". Unless you
have a contract that says you can, or can establish "expectation", the
property owner who allows you to use their equipment may control how it is 
used.

>>3) communications with anyone (Internet merchant, etc) who says "this
>>   is not what  approves..."

>I don't quite understand your meaning.  I am a merchant and I encourage my
>customers to use PGP when they send information over the internet, whether
>to me or to anyone else. 

That is fine but what if MasterCard refuses to accept this method ? (Not
saying they will, just "what if" ? You are free to use digicash if you
want but is not "legal tender for all debts public and private".

>Comments?  Bring 'em on! :-)

I dood it.
					Warmly,
						Padgett






From tcmay at got.net  Wed Feb  7 11:26:01 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 03:26:01 +0800
Subject: Internet Passports, Identity Escrow, and Back Doors
Message-ID: 


lmccarth at cs.umass.edu risks violating the terms of his PC probation by writing:

>I just sent this to the remailer operators' list, but it may be of interest
>here too. I think Tim or Lucky or someone suggested something like GAI
>(Government Access to Identities) here a while back....
>
>Forwarded message:
>> Lance writes:

>> I hypothesize that the Strassmann & Marlow paper is meant to lay the
>> groundwork for some sort of eventual Government Access to Identities proposal
>> (which would more likely be termed "identity escrow" by the Feds). It's
>> about the only way I can reconcile statements like the following
>> (juxtaposed by me, not them):

Indeed, several of us have written extensively about the rationales for
"is-a-person" credentialling by government, what I have quipped is a kind
of "identity escrow" (further abusing the term "escrow").

I lack the time to write a concise summary, so will instead mention a bunch
of points. Searching the archives for mentioned terms may yield more
comprehensive articles.

* "Internet Driver's License." This is not just a joke, although the
reported systems are not called this. But the idea is the same. A
credential, probably a signed key certificate, that is granted after proof
of age is presented. (For example, one might show a passport or
conventional Driver's License at a Post Office and they'd issue a signed
key....something they'd like to get into the business of doing, from
various reports.)

* An age credential such as this is essentially going to be necessary, in
the worst case, for accessing the Net and Web. If the CDA is upheld--which
may take several years to decide for sure--then sites will probably have to
take positive steps to verify that users are not minors. Unless they carry
only G-rated Barney material (but no Barney jokes, as children might be
traumatized).

* This age credential obviously cannot be just the "I swear that I am old
enough to view adult images" sort of click button. (Although it mostly
works with ordering adult material through the mail to immunize a provider,
except in this case there is the additional "check" of mail delivery, where
a postal carrier may may informal inquiries about the age of the recipient.
Plus the parents can intercept the subscription to "Hustler" that
14-year-old Johhny ordered.)

* The various schemes for signature authorities, which I admit to not
following very closely, all the stuff about Verisign and whether Netscape
will or will not accept signatures of rogue signers....all this suggests a
worrisome situation in which all messages must be signed by the True Name
(see above) of the message originator.

(For a good fictional treatment of this, see John Brunner's "The Shockwave
Rider.")

* Remailers and Web proxies obviously represent an end-run around the CDA
and key escrow, in various ways, so I think it likely that these will come
under attack. The legal means of attacking them may be one or more of the
following:

- holding the remailer site operator legally responsible for what can be
traced back to his system, especially if in plaintext. (This would make the
last site in a chain of otherwise-encrypted messages especially vulnerable
if the message is delivered in plaintext to the recipient. Of course, with
wider use of crypto, the message can be delivered in encrypted form. I see
more and more remailers insisting on encrypted (high entropy) messages.)

- for sites that charge any kind of fee for remailing, extensions of the
business laws to require that logs be maintained ("so that customers can
dispute bills"!!). These logs could then be subpoenaed to aid in tracing
messages back to origins. (Sure, it gets hard when hops outside the country
are involved...I'm not saying this'll be easy or effective, just a possible
avenue of attack on remailers.)

- finally, outlawing of remailers and proxies. Or extensive registration of
them. (We've had this debate a couple of times, about whether
mail-forwarding services really have to register, get proof of ID, send
records along to the government, etc.)

* Identity Escrow obviously fits in closely with key escrow in general.

In closing, I think the next couple of years will see increasing pressure
to require some kind of "Internet Driver's License," at least within the
U.S. Other countries will jump at this (Germany, China, France, the usual
suspects). Call it an "Internet Passport."

For some interesting insights into the thinking of some in the crypto
community, go back to around 1986-8 in the "Crypto" Conference Proceedings
and you'll find some papers, by Fiat and Shamir I believe, on the "problem"
of "rogue governments" (they cited Libya for their example) issuing "false
passports."

(I have commented in the past that the U.S. government has a reported
50,000 or more people in the Witness Security (aka Protection) Program,
under the U.S. Marshal's Service, and reserves the right to create
completely fake "legends" (dossiers) for these people, including false
credit records, false education records, and false employment records. Not
to mention their various secret agents. Clearly the government would want
"back doors" into any Internet Passport system!)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jk at digit.ee  Wed Feb  7 12:08:06 1996
From: jk at digit.ee (Jyri Kaljundi)
Date: Thu, 8 Feb 1996 04:08:06 +0800
Subject: strong cryptography for Java
Message-ID: 



I found today a Java package, implementing some cryptography (MD5, DES, 
RSA and Diffie-Hellman). Seems quite interesting.

It is called JCrypt alpha release 0.1.

The information is on:

http://www.cs.utexas.edu/users/achou/JCrypt/packages.html

Sorry if this has been on this list already.

J�ri Kaljundi
jk at digit.ee
Digiturg http://www.digit.ee/






From wilcoxb at nagina.cs.colorado.edu  Wed Feb  7 12:19:00 1996
From: wilcoxb at nagina.cs.colorado.edu (Bryce)
Date: Thu, 8 Feb 1996 04:19:00 +0800
Subject: POTP gets good press
Message-ID: <199602071956.MAA17880@nagina.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

The Sun Observer -- "An Independent Journal Devoted to the 
Sun and Compatible Markets" -- ran an article in the Feb 96
issue entitled "New technology eliminates need for keys to
encrypt e-mail messages".


Byline: Bob Harvey.  About the author:  "Bob Harvey is vice
president of the Internet Security Corp., a Lexington,
Mass.-based network security solutions provider."


Content:  includes diagrams entitled "Link Level Encryption"
in which sender transmits keys to receiver, and "Packet
Level Encryption" in which sender transmits key sto
certificate authority which transmits them to multiple
receivers, and "Synchronized Random Key Generation (SRKG)" 
a la "Power One Time Pad" in which no keys are transmitted 
and multiple recievers magically decipher messages via 
built-in encryption devices.


Am I right in thinking this is utter unmitigated
bullsh snake oil?  Does anybody have any other
dirt on this Bob Harvey guy and his Internet Security Corp?
What is his relationship with the POTP folks?  An Alta 
Vista search revealed several Bob Harveys, but none who 
matched with "Internet Security".


I'm Cc'ing this to the editor in chief of The Sun
Observer.  If he doesn't know about the cypherpunks he might
want to request some explanation...


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRkD8/WZSllhfG25AQESBgP8CmmKb0+VMqs14FNQ2YoAllXcaqAtc09Y
99KljeM0gHpm19x14Tj011bngS59EyUCDvoFaY6HtOmOPNqR2SpQxoHp9IBWNJmS
dGEGwuqCLEB2gxMwgtjrwCNWyJmXk6Wp8UTRPcoG/woXWBCkyllbc62dV/RbILva
OeKJR5FpQ9Y=
=YT6V
-----END PGP SIGNATURE-----





From teddygee at visi.net  Wed Feb  7 12:25:53 1996
From: teddygee at visi.net (Ted Garrett)
Date: Thu, 8 Feb 1996 04:25:53 +0800
Subject: Windows PGP mail reader
Message-ID: <2.2.32.19960207092918.007298b4@mail.visi.net>


At 09:56 PM 2/3/96 GMT, you wrote:
>In article <4eaksb$6i9 at recepsen.aa.msen.com>, jims at conch.aa.msen.com says...
>>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>>content?  Please reply  via email:
>
>Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
>addition. by John Navas, both are free:  
>http://users.aimnet.com/~jnavas/winpmail.htm
>

I recently picked up "PGP Windows Shell".  I have found it to be an excellent utility for encrypting and decrypting messages as easily as cutting to and pasting from the clipboard.  All operations are automated, you can use whatever mailer you want, and it's freeware.  The URL is http://iquest.com/~aegisrc/utils2.shtml 

Also, if you want something to automate usage of the cypherpunk style remailers, check out Joel McNamara's Private Idaho.  It's an excellent tool, also freeware, and is available at URL http://www.eskimo.com/~joelm/pi.html

Another utility you might like to look at (of course it's freeware too) is PGP WinFront.  While it's a little more cumbersome than PGP Windows Shell, it has all the same functionality.  There is also a shareware utility available from the same URL, called PGP QuickFront.  The combination of QuickFront and WinFront make using PGP under windows almost pleasant.  It can be found at http://netaccess.on.ca/ugali/crypt/ .







From shamrock at netcom.com  Wed Feb  7 12:27:58 1996
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 8 Feb 1996 04:27:58 +0800
Subject: How to prevent a virus infection :-)
Message-ID: 


Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
without firewalls pose the risk of spreading viruses when downloading files
from them. A  GIF was being downloaded in the background...

LOL.

I only wonder who the fuck is hiring such idiots.


-- Lucky Green 
   PGP encrypted mail preferred.







From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 12:36:37 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 04:36:37 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0WP5CYZQ0A0UW73@mbcl.rutgers.edu>


From:	IN%"ravage at ssz.com"  "Jim Choate"  6-FEB-1996 21:15:10.47

>If the intent is to motivate others to kill or otherwise harm others simply
because you don't agree with them or their actions is reprehensible and
moraly or ethicaly undefensible.
-------------------
	So you don't believe in self-defense, or the defense of another? While
I'm not as sure as Jim whether such a system would just be used by the good
guys, if someone has taken action to seriously violate the rights of another
I can see the death penalty as being appropriate.
	-Allen





From campbelg at limestone.kosone.com  Wed Feb  7 12:36:55 1996
From: campbelg at limestone.kosone.com (Gordon Campbell)
Date: Thu, 8 Feb 1996 04:36:55 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960207031307.006aa254@limestone.kosone.com>


At 01:48 PM 04/02/96 EST, Dr. Dimitri Vulis wrote:
>
>Either the 'no' sign (red crossed circle) or a wide red cross over one of:
> rattle
> baby bottle / pacifier
> disposable diapers (with contents visible)
>  safety pin?

I've file-attached a first attempt at something like this to Robert Hayden
(the original poster.) It's the international 'no' sign superimposed over a
drooling baby.

If he likes it and is able to post it somewhere, he's free to do so. I'd
post it myself, but I have no web access (not yet, anyway).

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.






From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 12:40:29 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 04:40:29 +0800
Subject: Electronic Grille Cipher?
Message-ID: <01I0WO7W8WEOA0UV0C@mbcl.rutgers.edu>


From:	IN%"wlkngowl at unix.asb.com"  6-FEB-1996 03:23:01.15

>An idea occurred to me the other day, for hiding multiple
texts in one file using multiple keys.  The gist of it is to
take a reasonably large file of random data and then to hide
the bytes of a message in scattered locations.  The method of
determining where each byte is would be based on a good cipher
which for each iteration would return a relative offset from
the last location in the file.
-----------------
	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
to some parts of the Archives discussing it. However, the main objection to
this idea was that the cops would just do a search warrant for the second group
of information. My solution to this is to have quite a few groups of
information, which would admittedly make the spacing problem a bit hard.
The following might be an example for someone of such a scheme:

A. Accounting information that you give the IRS (and the cops if they come)
B. Your collection of vanilla, heterosexual alt.sex.stories (give to cops)
C. Your collection of digitized playboy centerfolds (give to cops) 
D. Your collection of, say, homosexual bestiality stories (don't give)
E. Your collection of digitized photos of the above (don't give)
F. Your _real_ accounting information (don't give)
G. Your plans to violently overthrow the government (don't give).

	You'd just reveal the top two at first; if they asked if there was
anything more, you'd reveal the third. All three are things that you can easily
justify wanting privacy for- and some of them are ones that you'd want
different people to have access to (your accountant vs your lover, for A & B).
	-Allen





From ravage at ssz.com  Wed Feb  7 12:40:36 1996
From: ravage at ssz.com (Jim Choate)
Date: Thu, 8 Feb 1996 04:40:36 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602070326.VAA03478@einstein.ssz.com>



Forwarded message:

> Date: Tue, 6 Feb 1996 21:43 EDT
> From: "E. ALLEN SMITH" 
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
> 
> >If the intent is to motivate others to kill or otherwise harm others simply
> because you don't agree with them or their actions is reprehensible and
> moraly or ethicaly undefensible.
> -------------------
> 	So you don't believe in self-defense, or the defense of another? While
> I'm not as sure as Jim whether such a system would just be used by the good
> guys, if someone has taken action to seriously violate the rights of another
> I can see the death penalty as being appropriate.
> 	-Allen
> 
What is described is not self-defence by any stretch of the imagination. It
is a pre-meditated act which causes any plea of self-defence to fail.

If it is wrong for an individual to kill another except in immediate
self-defence then it is wrong for any group of people to kill another
individual or group unless there is an immediate threat to the group.
Capital punishment by governments is wrong under any conditions. If you
seriously believe it is ethical for a government to kill another then please
answer me a simple question.

How many people have to decide that another should be killed for it to be
ethical? In short, how many people does it take to decide it is a legitimate
act to take your own life?

                                                  Jim Choate






From perry at piermont.com  Wed Feb  7 12:46:00 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 8 Feb 1996 04:46:00 +0800
Subject: POTP gets good press
In-Reply-To: <199602071956.MAA17880@nagina.cs.colorado.edu>
Message-ID: <199602072010.PAA05161@jekyll.piermont.com>



Bryce writes:
> The Sun Observer -- "An Independent Journal Devoted to the 
> Sun and Compatible Markets" -- ran an article in the Feb 96
> issue entitled "New technology eliminates need for keys to
> encrypt e-mail messages".
[...]> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?

Probably. Almost all such claims end up being crap. I haven't seen the
article yet so I can't say for sure, but 99% of the time these
companies have no idea what they are doing and feed the gullible lines
of utter bull. I don't know how so many of them survive in the market.

Perry





From ses at tipper.oit.unc.edu  Wed Feb  7 13:47:34 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Thu, 8 Feb 1996 05:47:34 +0800
Subject: POTP gets good press
In-Reply-To: <199602071956.MAA17880@nagina.cs.colorado.edu>
Message-ID: 


On Wed, 7 Feb 1996, Bryce wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)" 
> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?  Does anybody have any other

It could be doing something SKIP like; if the certificates are DH certs, 
it could be using those to generate a shared secret, and combing that 
with an IV to generate a key.

hard to tell from the article

Simon





From allyn at allyn.com  Wed Feb  7 13:56:18 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Thu, 8 Feb 1996 05:56:18 +0800
Subject: How to prevent a virus infection :-)
In-Reply-To: 
Message-ID: <199602070429.UAA12527@mark.allyn.com>


> 
> >LOL.
> >
> >I only wonder who the fuck is hiring such idiots.
>                        ^^^^

Tsk tsk. With the CDA, that is naughty. Now you will have
to bend over Bill Clinton's knee and get spunk with a piece
of ethernet cable!

Love

Mark 





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 14:03:34 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 06:03:34 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0WS0EMTCWA0UVEU@mbcl.rutgers.edu>


From:	IN%"ravage at ssz.com"  "Jim Choate"  6-FEB-1996 22:50:35.24

>What is described is not self-defence by any stretch of the imagination. It
is a pre-meditated act which causes any plea of self-defence to fail.
------------------
	If someone has comitted serious enough violations of rights in the
past, then I would call killing that person justified. First, it prevents any
future violations of rights by that person. Second, it serves to discourage
people if they know they can get killed if they do so. (I realize that
capital punishment by governments doesn't appear to do much good, but the
people in question- government agents, etcetera- are generally a bit different
than the gang members who so regularly ignore prison sentences and the death
penalty.) Third, and getting away from the self-defense argument, it is
justice. The job of a government, if it has one, is to defend individual
liberties. It is given privileges in order to enforce that. The abuse of such
privileges should be met by death. (Yes, I would be in favor of changing
current laws to remove sovereign immunity and institute a death penalty for
governmental rights violations. Unfortunately, among the people subject to such
a law are the ones making the laws.)
------------------------

>How many people have to decide that another should be killed for it to be
ethical? In short, how many people does it take to decide it is a legitimate
act to take your own life?
----------------------
	Why should "how many people" make a difference? If I violate someone's
rights enough to justify such a course of action, then I should be dead even if
everyone except the victim is cheering. Yes, I realize that Jim Bell's system
does depend on a group of people. But so, in the end, do all such systems-
whether they call themselves governments or anarcho-capitalist societies. If
the Christian Coalition got too many people with guns in the latter, they'd
rule.
	Any further discussion would appear to belong in private email; I
suspect that Jim Bell would appreciate a cc.
	-Allen





From jcobb at ahcbsd1.ovnet.com  Wed Feb  7 14:23:13 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Thu, 8 Feb 1996 06:23:13 +0800
Subject: free speach and the government
Message-ID: 


 
 
  Eric, 
 
 
  On 02 03 96 you say: 
 
     In the US the media is by and large controlled by huge media con- 
     glomerates with a vested interest in maintaining the status quo and 
     delivering up their audience to their advertisers in tidy packages. 
 
     The government is along for the ride, being part and parcel of the 
     same system.  They won't rest until net-speech is by and large con- 
     trolled by huge media conglomerates all busy delivering up the net- 
     public to advertisers in tidy packages... I'm not saying that there's 
     a Black Heliocopters type conspiracy, or any other for that matter. 
     There doesn't have to be, there are huge political forces moving 
     things this way.  So there might as well be a conspiracy, as the end 
     effect on us is the same. 
 
 
  Your analysis is excellent.  Thank you. 
 
  Often "anti-statist" conspiracy theorists have the bare facts right, but 
  explain those facts from the same point of view as statists: the State 
  is all-powerful; it is THE conspirator! 
 
  "The" State tends to the monopoly of force; but THIS State is dependent 
  on taxes, for it exists in THIS capitalist economy led by huge "conglom- 
  erates"  (the word may not be exact but it will do) that tend to control 
  the supply of taxes (by splitting up, by dumping loyal workers, by crea- 
  tive accounting, by moving away, by influencing the bureaucracy through 
  a maze of advisory panels, by directly staffing the upper reaches of that 
  bureaucracy, by timely contributions to journalism schools, by...ingenu- 
  ity). 
 
  In its preeminent meaning, politics refers only to the State. However, if 
  we gracefully relent, 
 
        ...there are huge political forces moving things.... 
 
  Generally, this overall movement is not a conspiracy. 
 
  Specifically, the movement involves an unbreakably large number of "per- 
  manent" and temporary alliances, coalitions, blocs, nods and winks, in- 
  siders, cliques, rings, gangs, and...you name it. 
 
 
  Cordially, 
 
  Jim 
 
 






From jcobb at ahcbsd1.ovnet.com  Wed Feb  7 14:24:05 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Thu, 8 Feb 1996 06:24:05 +0800
Subject: free speech and the government
Message-ID: 


 
 
  Dmitri, 
 
 
  On 02 03 96 you say: 
 
    I believe that any exception to unlimited free speech, be it 
    libel, or copyright violation, or child pornography, or Nazi 
    propaganda, or Chinese dissident materials, just isn't com- 
    patible with the cpunk agenda. No censorship is acceptable. 
    That's an absolute. 
 

  Censorship is founded on prying; and pryers have THEIR absolute: 
 
    On 2 January 1992, it was decided by the German Federal govern- 
    ment to open these [East German police] files...at 15 offices 
    throughout the former East Germany.  It is worth pointing out 
    the extensive nature of these files.  It was discovered that 
    husbands spied on wives, girlfriends spied on boyfriends, Cath- 
    olic Church confessionals were bugged by the 'Stasi' both with 
    and without the knowledge of the parish priest, Lutheran parish- 
    ioners spied on their pastors, telephone calls of both East and 
    West Germans were heavily monitored and the most innocent event, 
    such as going shopping or visitng the library, was included in 
    the files. 
 
        --Wayne Madsen [co-author of the upcoming new Puzzle Palace]. 
          Handbook of Personal Data Protection.  Stockton Press. 1992. 
          Page 4. 
 
 
  Pryers agree!  No censorship is acceptable. 
 
 
                       A*N*Y*T*H*I*N*G goes. 
 
 
  But let's be scientific about it: 
 
    Some 30 miles from Boston is a radio telescope called Beta, run 
    by the Harvard-Smithsonian Centre for Astrophysics, that day and 
    night searches the northern sky for artificial radio signals as 
    it makes continuous swathes through the heavens.
   
    It must pick up all the naturally-caused radio sounds as well, 
    which engineers call "noise" as opposed to "signal". This means 
    that it collects an enormous quantity of information that can be 
    processed only by a specially-built supercomputer.  Every second 
    it captures enough data to fill a CD-Rom, which every day adds up 
    to 22 trillion bytes of data, the equivalent of 52 million novels. 
 
        --Adrian Berry.  "Watch This Space."  File: nspace04.html. 
          Home News.  02 05 96 The Electronic Telegraph. 
 
 
  A USEFUL gadget, isn't it?  Censorship of even 1 byte of the 22 tril- 
  lion is unacceptable. 
 
 
                     E*V*E*R*Y*T*H*I*N*G goes. 
 
 
  Between two absolutes, what decides?
 
 
  Cordially, 
 
  Jim 
 
 
 
  PS:  I can't help wondering whether "all the naturally-caused 
  radio sounds" are really all the artificially-caused microwave 
  signals within range. 
  
      Of all the intercept stations built during the 1950's boom, 
      the ultimate in both ambition and failure was in the remote 
      Allegheny hollow of Sugar Grove, West Virginia.... 
 
      Since its beginnings in the mid-1950s, the secrecy surrounding 
      Sugar Grove has been intense.  The cover story throughout the 
      entire life of the project was that the six-hundred-foot dish 
      was purely for research and radio astronomy, permitting scien- 
      tists "to tune in on radio signals as far as 38 billion light 
      years away".... 
 
          --James Bamford.  The Puzzle Palace.  Penguin Books. 1983. 
            Pages 217f, 220. 
 
 
 
      Supposedly, the only person allowed to look into each of the 
      East German police files was the "data subject," the person who 
      had been looked into. 
 
 
 






From m.purcell at navy.gov.au  Wed Feb  7 14:24:34 1996
From: m.purcell at navy.gov.au (LEUT Mark Purcell)
Date: Thu, 8 Feb 1996 06:24:34 +0800
Subject: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <199602072057.MAA27735@comsec.com>


In article <4eaksb$6i9 at recepsen.aa.msen.com>, jims at conch.aa.msen.com says...
>
>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>content?  Please reply  via email:


Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
addition. by John Navas, both are free:  
http://users.aimnet.com/~jnavas/winpmail.htm

Mark






From WlkngOwl at UNiX.asb.com  Wed Feb  7 14:24:37 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 8 Feb 1996 06:24:37 +0800
Subject: PGP-Scape
Message-ID: <199602061309.IAA15241@UNiX.asb.com>


> >No. SSL doesn't encrypt everything, just certain transactions (or am I 
> 
> WRong.

Ok.... that part's settled.


 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From A5113643667 at attpls.net  Wed Feb  7 15:56:20 1996
From: A5113643667 at attpls.net (Tom Jones)
Date: Thu, 8 Feb 1996 07:56:20 +0800
Subject: Digital watermark
Message-ID: <882BCBB6>


Dear Cypherpunks,

Has anyone heard any news lately about digital watermarks, that is,
changes to the image that can be used to identy the source of the
document?

Peace ..Tom






From tbyfield at panix.com  Wed Feb  7 15:58:02 1996
From: tbyfield at panix.com (t byfield)
Date: Thu, 8 Feb 1996 07:58:02 +0800
Subject: paper on remailers in the intelligence community
Message-ID: 


>http://www.strassmann.com/pubs/anon-remail.html

>        It's an interesting viewpoint.. salient quotes:
                 ^^^^^^^^^^^

        Surely you jest. It's one of the weirdest hodgpodges of inane free
association I've ever read. The authors are a couple of regular Jack D.
Rippers. Highlights:

>Since biblical times, crimes have been deterred by the prospects of punishment.

>In many respects, the avoidance of technical discussions about some of the
>pathological aspects of the Internet remind me of the state of medical
>diagnosis prior to the recognition that bacteriology, prophylactics and
>inoculation can be only applied following the acceptance of rigorous,
>analytic and experimental disciplines.

>One of the most prominent anonymous re-mailers is  is in
>Finland. It is frequently used by the Russian (ex-KGB) criminal element.


        When is a troll not a troll?
        When it's a_gnom_inous at c2.org.







From wlkngowl at unix.asb.com  Wed Feb  7 15:59:59 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Thu, 8 Feb 1996 07:59:59 +0800
Subject: Defeating untrustworthy remailers?
Message-ID: <199602070521.AAA17716@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Here's another idea (don't laugh): to set up a system where mailing
lists and newsgroups have public keys that you can encrypt directly to.
Advantage for anonymous mail is that if a remailer is untrustowrthy,
there's still some security in the final remailing of the document.

Furthermore, non-encrypted mail is less at risk of tampering. And some
newsgroups or lists could requires a signed message from an approved
key before posting.

- --Mutant Rob


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRg29CoZzwIn1bdtAQE5YwF/cL8OewFzwKdgErFteLAGj+6pgvczaix/
cMzkh4UfH6rjyIC3d6L+xcrmK1fz5v/I
=GzsY
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Wed Feb  7 16:00:51 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 08:00:51 +0800
Subject: Anti-US-censorship ammunition
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:50 PM 2/6/96 EDT, E. ALLEN SMITH wrote:
>	I received the following addresses from my request for non-US
>bomb-making material sites. (I'll post who gave them to me if he gives me
>permission). They should be useful as arguments against anyone who claims the
>US should shut off such information.
>	-Allen
>http://www.mi.aau.dk/~clement/thb_title.html
>http://home.ptd.net/~wa2joc/terror.hb
>http://www.tvnorge.no/~thomasm/terror.htm
>http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html

BTW, whatever you do, don't use the "Anarchist's Cookbook" as some sort of
reference for explosives.  The boneheads who wrote that section of AC didn't
even seem to know about the Munroe Effect, the original basis for the
concept more commonly known as "shaped charges."

It goes downhill from there.
Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRgpevqHVDBboB2dAQGlGAP9G9yGTyBBxWvPzPW0TvsrsdlCiSONKrjS
xgr8c2sShjtKgiGq12D6lmSdIA0dozLGG6HJXxnN38VAw1tCGCvPginyRvbpQfMm
EjEvaM1epteRMIR7ltez7vYvZOyRYvj9yh96zA2UO7e9KYO4FtNyNSqw812ZtMW/
S9w+uhcsN50=
=xPvy
-----END PGP SIGNATURE-----






From tcmay at got.net  Wed Feb  7 16:01:43 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 08:01:43 +0800
Subject: paper on remailers in the intelligence community
Message-ID: 


At 4:41 AM 2/7/96, sameer wrote:
>http://www.strassmann.com/pubs/anon-remail.html
>
>        A friend at Hotwired (yes, he's still my friend even though he
>works for Hotwired) pointed me to some FUD which led Futplex to the
>above paper.
>        It's an interesting viewpoint.. salient quotes:
>
>"By far the greatest threat to the commercial, economic and political
>viability of the Global Information Infrastructure will come from
>information terrorists. "
>
>"Anonymous re-mailers are here to stay. Like in the case of many
>virulent diseases, there is very little a free society can do to
..

The affiliation of the authors is interesting:

----
by Paul A. Strassmann, US Military Academy, West Point; and Senior Advisor,
SAIC
and William Marlow, Senior Vice President, Science Applications
International Corporation (SAIC)
----

Now, what were people saying about SAIC and its role in intelligence
matters saying again?  (Not to mention the Inter-NIC stuff.)


--Tim May, "wanted for information terrorism"


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Wed Feb  7 16:03:17 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 08:03:17 +0800
Subject: A temporal remailing (was: CDA = death of crypto)
Message-ID: 


At 3:26 AM 2/7/96, anonymous-remailer at shell.portal.com wrote:
>CDA means that virtually all underground or 'illegal' traffic will be
>distributed via encryption.
>
>As soon as the loony right and fundo Christians realise this, they *will*
>call for legislation against encryption, and if the CDA is any benchmark,
>they will easily win.


4-1-99. NYT:

   "Congress Passes "Children's Protection and Safe Information Highways" Bill"

      "In a vote of 479-12 in the House of Representatives and 93-5 in the
Senate, the "Children's Protection and Safe Information Highways Bill" was
sent to the President, who is expected to sign it on Thursday.

      "The Bill criminalizes the possession of unauthorized cryptographic
programs and extends the Telecom Act of 1996 and the Digital Telephony Act
of 1994 to regulate the new cyberspace frontier.

      "Attorney-General Louis Freeh pushed for the legislation, citing the
growing use of cryptography by dissidents and criminals. "We are hoping
Congress will next pass the "Secure and Decent Cyberspace Bill." This bill,
nick-named the "Crypto-Kingpins Bill," will subject traffickers in illegal
crypto to the same harsh penalties meted out to drug kingpins. "While it
may seem harsh to execute a person for possession of a key greater than 60
bits, we must consider the terrible consequences for our children of people
writing down things the government cannot read," Freeh said.


   BAD_nws







From llurch at networking.stanford.edu  Wed Feb  7 16:03:56 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 8 Feb 1996 08:03:56 +0800
Subject: [SSP] Hack China Contest, and some more showboating
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

FYI, Rich continues to play the media gadfly in tomorrow's editions of The
Guardian (UK), taz (Berlin), and the San Jose Mercury News. 

Sameer's friendly web script said people kept trying to link to my
nonexistent home page at http://www.c2.org/~rich/, so I made one, below,
which I though you might find amusing. 


China attempts to control Internet 
     -Andrew Higgins, in The Guardian, 4 February 1996 

               China thinks they can control the Internet. 
                        They will be proven wrong. 


                               Hack China!


A new contest has been formed to reveal security flaws in The Great
Firewall of China. Exploits and detailed descriptions are needed. Hack
China and win a T-Shirt. Satirical contest not sponsored by Community
ConneXion. We have not issued a press release covering this promotion, so
this link will just return an error. 

Let's see what China does when the world finds out that subverting
murderous totalitarian dictatorships is trivial in the modern age. More
details will appear in the coming days. Last updated February 6, 1996. Do
not send your hacks to hackchina at c2.org , because that address does not,
in fact, exist, and will only return an error, making you look like a
fool. 

To merit an award, an exploit must be made publicly available. Also note
that "hack" connotes affirmative effort on your part to investigate and
expose encryption and security architectures. Merely finding bugs,
officials susceptible to bribery, and common configuration errors is not a
"hack,"  and will not be credited on this page, though you can report such
problems to rich at c2.org. We may be supporting an "other problems with
totalitarianism" page in the future, but other forums are probably more
appropriate. 

Taiwan (also known as the Republic of China) is a province of China not
recognized as a separate nation-state by the United Nations (indeed, even
Taiwan doesn't claim independence). The official name of China is the
People's Republic of China, which is not a registered trademark, but they
do have nuclear weapons, so you should still take them seriously. If
you're in Hong Kong, get out while you still can. This propotion does not
exist and is not affiliated with China, Taiwan, or Hong Kong. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRhBT43DXUbM57SdAQFicQP/aj5ClU4YAEsm1XVWTYTvA8cHDo8cGN3O
1tN0y6LGfFaWbcl+IldjZ4OuMTRjlx50c3EZTItw7PniVP/KjySotMmbAIusLVek
PsMjMRtnyUJOY9Z/bAVkgepAN7NqpE9YXxEeNNUVrkzbicRgn35GaWjWrydI9EkW
72Xv5rhcs4c=
=3fYn
-----END PGP SIGNATURE-----





From msew+ at andrew.cmu.edu  Wed Feb  7 16:04:13 1996
From: msew+ at andrew.cmu.edu (Martin C Sweitzer)
Date: Thu, 8 Feb 1996 08:04:13 +0800
Subject: Exon Communications Decency Act
Message-ID: 




---------- Forwarded message begins here ----------

To Subscribers of the CDT Policy Post List:

As you know, Congress last week approved sweeping restrictions on online
speech by passing the Exon Communications Decency Act.  President Clinton
is expected to sign the bill into law as early as Thursday, Feb. 8.

CDT has joined forces with the Voters Telecommunications Watch (VTW) and
other advocacy organizations including EFF, EPIC, the ACLU and People
for the American Way to organize an Internet protest against the enactment
of the CDA and to illustrate the far reaching effects of this legislation.

Please join us and hundreds of thousands of Internet users by turning your
world wide web pages black for 48 hours after the President signs the bill.
Instructions on how to participate, along with information on how to find
out exactly when the President will sign the bill, are included below. You
can also visit CDT's 48 hours protest page at
(http://www.cdt.org/speech.html).

For more information on the Internet-censorship issue, including the
text of the
bill, analysis, and other relevant materials, please visit CDT's net-censorship
web page (http://www.cdt.org/cda.html), or send email to .

Thank you for your support!

Jonah Seiger
CDT Editor, 

========================================================================

        JOIN HUNDREDS OF THOUSANDS OF OTHER INTERNET USERS IN

                     * 48 HOURS OF PROTEST *

   AFTER PRESIDENT CLINTON SIGNS THE BILL THAT WILL CENSOR THE INTERNET

        Update: -Latest News: Congress passed the net censorship language
                              on 2/1/96.

                -What You Can Do Now: Help demonstrate the extent of the
                        impact of the Internet Censorship legislation. Join
                        Hundreds of thousands of Internet Users in an
                        International protest for 48 hours after Clinton
                        Signs the bill.

        CAMPAIGN TO STOP THE UNCONSTITUTIONAL COMMUNICATIONS DECENCY ACT
                  Feb 3, 1996 (expires Feb 29, 1996)

      PLEASE WIDELY REDISTRIBUTE THIS DOCUMENT WITH THIS BANNER INTACT

                This alert and coalition coordinated by the
               Voters Telecommunications Watch (vtw at vtw.org)

________________________________________________________________________
CONTENTS
        The Latest News
        What You Can Do Now
        Chronology of the CDA
        For More Information
        List Of Participating Organizations

________________________________________________________________________
THE LATEST NEWS

Last week Congress approved sweeping restrictions on online speech and
conduct, imposing fines of $250,000 and jail sentences of 2 years for
anyone who makes "indecent" material available in a public forum online.

This legislation threatens the very existence of the Internet as a viable
means of free expression, education, and political discourse.

Despite loud objections from civil liberties groups and the public,
the measure is part of a massive telecommunications bill that President
Clinton has already pledged to sign.  Although you should feel free to
continue to express your objections directly to the President, there are
other ways to express our outrage for this legislation.  The President
is expected to sign this bill into law during the week of Feb 5-9, 1996.

For 48 hours after Clinton signs the Telecommunications Reform bill into law,
join hundreds of thousands of Internet users everywhere to show the far
reaching impact this bill will have on all Internet users.  TURN YOUR
WORLD WIDE WEB PAGES BLACK with white lettering to demonstrate that the
Internet will not accept this kind of second class treatment from the
United States Government.

________________________________________________________________________
WHAT YOU CAN DO NOW

1. For 48 hours after Clinton signs the net censorship language in the
   Telecomm bill into law, TURN YOUR WORLD WIDE WEB PAGES BLACK with
   white lettering.  To know when the bill is signed, check these
   sources:

        Newsgroups: alt.society.civil-disob
        Email:vtw-announce at vtw.org (watch for mail on this list)
        WWW:http://www.vtw.org/
        Finger:vtw at panix.com

   You can also just watch CNN; they'll announce the signing of the bill.

   To turn your pages black with white lettering, simply add the following
   tag to your World Wide Web pages:

        
        

   Put this right after your  tags, and before any  tags.
   To explain to people who may be confused by the color change, temporarily
   add the following link to your page:

        My World Wide Web Pages are
                black for 48 hours to protest second-class treatment from the
                US Government for free speech.  Read about it at this WWW
                page.

   The Center for Democracy and Technology has also agreed to mirror a
   similar page at URL:http://www.cdt.org/speech.html

   If your pages get lots of hits from services that cache their pages like
   America  Online, you may wish to start turning your pages black early.
   Please try and wait though until Clinton signs the bill, for maximum
   effect.

   Also, urge your Internet Provider and any Internet WWW pages you
   frequent to turn their pages black.  Send us interesting sites that
   comply to vtw at vtw.org.

        $ Mail vtw at vtw.org
        Subject: ZTV.COM is turning their pages black!

        I'm the head of the ZTV Website and I've decided to turn our
        pages black.  Thought you'd like to know.

        ^D
        Mail sent!

2. Don't forget to send Clinton a message, contact him at:

        Email:president at whitehouse.gov
        Telephone:202-456-1111
        Fax:202-456-2461


   Sample communique:

        
        You're about to sign a bill into law that imposes a terrible
        set of speech restrictions on the Internet that belong in the
        broadcast medium, not the interactive one.

        I'm turning my World Wide Web pages BLACK for 48 hours after you
        sign the bill as a symbol of protest to show how many people will
        be affected by this bill.

   It is unlikely that he will veto the bill.

3. Make a commitment become involved!  There will be several court cases
   coming up to challenge the Internet censorship legislation, as well as
   an election that will put every single member of the House, and 1/3rd
   of the Senate (most of whom voted for this legislation) onto the ballot.

   Don't let them get away with this.  Make this a campaign issue, and
   keep an eye out for legal defense funds for those challenging these
   laws in court.

________________________________________________________________________
CHRONOLOGY OF THE COMMUNICATIONS DECENCY ACT

Feb  1, '96     The House and Senate pass the Telecomm Bill (S652/HR1555)
                414-16 and 91-5.
Jan 31, '96     The House and Senate prepare to signoff on the conference
                report for the Telecomm bill and rush a vote to the floor.
Dec  7, '95     The House half of the Telecomm conference committee
                votes the "indecency" standard for online speech into
                the Telecomm Deregulation bill.
Sep 26, '95     Sen. Russ Feingold urges committee members to drop
                Managers Amendment and the CDA from the Telecommunications
                Deregulation bill
Aug  4, '95     House passes HR1555 which goes into conference with S652.
Aug  4, '95     House votes to attach Managers Amendment (which contains
                new criminal penalties for speech online) to
                Telecommunications Reform bill (HR1555).
Aug  4, '95     House votes 421-4 to attach HR1978 to Telecommunications
                Reform bill (HR1555).
Jun 30, '95     Cox and Wyden introduce the "Internet Freedom and Family
                Empowerment Act" (HR 1978) as an alternative to the CDA.
Jun 21, '95     Several prominent House members publicly announce their
                opposition to the CDA, including Rep. Newt Gingrich (R-GA),
                Rep. Chris Cox (R-CA), and Rep. Ron Wyden (D-OR).
Jun 14, '95     The Senate passes the CDA as attached to the Telecomm
                reform bill (S 652) by a vote of 84-16.  The Leahy bill
                (S 714) is not passed, but is supported by 16 Senators
                who understand the Internet.
May 24, '95     The House Telecomm Reform bill (HR 1555) leaves committee
                in the House with the Leahy alternative attached to it,
                thanks to Rep. Ron Klink of (D-PA).  The Communications
                Decency Act is not attached to it.
Apr  7, '95     Sen. Leahy (D-VT) introduces S.714, an alternative to
                the Exon/Gorton bill, which commissions the Dept. of
                Justice to study the problem to see if additional legislation
                (such as the CDA) is necessary.
Mar 23, '95     S314 amended and attached to the telecommunications reform
                bill by Sen. Gorton (R-WA).  Language provides some provider
                protection, but continues to infringe upon email privacy
                and free speech.
Feb 21, '95     HR1004 referred to the House Commerce and Judiciary committees
Feb 21, '95     HR1004 introduced by Rep. Johnson (D-SD)
Feb  1, '95     S314 referred to the Senate Commerce committee
Feb  1, '95     S314 introduced by Sen. Exon (D-NE) and Gorton (R-WA).

________________________________________________________________________
FOR MORE INFORMATION

Web Sites (roughly in alphabetical order)
        URL:http://www.vtw.org/
        URL:http://www.cdt.org/cda.html
        URL:http://www.cpsr.org/
        URL:http://www.eff.org/pub/Alerts/
        URL:http://epic.org/

Email:
        cda-info at cdt.org (General CDA information)
        cda-stat at cdt.org (Current status of the CDA)

________________________________________________________________________
LIST OF PARTICIPATING ORGANIZATIONS AND BUSINESSES

In order to use the net more effectively, several organizations have
joined forces on a single Congressional net campaign to stop the
Communications Decency Act.  Because the list is so long, we've been
forced to omit many fine organizations.  See the VTW Free Speech Web Page
at URL:http://www.vtw.org/speech/ for the whole list.


Public Interest Organizations                     Businesses

Voters Telecommunications Watch (VTW)           | ECHO (www.echonyc.com)
                                                | Hotwired (www.hotwired.com)
Center For Democracy And Technology  (CDT)      | Mindvox (www.phantom.com)
Center for Public Representation  (CPR)         | Panix (www.panix.com)
Computer Professionals for                      | The WELL (www.well.com)
        Social Responsibility (CPSR)            | Wired (www.wired.com)
Cyber-Rights Campaign                           +-------------------------
Electronic Fronter Foundation (EFF),
   and independent regional Electronic
   Frontier organizations
Electronic Privacy Information Center (EPIC)
 Feminists for Free Expression                  Hands! Off The Net
Internet Users Consortium (IUC)                 Joint Artists' and Music
The Libertarian Party (LP)                       Promotions Political Action
National Campaign for Freedom of Expression      Committee (JAMPAC)
National Coalition Against Censorship (NCAC)    National Gay and Lesbian
National Writers Union (NWU)                     Task Force (NGLTF)
People for the American Way (PFAW)              Republican Liberty Caucus

________________________________________________________________________
        End Alert
========================================================================









From sameer at c2.org  Wed Feb  7 16:06:24 1996
From: sameer at c2.org (sameer)
Date: Thu, 8 Feb 1996 08:06:24 +0800
Subject: paper on remailers in the intelligence community
Message-ID: <199602070441.UAA04523@infinity.c2.org>


http://www.strassmann.com/pubs/anon-remail.html

	A friend at Hotwired (yes, he's still my friend even though he
works for Hotwired) pointed me to some FUD which led Futplex to the
above paper. 
	It's an interesting viewpoint.. salient quotes:

"By far the greatest threat to the commercial, economic and political
viability of the Global Information Infrastructure will come from
information terrorists. "

"Anonymous re-mailers are here to stay. Like in the case of many
virulent diseases, there is very little a free society can do to
prohibit travel or exposure to sources of infection. The best one can
do is to start treating the pathologies inherent in the Internet in
the same way as we have learned to deal with infectious
epidemics. That calls for constructing new institutions and processes
that are analogues to inoculation, immunization, prophylactics, clean
water supply, sewers, hygiene, early detection of outbreaks of
diseases, quarantine, the offices of health examiners, the Center of
Disease Control and the World Health Organization."

"As in the case of smallpox, yellow fever, flu epidemics, AIDS or
malaria, it will take disasters before the public may accept that some
forms of restrictions on the electronic freedom of speech and privacy
may be worthwhile."

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From simsong at vineyard.net  Wed Feb  7 16:19:44 1996
From: simsong at vineyard.net (Simson L. Garfinkel)
Date: Thu, 8 Feb 1996 08:19:44 +0800
Subject: FV's blatant double standards
Message-ID: <199602060139.UAA03880@vineyard.net>


Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
users, this attack will work just fine.
-simson





From jimbell at pacifier.com  Wed Feb  7 16:39:54 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 08:39:54 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I wrong?
Message-ID: 



>>1.  Governments will no longer be "necessary," if they ever were.
>2.  Protection will no longer depend on having a "government."
>>3.  Anonymous networking technology will protect our rights, to the extent
>>they can be protected.
>>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>>incorrect.

>That's fine that you believe the things, but for acceptance by others you
>will have to provide support for your position.  I, personally, would like
>to see your premises so that I may evualuate your claims.  You may indeed
>be correct in your assessment.

Well, here's  my "Assassination Politics" essay.

[Part 1]
I've been following the concepts of digital cash and encryption, since
I read the article in the August 1992 issue of Scientific American on
"encrypted signatures."  While I've only followed the Digitaliberty area
for a few weeks, I can already see a number of points that do (and
should!) strongly concern the average savvy individual:

1.  How can we translate the freedom afforded by the Internet to
ordinary life?

2.  How can we keep the government from banning encryption, digital
cash, and other systems that will improve our freedom?


A few months ago, I had a truly and quite literally "revolutionary"
idea, and I jokingly called it "Assassination Politics": I speculated on
the question of whether an organization could be set up to _legally_
announce either that it would be awarding a cash prize to somebody who
correctly "predicted" the death of one of a list of violators of
rights, usually either government employees, officeholders, or
appointees.  It could ask for anonymous contributions from the public,
and individuals would be able send those contributions using digital
cash.

I also speculated that using modern methods of public-key encryption and
anonymous "digital cash," it would be possible to make such awards in
such a way so that nobody knows who is getting awarded the money, only
that the award is being given.   Even the organization itself would have
no information that could help the authorities find the person
responsible for the prediction, let alone the one who caused the death.

It was not my intention to provide such a "tough nut to crack" by
arguing the general case, claiming that a person who hires a hitman is
not guilty of murder under libertarian principles.  Obviously, the
problem with the general case is that the victim may be totally innocent
under libertarian principles, which would make the killing a crime,
leading to the question of whether the person offering the money was
himself guilty.

On the contrary; my speculation assumed that the "victim" is a
government employee, presumably one who is not merely taking a paycheck
of stolen tax dollars, but also is guilty of extra violations of rights
beyond this. (Government agents responsible for the Ruby Ridge incident
and Waco come to mind.)  In receiving such money and in his various
acts, he violates the "Non-aggression Principle" (NAP) and thus,
presumably, any acts against him are not the initiation of force under
libertarian principles.

The organization set up to manage such a system could, presumably, make
up a list of people who had seriously violated the NAP, but who would
not see justice in our courts due to the fact that their actions were
done at the behest of the government.  Associated with each name would
be a dollar figure, the total amount of money the organization has
received as a contribution, which is the amount they would give for
correctly "predicting" the person's death, presumably naming the exact
date.  "Guessers" would formulate their "guess" into a file, encrypt it
with the organization's public key, then transmit it to the organization,
possibly using methods as untraceable as putting a floppy disk in an
envelope and tossing it into a mailbox, but more likely either a cascade
of encrypted anonymous remailers, or possibly public-access Internet
locations, such as terminals at a local library, etc.

In order to prevent such a system from becoming simply a random unpaid
lottery, in which people can randomly guess a name and date (hoping that
lightning would strike, as it occasionally does), it would be necessary
to deter such random guessing by requiring the "guessers" to include
with their "guess" encrypted and untraceable "digital cash," in an
amount sufficiently high to make random guessing impractical.

For example, if the target was, say, 50 years old and had a life
expectancy of 30 years, or about 10,000 days, the amount of money
required to register a guess must be at least 1/10,000th of the amount
of the award.  In practice, the amount required should be far higher,
perhaps as much as 1/1000 of the amount, since you can assume that
anybody making a guess would feel sufficiently confident of that guess
to risk 1/1000th of his potential reward.

The digital cash would be placed inside the outer "encryption envelope,"
and could be decrypted using the organization's public key.  The
prediction itself (including name and date) would be itself in another
encryption envelope inside the first one, but it would be encrypted
using a key that is only known to the predictor himself.  In this way,
the organization could decrypt the outer envelope and find the digital
cash, but they would have no idea what is being predicted in the
innermost envelope, either the name or the date.

If, later, the "prediction" came true, the predictor would presumably
send yet another encrypted "envelope" to the organization, containing
the decryption key for the previous "prediction" envelope, plus a public
key (despite its name, to be used only once!) to be used for encryption
of digital cash used as payment for the award. The organization would
apply the decryption key to the prediction envelope, discover that it
works, then notice that the prediction included was fulfilled on the
date stated.   The predictor would be, therefore, entitled to the award.
Nevertheless, even then nobody would actually know WHO he is!

It doesn't even know if the predictor had anything to do with the
outcome of the prediction.  If it received these files in the mail, in
physical envelopes which had no return address, it would have burned the
envelopes before it studied their contents.  The result is that even the
active cooperation of the organization could not possibly help anyone,
including the police, to locate the predictor.)

Also included within this "prediction-fulfilled" encryption envelope
would be unsigned (not-yet-valid) "digital cash," which would then be
blindly signed by the organization's bank and subsequently encrypted
using the public key included. (The public key could also be publicized,
to allow members of the public to securely send their comments and,
possibly, further grateful remuneration to the predictor, securely.)
The resulting encrypted file could be published openly on the Internet,
and it could then be decrypted by only one entity:  The person who had
made that original, accurate prediction.  The result is that the
recipient would be absolutely untraceable.

The digital cash is then processed by the recipient by "unblinding" it,
a principle which is explained in far greater detail by an article in
the August 1992 issue of Scientific American.  The resulting digital
cash is absolutely untraceable to its source.

This overall system achieves a number of goals.  First, it totally hides
the identity of the predictor to the organization, which makes it
unnecessary for any potential predictor to "trust" them to not reveal
his name or location.  Secondly, it allows the predictor to make his
prediction without revealing the actual contents of that prediction
until later, when he chooses to, assuring him that his "target" cannot
possibly get early warning of his intent.   (and "failed" predictions
need never be revealed).  In fact, he needs never reveal his prediction
unless he wants the award. Third, it allows the predictor to anonymously
grant his award to anyone else he chooses, since he may give this
digital cash to anyone without fear that it will be traced.

For the organization, this system also provides a number of advantages.
By hiding the identity of the predictor from even it, the organization
cannot be forced to reveal it, in either civil or criminal court.  This
should also shield the organization from liability, since it will not
know the contents of any "prediction" until after it came true.  (Even
so, the organization would be deliberately kept "poor" so that it would
be judgment-proof.)  Since presumably most of the laws the organization
might be accused of violating would require that the violator have
specific or prior knowledge, keeping itself ignorant of as many facts as
possible, for as long as possible, would presumably make it very
difficult to prosecute.

[end part 1]

[part 2]

"At the Village Pizza shop, as they were sitting down to consume a
pepperoni, Dorothy asked Jim, 'So what other inventions are you working
on?"  Jim replied, 'I've got a new idea, but it's really revolutionary.
Literally REVOLUTIONARY.'   'Okay, Jim, which government are you
planning to overthrow?,' she asked, playing along.
'All of them,' answered Jim."

Political Implications
Imagine for a moment that as ordinary citizens were watching the
evening news, they see an act by a government employee or  officeholder
that they feel violates their rights, abuses the public's trust, or
misuses the powers that they feel should be limited.  A person whose
actions are so abusive or improper that the citizenry shouldn't have to
tolerate it.

What if they could go to their computers, type in the miscreant's name,
and select a dollar amount:  The amount they, themselves, would be
willing to pay to anyone who "predicts" that officeholder's death.  That
donation would be sent, encrypted and anonymously, to a central
registry organization, and be totaled, with the total amount available
within seconds to  any interested individual.  If only 0.1% of the
population, or one person in a thousand, was willing to pay $1 to see
some government slimeball dead, that would be, in effect, a $250,000
bounty on his head.

Further, imagine that anyone considering collecting that bounty could do
so with the mathematical certainty that he can't possibly be identified,
and could collect the reward without meeting, or even talking to,
anybody who could later identify him.  Perfect anonymity, perfect
secrecy, and perfect security.  And that, combined with the ease and
security with which these contributions could be collected, would make
being an abusive government employee an extremely risky proposition.
Chances are good that nobody above the level of county commissioner
would even risk staying in office.

Just how would this change politics in America?  It would take far less
time to answer, "What would remain the same?"  No longer would we be
electing people who will turn around and  tax us to death, regulate us
to  death, or for that matter sent hired thugs to kill us when we oppose
their wishes.

No military?

One of the attractive potential implications of such a system would be
that we might not even need a military to protect the country.  Any
threatening or abusive foreign leader would be subject to the same
contribution/assassination/reward system, and it would operate just as
effectively over borders as it does domestically.

This country has learned, in numerous examples subsequent to many wars,
that once the political disputes between leaders has ceased, we
(ordinary citizens) are able to get along pretty well with the citizens
of other countries.  Classic examples are post-WWII Germany, Japan, and
Italy, and post-Soviet Russia, the Eastern bloc, Albania, and many
others.

Contrary examples are those in which the political dispute remains, such
as North Korea, Vietnam, Iraq, Cuba, Red China, and a few others.  In
all of these examples, the opposing leadership was NOT defeated, either
in war or in an internal power struggle. Clearly, it is not the PEOPLE
who maintain the dispute, but the leadership.

Consider how history might have changed if we'd been able to "bump off"
Lenin, Stalin, Hitler, Mussolini, Tojo,  Kim Il Sung, Ho Chi Minh,
Ayatollah Khomeini, Saddam Hussein, Moammar Khadafi, and various others,
along with all of their replacements if necessary, all for a measly few
million dollars, rather than the billions of dollars and millions of
lives that subsequent wars cost.

But that raises an interesting question, with an even more interesting
answer.  "If all this is so easy, why hasn't this been done before?"   I
mean, wars are destructive, costly, and dangerous, so why hasn't some
smart politician figured out that instead of fighting the entire
country, we could just 'zero' the few bad guys on the top?

The answer is quite revealing, and strikingly "logical":  If we can kill
THEIR leaders, they can kill OUR leaders too.   That would avoid the
war, but the leadership on both sides would be dead, and guess who is
making the decisions about what to do?  That's right, the LEADERS!

And the leaders (both theirs and ours!) would rather see 30,000,000
ordinary people die in WWII than lose their own lives, if they can get
away with it.   Same in Korea, Vietnam, Gulf War, and numerous other
disputes around the globe.  You can see that as long as we continue to
allow leaders, both "ours" and "theirs," to decide who should die, they
will ALWAYS choose the ordinary people of each country.

One reason the leaders have been able to avoid this solution is simple:
While it's comparatively easy to "get away with murder," it's a lot
harder to reward the person who does it, and that person is definitely
taking a serious risk.   (Most murders are solved based on some prior
relationship between the murder and victim, or observations of witnesses
who know either the murderer or the victim.)

Historically, it has been essentially impossible to adequately motivate
a assassin, ensuring his safety and anonymity  as well, if only because
it has been impossible to PAY him in a form that nobody can trace, and
to ensure the silence of all potential witnesses. Even if a person was
willing to die in the act, he would want to know that the people he
chooses would get the  reward, but if they themselves were identified
they'd be targets of revenge.

All that's changed with the advent of public-key encryption and digital
cash.  Now, it should be possible to announce a standing offer to all
comers that a large sum of digital cash will be sent to him in an
untraceable fashion should he meet certain "conditions," conditions
which don't even have to include proving (or, for that matter, even
claiming) that he was somehow responsible for a death.


I believe that such a system has tremendous implications for the future
of freedom.  Libertarians in particular (and I'm a libertarian) should
pay particular attention to the fact that this system "encourages" if
not an anarchist outcome, at least a minarchist (minimal government)
system, because no large governmental structure could even survive in
its current form.

In fact, I would argue that this system would solve a potential
problem, occasionally postulated, with the adoption of libertarianism in
one country, surrounded by non-libertarian states.  It could have
reasonably been suspected that in a gradual shift to a libertarian
political and economic system, remnants of a non-libertarian system such
as a military would have to survive, to protect society against the
threats represented by foreign states.  While certainly plausible, it
would have been hard for an average naive person to imagine how the
country would maintain a $250 billion military budget, based on
voluntary contributions.

The easy answer, of course, is that military budgets of that size would
simply not happen in a libertarian society.  More problematic is the
question of how a country would defend itself, if it had to raise it
defenses by voluntary contribution.   An equally simplistic answer is
that this country could probably be defended just fine on a budget 1/2
to 1/3 of the current budget.  True, but that misses the point.

The real answer is even simpler.  Large armies are only necessary to
fight the other large armies organized by the leadership of other,
non-libertarian states, presumably against the will of their citizenry.
Once the problem posed by _their_ leadership is solved (as well as ours;
either by their own citizenry by similar anonymous contributions, or by
ours), there will be no large armies to oppose.

[end of part 2]

[part 3]

In the 1960's movie, "The Thomas Crown Affair," actor Steve McQueen
plays a bored multi-millionaire who fights tedium by arranging
well-planned high-yield bank robberies.  He hires each of the robbers
separately and anonymously, so that they can neither identify him or
each other. They arrive at the bank on schedule, separately but
simultaneously, complete the robbery, then separate forever.  He pays
each robber out of his own funds, so that the money cannot be traced,
and he keeps the proceeds of each robbery.

In my recent essay generally titled "Digitaliberty," or earlier
"Assassination politics," I hypothesized that it should be possible to
LEGALLY set up an organization which collects perfectly anonymous
donations sent by members of the public, donations which instruct the
organization to pay the amount to any person who correctly guesses the
date of death of some named person, for example some un-favorite
government employee or officeholder.  The organization would totalize
the amounts of the donations for each different named person, and
publish that list (presumably on the Internet) on a daily or perhaps
even an hourly basis, telling the public exactly how much a person would
get for "predicting" the death of that particular target.

Moreover, that organization would accept perfectly anonymous,
untraceable, encrypted "predictions" by various means, such as the
Internet (probably through chains of encrypted anonymous remailers), US
mail, courier, or any number of other means.  Those predictions would
contain two parts:  A small amount of untraceable "digital cash," inside
the outer "digital envelope," to ensure that the "predictor" can't
economically just randomly choose dates and names, and an inner
encrypted data packet which is encrypted so that even the organization
itself cannot decrypt it.  That data packet would contain the name of
the person whose death is predicted, and the date it is to happen.

This encrypted packet could also be published, still encrypted, on the
Internet, so as to be able to prove to the world, later, that SOMEBODY
made that prediction before it happened, and was willing to "put money
on it" by including it in outside the inner encrypted "envelope."   The
"predictor" would always lose the outer digital cash; he would only earn
the reward if his (still-secret) prediction later became true.  If,
later on, that prediction came true, the "lucky" predictor would
transmit the decrypt key to the organization, untraceably, which would
apply it to the encrypted packet, and discover that it works, and read
the prediction made hours, days, weeks, or even months earlier.   Only
then would the organization, or for that matter anyone else except the
predictor, know the person or the date named.

Also included in that inner encrypted digital "envelope" would be a
public-key, generated by the predictor for only this particular purpose:
It would not be his "normal" public key, obviously, because _that_
public key would be identifiable to him.  Also present in this packet
would be "blinded" (not yet certified as being good) "digital cash"
codes, codes that would be presented to a certifying bank for their
digital "stamp of approval," making them worth the dollars that the
predictor has earned. (This presentation could be done indirectly, by an
intermediary, to prevent a bank from being able to refuse to deal with
the organization.)

Those "digital cash" codes will then be encrypted using the public key
included with the original prediction, and published in a number of
locations, perhaps on the Internet in a number of areas, and available
by FTP to anyone who's interested.  (It is assumed that this data will
somehow get to the original predictor.  Since it will get to "everyone"
on the Internet, it will presumably be impossible to know where the
predictor is.)  Note, however, that only the person who sent the
prediction (or somebody he's given the secret key to in the interim) can
decrypt that message, and in any case only he, the person who prepared
the digital cash blanks, can fully "unblind" the digital cash to make it
spendable, yet absolutely untraceable.   (For a much more complete
explanation of how so-called "digital cash" works, I refer you to the
August 1992 issue of Scientific American.)

This process sounds intricate, but it (and even some more detail I
haven't described above) is all necessary to:
1.  Keep the donors, as well as the predictors, absolutely anonymous,
not only to the public and each other, but also to the organization
itself, either before or after the prediction comes true.
2.  Ensure that neither the organization, nor the donors, nor the
public, is aware of the contents of the "prediction" unless and until
it later becomes true.  (This ensures that none of the other
participants can be "guilty" of knowing this, before it happens.)
3.  Prove to the donors (including potential future predictors), the
organization, and the public that indeed, somebody predicted a
particular death on a particular date, before it actually happened.
4.  Prove to the donors and the public (including potential future
predictors) that the amount of money promised was actually paid to
whomever made the prediction that later came true.   This is important,
obviously, because you don't want any potential predictor to doubt
whether he'll get the money if he makes a successful prediction, and you
don't want any potential donor to doubt that his money is actually going
to go to a successful predictor.
5.  Prevent the organization and the donors and the public from knowing,
for sure, whether the predictor actually had anything to do with the
death predicted.  This is true even if (hypothetically) somebody is
later caught and convicted of a murder, which was the subject of a
successful "prediction":  Even after identifying the murderer through
other means, it will be impossible for anyone to know if the murderer
and the predictor were the same person.
6.   Allow the predictor, if he so chooses, to "gift" the reward
(possibly quite anonymously) to any other person, one perhaps totally
unaware of the source of the money, without anyone else knowing of this.

Even the named "target" (the "victim") is also assured of something: He
is assured that literally anyone in the world, from his worst enemy to
his best friend, could make the amount of the reward, absolutely
anonymously, should they "predict" his death correctly.  At that point,
he will have no friends.

This may represent the ultimate in compartmentalization of information:
Nobody knows more than he needs to, to play his part in the whole
arrangement.  Nobody can turn anyone else in, or make a mistake that
identifies the other participants.  Yet everyone can verify that the
"game" is played "fairly":  The predictor gets his money, as the donors
desire.  Potential future predictors are satisfied (in a mathematically
provable fashion) that all previous successful predictors were paid
their full rewards, in a manner that can't possibly be traced.  The
members of the public are assured that, if they choose to make a
donation, it will be used as promised.

This leads me to a bold assertion:  I claim that, aside from the
practical difficulty  and perhaps, theoretical impossibility of
identifying either the donors or the predictor, it is very likely that
none of the participants, with the (understandable) hypothetical
exception of a "predictor" who happens to know that he is also a
murderer, could actually be considered "guilty" of any violation of
black-letter law. Furthermore, none of the participants including the
central organization is aware, either before or after the "prediction"
comes true, that any other participant was actually in violation of any
law, or for that matter would even know (except by watching the news)
that any crime had actually been committed.

After all, the donors are merely offering gifts to a person who makes a
successful prediction, not for any presumed responsibility in a killing,
and the payment would occur even if no crime occurred. The organization
is merely coordinating it all, but again isolating itself so that it
cannot know from whom the money comes, or to whom the money eventually
is given, or whether a crime was even committed. (Hypothetically, the
"predictor" could actually be the "victim," who decides to kill himself
and "predict" this, giving the proceeds of the reward to his chosen
beneficiary, perhaps a relative or friend.  Ironically, this might be
the best revenge he can muster, "cheating the hangman," as it were.)

In fact, the organization could further shield itself by adopting a
stated policy that no convicted (or, for that matter, even SUSPECTED)
killers could receive the payment of a reward.  However, since the
recipient of the reward is by definition unidentified and untraceable
even in theory, this would be a rather hollow assurance since it has no
way to prevent such a payment from being made to someone responsible.

[end of part 3]

[part 4]

In part 3, I claimed that an organization could quite legally operate,
assisted by encryption, international data networking, and untraceable
digital cash, in a way that would (indirectly) hasten the death of named
people, for instance hated government employees and officeholders.  I
won't attempt to "prove" this, for reasons that I think will be obvious.
First, even if such operation were indeed "legal," that fact alone would
not stop its opponents from wanting to shut it down.  However, there is
also another way of looking at it:  If this system works as I expect it
would, even its claimed "illegality" would be irrelevant, because it
could operate over international borders and beyond the legal reach of
any law-abiding government.

Perhaps the most telling fact, however, is that if this system was as
effective as it appears it would be, no prosecutor would dare file
charges against any participant, and no judge would hear the case,
because no matter how long the existing list of "targets," there would
always be room for one or two more.  Any potential user of this system
would recognize that an assault on this system represents a threat to
its future availability, and would act accordingly by donating money to
target anyone trying to shut it down.

Even so, I think I should address two charges which have been made,
apparently quite simplistically, claiming that an implementation of this
idea would violate the law.  Specifically:  "Conspiracy to commit
murder" and "misprision of felony."

As I understand it, in order to have a "conspiracy" from a criminal
standpoint, it is necessary to have at least two people agree to commit
a crime, and have some overt act in furtherance of that crime.

  Well, this charge already "strikes  out" because in the plan I
described, none of the participants _agrees_ with ANYONE to commit a
crime.  None of the participants even informs anyone else that he will
be committing a crime, whether before or after the fact.  In fact, the
only crime appears (hypothetically; this assumes that a crime was
actually committed) to be a murder committed by a single individual, a
crime unknown to the other participants, with his identity similarly
unknown.

Remember, the "prediction" originally sent in by the predictor was fully
encrypted, so that the organization (or anyone else, for that matter)
would be unable to figure out the identity of the person whose death was
predicted, or the date on which it was predicted to occur.  Thus, the
organization is incapable of "agreeing" with such a thing, and likewise
the donors as well.  Only if the prediction later came true would the
decrypt key arrive, and only then would the organization (and the
public) be made aware of the contents. Even then, it's only a
"prediction," so even then, nobody is actually aware of any crime which
can be associated with the predictor.

"Misprision of Felony"

This crime, sort of a diluted form of "accessory before and/or after the
fact," was claimed to qualify by "Tim of Angle," who subsequent to my
answer to him on this subject has totally failed to support his initial
claim.   (a recent curiosity is that this crime is one that has been
charged against Michael Fortier, the person who claims he helped OKC
bombing suspect Tim McVeigh "case the joint" at the Federal building.)

I include it here, nevertheless, because his simplistic (and un-careful)
reading of my idea led him to perhaps the "closest" law that one might
allege that the participants would have broken. Tim claimed:

TOA> No. That's called "misprision of felony" and makes you an accessory
TOA> before the fact. Arguably, under the felony murder rule you could get
TOA> capital punishment in a state that has such.

However, I did a little library research, checking Black's Law
Dictionary.  Here is the entry for this item: "Misprision of felony. The
offense of concealing a felony committed by another, but without such
previous concert with or subsequent assistance to the felon as would
make the party concealing an accessory before or after the fact. United
State s v. Perlstein, C.C.A.N.J., 126 F.2d 789, 798. Elements of the
crime are that the principal committed and completed the felony alleged,
that the defendant had full knowledge of that fact, that the defendant
failed to notify the authorities, and that defendant took an affirmative
step to conceal the crime.  U.S. v. Ciambrone, C.A. Nev., 750 F.2d 1416,
1417.  Whoever, having knowledge of the actual commission of a felony
cognizable by a court of the United States, conceals and does not as
soon as possible make known the same to some judge or other person in
civil or military authority under the United States, is guilty of the
federal crime of misprision of felony. 18 U.S.C.A 4." See also
Obstructing Justice. ++++++++++end of Black's law Dictionary Entry

The only "element" of this crime which is arguably satisfied is the
first: Some person (_other_than_ the defendant for "misprision of
felony") committed a crime.  The second element fails miserably: "...
that the defendant had full knowledge of that fact... " My previous
commentary makes it clear that far from "full knowledge of that fact,"
other participants are carefully prevented from having ANY "knowledge of
that fact."

The third element, "..that the defendant failed to notify the
authorities..." is also essentially non-existent: No other participants
have any information as to the identity of a predictor, or his location,
or for that matter whether he has had any involvement in any sort
of
crime.  In fact, it would be possible for each of the other partiipants to
deliver (anonymously, presumably) 
copies of all correspondence
they have sent, to the police or other agency, and that correspondence
would not help the authorities even slightly to identify a criminal or
even necessarily a crime.

In fact, normal operation of this organization would be to publicize
"all" correspondence it receives, in order to provide feedback to the
public to assure them that all participants are fulfilling their
promises and receiving their rewards. This publication would presumably
find its way to the police, or it could even be mailed to them on a
regular basis to prevent any suggestion that the organization was
"fail[ing] to notify authorities." Nevertheless, none of this material
could help any authorities with their investigations, to their dismay.

The fourth and last element of the crime of "misprision of felony",
"...and that defendant took an affirmative step to conceal the crime,"
would totally fail.  The organization would not " conceal" the crime. In
fact, it will have no ability to do anything to the contrary, if for no
other reason that it _has_ no knowledge of the crime!  And as described
above, it would carefully avoid having access to any information that
could help solve the crime, and thus it would escape any obligations
along these lines.

Summary:

In hindsight, it is not surprising that such an organization could
operate legally within the US, although at least initially not without
political opposition.  First, this is at least nominally supposed to be
a "free country," which should mean that police and other authorities
aren't able to punish behavior just because they don't like it.

Secondly, it is obvious that most laws today were originally written
during an era in which laws assumed that "conspirators" at least knew
each other, had met each other, could identify each other, or had (at
least!) talked to each other. On the contrary, in my scenario none of
the participants even know on what continent any of the others reside,
let alone their country, city, or street.  They don't know what they
look like, sound like, or for that matter even "type like":  None of
their prose, save a few sparse "predictions," ever get communicated to
anyone else, so even text-comparison programs would fail to "target"
anyone.

Equally surprising (to those who originally wrote the laws against
"conspiracy") would be "Person A's" ability to satisfy himself that
"Person B" deserves the award, without knowing that "Person B" is (or is
not) actually responsible for a particular death.
[end of part 4]

[part 5]

In the previous four notes on the subject of Digitaliberty, I've
suggested that this concept (collecting anonymous donations to, in
effect, "purchase" the death of an un-favorite government employee)
would force a dramatic reduction of the size of government at all
levels, as well as achieving what will probably be a "minarchist"
(minimal government) state at a very rapid rate. Furthermore, I pointed
out that I thought that this effect would not merely affect a single
country or continent, but might in fact spread through all countries
essentially simultaneously.

But in addition to such (apparently) grandiose claims, it occurs to me
that there must be other changes to society that would simultaneously
occur with the adoption of such a system.  After all, a simplistic view
of my idea might lead one to the conclusion that there would be almost
no governmental structure left after society had been transformed.
Since our current "criminal justice system" today is based totally on
the concept of "big government," this would lead a naive person to
wonder how concepts such as "justice," "fairness," "order," and for that
matter protection of individual rights can be accomplished in such a
society.

Indeed, one common theme I've seen in criticisms of my idea is the fear
that this system would lead to "anarchy."  The funny thing about this
objection is that, technically, this could easily be true.  But
"anarchy" in real life may not resemble anything like the "anarchy"
these people claim to fear, which leads me to respond with a quote whose
origin I don't quite remember:

"Anarchy is not lack of order.  Anarchy is lack of ORDERS."

People presumably will continue to live their lives in a calm, ordered
manner.  Or, at least as calm and ordered as they WANT to.  It won't be
"wild in the streets," and they won't bring cannibalism back as a
national sport, or anything like that.

It occurs to me that probably one of the best ways to demonstrate that
my idea, "assassination politics" (perhaps inaptly named, in view of the
fact that its application is far greater than mere politics), would not
result in "lack of order" is to show that most if not all of the
DESIRABLE functions of the current so-called "criminal justice system"
will be performed after its adoption.  This is true even if they will be
accomplished through wholly different methods and, conceivably, in
entirely different ways than the current system does.

I should probably first point out that it is not my intention to
re-write the book of minarchist theory.  I would imagine that over the
years, there has been much written about how individuals and societies
would function absent a strong central government, and much of that
writing is probably far more detailed and well-thought-out  than
anything I'll describe here.


One reason that ALMOST ANY "criminal justice system" would be better and
more effective than the one we currently possess is that, contrary to
the image that officialdom would try to push, anyone whose job depends
on "crime" has a strong vested interest in _maintaining_ a high level of
crime, not eliminating it.  After all, a terrorized society is one that
is willing to hire many cops and jailers and judges and lawyers, and to
pay them high salaries.  A safe, secure society is not willing to put up
with that.  The "ideal" situation, from the limited and self-interested
standpoint of the police and jailers, is one that maximizes the number
of people in prison, yet leaves most of the really dangerous criminals
out in the streets, in order to maintain justification for the system.
That seems to be exactly the situation we have today, which is not
surprising when you consider that the police have had an unusually high
level of input into the "system" for many decades.

The first effect of my idea would be, I think, to generally eliminate
prohibitions against acts which have no victims, or "victimless crimes."
Classic examples are laws against drug sales and use, gambling,
prostitution, pornography, etc.  That's because the average
(unpropagandized) individual will have very little concern or sympathy
for punishing an act which does not have a clear victim.  Without a
large, central government to push the propaganda, the public will view
these acts as certainly not "criminal," even if still generally
undesirable by a substantial minority for a few years. Once you get rid
of such laws, the price of currently-illegal drugs would drop
dramatically, probably by a factor of 100.  Crime caused by the need to
get money to pay for these drugs would drop drastically, even if you
assume that drug usage increased due to the lowering of the price.

Despite this massive reduction in crime, perhaps as much as 90%, the
average person is still going to want to know what "my system" would do
about the residual, "real" crime rate.  You know, murder, rape, robbery,
burglary, and all that.   Well, in the spirit of the idea, a simplistic
interpretation would suggest that an individual could target the
criminal who victimizes him, which would put an end to that criminal
career.

Some might object, pointing out that the criminal is only identified in
a minority of crimes. That objection is technically correct, but it's
also a bit misleading. The truth is that the vast majority of
"victim"-type crime is committed by a relatively tiny fraction of the
population who are repeat criminals.  It isn't necessary to identify
them in a vast majority of their crimes; statistically you'll eventually
find out who they are.

For example, even if the probability of a car thief getting caught, per
theft, is only 5%, there is at least a 40% probability of getting caught
after 10 thefts, and a 65% chance after 20 thefts.  A smart car-theft
victim would be happy to donate money targeting ANY discovered
car-thief, not necessarily just the one who victimized him.

The average car-owner would be wise to offer such donations
occasionally, as "insurance" against the possibility of his being
victimized some day:  An average donation of 1 cent per day per car
would constitute $10,000 per day for a typical city of 1 million cars.
Assuming that amount is far more than enough to get a typical car
thief's "friends" to "off" him, there is simply no way that a
substantial car-theft subculture could possibly be maintained.

Another alternative is that insurance companies would probably get into
the act:  Since they are going to be the financial victims of thefts of
their insured's property, it is reasonable to suppose that they would be
particularly inclined to deter such theft. It is conceivable that
current-day insurance companies would transmogrify themselves into
investigation/deterrence agencies, while maintaining their insurance
role, in view of the fact that they have the most to lose.  This is
particularly true because if "assassination politics" (as applied to
criminals and crime) comes about, they could then actually DO SOMETHING
about the problem, rather than merely reporting on the statistics to
their customers and stockholders.

Such companies would also have a strong motivation to provide a workable
system of rewards for solving crimes and identifying criminals, rewards
that (naturally enough!) can be given out totally anonymously.

While I would like to talk about the other advantage of this new kind of
justice, the fact that politicians and other government employees would
no longer have de-facto immunity in most cases, the reality is that
since we would no longer HAVE "politicians and other government
employees," to mention that advantage would be redundant.

The principle is valid, however: In today's system, you can have people
known to be guilty of crimes, but not prosecuted because they are part
of "the system."  Classic examples would be heroes of the right (Oliver
North) and heroes of the left (Jim Wright) who either escape prosecution
or conviction for "political" or "bureaucratic" reasons.  With
"assassination politics" that would simply never happen.

[end part 5]

Assassination Politics Part 6

A frequent initial belief among people who have recently heard of my
"assassination politics" idea is the fear that this system will somehow
be "out of control":  It would end up causing the death of ordinary,
"undeserving" people.

This system, however, will not be without its own kind of "control."
Not a centralized control, decideable by a single individual, but a
decentralized system in which everyone gets an implicit "vote."   A good
analogy might be to consider a society in which everyone's house
thermostat is controlled to operate at a temperature which is set for
the entire country.  Each person's control input is taken as a "vote,"
whether to get hotter, colder, or to stay the same temperature.  The
central control computer adjusts the national setpoint temperature in
order to equalize the number of people who want the temperature colder
and hotter.  Each house is at the same, nationally-set temperature,
however.  Clearly, no one individual is in control of the setting.
Nevertheless, I think it would be generally agreed that this system
would never produce a REALLY "off the wall" temperature setting, simply
because so many people's inputs are used to determine the output.  Sure,
if a group of 10,000 kids decided (assisted by the Internet) together
to screw with the system, and they all set their houses' thermostat
inputs to "hotter," they could SLIGHTLY increase the overall setting,
but since there are probably about 100 million separate dwellings in the
US, their fiddlings will be drowned out by the vast majority of the
population's desires.  Is this system "out of control"?  True, it is out
of the "control" of any single individual, but nevertheless it is well
within the control of the population as a whole.

It turns out that "assassination politics" actually has a rather similar
control mechanism which, like the one I've described above.  First, I've
pointed out that if I were to operate a centralized system such as this,
I'd only accept donations naming people who are in violation of the
"Non-Initiation Of Force Principle" (NIOFP), well known to libertarians.
By this standard, government employees (who have accepted paychecks paid
for with funds stolen from citizenry by taxes) and criminals whose
crimes actually had a victim would be included.  Let's call this
hypothetical organization "Organization A," or OrgA for short.

True, somebody else might be a little less scrupulous, accepting
donations for the termination of ANYBODY regardless of whether he
"deserves" his fate. (Hypothetically, let's call them, "Organization B,"
or OrgB, for short.) However, I suggest that if it were explained to
most  potential donors (who, I suggest, would have "typical" levels of
scruples)  that if he patronizes OrgB, his interests wouldn't be
protected.  For example,  OrgB (if it survives and thrives) might later
come back to target HIM, because of some other donor.  OrgA would not.
Naturally, our "ethical" donor doesn't want this, so he would choose to
give his donation to the most "ethical" organization who will accept it.
This maximizes the benefit to him, and minimizes the potential harm.

Since BOTH organizations will accept donations for "deserving" victims,
while only OrgB will accept them for "just anybody," it is reasonable to
conclude that (capitalism being what it is) OrgB's rates (the percentage
of the price it keeps as profit) can be and will be higher for  its
donations. (that's because there is less competition in its area of
specialization.)  Thus, it would be more economical to target
"deserving" people through OrgA , and thus donors will be drawn to it.
In addition, OrgA  will become larger, more credible, believeable and
trustworthy, and more potential "guessors" (assassins?) will "work" its
system, and for lower average potential payments.  (all else being
equal.)  Even so, and ironically, the average donation level for people
listed by OrgA would likely be higher, since (if we assume these are
"deserving" people) more people will be contributing towards their
demise.

After all, if a potential donor wants to "hit" some government bigwig,
there will be PLENTY of other donors to share the cost with.  Millions
of donations of $1 to $10 each would be common and quite economical.  On
the other hand, if you just selected a target out of the telephone
directory, an "undeserving" target, you'll probably be the only person
wanting to see him dead, which means that you'll probably have to foot
the whole bill of perhaps $5K to $10K if you want to see any "action."
Add to that OrgB 's "cut," which will probably be 50%, and you're
talking $10K to $20K.   I contend that the likelihood of this kind of
thing actually happening will be quite low, for "undeserving victims."

Now, the die-hards among you will probably object to the fact that even
this tiny residual possibility is left.  But consider:  Even _today_ it
would be quite "possible" for you to pick a name randomly out of a list,
find him and kill him yourself.   Does this frequently happen?
Apparently not.  For just one thing, there's no real motive.  Unless you
can show that the application of "assassination politics" would
dramatically increase the likelihood of such incidents, I suggest that
this "problem" will likely not be a problem after all.

For a while, I thought that the "lack of a motive" protection was
momentarily overturned by a hypothetical:  I thought, suppose a person
used this system as part of a sophisticated extortion scheme, in which
he sends an anonymous message to some rich character, saying something
like "pay me a zillion dollars anonymously, or I put out a digital
contract on you."   For a while, this one had me stumped.  Then, I
realized  that an essential element in this whole play was missing:  If
this could be done ONCE, it could be done a dozen times .  And the
victim of such an extortion scheme has no assurance that it won't happen
again, even if he pays off, so ironically he has no motivation to pay
off the extortion.  Think about it:  The only reason to make the payment
is to remove the threat.  If making the payment can't guarantee to the
target that the threat is removed, he has no reason to make the payment.
And if the target has no reason to make the payment, the extortionist
has no reason to make the threat!

Another, related (and equally simplistic) fear is that political
minorities will be preferentially targeted.  For example, when I pointed
out that "establishment" political leaders would probably "go" quite
quickly, one wag suggested to me that "libertarian leaders" could
likewise be targeted.  Such a suggestion reflects a serious
misunderstanding of political philosophy, and libertarians in
particular:  I consider it obvious (to me, at least) that libertarians
NEED no leaders.  (You don't need leaders if you don't want to control
a population, or achieve political power.  The only reason libertarians
"need" leaders today is to take places in the government and (then) to
shut it down.)   And if my idea is implemented, "libertarian leaders"
represent no more of a threat to anyone than the average libertarian
citizen.

Fully recognizing this, another (and far more credible) person thought a
while, and in a proud revelation suggested that one way that the
establishment would "fight back" is to convert to a government that is
based on fully decentralized authority, as opposed to the leader-centric
system we have today.  Such a system could not be attacked by killing
individual people, any more than you can kill a tree by pulling off a
single leaf.  His "solution" was, in effect, to totally disband the
current government and turn it over to the public at large, where it
would be safe from "attack."  My smile reminded him that he had, in
effect, totally re-invented my original idea:  My goal is a highly
de-centralized system that is not controlled by a tiny fraction of the
population in a structure called a "government," essentially identical
to his idea.  So in effect, the only way the government can survive is
to totally surrender.  And once it surrenders, the people win.  And in
practice, it will have no alternative.


Will this idea be "out of control"?  To a great extent, that depends on
what your definition of the word, "control," is.   I have come to
believe that "assassination politics" is a political Rorshach (ink-blot)
test:  What you think of it is strongly related to your political
philosophy.

[end part 6]






From jimbell at pacifier.com  Wed Feb  7 16:44:56 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 08:44:56 +0800
Subject: Ooops!  Sincerest apologies.
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I just sent out a copy of my essay as a response to an inquiry, and  
inadvertently posted it here, too.  My sincerest apologies; I intended to 
delete the list from the private email.

Much sorry.

Jim Bell


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRfpZ/qHVDBboB2dAQHblAQApam8DgJPK/rnXUnfT47SrdYFLxpCPiFd
/DdQpCikjAIJtwGRDcHm7w3RBKiMzIOQ9rGuXF/FH9Q2pfWQ3DAK4RMNTNwC/0Hf
2fAJzz1psmlZ4EhPrX6qSyJi5fv1anKFe27GnGdE2nXA8sjOwH4Xg7x+/9dPKr9O
qsgu8E4bwAY=
=IFXd
-----END PGP SIGNATURE-----






From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 17:10:18 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 09:10:18 +0800
Subject: Electronic Grille Cipher?
Message-ID: <01I0XYMD1VIOA0UX5L@mbcl.rutgers.edu>


From:	IN%"WlkngOwl at UNiX.asb.com"  "Deranged Mutant"  6-FEB-1996 23:44:39.08

>> 	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
> to some parts of the Archives discussing it. However, the main objection to

What part of the archives?
----------------
	Good question. I looked then wiped the information (the word processor
I use to take notes has a limited amount of memory). Lewis?
----------------

>That's a good solution.  Another idea might be to stego the 
accounting info (real info ;) inside one of pictures using a similar 
method.... in some ways this method is better suited for stego since 
it becomes lunacy for the cops to insist that every picture or 
audiofile  you have has something or many things hidden... (unless 
they've been watching you and know you keep accessing your jodi 
foster pix after a client visits you...)
--------------
	Yes, although that also increases the diffficulty involved and the
space required (like using my highly-multiple-messages idea). I can see both
methods having their points. However, you'd still need to have _some_ pictures
that had info that you were willing to release, otherwise they'd just find the
stego program and convince a judge that you were lying and defying the search
warrant/court order when you claimed you hadn't used it.
	-Allen





From lmccarth at cs.umass.edu  Wed Feb  7 17:18:38 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Thu, 8 Feb 1996 09:18:38 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: 
Message-ID: <199602060736.CAA10630@opine.cs.umass.edu>


attila writes:
> 	come on Lewis...  where's the sight  address? 

Project Genesis  forwarded:
> > > >http://www.[I don't plan to help them].com 

I didn't obfuscate the URL; that was done by the person who forwarded the
message to list-managers (where I saw it). Maybe you can find it with Alta
Vista. Since they were apparently spamming mailing lists, maybe someone has
already pulled the plug on them.

-Lewis	"Despite all my rage, I am still just a rat in a cage" -Smashing P'kins





From lmccarth at cs.umass.edu  Wed Feb  7 17:20:37 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Thu, 8 Feb 1996 09:20:37 +0800
Subject: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: 
Message-ID: <199602060747.CAA10602@opine.cs.umass.edu>


attila writes:
> 	on a little more serious point; the use of multiple high
>     bandwidth proxies is fast becoming essential 
[...]
>     The only clinker is 
>     the big sites are startig to require registration with legal warnings 
>     --next of course is payment and they want a credit card --not a check
>     or cybercash --a credit card for open debit. 

This makes it harder for transitory proxies, but not for fairly permanent
ones, I suspect. An outfit like C2 could presumably register with a corporate
credit card. Its proxy then carries connections paid-as-you-go with e$, or
paid in chunks in advance with a check.

-Lewis	"Despite all my rage, I am still just a rat in a cage" -Smashing P'kins





From wlkngowl at unix.asb.com  Wed Feb  7 17:22:55 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Thu, 8 Feb 1996 09:22:55 +0800
Subject: Marshall McLuhan and encryption...
Message-ID: <199602060846.DAA12400@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

jf_avon at citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada)) 
wrote:
>
>>  Nick's a big shot at Wired magazine.  So it should be no surprise 
>>  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
>>  a fake interview with "Wired's patron saint," Marshall McLuhan is 
>>  made to say (p 130): 
>> 
>>    Concerns about privacy and anonymity are outdated. Cypherpunks 
>>    think they are rebels with a cause, but they are really senti- 
>>    mentalists. 
>
>Well, maybe McL. would have spit such nonsense, very characteristical of him.
>
>"The media is the message" is among the biggests con jobs performed on humanity.
>It's like having a guy dying form thirst and telling him: "The pipe is the beverage"...

Actually, that is a common distortion of McLuhan.  When McLuhan said
that, he meant that the use of a medium (by "medium" he meant any 
technology)
communicated more than just its content.  What he found interesting was
the effect of a lot of people watching TV, the same channels at the same
time, as being meaningful itself, irregardless of what was on the TV.

He probably would not have been anti-crypto, IMO, and would have found
its widespread usage as signifying something... the cryptomedium would
be a message independent of the encrypted messages.

As for this crapola about privacy concerns being outdated, they are very
much up-to-date.  The traditional public/private distinction has quite a
few philisophical problems, but the concerns are more imporant now than
a hundred or a thousand years ago.

If anything, the crap that Nick pupports is what's outdated... the public
individual in the polis is long dead, in part because of mass media.
Note that traditional/modernist/existential conceptions were 
pro-identity.
Postmodern critiques are anti-identity; anonymous dividualism is a mode
of resistence to the "15-minutes-of-fame" hype.

Recommend you read Foucault's "Subject and Power" and Deleuze's
"Postscript on the societies of control".  [Oh yeah, the Wired people
did a nice spin calling Foucault an alt.sex.bondage neo-Stalinist.
Ad hominim attacks are wonderful, aren't they... but that's another 
thread]

[..]
>
>Dear Wired peoples and Mr. McLuhan: get lost!

Wired I wdn't miss. McLuhan? He's dead, and probably would have
thought crypto to be a good thing.  But it's just like a church to
fingerpuppet dead prophets into spouting the current dogma.  The
Wired people are too busy paying abblutions to McLuhan's shadow on
the cave walls.

[..]
>     He is partially right.  With Renaissance, came the idea that Reason and human mind 
>were powerfull and that knowledge, because man's only survival tool is reason, is a value 
>to pursue.  
>
>But french revolution did not convey theses ideas, neither
>did Napoleon.  And Hitler definitely not.   
>All of the three were, ultimately, collectivists or looters.

Yep. And McLuhan was actually an individualist, in the sense that
tribal societies are individualist.  There's a difference between
communitarianism and community, between socialism and sociability.

Rob.


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcVTCoZzwIn1bdtAQG09QGAkMfFQbAJaPY0YQhGPRhWcWb0xZ1omNCA
/4aHBk2F1Xy8pHR3yoADG7+f2sSBfgK4
=uuA5
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Wed Feb  7 17:23:14 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Thu, 8 Feb 1996 09:23:14 +0800
Subject: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <199602060726.CAA12115@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

cp at proust.suba.com (Alex Strasheim) wrote:
>> There's also less worry about secure transactions, since if 
>> everything's encrypted it's harder to tell if a transaction is taking 
>> place, viewing porno or subversive or religious, literature,  or if
>> you're just reading something mundane.
>
>I think I must be missing something here.  Aren't you describing an SSL 
>web server?  Different algorithms, but basically the same idea?

No. SSL doesn't encrypt everything, just certain transactions (or am I 
wrong about this?)  Something that keeps everything encrypted and 
anonymous.

>Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK 
>just got harder.

As opposed to the imaginary beta?



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcCsyoZzwIn1bdtAQEZYAF6Aql41weD0Dz+7aQbQ+OFyXeb8fPgoO9n
o/muL79oNXntntKcqmaqSHWsxz/VuTX1
=69yF
-----END PGP SIGNATURE-----





From karlton at netscape.com  Wed Feb  7 18:16:35 1996
From: karlton at netscape.com (Phil Karlton)
Date: Thu, 8 Feb 1996 10:16:35 +0800
Subject: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: 
Message-ID: <310F13E7.13AA@netscape.com>


Nathaniel Borenstein wrote:

> We have a few pages of C code that scan everything you type on a
> keyboard, and selects only the credit card numbers.  How easy is that to
> do with credit card numbers spoken over a telephone?
> 
> The key is large-scale automated attacks, not one-time interceptions.

This fact that the filtering can be done on the client side is nearly 
irrelevant. Most people do not hit enough keystrokes in a day to prevent sending 
the entire keyboard stream back to the filtering agent.

Since most folks do not spend most of their time typing in nonsense phrase, you 
could probably pick out the First Virtual account number also. With only a 
little more cleverness you can get the file containing private keys. With a few 
thousand tries through the stream you can decrypt that file using the user's 
pass phrase.

If you have the ability to change the software on the user's machine to 
something arbitrary, why bother stopping at something as "trivial" as a single 
credit card number.

PK
--
Philip L. Karlton			karlton at netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation







From rah at shipwright.com  Wed Feb  7 18:16:53 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 8 Feb 1996 10:16:53 +0800
Subject: Electronic Funds Clearing House?
Message-ID: 


Take a look at these guys...

http://www.efunds.com/welcome2.html

Now I know I can't use e-money.com. :-).

Anybody here heard of them?

Cheers,
Bob


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://www.tiac.net/users/rah/







From perry at piermont.com  Wed Feb  7 18:28:34 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 8 Feb 1996 10:28:34 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: 
Message-ID: <199602080107.UAA05667@jekyll.piermont.com>



jim bell writes:
[More Junk]

Look folks, I'm really sick about the debate about Jim's ideas about
"assassination politics". (My opinion about the idea isn't
transmittable under the Exon law so I couldn't say anything anyway).

This has gone off into political theory. Could we take it to private
mail or some such?

Perry





From wilcoxb at taussky.cs.colorado.edu  Wed Feb  7 18:29:30 1996
From: wilcoxb at taussky.cs.colorado.edu (Bryce)
Date: Thu, 8 Feb 1996 10:29:30 +0800
Subject: POTP gets good press
In-Reply-To: 
Message-ID: <199602080009.RAA16512@taussky.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Simon Spero
 " is alleged to have written:

> I guess I ought to try and find the article; I took this line in your 
> message to suggest that there was such a CA. Could you possibly type in 
> the relevant bit of the original article (though I suspect there's not 
> much in there anyway)


Sorry.  Here's what I originally said:

> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)"
> a la "Power One Time Pad" in which no keys are transmitted
> and multiple recievers magically decipher messages via
> built-in encryption devices.


And here's what I meant:


The central theme of the article, from a 'technical' point
of view, was that in the past there have been two kinds of
encryption in use, which the author calls "Link Level
Encryption", in which the sender transmits his key to the
receiver, and "Packet Level Encryption", in which the sender
transmits is key to a certificate authority which transmits
them to multiple receivers.


Now for starters the network layer is really independent of
key-distribution schemes, as far as I can see.  So I don't
know why the diagrams showing the two schemes
(sender->recipient vs. certificate authority) are labelled
"Link Level" and "Packet Level".  But we haven't even gotten
to the good stuff:


"Synchronized Random Key Generation", which shows a single
sender and multiple recipients transmitting securely
*without* having to do any key management!  Yee haw!


100% pure unrefined snake oil.


Okay I think I've made my point to the Editor In Chief on
the industry rag in question.  Hopefully they'll be
conscientious enough to print a retraction, or perhaps run
an article about the hazards of snake oil in the info
security industry.  :-)


Bryce


                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRk+evWZSllhfG25AQEuNgP/dEXVKJCff638xYs1j3NouaU9oDyrs4rK
c5carfnwYqC/97J0ntIpLRlX3bg9syg45Ubi8COAhozcX6olVZ2hqw6qNgfZIDN0
xbfiUEDsxAdc/K3ya0eeNhz0RGs8pzFFTrVJqTuVSpgqafDe9qS0RlXx1I0MZXig
29SgiKbjIE8=
=l+Og
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 18:41:06 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 10:41:06 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I	  wrong?
Message-ID: <01I0XZVXX20YA0UX5L@mbcl.rutgers.edu>


	I had been working on a series of questions/problems with the
Assasination Politics idea as initially presented, to be sent to Jim and to
people on the NWLIBERTARIANS list, as he requested, but you've kind of
preempted one of them.

From:	IN%"lunaslide at loop.com"  7-FEB-1996 06:57:58.30

>Further, I don't believe you have enough support for your claim that other
targets would not be sought.  It is one thing to say that enough people
won't vote for someone picked out of the phone book, but what if the
predicted individual is a doctor who performs abortions, or an activist for
gay rights (or *against* gay rights), or Bill Gates ;-).  There are also
the individuals who are trying to bring about change in society that is
unpopular, but is still in the interest of humanity.  Abraham Lincoln
surely would have been killed by this system, for example.  Also, big
corporations would be able to cut down their political enemies such as
envornment activists, fair business practice activists and competetors'
high ranking officers.  Even if only one person in charge of such a
business were to put out a digital contract, he would have no problem
suppling the money for the hit.  People who have tried to make changes for
humanity that went against the social norm at the time are revered today
for their efforts.  In this system, they would likely be assasinated.
Nothing would ever change because people are always afraid of change and
afraid of things they do not understand and the people who fight that
ignorance will likely be killed.  Your statement that Organization B, the
one that collects for any target, is not well supported.  They would still
be doing *plenty* of business, in spite of the higher prices.
-----------------
	Jim has the argument against the organization that collects for any
target that nobody'd want to support it because they'd be afraid of being
killed themselves by an unlimited organization. However, I am afraid that there
is the problem with this that another organization (let's call it C) could
spring up that used different principles than libertarian ones to decide which
contracts to take, but still had strict principles. Thus, someone who was not
violating those principles could use that organization without fear... and its
contracts would be lower in price, like Organization A's. One concrete example
would be the Christian Coalition, which I am certain has at least some
members who are fanatical enough to want to restart the Crusades and
Inquisition with conservative Protestantism rather than conservative
Catholicism. For instance, anyone doing research on abortifacient drugs or
methods could be targeted.



>Organization B would thrive, make no mistake.  And the people who would be
getting in on all the action are the rich.  All the politicians who oppose
their interests would be hit immediately.  Anyone trying to change the
status quo would be eliminated.  Why do you think we are still using
combustion engines in the last decade of the 20th century?  We could have
had better alternatives 20 years ago, but the oil companies would loose out
so they have either bought out these ideas or had killed the inventors and
bought their patents and are sitting on them.  A capitalist economy does
not always breed competition that brings out the best and most desireable
products because some advancements are bad for all the businesses involved
in that market.   Big business and the rich would benifit the most from the
Assination Politics model.
------------------------
	Umm.... as much as it seems otherwise, this is not ConspiracyPunks.
Actually, the involvement of wealth instead of votes (the first can be lost,
the second cannot) is an argument in _favor_ of Assasination Politics. I
generally have the objection to most anarcho-capitalist systems that the
average person does not have enough foresight to do the kind of banding
together most of them require. This one has the advantage of increased power to
the wealthy, who have enough foresight to gain their wealth (or at least
keep it, in the case of inheritance).
------------------------

>But what if OrgB stops taking donations for "predictions" for
"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
organization will crop up to take their place AND the people operating OrgB
could be hit for their "ethical" action.  There is simply too much
opportunity offered by OrgB type organizations for people to pass up.  They
will not let the higher prices stop them.

If the answer to that problem is to regulate the lists of "victims", then
the next question is who are these people who are regulating and what
guidelines are they following?  Who decides who gets to be the moderators?
Could there be exceptions to the (NIOFP)-offender standard?  Who would they
be and why?    Could the organizations be anonymous as well?  How would the
money be transmitted to them in that case?  How can we trust or redress
grivances with an organization?  There are still many concerns regarding
the organizations.  If the organizations fail, the whole system fails.
---------------------
	The organizations themselves can be perfectly anonymous, especially
with some improvements onto the basic system that I am considering (and
researching). One idea to keep things more honest would be a "deathstamping"
organization, which would be above-board and have the "legitimate" function of
ecash life insurance (I'll explain further later).
	-Allen





From ses at tipper.oit.unc.edu  Wed Feb  7 18:45:57 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Thu, 8 Feb 1996 10:45:57 +0800
Subject: POTP gets good press
In-Reply-To: <199602072228.PAA21832@nagina.cs.colorado.edu>
Message-ID: 


On Wed, 7 Feb 1996, Bryce wrote:

[original messsage]
> I, Bryce, wrote:
> ...
> > certificate authority which transmits them to multiple
> ...
[reply to my reply] 
> But this would entail a certificate authority to prevent
> MITM attack, right?  The article clearly claimed that POTP

I guess I ought to try and find the article; I took this line in your 
message to suggest that there was such a CA. Could you possibly type in 
the relevant bit of the original article (though I suspect there's not 
much in there anyway)






From jya at pipeline.com  Wed Feb  7 18:46:11 1996
From: jya at pipeline.com (John Young)
Date: Thu, 8 Feb 1996 10:46:11 +0800
Subject: POTP gets good press
Message-ID: <199602072251.RAA25348@pipe2.nyc.pipeline.com>


Robert "Bob" Harvey once hung out at BBN. Maybe he is the one 
who seeks slick-kill ripoff with aptly snake-oily-named 
Internet Security Corp., which may be telephoned at 
617-863-6400.


POTP was pummeled last fall on c'punks. For the latest 
lubrications see:


     URL: http://www.elementrix.co.il/home.html


Audacious marketing, these NatSec privatizing firms, and the 
log-rollers for USMA and SAIC, preaching dire threats, 
promising if-you-knew-what-we-knew security, info-warrioring 
fundamentalism.








From zinc at zifi.genetics.utah.edu  Wed Feb  7 18:46:17 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Thu, 8 Feb 1996 10:46:17 +0800
Subject: Type I capabilities added to mix@zifi.genetics.utah.edu
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

howdy folks,

the purpose of this message is to announce the addition of Type I
capabilities to the remailer at mix at zifi.genetics.utah.edu.
mix at zifi.genetics.utah.edu now supports the standard cpunk commands.

here's the section of the help file that pertains to the Type I
remailer, the whole help file available by sending a message to
mix at zifi.genetics.utah.edu with Subject: remailer-help.

the Type I remailer is Matt Ghio's code.  all commands are supported
EXCEPT usenet posting which would probably just get me in trouble.

the pgp key for the remailer is included in the message below.  in
addition, you can obtain the key by fingering
remailer at zifi.genetics.utah.edu. 

the whole help file is also available by fingering
mixmaster at zifi.genetics.utah.edu.

thanks,

- -patrick finerty


		  Part II - Type I remailer features

I have an automated mail handling program installed here which will take
any message with the proper headers and automatically re-send it anonymously.
You can use this by sending a message to mix at zifi.genetics.utah.edu, with the
header Anon-To: containing the address that you want to send anonymously to.
(Only one recipient address is permitted.)  If you can't add headers to your
mail, you can place two colons on the first line of your message, followed
by the Anon-To line.  Follow that with a blank line, and then begin your
message.  For Example:

> From: joe at site.com
> To: mix at zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth at univ.edu
>
> This is some anonymous mail.

The above would be delivered to beth at univ.edu anonymously.  All headers in
the original message are removed, with the exception of the Subject (and
Content-Type, if present).  She would not know that it came from Joe, nor
would she be able to reply to the message.

However, if Beth suspected that Joe had sent the message, she could compare
the time that the message was received with the times that Joe was logged
in.  However, this problem can be avoided by instructing the remailer to
delay the message, by using the Latent-Time header:

> From: joe at site.com
> To: mix at zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth at univ.edu
> Latent-Time: +1:00
>
> This is some anonymous mail.

The above message would be delayed one hour from when it is sent.  It is also
possible to create a random delay by adding an r to the time (ie +1:00r),
which would have the message be delivered at a random time, but not more
than an hour.

Another problem is that some mailers automatically insert a signature file.
Of course, this usually contains the senders email address, and so would
reveal their identity.  The remailer software can be instructed to remove
a signature file with the header "Cutmarks".  Any line beginning with the
same text at in the cutmarks header, and any lines following it will be
removed.

> From: sender at origin.com
> To: mix at zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: recipient at destination.com
> Cutmarks: --
>
> This line of text will be in the anonymous message.
> --
> This line of text will not be in the anonymous message.

You can add additional headers to the output message by preceeding them
with ##

> From: chris at nifty.org
> To: mix at zifi.genetics.utah.edu
> Subject: Nifty Anon Msg
>
> ::
> Anon-To: andrew at hell.edu
>
> ##
> Reply-To: acs-314159 at chop.ucsd.edu
>
> A Message with a reply address.

By seperating messages with cutmarks, you can send more than one message
at once:

> From: me at mysite
> To: mix at zifi.genetics.utah.edu
> Subject: message 1
>
> ::
> Anon-To: recipient1 at site1.org
> Cutmarks: --
> 
> Message one.
> --
> ::
> Anon-To: recipient2 at site2.org
> 
> ##
> Subject: message 2
> 
> Message two.

The two messages will be delivered seperately.

For added security, you can encrypt your messages to the remailer with PGP.
The remailer software will decrypt the message and send it on.  Here is the
remailer's public key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEY6mQAAAEEAMqdj6BCAb95C7KDM7UWTieGdCWVNmI8sKcDdX5JIyBWGo7Y
hKnxF3OgO+sTxjeeabCG8xWHNe9w8CzXPbOBE3soEedvY+FqaRBYdO8a3Eex4nSp
WomnKtcKcBet7G93PErGf4srEwR1OqMRsi+1CbDayNSu6IDU2P69KCmvu47hAAUR
tCpsZWFkIHJlbWFpbGVyIDxtaXhAemlmaS5nZW5ldGljcy51dGFoLmVkdT6JAJUD
BRAxGOraTdCj+UbQAfkBAVu9A/4kPaTN84+giuDkeiqbwTRMGAUQZ3N65hSR6snt
cQp3cvpY30d4i8r3PiBR+5LUAsO/vrrGGyW106X/PHKQpb2lJ5SbcoJ+fMhMcBFc
/UPxkwJGbcc7ftBkrIUNVetPik8PoRTlzgbBSypv97HiApYdZc6fKr2NuLv8OhmG
fdWcEYkAlQMFEDEY6oX+vSgpr7uO4QEBoUMD+wfpS5YhYHfVp37iklOSYhQdzpcl
pefg/RxgroWMWMzLYCeMvcoqlCIEznfYA8fSEPsmVDH22lQvZaLSbXM5WQ1gpZsE
6qR5SicFI9oX5ciVa2M+KgH3sxwS9TDFqcWBSgSnWPHzDT1oUBI/PLI2k/FGN5Hq
rbYH2gPobLez9N9z
=ms21
- -----END PGP PUBLIC KEY BLOCK-----


To utilize this feature, create a message with two colons on the first line,
then the Anon-To line, then any other headers, such as cutmarks or latency,
then a blank line, and then the message.  Encrypt this with the remailer's
public key.  Then send it to the remailer, adding the header "Encrypted: PGP".
If you forget this, the remailer won't know that it needs to be decrypted.
Also be sure to use the -t option with PGP, or the linefeeds might not be
handled properly.

> To: mix at zifi.genetics.utah.edu
> From: me at mysite.org
>
> ::
> Encrypted: PGP
>
> -----BEGIN PGP MESSAGE-----
> Version: 2.3a
>
> hIkCuMeAjnwmCTUBA+dfWcFk/fLRpm4ZM7A23iONxkOGDL6D0FyRi/r0P8+pH2gf
> Hai4+1BHUhXDCW2LfLfay5JwHBNMtcdbgXiQVXIm0cHM0zgf9hBroIM9W+B2Z07i
> 6UN3BDhiTSJBCTZUGQ7DrkltbgoyRhNTgrzQRR8FSQQXSo/cf4po0vCezKYAAABP
> smG6rgPhdtWlynKSZR6Gd2W3S/5pa+Qd+OD2nN1TWepINgjXVHrCt0kLOY6nVFNQ
> U7lPLDihXw/+PPJclxwvUeCSygmP+peB1lPrhSiAVA==
> =da+F
> -----END PGP MESSAGE-----

Any unencrypted text after the PGP message is also remailed.  This is to
allow sending to someone who is anonymous.  If you create a PGP-encrypted
message to yourself via my remailer, and then you give it to someone, they
can send you a message by sending the encrypted message to the remailer.
The remailer will then decrypt it and send it to you.  The message gets
anonymized in the process, so the sender will need to include a return
address if he wants a reply.

Messages sent this way can be encrypted using the Encrypt-Key: feature.
Any text following a line beginning with ** will be encrypted with this
key.  For example, if you put in your PGP message:

> ::
> Anon-To: you at yourhost.org
> Encrypt-Key: your_password
> 
> **

The appended message after the ** will be encrypted with the key 
"your_password", using PGP's conventional encryption option.  


		     Part III - Common  Features


Can mix at zifi.genetics.utah.edu post to News?

No.  News posting is not supported at this time.


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- - Sending messages intended primarilly to be harassing or annoying.
- - Use of the remailer for any illegal purpose.
If you don't want to receive anonymous mail, send me a message, and I will
add your email address to the block list.



"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRkfF03Qo/lG0AH5AQFJ9gQAly+8Jko2cikOh254fcl/j2/ts7S/hgeR
IpLNGHbJlT4BQtFZT6JT/e6cuijVt5x2u6pBVphRpAp/om033mwgIcMwYnIvDMEo
ijnxb6dskrdQf6zV9lRV7HJ4izIX85btI41e9VNDrIT/VVgsJ/MVPYYfB6xNdM9h
UbzGt/x9I58=
=AG+5
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Wed Feb  7 19:06:56 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 11:06:56 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


At 11:05 PM 2/6/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"ravage at ssz.com"  "Jim Choate"  6-FEB-1996 22:50:35.24
>
>>What is described is not self-defence by any stretch of the imagination. It
>is a pre-meditated act which causes any plea of self-defence to fail.
>------------------
>	If someone has comitted serious enough violations of rights in the
>past, then I would call killing that person justified. First, it prevents any
>future violations of rights by that person. Second, it serves to discourage
>people if they know they can get killed if they do so. (I realize that
>capital punishment by governments doesn't appear to do much good, but the
>people in question- government agents, etcetera- are generally a bit different
>than the gang members who so regularly ignore prison sentences and the death
>penalty.) Third, and getting away from the self-defense argument, it is
>justice. The job of a government, if it has one, is to defend individual
>liberties. It is given privileges in order to enforce that. The abuse of such
>privileges should be met by death. (Yes, I would be in favor of changing
>current laws to remove sovereign immunity and institute a death penalty for
>governmental rights violations. Unfortunately, among the people subject to 
such
>a law are the ones making the laws.)

Thank you for such a well-written defense of my philosophy.

Clearly, the government is now out of effective control of the citizenry; it 
is hard for me to understand how anybody could fail to see this.  The system 
I describe, while it may appear to some to be extreme, is a sincere attempt 
to return control to the populace.


>------------------------
>
>>How many people have to decide that another should be killed for it to be
>ethical? In short, how many people does it take to decide it is a legitimate
>act to take your own life?
>----------------------
>	Why should "how many people" make a difference? If I violate someone's
>rights enough to justify such a course of action, then I should be dead 
even if
>everyone except the victim is cheering. Yes, I realize that Jim Bell's system
>does depend on a group of people. But so, in the end, do all such systems-
>whether they call themselves governments or anarcho-capitalist societies. If
>the Christian Coalition got too many people with guns in the latter, they'd
>rule.
>	Any further discussion would appear to belong in private email; I
>suspect that Jim Bell would appreciate a cc.
>	-Allen


Yes, please.  Frankly, Allen, it's a pleasure to see people really 
UNDERSTAND what I'm talking about!  You obviously do, better than mos
t.






From carlos at Conrad.Harvard.EDU  Wed Feb  7 19:14:00 1996
From: carlos at Conrad.Harvard.EDU (Carlos Perez)
Date: Thu, 8 Feb 1996 11:14:00 +0800
Subject: digital cash &c.
Message-ID: 



Has anyone heard any developments on the forthcoming Visa "Cash" cards? 
Release date or other info? (for those who haven't heard of it _is_ 
anonymous, can be refilled at ATMs. Supposedly in a test release in Atlanta.)

Has any attempt been made to remove the "munitions" classification from 
cryptographic materials. It seems a lot of our legal difficulties start 
there...





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 19:17:11 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 11:17:11 +0800
Subject: Edited Edupage 6 Feb 1996
Message-ID: <01I0Y0B1REJAA0UX5L@mbcl.rutgers.edu>


From:	IN%"educom at elanor.oit.unc.edu"  7-FEB-1996 14:51:59.08

COLLEGES WORRY ABOUT NEW LIABILITY FOR INTERNET CONTENT
The recent passage of the telecommunications reform bill has some college
administrators worried over new liability issues for educational
institutions that might unknowingly make "indecent" material available to
minors through their Internet access operations.  In addition, they've
expressed concern over potential First Amendment violations if they censor
the content too heavily.  "We have programs on campus about date rape,
unwanted pregnancy, and reproductive-health options, so I don't see how we'd
tolerate censorship of that kind of information in the electronic format,"
says the head of telecommunications at Carnegie Mellon University.
(Chronicle of Higher Education 9 Feb 96 A23)

----------------------
Edupage is written by John Gehl (gehl at educom.edu) & Suzanne Douglas
(douglas at educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

Technical support is provided by the Office of Information Technology,
University of North Carolina at Chapel Hill.

***************************************************************
EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc at educom.unc.edu and in the body of the message type: subscribe
edupage Willie Loman (assuming that your name is Willie Loman;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc at educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom at educom.unc.edu.)





From wilcoxb at nagina.cs.colorado.edu  Wed Feb  7 19:20:38 1996
From: wilcoxb at nagina.cs.colorado.edu (Bryce)
Date: Thu, 8 Feb 1996 11:20:38 +0800
Subject: POTP gets good press
In-Reply-To: 
Message-ID: <199602072228.PAA21832@nagina.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

I, Bryce, wrote:

> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)" 
> a la "Power One Time Pad" in which no keys are transmitted
> and multiple recievers magically decipher messages via
> built-in encryption devices.
> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?  Does anybody have any other


 An entity calling itself "Simon Spero
 " is alleged to have written:

> It could be doing something SKIP like; if the certificates are DH certs, 
> it could be using those to generate a shared secret, and combing that 
> with an IV to generate a key.
> 
> hard to tell from the article


But this would entail a certificate authority to prevent
MITM attack, right?  The article clearly claimed that POTP
did away with the necessity of key management completely-- 
a claim that I find only slightly more believable than a
patent application for a perpetual motion machine.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRkkNPWZSllhfG25AQG02QP/V5SKi0K0Ywj/wcqGVCF3SU9qqQbrHFKn
GCp/f5AoltP0ZTuZ46M6ObE7ER0rmzx8CQClqfZUBdj0IOXD1wlRwvppZASRiXms
BWxm3XLC/s9rcHH/CVKREinUKU0BK5Id+gnBQaR5D8dzE6PtEicoY5I9ZnGFSLUd
knGdNO3GqjY=
=xfpS
-----END PGP SIGNATURE-----





From stainles at bga.com  Wed Feb  7 19:21:58 1996
From: stainles at bga.com (Dwight Brown)
Date: Thu, 8 Feb 1996 11:21:58 +0800
Subject: DES for HP48 - found & thanks
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Public thanks to The Cunning Artificers who sent a response (by the ECafe
anonymous remailer) pointing to

ftp://ftp.csua.berkeley.edu/pub/cypherpunks/ciphers/des.hp48sx.gz

for the HP48 DES implimentation.

Apologies to everyone else for the extra noise.

==Dwight
-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBMRlUdIY4AzhdF11FAQETEgP6AhqRO6tMGAIpJNTdvuO/qqknpIpwI7fD
PW/yH4LAXCpqWkjUXJYmx2IXCFU4todUkxV4ZaTf62OzYfCrLeyZ5VRmBqFUhI3V
SjanPGq7v6gKX/ZNkpundvjGfBg9XqHLeafTaIarAcNI/73aNT/VgJwPu0lsB7Wq
7AdYiKFWI8A=
=e1C0
-----END PGP SIGNATURE-----







From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb  7 19:26:08 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 8 Feb 1996 11:26:08 +0800
Subject: Defeating untrustworthy remailers?
Message-ID: <01I0XZ00HV68A0UX5L@mbcl.rutgers.edu>


From:	IN%"wlkngowl at unix.asb.com"  "Deranged Mutant"  7-FEB-1996 00:44:18.29

>Here's another idea (don't laugh): to set up a system where mailing
lists and newsgroups have public keys that you can encrypt directly to.
Advantage for anonymous mail is that if a remailer is untrustowrthy,
there's still some security in the final remailing of the document.
------------------
	The newsgroups part of the idea has the problem that you've got to have
either a centralized place from which the newsgroup is run that has the private
key (a problem for controversial newsgroups, which are precisely the ones to
which people will tend to use remailers to post to), or lots of places having
the private key (an obvious problem from the cryptographic standpoint).
	-Allen





From nobody at REPLAY.COM  Wed Feb  7 19:36:01 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Thu, 8 Feb 1996 11:36:01 +0800
Subject: personal web proxy?
Message-ID: <199602080225.DAA25629@utopia.hacktic.nl>


Does anyone know whether there's a freely available web proxy available
anywhere? Even a "personal" one somewhere on my ISP's UNIX box would be a
simple way to beat superficial logging/resolution of my static IP.
Something like the Nutscapify or Canadianizer proxies, minus all the
blinking and "hoser, eh?" stuff.

Thanks.





From merriman at arn.net  Wed Feb  7 19:47:44 1996
From: merriman at arn.net (David K. Merriman)
Date: Thu, 8 Feb 1996 11:47:44 +0800
Subject: anti-CDA graphic
Message-ID: <2.2.32.19960207144440.0068abb8@arn.net>


I've put Gordon Campbell's anti-CDA graphic up on the CP ftp site, in the incoming directory. File name is nobabies.jpg

Dave Merriman-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From jordan at Thinkbank.COM  Wed Feb  7 20:03:54 1996
From: jordan at Thinkbank.COM (Jordan Hayes)
Date: Thu, 8 Feb 1996 12:03:54 +0800
Subject: digital cash &c.
Message-ID: <199602080259.SAA13025@Thinkbank.COM>


	> it _is_ anonymous ...

And then:

	> can be refilled at ATMs

You make a deposit or something?  How does the transaction clear?
When they finally look in the envelope, they credit the card?

Or do you mean just 'anonymous' between the user and the merchant?

/jordan





From lunaslide at loop.com  Wed Feb  7 20:11:47 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Thu, 8 Feb 1996 12:11:47 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I 	  wrong?
Message-ID: 


>At 03:43 AM 2/7/96 -0800, lunaslide at loop.com wrote:
>> Now, in respose to Mr. Bell.  As I stated above, I found your proposal
>> [assasination politics] absolutely facinating, to say the least.
>> [...]
>> However, I must point out, and I'm sure you realize this, that it would not
>> be adopted by the public at large for some time to come, or more likely
>> never.  There are too many people who believe that it is wrong to take a
>> life for any reason and that no action justifies death.
>
>This, of course, explains why war is impossible these days and why the public
>is outraged whenever the government executes a murderer.
>
>        :-)

A good point, however, people do get the strange idea that killing someone
in war is not murder.  They also get the idea that when the govt. executes
someone, that that is also not murder.  I know that that is a personal
opinion, but I know also that I am not alone in my belief and to overcome
the number of people who agree with me to make a system such as Mr. Bells'
feasable would not be possible (I hope!)  If such system did succeed, the
citizens who spoke out against it on an ethical basis would find themselves
targets!  I do hope that those who do agree with the death penalty are not
so callous that they would execute their fellow citizens for disagreeing
with them.  We are, after all, fellow citizens of this country.  We would
be right back to where we started, an Orwellian society living in the face
of fear for what we believe, and that is *not* freedom.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From tomservo at access.digex.net  Wed Feb  7 20:19:50 1996
From: tomservo at access.digex.net (Scott Fabbri)
Date: Thu, 8 Feb 1996 12:19:50 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: 


>At 01:48 PM 2/4/96 EST, Greg Broiles wrote:

>How about the circle-slash "no" symbol superimposed on the Constitution?

Hmm, I kind of went the other way. I have a gif of a baby carriage in the
standard red circle and slash. Anyone who wants it, feel free to use it.
Resize it, reshape it, share it with your friends. (I feel much better
about buying all that clip art now.)

It's at:

     http://www.access.digex.net/~tomservo/gif/no_kids.gif

Other suggestions? Feel free to e-mail me. I'll dig up what I can. (Next
up: the "PGP-friendly" logo. . .)

Scott

--
Scott Fabbri                                     tomservo at access.digex.net
Later. Later. I'm watching hockey.               Finger for PGP key.







From zinc at zifi.genetics.utah.edu  Wed Feb  7 20:25:08 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Thu, 8 Feb 1996 12:25:08 +0800
Subject: Type I capabilities added to mix@zifi.genetics.utah.edu
In-Reply-To: 
Message-ID: 


well,

here's is the PGP public key for the lead remailer 
 since it would require editing to add the 
key i sent in my previous, PGP signed mesg.

-pjf


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEY6mQAAAEEAMqdj6BCAb95C7KDM7UWTieGdCWVNmI8sKcDdX5JIyBWGo7Y
hKnxF3OgO+sTxjeeabCG8xWHNe9w8CzXPbOBE3soEedvY+FqaRBYdO8a3Eex4nSp
WomnKtcKcBet7G93PErGf4srEwR1OqMRsi+1CbDayNSu6IDU2P69KCmvu47hAAUR
tCpsZWFkIHJlbWFpbGVyIDxtaXhAemlmaS5nZW5ldGljcy51dGFoLmVkdT6JAJUD
BRAxGOraTdCj+UbQAfkBAVu9A/4kPaTN84+giuDkeiqbwTRMGAUQZ3N65hSR6snt
cQp3cvpY30d4i8r3PiBR+5LUAsO/vrrGGyW106X/PHKQpb2lJ5SbcoJ+fMhMcBFc
/UPxkwJGbcc7ftBkrIUNVetPik8PoRTlzgbBSypv97HiApYdZc6fKr2NuLv8OhmG
fdWcEYkAlQMFEDEY6oX+vSgpr7uO4QEBoUMD+wfpS5YhYHfVp37iklOSYhQdzpcl
pefg/RxgroWMWMzLYCeMvcoqlCIEznfYA8fSEPsmVDH22lQvZaLSbXM5WQ1gpZsE
6qR5SicFI9oX5ciVa2M+KgH3sxwS9TDFqcWBSgSnWPHzDT1oUBI/PLI2k/FGN5Hq
rbYH2gPobLez9N9z
=ms21
-----END PGP PUBLIC KEY BLOCK-----




"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 






From btmoore at iquest.net  Wed Feb  7 20:37:13 1996
From: btmoore at iquest.net (Benjamin T. Moore)
Date: Thu, 8 Feb 1996 12:37:13 +0800
Subject: Dealing with Credit Reporting Agencies...
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:31 AM 2/5/96 -0600, Karl Ike wrote:
>Attila: I'm not in the business of running or hiding. I'm just an average,
>everyday working guy that doesn't like credit reporting agencies, what they
>stand for or what they do for money. I didn't say that I was going to do
>this. I just had the idea! I don't have the knowledge or the money to spend.
>That doesn't mean that there is someone out there that would jump at the idea.
>
>I just don't like the idea that these assholes know more about me than my
>mother and sell my private and personal information to anyone for big bucks.
>My credit is fine, just ask my banker or better yet, my mom.
>
>I am assumming that you know far more people on the internet since I have
>only been on for a month and have done three e-mail. I'm just suggesting to
>get the idea out and someone will take the ball and run. Yes, they will be a
>hunted man, but not a US citizen. Someone out there with a laptop and a
>cellular, living on a cruise ship, just may enjoy the idea.
>
>Just me, Karl

Well Karl, It seems I missed your idea/solution in this post, however, some of 
us figured this out some years ago... I begin a campaign almost 10 years ago 
of feeding the computers false information about myself. I never use the Social
Insecurity Number assigned to me... I don't even give it to the Bank. This makes
for some rather dicey situations. I rarely use my real name or give out my real
phone number. At this point in my life... I have *NO* credit history. I currently 
have *NO* bank account. My goal is to be completely invisible to the system.
Yes I have had a few glitches in this plan from time to time... but I continue to 
work on it.

I just have never felt warm and fuzzy knowing that any government agency,
business, or whoever can get my personal information off a computer could come
knock on my door some dark night. If you're interested in fortifying your privacy,
I can give you a few pointers.

1.) Go to your local DMV and inform them you've had a change of address. I
     selected a high rise apartment building with 15 floors and selected an address
     on a non-existant 23rd floor. Getting your Driver's License address changed
     should cost less than $10.00.

2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
     nominal compared to the added privacy and security. The distinction between
     a mailbox and a Post Office Box is with a mailbox you have an actual street
     address. You can receive deliveries from UPS and Federal Express at a 
     mailbox. You can't at a P.O. Box.

3.) This part requires some skill... befriending a graphic artist is a good idea for 
     this one. But what you need is a phony work identification.  Pick a name! A 
     couple of "Pass Port Photos" and some lamination and you're good to go.

4.) Take your new persona down to your local utility companies and get the serv-
     ice switched to the name of your new persona. Even get your phone switched
     and have the number non-published. You'll be pleasantly surprised from now
     on, everytime your phone rings, it will be someone you really want to talk to.

5.) Go down to your local Post Office and file a change of address form. Use the
     address of your mailbox. Remember, most companies that provide Mailbox
     service, will need to see your drivers license... which of course now has a
     non-existant address on it.

You can take this as far as you want... Just doing these 5 things will give you a
sense of comfort and security you've probably not had in a long time. How does
this fit into cyperpunks and encryption? The philosophy is the same! What good
is it encrypting your messages to ensure your privacy when everything else is
exposed! It's a lot like an Ostrich burying his head in the sand to hide, but leaving
all his good parts exposed!

        Benjamin T. Moore, Jr.
        btmoore at iquest.net
        (Jian #AJF IRChat)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRlexoSAJOVFNaChAQFBCQf8Drm04x2YT5gZb8cklwep1eBVKxOMyVzn
/ZN3Tk+lKT05CAT0TCmHm+8oztqxWhgjMklYT228C5u4zvaF8ZrYvLxMp7RQPHvK
D2fSKdMGMs+pPvJxPUC5UXssoIsBS0W+i4dO5jDIj/MkXM4JFHsDHvFqr9Q7FqwE
Xr75lHjiNP4Gcv06WkVpJewJMaflP5zcrSam577/fbbCkYM6e4nhQPGdqdi83txM
hzvCs8cHalPa9UJGuSbIZObe1fAUkQMsVqEomXe5HuBzukJigwdqj4IK9SJixTVx
m0Fxf/W74j4lS1TXpqjCQoSD4EPRAleCYR6SFbqV/p0/cMYqv6kErA==
=4HYS
-----END PGP SIGNATURE-----






From lunaslide at loop.com  Wed Feb  7 21:11:54 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Thu, 8 Feb 1996 13:11:54 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


>jim bell writes:
>[More Junk]
>
>Look folks, I'm really sick about the debate about Jim's ideas about
>"assassination politics". (My opinion about the idea isn't
>transmittable under the Exon law so I couldn't say anything anyway).
>
>This has gone off into political theory. Could we take it to private
>mail or some such?

I think that it poses serious questions about anonymity and cryptography
and their uses, therefore it is a viable topic.  Just rm it if you don't
want to read about it.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From tcmay at got.net  Wed Feb  7 21:34:26 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 13:34:26 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: 



About all the proposed symbols and logos and ribbons....

I realize I often come across as a naysayer against collective efforts to
design logos, arm patches, flags, and other such tribal insignias...(:-}).

Logos and symbols have their place. The "Big Brother Inside" logo is a good
joke.

But mainly I think that we underestimate the value of _words_. Instead of
some cutesy logo, such as a red rose being run over by the "Valdez," a logo
which many people would not understand and would not be interested in
looking up an explanation for, why not simply include a couple of English
sentances _describing_ why the page has been censored, why adult material
has been removed, etc.? (This is the norm today, and I'm glad of it. I
don't relish looking at a Web page filled with inscrutably clever icons and
logos.)

Graphical icons are great, and worked well until writing was invented.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jimbell at pacifier.com  Wed Feb  7 23:25:19 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 15:25:19 +0800
Subject: Assassination Politics--isn't it gambling?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 06:00 PM 2/6/96 PST, banelaw at med.com wrote:
>Jim: as to "Assassination Politics."  Isn't the structure you describe
>gambling?  Placing money on a prediction, with the correct predictor
>winning? 

I guess that depends on the laws, doesn't it?    Seriously, though, since 
all the participants are anonymous, and it can all be done from overseas...

Somehow, though, I think politicians will take little solace from knowing 
that they are protected from death only by laws against gambling.

> And if so, isn't it illegal if done over the wires, i.e., federal
>commerce?  I'm not looking for a way to declare your scheme illegal, I'm
>just pointing out that there are other angles, especially if done over the
>wires.

I'd sure like to read a serious legal analysis of all this.  Maybe all the 
lawyers are too terrified to respond.


> I guess you could move the structure off shore--pity the poor country
>hosting such an entity!  If you were at all succesfull, the server accepting
>digital cash would be moving from place to place--remember pirate radio?

Presumably, the digital cash could be encrypted with the organization's 
private key, and published (anonymously) on a USENET area, in a way which is 
untraceable and unidentifiable.

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

Something is going to happen.   Something.......Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRlnY/qHVDBboB2dAQHJcQP/T8u6c5K3Idb5K8/ztBJWSqTQBPmvMlpR
y4GlRgOyIn11jnMX60p7ffselQwSF8mxM3BJv4O2ODr/KWwACeQoK9svWW30xSyF
0eSuFzHvOfrZLW3xvpTo1mMoxRCtYeUQZLZGLvU2G99P6GeWCPRhWbFfTQ1Q6aen
yiEOvB/DfUs=
=Aj2b
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Wed Feb  7 23:41:20 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 8 Feb 1996 15:41:20 +0800
Subject: Electronic Grille Cipher?
Message-ID: 


At 09:16 PM 2/6/96 EDT, E. ALLEN SMITH wrote:

>	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
>to some parts of the Archives discussing it. However, the main objection to
>this idea was that the cops would just do a search warrant for the second group
>of information. My solution to this is to have quite a few groups of
>information, which would admittedly make the spacing problem a bit hard.
>The following might be an example for someone of such a scheme:
>
[comparatively innocent stuff deleted]

>G. Your plans to violently overthrow the government (don't give).

Hmmmm...   That's odd.  I spam this stuff on USENET and FIDOnet 







From frantz at netcom.com  Wed Feb  7 23:44:35 1996
From: frantz at netcom.com (Bill Frantz)
Date: Thu, 8 Feb 1996 15:44:35 +0800
Subject: cipherpunk mail at Netcom.com
Message-ID: <199602080708.XAA26619@netcom7.netcom.com>


At 10:06 PM 2/4/96 -0800, Norman Hardy wrote:
>The list of addressees is made from the "From" fields that include
>"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
>last week. I have received no CP mail since then. Have you?

Now that dam seems to have broken (I have received over 250 messages in the
last four hours), perhaps I can ask, "What Happened?".

I, along with Norm and Lucky received no Cypherpunks traffic for about a
week from Februrary 1 to February 7.  During this period, we could not get
response from majordomo at toad.com.  I asked a friend in the east to ping
toad.com and request "help" from majordomo at toad.com.  He did and reported
no problems with either test.

I have sent a request to Netcom support for help with this problem, but
their automatic responder says the have a 2 week backlog of email! :-(. 
Perhaps I will get some information from them in a few weeks.

I have two questions: (1) Did people who are not at netcom.com or
ix.netcom.com experience this outage?  (2) Did people who ARE at netcom.com
or ix.netcom.com receive the normal level of traffic during this period? 
Please respond by private email and I will summarize for the list.

I my more paranoid moments, I wonder if this a practice denial of service
attack.  In any case, perhaps this post will explain some of the strange
posts we have been sending to cypherpunks this last week.  My appologies
for the noise.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz at netcom.com             Los Gatos, CA 95032, USA







From bmanning at whale.st.usm.edu  Wed Feb  7 23:55:30 1996
From: bmanning at whale.st.usm.edu (Ben Manning)
Date: Thu, 8 Feb 1996 15:55:30 +0800
Subject: pgp HELP!!!!!
Message-ID: <199602080921.DAA06403@darban.cc.usm.edu>


Dear users,

        I am an extremely new user to your list, and my interest for privacy
and encryption is extremely new, so please excuse me for this amatuer question.
Could someone please tell me where I could get a copy of PGP software (ftp site)
and the proper way to set it up for windows 3.1 or windows 95.


                                                                Thanks,



                                                                Ben






From attila at primenet.com  Thu Feb  8 00:09:46 1996
From: attila at primenet.com (attila)
Date: Thu, 8 Feb 1996 16:09:46 +0800
Subject: A temporal remailing (was: CDA = death of crypto)
In-Reply-To: 
Message-ID: 


On Wed, 7 Feb 1996 lunaslide at loop.com wrote:

> >
> >   BAD_nws
> 
> So the're going to arrest us all?  It's unconstitutional (of course!) and
> unenforcable.  It will have the same effect as Prohibition.
> 
> lunaslide
> 
	UNENFORCEABLE?  so was prosecuting Phil Zimmerman  --you might 
    ask Phil how those years were and the legal bills and blacklisting?
    I'll use it; I been confronting big bad uncle for decades; big deal,
    what's one more?  will you use it?

	My only comment in reality is Tim was charitable on the date. 
    Tim, how would you feel about '97 instead of '99?

	As for the dreamers on the government NOT doing something 
    illegal, the line forms to the right for reeducation.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From erc at dal1820.computek.net  Thu Feb  8 01:11:56 1996
From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin)
Date: Thu, 8 Feb 1996 17:11:56 +0800
Subject: cypherpunks press
In-Reply-To: <199602022111.QAA12320@jekyll.piermont.com>
Message-ID: <199602080846.DAA30376@dal1820.computek.net>


> Could someone please explain to me why Mitnick is a cypherpunk issue?
> Myself, I have neither sympathy nor lack of sympathy for the
> Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
> the subject, and don't see any reason we should, as a group, discuss
> or care about the topic.

I'm sure glad that you don't run this list, Perry, but it seems that you
think you do.  I, for one, get rather tired of your seemingly endless
attempts at censoring what *you* think is and isn't relevent to the list. 
I see it as a cypherpunk issue, insofar as it deals with the issues of
tracking down crackers, but I don't expect you to make the connection,
since I guess the word "encryption" didn't figure prominently in the post 
and the connection isn't immediately obvious to the most casual observer, 
causing you to foam at the mouth and gush all over the list about "the 
relevence to the cypherpunks list" nonsense.  Can someone please explain 
to me why *your* posts whining about the lack of relevence of certain 
posts are relevent?  Why don't you take your own advice?

I've got a better idea -- why don't you start your own list?  That way,
you can moderate to your heart's content and I don't have to see any more
whining messages from you about what is and isn't "relevent". 

Why don't you go and write some code?  Put those busy fingers to better
use than to try and write pithy flames in an attempt to sound "cool" and
call attention to yourself as the self-appointed censor of cypherpynks. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From don at cs.byu.edu  Thu Feb  8 02:35:43 1996
From: don at cs.byu.edu (Don)
Date: Thu, 8 Feb 1996 18:35:43 +0800
Subject: POTP gets good press
In-Reply-To: <199602080009.RAA16512@taussky.cs.colorado.edu>
Message-ID: 


bryce at colorado.edu sez:

> "Synchronized Random Key Generation", which shows a single
> sender and multiple recipients transmitting securely
> *without* having to do any key management!  Yee haw!

You mean you don't have this capability? Gee, I've had this for months,
ever since the mother ship^H^H^H^Hmy mother gave me the proprietary program.

*sigh* Cypherpunks teach. I think we'd better brace for this, cuz most of
the important code is already written. (PGP 3.0 and PGP stealth people, this
doesn't apply, and definately any end-to-end stuff is needed)

Unfortunately, you can't set up a CGI counter to tick off the number of time
encryption saved your data, not to mention your butt, but it would sure make
good PR if you could.

Don





From erc at dal1820.computek.net  Thu Feb  8 02:44:40 1996
From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin)
Date: Thu, 8 Feb 1996 18:44:40 +0800
Subject: [CODE] Signing Web Pages
Message-ID: <199602081016.FAA05219@dal1820.computek.net>


Here's a quick script I hacked together in the last few minutes to sign 
web pages.  Very simple-minded, it nonetheless does the job.  If you want 
to see how it looks in action, visit http://dal1820.computek.net

#! /bin/sh
#
# signit - use PGP to sign a web page
# Written 02/08/96 by Ed Carp (ecarp at netcom.com)
#
# This could conceptually be used to sign (and optionally verify)
# shell scripts, etc.  The possibilities are endless...
#

#
# Set up some variables...
#

# Change this if you're so inclined...
PGPHELP="http:\/\/www.yahoo.com\/Computers\/Security_and_Encryption"

# Look for a line that starts like this...
LOOKFOR="This web page has been signed with"
ADDLINE="$LOOKFOR PGP<\/A>.  To see the digital signature, click here<\/A>."

#
# First, we need to make sure that the page hasn't already been signed...
#

F=`grep "^$LOOKFOR" $1|wc -l`
F="`echo $F`"
# If it hasn't already been signed, add signature line
if [ "$F" = "0" ]; then
	echo Adding PGP signature HTML to document
	echo "s/<\/BODY>/$ADDLINE<\/BODY>/g" > $1.temp.$$
	echo "s/<\/body>/$ADDLINE<\/body>/g" >> $1.temp.$$
	sed -f $1.temp.$$ < $1 > $1.$$
	rm -f $1.temp.$$
	mv $1.$$ $1
fi
pgp -asb $1
# Add rudimentary HTML
echo "PGP Digital Signature of $1" > $1.$$
echo "PGP Digital Signature generated `date`
" >> $1.$$
cat $1.asc >> $1.$$
echo "
" >> $1.$$
mv $1.$$ $1.asc.html
rm $1.asc
echo Done.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From erc at dal1820.computek.net  Thu Feb  8 02:55:32 1996
From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin)
Date: Thu, 8 Feb 1996 18:55:32 +0800
Subject: [CODE] Signing Web Pages
In-Reply-To: <199602081016.FAA05219@dal1820.computek.net>
Message-ID: <199602081036.FAA06912@dal1820.computek.net>


Oops - minor correction.  Note that the document to be signed must be 
specified relative to your HTTPD public directory - or change ADDLINE 
appropriately.  Caveat emptor or whatever...

#! /bin/sh
#
# signit - use PGP to sign a web page
#
# usage: signit document
#
# Note that to generate correct links for the PGP signature page, it is
# necessary to specify the document relative to your HTTP public directory
# (/etc/httpd/public_html or whatever), or change ADDLINE appropriately...
#
# Written 02/08/96 by Ed Carp (ecarp at netcom.com)
#
# This could conceptually be used to sign (and optionally verify)
# shell scripts, etc.  The possibilities are endless...
#

#
# Set up some variables...
#

# Change this if you're so inclined...
PGPHELP="http:\/\/www.yahoo.com\/Computers\/Security_and_Encryption"

# Look for this text in the document
LOOKFOR="This web page has been signed with"
ADDLINE="$LOOKFOR PGP<\/A>.  To see the digital signature, click here<\/A>."

#
# First, we need to make sure that the page hasn't already been signed...
#

F=`grep "^$LOOKFOR" $1|wc -l`
F="`echo $F`"
# If it hasn't already been signed, add signature line
if [ "$F" = "0" ]; then
	echo Adding PGP signature HTML to document
	echo "s/<\/BODY>/$ADDLINE<\/BODY>/g" > $1.temp.$$
	echo "s/<\/body>/$ADDLINE<\/body>/g" >> $1.temp.$$
	sed -f $1.temp.$$ < $1 > $1.$$
	rm -f $1.temp.$$
	mv $1.$$ $1
fi
pgp -asb $1
# Add rudimentary HTML
echo "PGP Digital Signature of $1" > $1.$$
echo "PGP Digital Signature generated `date`
" >> $1.$$
cat $1.asc >> $1.$$
echo "
" >> $1.$$
mv $1.$$ $1.asc.html
rm $1.asc
echo Done.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From don at cs.byu.edu  Thu Feb  8 02:58:35 1996
From: don at cs.byu.edu (Don)
Date: Thu, 8 Feb 1996 18:58:35 +0800
Subject: cypherpunks press
In-Reply-To: <199602080846.DAA30376@dal1820.computek.net>
Message-ID: 


ecarp at netcom.com sez:

> > Could someone please explain to me why Mitnick is a cypherpunk issue?
> > Myself, I have neither sympathy nor lack of sympathy for the
> > Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
> > the subject, and don't see any reason we should, as a group, discuss
> > or care about the topic.
>
> I'm sure glad that you don't run this list, Perry, but it seems that you
> think you do.  I, for one, get rather tired of your seemingly endless
> attempts at censoring what *you* think is and isn't relevent to the list. 
> I see it as a cypherpunk issue, insofar as it deals with the issues of
> tracking down crackers, but I don't expect you to make the connection,
> since I guess the word "encryption" didn't figure prominently in the post 

My feeling is that Mitnick getting past security, and Mitnick not having
to decrypt at every stage, and stuff like that is good material, but these
topics generally have big ol' love handles attached to them. Describing
people's hot tub parties, for example, is not exactly cypherpunk material.

NeoNazi mirrors for freedom, in the same way, are central (or at least
directly related) to what cypherpunks fight for, but then the resulting
discussion about the morals of war, and whether it was right or wrong
are also slightly outside of the cypherpunks relevance, despite the fact
that information was or was not freely readable because of cryptograpy.
Discussing cryptography does not make it necessary to provide an in-depth
historical review (and subsequent flamewar) on the resulting consequences.
We know what happened at Hiroshima. Lets talk about future consequences
instead please.

I am imagine many people use (and I am headed this way) nntp.hks.net merely
to avoid large boring non crypto/political threads. Not everyone has this
capability, and now some of them have left because of the S/N. I'm talking
about real cryptographers, not weekend warriors like, well, ok I'm more like
a yearend warrior.On the other hand, Alice and others haven't posted lately,
so perhaps the noise is just the fill-the-vacuum pheonominon.

> Why don't you go and write some code?  Put those busy fingers to better

Perhaps he is. I am. Are you?

Don





From lmccarth at cs.umass.edu  Thu Feb  8 04:34:32 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Thu, 8 Feb 1996 20:34:32 +0800
Subject: Stealth PGP work
In-Reply-To: 
Message-ID: <199602081217.HAA20652@opine.cs.umass.edu>


Don writes:
> My feeling is that once stealth PGP is out, there's *no*way* Congress could
> get away with legislating away the privacy and security that would provide.

Is anyone out there actively working on an implementation of the "stealth 
PGP" concept ?  I asked Derek Atkins about a stealth mode in the upcoming 
PGP `96 ^H^H^H 3.0 at the Jan. Bay Area physical mtg, and he said the PGP3
team had no particular plans to support such a thing. 

-Lewis	"What would we do without all these jerks, anyway ?  Besides, all my
	 friends are here..." -Don Henley





From don at cs.byu.edu  Thu Feb  8 04:36:08 1996
From: don at cs.byu.edu (Don)
Date: Thu, 8 Feb 1996 20:36:08 +0800
Subject: cypherpunks press
In-Reply-To: 
Message-ID: 


lunaslide at loop.com sez:

> I am too, but the other half of my major is philosophy.  I can't help BSing
> about the social issues too.....which seems to be common on the list.
> Perhaps there is a compromise since there seem to be interests on the part
> of both parties?  Like cypherpunks-tech at toad,com.  Any words?

I think social issues are appropiate. I'm just giving examples (and I think
Perry throws himself to the floor when he sees this stuff come across the
list) where people chain: cryptograpy->war advantage->war ended with nukes->
many people killed->morality of killing those people->can'twealljustgetalong

My feeling is that near the "war ended with nukes" and beyond belongs in email.

Speaking of social implications, however, I notice that yahoo has blacked
their page to protest CDA. That is a major PR point right there. I hope
enough big, visible places do so as well. Hopefully this will get some kind
of real press. Probably "Major firms voice support for raping of children" or
something, knowing the slant they tend to put on things...

My feeling is that once stealth PGP is out, there's *no*way* Congress could
get away with legislating away the privacy and security that would provide.

Don

ObReallyNoisyNow: I wonder how long it will be until crypto/stego/hidden
messages/no fear of accessing forbidden sites takes off in China... Yeah
right like they're going to be able to keep track of the number of people
that are eventually going to have internet.





From jpb at miamisci.org  Thu Feb  8 05:32:05 1996
From: jpb at miamisci.org (Joe Block)
Date: Thu, 8 Feb 1996 21:32:05 +0800
Subject: personal web proxy?
Message-ID: 


>Does anyone know whether there's a freely available web proxy available
>anywhere? Even a "personal" one somewhere on my ISP's UNIX box would be a
>simple way to beat superficial logging/resolution of my static IP.
>Something like the Nutscapify or Canadianizer proxies, minus all the
>blinking and "hoser, eh?" stuff.

The CERN webserver can be configured to run in proxy mode.  It can also
cache requests so that if multiple people are using it (better from the
hide me point of view), response time is actually better for pages that
more of them are reading.

There are several others, but I've only personally run CERN.

Joseph Block 

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.







From jya at pipeline.com  Thu Feb  8 06:01:36 1996
From: jya at pipeline.com (John Young)
Date: Thu, 8 Feb 1996 22:01:36 +0800
Subject: CNN on Crypto
Message-ID: <199602081342.IAA12474@pipe1.nyc.pipeline.com>


CNN had a piece on crypto last evening. Jim Bidzos spoke about 
selling RSA products to China, and lamented export 
restrictions. PRZ commented on crypto-enabled privacy. A 
voice-over warned of crypto use by criminals and terrorists and 
its threat to law enforcement and intelligence.


While not there now, presumably the story will be on the CNN 
Web site later:


     http://cnn.com








From lunaslide at loop.com  Thu Feb  8 06:09:19 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Thu, 8 Feb 1996 22:09:19 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: 


>About all the proposed symbols and logos and ribbons....
>
>I realize I often come across as a naysayer against collective efforts to
>design logos, arm patches, flags, and other such tribal insignias...(:-}).
>
>Logos and symbols have their place. The "Big Brother Inside" logo is a good
>joke.
>
>But mainly I think that we underestimate the value of _words_. Instead of
>some cutesy logo, such as a red rose being run over by the "Valdez," a logo
>which many people would not understand and would not be interested in
>looking up an explanation for, why not simply include a couple of English
>sentances _describing_ why the page has been censored, why adult material
>has been removed, etc.? (This is the norm today, and I'm glad of it. I
>don't relish looking at a Web page filled with inscrutably clever icons and
>logos.)
>
>Graphical icons are great, and worked well until writing was invented.

I agree that words have thier place, however, combined with easily
recognizable, uniformly similar graphical symbols, they become even more
powerful.  That's one of the greatest strengths of the web, is it not?


lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From nsb at radiomail.net  Thu Feb  8 06:20:16 1996
From: nsb at radiomail.net (NSB's Portable (via RadioMail))
Date: Thu, 8 Feb 1996 22:20:16 +0800
Subject: FV's blatant double standards
Message-ID: 


Once again, you're getting closer, but your approach misfires on machines
used by multiple users -- cybercafes, university computing labs, etc. --
because your algorithm really only verifies that SOMEONE sent a VirtualPIN
from this machine and SOMEONE receives mail back from FV on this machine. 
This will probably cause us to catch a large-scale attack relatively fast. 
And the absolute maximum time to detection is one billing cycle, because
all the fraud will be visibly FV-linked.  In contrast, in the credit card
attack we outlined, the card numbers are stolen cleanly, with no link back
to the attack program.  If it's built right, the only sign it has happened
will be an increase in the overall rate of credit card fraud, with nothing
to point back at the Internet at all.





From simsong at vineyard.net  Thu Feb  8 06:28:50 1996
From: simsong at vineyard.net (Simson L. Garfinkel)
Date: Thu, 8 Feb 1996 22:28:50 +0800
Subject: Hypermail & Cypherpunks
Message-ID: 


Have any of your cypherpunks set up a hypermail archive for cypherpunks?

If not, I would be willing to set one up on some machine.

=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.







From olbon at dynetics.com  Thu Feb  8 06:46:55 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Thu, 8 Feb 1996 22:46:55 +0800
Subject: Article on CAs in WebWeek
Message-ID: 



An article on the front page of WebWeek this week discusses digital
signatures and CAs.  The best point made was that a small company could
undercut (pricewise) the post office as a CA.  Overall it seemed a pretty
fair article.

It mentioned UC Berkeley researchers "spoofing" a Netscape server's
identity and sending false data to the client.  This was news to me, I am
curious as to how this was done.

The paper article also listed as a "resource on the net" the URL for Tim
May's cyphernomicon.

Here's the link.  Enjoy.

   Article: Big Step Forward For Authentication
   URL: http://pubs.iworld.com/ww-online/96Feb/news/authentication.html


        Clay


---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From bdavis at thepoint.net  Thu Feb  8 07:13:44 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Thu, 8 Feb 1996 23:13:44 +0800
Subject: Assassination Politics--isn't it gambling?
In-Reply-To: 
Message-ID: 


On Wed, 7 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 06:00 PM 2/6/96 PST, banelaw at med.com wrote:
> >Jim: as to "Assassination Politics."  Isn't the structure you describe
> >gambling?  Placing money on a prediction, with the correct predictor
> >winning? 
> 
> I guess that depends on the laws, doesn't it?    Seriously, though, since 
> all the participants are anonymous, and it can all be done from overseas...
> 
> Somehow, though, I think politicians will take little solace from knowing 
> that they are protected from death only by laws against gambling.

Yeah, those silly homicide laws don't apply if there is a bet on the line.

> 
> > And if so, isn't it illegal if done over the wires, i.e., federal
> >commerce?  I'm not looking for a way to declare your scheme illegal, I'm
> >just pointing out that there are other angles, especially if done over the
> >wires.
> 
> I'd sure like to read a serious legal analysis of all this.  Maybe all the 
> lawyers are too terrified to respond.
> 
Wire fraud would be the least of your worries.  Try conspiracy to commit 
murder.

> jimbell at pacifier.com
> 
> Klaatu Burada Nikto
> ^^^^^^^^^^^^^^^^^^^ I know I should know it, but can't place it.  Help 
anybody?

EBD 






From alanh at infi.net  Thu Feb  8 07:30:02 1996
From: alanh at infi.net (Alan Horowitz)
Date: Thu, 8 Feb 1996 23:30:02 +0800
Subject: INCHOATE CYPHERPUNK JOBS
In-Reply-To: 
Message-ID: 


Saipan is inside the United States. It is not a "possession" - it is a 
"territory".

Alan Horowitz
alanh at norfolk.infi.net






From jya at pipeline.com  Thu Feb  8 07:32:12 1996
From: jya at pipeline.com (John Young)
Date: Thu, 8 Feb 1996 23:32:12 +0800
Subject: RSA-China Crypto
Message-ID: <199602081454.JAA20572@pipe1.nyc.pipeline.com>


   Wall Street Journal, February 8, 1996, p. A10.


   China, U.S. Firm Challenge U.S. On Encryption-Software
   Exports

   By Don Clark


   RSA Data Security Inc., the dominant supplier of
   data-privacy software, announced an unusual partnership
   with the Chinese government that exploits loopholes in U.S.
   export restrictions on codemaking technology.

   As part of the deal, RSA, which is based in Redwood City,
   Calif., plans to fund an effort by Chinese government
   scientists to develop new encryption software. The
   Chinese-developed software, based on RSA's general
   mathematical formula, may be more powerful than versions
   now permitted for export under U.S. Iaws, said James
   Bidzos, RSA's president.

   Two Chinese agencies also will use and distribute RSA data
   encryption products that may be legally exported from the
   U.S. The Chinese encryption-development arrangement, which
   isn't based on those products, appears to be legal as long
   as RSA doesn't supply the scientists with any other
   controlled technology, lawyers familiar with export laws
   said.

   RSA's move comes at a sensitive time in U.S.-China
   relations, and opens a new front in the company's
   long-running campaign against encryption export
   regulations. The closely held company, and other U.S.
   software concerns, have attacked the Clinton administration
   and the National Security Agency for trying to limit the
   strength of exported U.S. technology, while stronger
   products increasingly can be purchased from competing
   foreign companies.

   "The government has opened export doors a crack, and we
   sort of drove a Mack truck through them," Mr. Bidzos said
   of the Chinese deal. "The genie is truly out of the
   bottle."

   Stewart Baker, a Washington lawyer and former general
   counsel of the NSA, said the government "obviously would
   not be thrilled" by RSA's China venture. China hasn't in
   the past been party to international agreements governing
   encryption exports, he noted, and RSA's move could force
   other countries to consider China as an important player.
   "It's going to create an interesting strain in the
   international discussion," he said.

   Japan, an even more potent force in technology, appears to
   be leaning toward loosening export controls on encryption,
   Mr. Baker and other industry executives say. RSA plans to
   announce the formation of a new company in Japan today, but
   the venture will be subject to U.S. export controls, Mr.
   Bidzos said.

   Encryption uses special mathematical formulas, called
   algorithms, to scramble voice conversations or data to make
   them unintelligible to eavesdroppers. RSA's founders
   developed a popular variant of the technology that helps
   determine the authenticity of senders and recipients of
   messages. Both privacy and authentication are widely
   regarded as crucial to advances in electronic commerce.

   RSA struck its deal with departments of China's Ministry of
   Foreign Trade and Economic Cooperation, and the Academy of
   Sciences. They will use two RSA software products -- one
   for authentication and one for protecting the contents of
   PC hard drives -- internally and help distribute them. The
   Academy scientists who will develop new encryption software
   also will be paid to try to break RSA's products to test
   their strength, Mr. Bidzos said.

   A spokesman at the Commerce Department's bureau of export
   administration said he was unaware of RSA's China venture,
   but said the agency would be monitoring developments.

   Mr. Baker, the former NSA attorney, questioned whether
   customers in other countries would warm to the idea of
   Chinese-developed encryption software. Products approved by
   the U.S. government for export have the stigma that NSA can
   decode, and Chinese products might be subject to even more
   suspicion, Mr. Baker said.

   Still, the RSA deal is likely to be seen as further
   evidence of slipping U.S. control over encryption. "It is
   another example of what happens when you try to impose
   unilateral controls on what is in reality uncontrollable
   technology," said Bruce Heiman, an outside attorney for the
   Business Software Alliance.

   [End]














From rah at shipwright.com  Thu Feb  8 07:32:29 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 8 Feb 1996 23:32:29 +0800
Subject: e$: Paint it Black
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

As strange as my politics are ;-), I've never been one for political
protests, at least not since I graduated college and grew up.

However, it seems that I've done enough protesting for silly causes in my
youth to excuse me for doing one small thing about something I still *do*
believe in, the freedom to talk about what you want without the threat of
someone hauling you off to jail.

With that in mind, I'm joining the EFF, VTW, and thousands of other web
sites across the world today and making the e$ Home Page black for 48 hours.
I'm hoping that others out there will join me in making Black Thursday as
memorable as they can for the people who think that censoring the net is
even possible, much less conscionable.

"The net sees censorship as damage, and routes around it."
              -- John Gilmore


Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRoPsPgyLN8bw6ZVAQE0rwP+LZu5yNwabfBCyTjjnez5/VooUA5f6zkf
gTFKHWDelSZS1RZ8ynoOzYSDJ7KzKQDEvETmeY59VTVODKR0brrDwwwbconFCaCm
wEcjuhwPpw3jECMPpFNc0NFAdC4h3uoiG8sBY3Da6RZlEVkxgvj0XDweslbcPC/x
6Kkiy6oUJd4=
=F1Vn
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From cibir at netcom.com  Thu Feb  8 07:33:33 1996
From: cibir at netcom.com (Joseph Seanor)
Date: Thu, 8 Feb 1996 23:33:33 +0800
Subject: Secure Shareware Web Phone?
In-Reply-To: 
Message-ID: 



What is the latest Internet Phone program that includes encryption?  
Please let me know the name and where I can get it from.  Also if you 
have any comments about the program, please let me know.

Joseph Seanor








From cactus at hks.net  Thu Feb  8 08:06:52 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Fri, 9 Feb 1996 00:06:52 +0800
Subject: Archives back on line
Message-ID: <199602081525.KAA26592@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

The cypherpunks archives are back to being updated regularly.  I
apologize for the lapse (and repeat my lament on the quality -- or lack
thereof -- of hypermail).

The URL: http://www.hks.net/cpunks/
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRoV3yoZzwIn1bdtAQFlWAF9Ev0ihCGbT6JOGXlKgtrI+ZOk8wmJxnVK
NQNsP6J1Td1/2ui3Q8JL3dkhqYwOLHPF
=ZBO0
-----END PGP SIGNATURE-----





From anonymous at freezone.remailer  Thu Feb  8 08:07:09 1996
From: anonymous at freezone.remailer (anonymous at freezone.remailer)
Date: Fri, 9 Feb 1996 00:07:09 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <199602081528.KAA11525@light.lightlink.com>


I downloaded this so-called "report". It doesn't even mentions PGP.
Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
want you to only use 90 bits for your keys and why they've never heard
of PGP...

Anyone who listens to crypto advice from people who's purpose in life
is to listen to *YOU* gets what they deserve. I'll stay with PGP which
has a 2048 bit key.

JustWalT






From avatar at mindspring.com  Thu Feb  8 08:23:09 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Fri, 9 Feb 1996 00:23:09 +0800
Subject: Arthur C. Clarke Supports Strong Crypto
Message-ID: <199602081552.KAA20844@borg.mindspring.com>


At 09:06 PM 2/4/96 -0800, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>>
>>(Pardon me for mentioning crypto...)
>>
>>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>>the phrase: "all sufficiently advanced technlogies are indistinguishable
>>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>>Channel" program called "Mysterious Universe."
>
>Actually, it was _I_ who mentioned this quote, but didn't specifically 
>recall whom to ascribe it to.  Perhaps Tim May didn't see it; a week or so 
>ago May engaged in a shotgun-type killfile addition, including me when I was 
>merely ( I still believe...) the victim in a local flamewar.  If there is 
>somebody out there who:
>
>1.  Is on speaking terms with Tim May.
>and
>2.  Has a little respect for my commentary, I would very much appreciate it 
>if you would forward this comment to him to ensure that he sees it. 
>
>The truly ironic thing is that Tim wrongly ascribes the comment to Alan 
>Olsen, who is apparently the (recently admitted) perpetrator of at least one
>flamewar 
>against me.
>
>Jim Bell
>jimbell at pacifier.com
>
GROW UP!!
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From hgabel at vertex.ucls.uchicago.edu  Thu Feb  8 08:44:06 1996
From: hgabel at vertex.ucls.uchicago.edu (Harold Gabel)
Date: Fri, 9 Feb 1996 00:44:06 +0800
Subject: stealth PGP?
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Feb 1996, Don wrote:
{snip}
> My feeling is that once stealth PGP is out, there's *no*way* Congress could
> get away with legislating away the privacy and security that would provide.
{snip}
What will stealth PGP be?  Will it use RSA?

Also, how flawed is MIT pgp?  Is it really worth using international
versions (i.e. ones written out of the USA which don't use RSA)?  Does
the Gov't have some complaint about said versions?

Harold



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp: EAT THIS MAIL FILTERS!!!

iQEVAwUBMRoepgnQEIDDS8rVAQEhNgf9G5hgOFFaO6o6yoTHi5gxYrMaHx9I3ezL
k23pwW5gkSqKDQxTGnwoO+8WNIdyeUul0YOUMS+hDFgnMz6hbIRfe0aC/dDITY3B
JGC9RvOZjmhCAtDLgWlCksz7ZovBifsJuf6UjFNIXZ9reb9OCADmzBzDOQZWabmn
TYZVzPv4kBqotWig9il3aufgzyPjXZguHwHFvBxVBttUFWxE733SK+zhOgqn4eeD
IvYSUr8ebGle7rRvSEbNZvUIrln2soOpemIUgSqc+/5/6l2qvllc2MflIfV4OIhi
B+gVGjJcdv+XVpK0w6y3esLMeN3Nw7QR6m/8GPFSJWY4DyfzuaWmiQ==
=87NH
-----END PGP SIGNATURE-----





From fletch at ain.bls.com  Thu Feb  8 08:44:30 1996
From: fletch at ain.bls.com (Mike Fletcher)
Date: Fri, 9 Feb 1996 00:44:30 +0800
Subject: [CODE] Signing Web Pages
In-Reply-To: <199602081016.FAA05219@dal1820.computek.net>
Message-ID: <9602081608.AA08594@outland>



[ Ed's PGP signer deleted ]

	Neat script.  I had an idea for verification of pages using a
Java applet.  You have in the signed page an applet tag that would
reference the authenticator applet (which because of security restrictions
would need to be loaded from local disk, but . . .).  The applet would
get the URL of the current page and save it to disk.  It would also grab
the signature (either by just appending ".asc", or with something processed
by Ed's script by searching for the key phrase).  The applet then runs
PGP and verifies the page and pops up a window with the results.  It would
then tell the browser to re-read the verified document from the local
filesystem.

	There are a couple of problems (i.e. you'ld need to provide an
applet from the server that would put up a pointer to where to get your
copy of the real authenticator applet and how to install it), but does
anyone see any other problems with it (Aside from it being a mega 
kludge :)?  And does anyone know when PGP 3.0 is out so that a Java
wrapper could be put around the library to make it even easier? :)

	What do you think, sirs?

---
Fletch                                                     __`'/|
fletch at ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------







From proff at suburbia.net  Thu Feb  8 08:50:20 1996
From: proff at suburbia.net (Julian Assange)
Date: Fri, 9 Feb 1996 00:50:20 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602081611.DAA03946@suburbia.net>


> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.
> 
> JustWalT

There is one born every minute.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From jamesd at echeque.com  Thu Feb  8 09:00:59 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Fri, 9 Feb 1996 01:00:59 +0800
Subject: Encryption and Backups
Message-ID: <199602081615.IAA03105@news1.best.com>


At 08:33 PM 2/4/96 -0800, John Pettitt wrote:
> CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
> how good the implementation is: I have no idea.

Broken:

I worked on that  (well I attended meetings on the implementation of that).  
It will keep out the average kid sister.  Better than rot 13.

I protested vociferously, saying that such encryption verged on fraud, and
my boss overruled me without explanation or discussion -- odd behavior for
him.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From reagle at rpcp.mit.edu  Thu Feb  8 09:57:40 1996
From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Fri, 9 Feb 1996 01:57:40 +0800
Subject: Media: FV story makes ClariNet
Message-ID: <9602081723.AA09241@rpcp.mit.edu>


>SAN DIEGO, CALIFORNIA, U.S.A., 1996 FEB 7 (NB) -- First Virtual Holdings,  
>a company offering an Internet commerce system, has demonstrated a 
>program which, it says, makes all existing software systems that 
>encrypt credit card numbers and transmit them over the Internet 
>vulnerable to security breaches. 
...
_______________________
Regards,               Talent develops in tranquillity, character in the
		       full current of human life. -Goethe
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle at mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88






From alex at proust.suba.com  Thu Feb  8 10:15:59 1996
From: alex at proust.suba.com (Alex Strasheim)
Date: Fri, 9 Feb 1996 02:15:59 +0800
Subject: China
Message-ID: <199602081727.LAA01429@proust.suba.com>


I've seen a couple of pointers to information about China's ambitious
attempt to build their own censorable net, but not a lot of discussion. 
The Chineese net strikes me as a very signifiant (and very negative)
development.  

In a worst case scenario, I could see them shopping their net around the
world as an alternative to the Internet.  China's size might make it
possible for them to put together something that might be in the
Internet's ballpark as an information resource, especially for technical
and commercial applications.  This would make it attractive to other
countries -- Islamic, for example -- who want to use networking to stay 
competitive economically with the West, but who are unwilling to allow 
information to flow freely.

A split between a Western net and a Chineese net would have important 
political, cultural, and economic reprecussions;  it could be the 
cyberspatial version of the old iron curtain, with information policy 
rather than economic policy as a dividing line.

I know that the Chineese net won't have bullet proof security, and the
crypto anarchy model tells us that the attempt is doomed to failure over
the long run.  That's probably true, but there is a chance that it might
not be.  No one, including the Chineese, is going to expect perfect
security.  But everyone ought to expect a real and substantial chilling
effect on the free flow of ideas.  It doesn't seem at all unlikely that
they'll be able to have the same sort of success controlling ideas online
as they have with printed material. 

We ought to speak out against this Chineese net, and start asking
questions about Western companies that are collaborating in its
construction.  

All of this, incidently, puts a new spin on the exportability of crypto. 
We've always assumed that exporting crypto meant that individuals and
businesses would be able to have control over their own tools.  But what's
our posisition if RSA wants to sell tools to the Chineese government that
will be used to affix signatures, perform validation, and generally
control the flow of ideas?

We ought to allow the free export of any crypto tools to any country for
any reason.  But if there are going to be any restrictions at all, it 
ought to be on tools used for anti-democratic controls.

--
Alex Strasheim, alex at proust.suba.com





From warlord at MIT.EDU  Thu Feb  8 10:16:11 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 9 Feb 1996 02:16:11 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602081734.MAA06454@toxicwaste.media.mit.edu>


> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.

The 90-bit key length is for secret key ciphers, not public key
ciphers.  There is a conversion metric for public key ciphers based
upon the difficulty of breaking the cipher.

For example, a 1024 bit RSA key is about 85 bits of security, which is
below the 90-bit limit they are proposing.  The 90-bits of security
does not mean you are limited to a 90-bit RSA key.

-derek





From jml216 at psu.edu  Thu Feb  8 10:18:32 1996
From: jml216 at psu.edu (JOHN MARTIN LEWARS)
Date: Fri, 9 Feb 1996 02:18:32 +0800
Subject: Mailing list
Message-ID: <48327.jml216@email.psu.edu>


 Hey hey,
   Please make me apart of your mailing list.
               Thanks,
                jack





From warlord at MIT.EDU  Thu Feb  8 10:28:49 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 9 Feb 1996 02:28:49 +0800
Subject: stealth PGP?
In-Reply-To: 
Message-ID: <199602081746.MAA06669@toxicwaste.media.mit.edu>


> Also, how flawed is MIT pgp?  Is it really worth using international
> versions (i.e. ones written out of the USA which don't use RSA)?  Does
> the Gov't have some complaint about said versions?

Umm, I dont know.  How is MIT PGP flawed?  Besides a few known bugs,
of course.  There shouldn't be much difference, code-wise, between the
MIT version and the International version.  The major difference is
that MIT PGP has a license to use RSAREF which makes it legal to use
w.r.t. patent issues in the US.

AFAIK, there are no versions of PGP which do not use RSA.  They
all do.  The only difference is that MIT PGP uses RSAREF, whereas
the International versions use a non-licensed version of RSA.

-derek






From bplib at wat.hookup.net  Thu Feb  8 10:40:46 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Fri, 9 Feb 1996 02:40:46 +0800
Subject: Free Speech Mirrors hit Toronto Star
Message-ID: 


96/02/08
	Canada's largest newspaper, The Toronto Star today published an
account of the Ernst Zundel affair in the Fast Forward Section of the
paper. Net columnist K. K. Campbell, in what looks like a 1500 word
article, (I didn't count them) gives a good account of the German attempt
to censor the Internet. He even mentions the fact that the MIT mirror was
ordered removed, but gives no details.
	He goes on to take a shot at other attempts at censorship like the
Church of Scientology lawsuits and the disaster that ensued attempting to
keep these documents secret.
	Finally, he talks about the frustration of Canadian Interneters
who continually have to listen to US netters saying that the US would
never pass hate speech legislation like Canada has. He points out that
while this has been true, the US has an "odious record" when it comes to
protecting the rights of people to talk privately.
	Now it seems that the US has joined Canada with restrictive speech
laws with the new telecommunications bill. Campbell uses the example of
removing the Web site containing the King James Bible because it has the
word "PISS" (II Kings) which has been ruled indecent by the US Supreme
Court!
	The last couple of paragraphs talk about the EFF blue ribbon
campaign and the Web page black background. 
	Al in all a good article. Sometimes even journalists get it right


Regards, 
Tim Philp
===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From tcmay at got.net  Thu Feb  8 10:54:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 02:54:12 +0800
Subject: Degrees of Freedom
Message-ID: 



V-CHIP CONTENT WARNING: THIS POST IS RATED: R, V, NPC, RI, S, I13.
[For processing by the required-by-1998 V-chips, those reading this post
from an archive must set their V-chip to "42-0666." I will not be held
responsible for posts incorrectly filtered-out by a V-chip that has been
by-passed, hot-chipped, or incorrectly programmed.]

***WARNING!*** It has become necessary to warn potential readers of my
messages before they proceed further. This warning may not fully protect me
against criminal or civil proceedings, but it may be treated as a positive
attempt to obey the various and increasing numbers of laws.

* Under the ***TELECOM ACT OF 1996***, minor CHILDREN (under the age of 18)
may not read or handle this message under any circumstances. If you are
under 18, delete this message NOW. Also, if you are developmentally
disabled, irony-impaired, emotionally traumatized, schizophrenic, suffering
PMS, affected by Humor Deprivation Syndrom (HDS), or under the care of a
doctor, then the TELECOM ACT OF 1996 may apply to you as well, even if you
are 18. If you fall into one of these categories and are not considered
competent to judge for yourself what you are reading, DELETE this message
NOW.

* Under the UTAH PROTECTION OF CHILDREN ACT OF 1996, those under the age of
21 may not read this post. All residents of Utah, and Mormons elsewhere,
must install the M-Chip.

* Under the PROTECTION OF THE REICH laws, residents of Germany may not read
this post.

* Under the MERCIFUL SHIELD OF ALLAH (Praise be to Him!) holy
interpretations of the Koran of the following countries (but not limited to
this list) you may not read this post if you are a FEMALE OF ANY AGE: Iran,
Iraq, Saudi Arabia, Kuwait, United Arab Emirates, Qatar, Egypt, Jordan,
Sudan, Libya, Pakistan, Afghanistan, Algeria, Lebanon, Morocco, Tunisia,
Yemen, Oman, Syria, Bahrain, and the Palestinian Authority. Non-female
persons may also be barred from reading this post, depending on the
settings of your I-Chip.

* Under the proposed CHINESE INTERNET laws, covering The People's Republic
of China, Formosa, Hong Kong, Macao, Malaysia, and parts of several
surrrounding territories, the rules are so nebulous and unspecified that I
cannot say whether you are allowed to read this. Thus, you must SUBMIT any
post you wish to read to your local authorities for further filtering.

* In Singapore, merely be RECEIVING this post you have violated the will of
Lee Kwan Yu. Report to your local police office to receive your caning.

* Finally, if you are barrred from contact with the Internet, or protected
by court order from being disturbed by thoughts which may disturb you, or
covered by protective orders, it is up to you to adjust the settings of
your V-Chip to ensure that my post does not reach you.

*** THANK YOU FOR YOUR PATIENCE IN COMPLYING WITH THESE LAWS ***


At 5:27 PM 2/8/96, Alex Strasheim wrote:

>A split between a Western net and a Chineese net would have important
>political, cultural, and economic reprecussions;  it could be the
>cyberspatial version of the old iron curtain, with information policy
>rather than economic policy as a dividing line.

Given the massive number of "degrees of freedom" compared to earlier days
when the Iron Curtain "sort of" worked, albeit with lots of leaks, I see
little chance it can be pulled off.

The Chinese want a Bamboo Curtain, the Muslims want a Veiled Curtain, the
Jews want a Wailing Wall, and the Germans wanted barbed wire. It ain't
gonna work.


>We ought to speak out against this Chineese net, and start asking
>questions about Western companies that are collaborating in its
>construction.

The usual suspects: SAIC, Wackenhut, NewsCorp, etc.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From jimbell at pacifier.com  Thu Feb  8 11:00:04 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 9 Feb 1996 03:00:04 +0800
Subject: Assassination Politics--isn't it gambling?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 10:05 AM 2/8/96 -0500, Brian Davis wrote:
>On Wed, 7 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 06:00 PM 2/6/96 PST, banelaw at med.com wrote:
>> >Jim: as to "Assassination Politics."  Isn't the structure you describe
>> >gambling?  Placing money on a prediction, with the correct predictor
>> >winning? 
>> 
>> I guess that depends on the laws, doesn't it?    Seriously, though, since 
>> all the participants are anonymous, and it can all be done from overseas...
>> 
>> Somehow, though, I think politicians will take little solace from knowing 
>> that they are protected from death only by laws against gambling.
>
>Yeah, those silly homicide laws don't apply if there is a bet on the line.

Don't tell me; let me guess:  You haven't read the essay, and you're not a
lawyer, right?


>> > And if so, isn't it illegal if done over the wires, i.e., federal
>> >commerce?  I'm not looking for a way to declare your scheme illegal, I'm
>> >just pointing out that there are other angles, especially if done over the
>> >wires.
>> 
>> I'd sure like to read a serious legal analysis of all this.  Maybe all the 
>> lawyers are too terrified to respond.
>> 
>Wire fraud would be the least of your worries.  Try conspiracy to commit 
>murder.

Don't tell me, let me guess:  You haven't read the essay, and you're not a
lawyer, right?

I've been posting this for months on various areas of FIDOnet, USENET, and
now here.  I have never seen a lawyer seriously attempt to refute my
analysis.  If you really WERE a lawyer, and had read what I wrote, you would
have been able to be FAR more detailed in your reasoning.


>
>> jimbell at pacifier.com
>> 
>> Klaatu Burada Nikto
>> ^^^^^^^^^^^^^^^^^^^ I know I should know it, but can't place it.  Help 
>anybody?
>
>EBD 

1950(1) SF movie called "The Day the Earth Stood Still."  (This was the 
phrase Klaatu asked the woman to convey to Gort, his faithful (and 
indestructible and invincible) robot, in order to summon help.)

Anyway, the relevance of all this will become clear, eventually.  The reason?


"Something is going to happen.    Something...  Wonderful!"    (2010)






-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRo73PqHVDBboB2dAQEUxwP/XVd9YfCX1y5bblh9SwYQVXHzYvXEv/1H
dO2TAHrPFpde+nbp0IQ04YN9IA88hd8qQEZhdZl8MlPTeXjW3Qbv+seYq4RGyfR+
PjnxOHU2QVFHatXLeLVhteCFbquLEf6pg3NusV8h67lfthIejPEV56ZnBMGOzJKh
CG1siobI6oY=
=RPdT
-----END PGP SIGNATURE-----






From perry at piermont.com  Thu Feb  8 11:09:52 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 9 Feb 1996 03:09:52 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: 
Message-ID: <199602081845.NAA08806@jekyll.piermont.com>



jim bell writes:
> >This has gone off into political theory. Could we take it to private
> >mail or some such?
> 
> Apparently, other people are just as unhappy with your attempts to act as 
> "moderator" of this list.  Wake up!  Freedom is on the line.

You are annoying me. How much do people want to bet someone kills 
Jim Bell in the next six months?

Perry





From jimbell at pacifier.com  Thu Feb  8 11:12:23 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 9 Feb 1996 03:12:23 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:07 PM 2/7/96 -0500, Perry E. Metzger wrote:

>Look folks, I'm really sick about the debate about Jim's ideas about
>"assassination politics". (My opinion about the idea isn't
>transmittable under the Exon law so I couldn't say anything anyway).
>
>This has gone off into political theory. Could we take it to private
>mail or some such?

Apparently, other people are just as unhappy with your attempts to act as 
"moderator" of this list.  Wake up!  Freedom is on the line.

Klaatu B
urada Nikto.

Jim Bell

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRo+rfqHVDBboB2dAQG5kAP/Zg/Blm/J2ym4G/TSPxgyMy94+Jw3F4gx
V4TGLtbtSDKYmKneGx6GcKLj4Ai6G5I/Ls58K8Agz1QCrZLOqoB2P41JH3/DI6ka
aJRlj8du6e+T0CoAVvun5ANwZSY6nqtJmjLdc+Wwxfs3T1l9KZDDkO+1FoWu8SDT
0P8D71Kzz+w=
=amJV
-----END PGP SIGNATURE-----






From jcobb at ahcbsd1.ovnet.com  Thu Feb  8 11:41:40 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Fri, 9 Feb 1996 03:41:40 +0800
Subject: PRIVACY: Shared Databases
Message-ID: 


 
 
  Friend, 
 
 
  02 08 95 Bloomberg newsstory datelined Chicago, headlined 

          AMERITECH, BELL ATLANTIC AGREE TO SHARE 
                    CALLER ID DATABASES 
 
  reports: 
 
    In December, the Federal Communications Commission mandated 
    that caller ID should be available nationwide and that long- 
    distance companies must carry a caller's name, as well as the 
    number. 
 
 
  But... 
 
    Long-distance companies, which will now be able to compete for 
    customers with the Baby Bells, have dragged their feet, and did- 
    n't carry the names.... 
 
 
  Which means: 
 
    ...it will be up to local phone companies to form alliances.... 
 
 
  The latest example: 
 
    Ameritech Corp. and Bell Atlantic Corp. said they will swap cus- 
    tomer data bases to better carry caller ID calls between their 
    regions. 
 
 
  Back in December Ameritech 
 
    ...signed a similar agreement with U S West.... 
 
 
  And generally, 
 
    ...local phone companies [must] form alliances like the one be- 
    tween Ameritech and Bell Atlantic to offer nationwide caller ID. 
 
 
                              For 
 
                              OUR 
 
                           eyes only! 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The  newsstory's www.nando.net online filename: 
 
                        info12_24399.html 
 
         This critical essay was composed 02 08 96. 






From erc at dal1820.computek.net  Thu Feb  8 11:45:14 1996
From: erc at dal1820.computek.net (Ed Carp, KHIJOL SysAdmin)
Date: Fri, 9 Feb 1996 03:45:14 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081845.NAA08806@jekyll.piermont.com>
Message-ID: <199602081913.OAA26739@dal1820.computek.net>


> jim bell writes:
> > >This has gone off into political theory. Could we take it to private
> > >mail or some such?
> > 
> > Apparently, other people are just as unhappy with your attempts to act as 
> > "moderator" of this list.  Wake up!  Freedom is on the line.
> 
> You are annoying me. How much do people want to bet someone kills 
> Jim Bell in the next six months?
> 
> Perry

Is this an implied threat?  Do you always threaten people who annoy you 
with death?

What does this have to do with crypto, anyway?  Take it off-list, Perry...

How does it feel to get your own medicine?
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From jcobb at ahcbsd1.ovnet.com  Thu Feb  8 11:57:41 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Fri, 9 Feb 1996 03:57:41 +0800
Subject: COPYRIGHT: Skeleton Bill
Message-ID: 


 
 
  Friend, 
 
 
  02 08 96 Associated Press newsstory datelined Washington, headlined 
 
                 COPYRIGHT VIOLATORS SHOULD FACE 
                       CRIMINAL PENALTIES 
 
  reports: 
 
     The House Judiciary Committee's panel on courts and intellectual 
     property is considering legislation...to clarify copyright law for 
     electronic information. 
 
 
  Panel = subcommittee.  Its chairman is Carlos Moorhead, R-CA.  He says 
   
                the legislation [is] a "skeleton bill" 
 
  which  
 
        "We want to make sure we get...into law this session." 
 
 
  The skeleton of the skeleton law = "recommendations by the Clinton ad- 
  ministration." 
 
  Moorehead also says: 
 
     " We don't want to put so much meat on the skeleton that it dies of 
     obesity." 
 
 
  Testifying before the subcommitte were 
 
     the Motion Picture Association of America's Valenti and 
 
     Broadcast Music Inc's Preston 
 
  who "agreed that the legislation should be passed quickly." 
 
 
  Preston and Valenti  
 
     rejected a proposal by Rep. Rick Boucher, D-Va., to exempt on-line 
     service providers from copyright infringement liability.... 
 
 
  So there goes cheap access to the 'Net. 
 
  That's what 
 
     "We don't want to put so much meat on the skeleton that it dies of 
     obesity" 
 
                                 MEANS! 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename is: 
 
                             info7_24355.html 
 
         This critical essay was composed 02 08 96. 
 
 






From erc at dal1820.computek.net  Thu Feb  8 12:04:32 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Fri, 9 Feb 1996 04:04:32 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081915.OAA08907@jekyll.piermont.com>
Message-ID: <199602081929.OAA28586@dal1820.computek.net>


> Ed, Let me make one thing about you perfectly clear.
> 
> Plonk.

"Plonk"?  What does that mean?  Does that mean you're going to hit me 
with something?  Sounds like another implied threat to me... ;)

Funniest thing I've heard all day... ;)
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From cp at proust.suba.com  Thu Feb  8 12:05:18 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Fri, 9 Feb 1996 04:05:18 +0800
Subject: Degrees of Freedom
In-Reply-To: 
Message-ID: <199602081933.NAA01579@proust.suba.com>


Tim May said:

> The Chinese want a Bamboo Curtain, the Muslims want a Veiled Curtain, the
> Jews want a Wailing Wall, and the Germans wanted barbed wire. It ain't
> gonna work.

If you think in terms of content, you're right -- they all want different
and contradictory things.  But from another persepctive, they're all in
agreement:  they want to preserve their ability to censor and filter 
information and ideas, and they want to hold people accountable for 
writing and saying things which are forbidden.

The headers I clipped off of Tim's post might not be as farfetched as 
they seem at first.  What if they built a central storehouse of technical 
information that's accessible to all, transactional systems that 
facilitate international trade between member states, and left cultural 
and political content to the tyrants of the respective nations?  
Everyone's can grab mechanical engineering info, and evryone can buy 
shoes from China, but Islamic users will have to rely on Islamic sources 
for world news and political commentary.  Differences in human languages 
are going to make the tyrants' job a lot easier -- how many Chineese 
speak Arabic?

They won't have to monitor each piece of data to affix attributes for
every petty jurisdiction.  All they'll need is a core of bland utilitarian
information that's open to all -- each country can produce and consume
whatever information it sees fit domestically.  And if everything is
verified with state issued digital signatures, anyone who steps over the
line can be imprisoned, tortured, or killed.

Suppose I'm an electrical engineer in Iraq.  I could have access to
non-political technical information that might be generated in China, and
I could buy chips produced in an Asian dictatorship online.  I can post to
technical groups, and what I write will be available to electrical
engineers all over the world.  I can post to religious/poltical groups,
and what I write will only be available to those in the Islamic world.  In
both cases, my signature is affixed to whatever I write, and I can be held
accountable.  The rules for the forums are different -- I can't say
anything about Islam in the electrical engineering group.  If I do, I'll
be punished.  But the same content would be perfectly acceptable in
another group that only goes out to the Islamic world.

I don't disagree that eventually such a plan will fail.  But centrally
planned economies competing with market driven ones will eventually fail
as well, and that didn't stop communism from casting a long dark shadow
over the second half of the century.  Is a laissez-faire response based on
an extremely promising but still untested analysis (ie., crypto anarchy)
prudent?

> >We ought to speak out against this Chineese net, and start asking
> >questions about Western companies that are collaborating in its
> >construction.
> 
> The usual suspects: SAIC, Wackenhut, NewsCorp, etc.

What about companies with better images?  Like Sun, RSA, etc?  (I seem to 
remember reading that Sun was selling some hardware -- but my memory 
isn't good, and I could very well be wrong.)





From karl at cosmos.att.com  Thu Feb  8 12:05:48 1996
From: karl at cosmos.att.com (Karl A. Siil)
Date: Fri, 9 Feb 1996 04:05:48 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <2.2.32.19960208191353.006f1e74@135.20.124.11>


At 10:28 AM 2/8/96 -0500, anonymous at freezone.remailer wrote:
>I downloaded this so-called "report". It doesn't even mentions PGP.
>Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
>want you to only use 90 bits for your keys and why they've never heard
>of PGP...
>
>Anyone who listens to crypto advice from people who's purpose in life
>is to listen to *YOU* gets what they deserve. I'll stay with PGP which
>has a 2048 bit key.

Ummm, apples and oranges. The report focused on symmetric-key algorithms.
Also, the recommendation was for a *minimum* of 90 bits. I'm sure the
authors would be ecstatic to see *128-bit* (not 2048) IDEA like PGP (or does
PGP encrypt with RSA, too? I thought it only used RSA for signing. I admit
it. I don't know). The purpose of the report was not "90 bits is good." It
was "40 bits is *really* bad."

                                        Karl






From perry at piermont.com  Thu Feb  8 12:14:25 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 9 Feb 1996 04:14:25 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081913.OAA26739@dal1820.computek.net>
Message-ID: <199602081915.OAA08907@jekyll.piermont.com>



"Ed Carp, KHIJOL SysAdmin" writes:
> Is this an implied threat?  Do you always threaten people who annoy you 
> with death?
> 
> What does this have to do with crypto, anyway?  Take it off-list, Perry...

Ed, Let me make one thing about you perfectly clear.

Plonk.

Perry





From PADGETT at hobbes.orl.mmc.com  Thu Feb  8 12:28:04 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Fri, 9 Feb 1996 04:28:04 +0800
Subject: RSA-China Cypto-Porn Distribution ?
Message-ID: <960208142241.2021776b@hobbes.orl.mmc.com>



  > Wall Street Journal, February 8, 1996, p. A10.
  > China, U.S. Firm Challenge U.S. On Encryption-Software Exports
  > By Don Clark


   >RSA Data Security Inc., the dominant supplier of
   >data-privacy software, announced an unusual partnership
   >with the Chinese government that exploits loopholes in U.S.
   >export restrictions on codemaking technology.

And the logical next step would be that the Chinese crypto would be 
adopted by all those wishing to distribute filty, indecent, pornographic
materials depicting the sexual and excretory organs of various mammals
(watch out Shamu - the law said nothing about human organs) to show
a "good faith" effort to protect America's yout.

					Warmly,
						Padgett

	"Life will find a way". Ian - _Jurrasic Park_





From dcrocker at brandenburg.com  Thu Feb  8 12:34:27 1996
From: dcrocker at brandenburg.com (Dave Crocker)
Date: Fri, 9 Feb 1996 04:34:27 +0800
Subject: FEE DEADLINE: IMC Resolving Security Complexity Workshop
Message-ID: 


Friday is the dealine for the lower registration fee to the workshop.

While the differential is small, the real concern is that we have a
reasonable estimate of the number of attendees.  If you plan to attend and
have not yet sent an indication, please do so.



        Resolving Email Security Complexity Workshop

            21 February 1996 * 8:30 AM - 5:00 PM
      San Jose (CA) Hilton & Towers  *  San Carlos Room
                 (next to Convention Center)

 Pre-registration & payment: $50  *  After February 16: $75
 (cash, check, wire transfer, money order, or First Virtual)

To register for the meeting:

Web:           
Email:         

For discussion before and after the meeting:

Web:           
Email:         







From tcmay at got.net  Thu Feb  8 12:35:29 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 04:35:29 +0800
Subject: Degrees of Freedom
Message-ID: 


At 7:33 PM 2/8/96, Alex Strasheim wrote:

>The headers I clipped off of Tim's post might not be as farfetched as
>they seem at first.  What if they built a central storehouse of technical
>information that's accessible to all, transactional systems that
>facilitate international trade between member states, and left cultural
>and political content to the tyrants of the respective nations?
>Everyone's can grab mechanical engineering info, and evryone can buy
>shoes from China, but Islamic users will have to rely on Islamic sources
>for world news and political commentary.  Differences in human languages
>are going to make the tyrants' job a lot easier -- how many Chineese
>speak Arabic?

Not many Chinese speak Arabic, proportionately, but English is far and away
the most common _second_ language. This has been a major key to the success
of the Internet. The implications are pretty clear.

I'm skeptical about the technological feasibility of the "central
storehouse" model, for reasons technological as well as sociocultural.


>I don't disagree that eventually such a plan will fail.  But centrally
>planned economies competing with market driven ones will eventually fail
>as well, and that didn't stop communism from casting a long dark shadow
>over the second half of the century.  Is a laissez-faire response based on
>an extremely promising but still untested analysis (ie., crypto anarchy)
>prudent?

Sure, give it a try and see what happens. People die every day, of all
sorts of things. Every decision we make affects the timelines of others,
causing some to live that would have been on a plane that crashes, causing
others to accept jobs that ultimately result in their deaths, etc.

I learned a long time ago not to lose any sleep over the "potential" bad
effects that ideas can have.

--Tim

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From wb8foz at nrk.com  Thu Feb  8 12:39:57 1996
From: wb8foz at nrk.com (David Lesher)
Date: Fri, 9 Feb 1996 04:39:57 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <199602082007.PAA17280@nrk.com>


> 
> > Ed, Let me make one thing about you perfectly clear.
> > 
> > Plonk.
> 
> "Plonk"?  What does that mean?  Does that mean you're going to hit me 
> with something?  Sounds like another implied threat to me... ;)

"Plonk" is Perry's way of admitting he's really just an alias
for David Sternlight....

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From talon57 at well.com  Thu Feb  8 12:44:28 1996
From: talon57 at well.com (Brian D Williams)
Date: Fri, 9 Feb 1996 04:44:28 +0800
Subject: Join the NIA
Message-ID: <199602081957.LAA16108@well.com>



-----BEGIN PGP SIGNED MESSAGE-----

The NIA....

Yes the National Internet Association.......

Patterned after you know who.....

I'm not kidding, I think it's time.

"Privacy Through Cryptography."

"Communicate Globally, Censor Locally."

I think an old Doonesbury cartoon that had Duke (representing
the NRA) testifying before a Senate subcommittee summed it up
nicely.....

Senator: "And we and the American people have had enough of you and
your fanatic organization!"

Duke: " I see Senator, shall I put you down for a million
postcards?"

Senator: " Don't you threaten me mister!"

Politicians only understand one thing.


Brian D Williams
"I am the NIA." 

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAy7eA7wAAAEEAJgUoJWlE/7ntxpdfFKJC0EIx1nPmOrfBkIz3N/qyqPsqY6A
WJ9jx1oNow8sMjFPET6kbMw2cScfVOUisekK7xVQWuADUPscRXg8zI3x0ws9z2KV
ITL+cO7zODIA1+wZS8v14RJpG4dXF1Q9YsydU8T5bodAcsF5TnsfmVh/uI7xAAUR
tChCcmlhbiBEIFdpbGxpYW1zIDx0YWxvbjU3QHdlbGwuc2YuY2EudXM+
=moCK
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRpVE3sfmVh/uI7xAQEJhQP/Y5ze19vV+Mvdsq5Ep6nr/hNrMldjSSnZ
8qfXupCkIANIzivqFOiFG+qxXH4UPBZyzklnn3uOkPGewaoNJ2MDnhXCBhWHR0/y
+T2Br/nnkIOsyx6wCFMISeKj9oJxqdTd3uZ1hZw8yAfbZqNB755wRsHEK2VQTwzP
rwlOgPDC7q4=
=3Iya
-----END PGP SIGNATURE-----





From anonymous-remailer at shell.portal.com  Thu Feb  8 13:04:38 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Fri, 9 Feb 1996 05:04:38 +0800
Subject: "Plonk"
Message-ID: <199602082042.MAA26733@jobe.shell.portal.com>


Why do people feel the need to announce to the whole world that they have
just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
on with your life.





From cjs at netcom.com  Thu Feb  8 13:22:21 1996
From: cjs at netcom.com (cjs)
Date: Fri, 9 Feb 1996 05:22:21 +0800
Subject: CDA; Don't get mad, get even!
Message-ID: <199602082043.MAA02979@netcom20.netcom.com>


I think that we should make an example of those responsible for the
CDA. Ignorance is really not an excuse here, because whoever voted for
for the bill should have known the CDA was attached to it, and should
have had some idea of what it did.

Lets get a list of whos supporting this thing and bad press them back
before the dawn of time. We need to make these people hosehold names
so that people know not to vote for them again. We need to make sure
people understand that e-mail = postal mail, that these folks just
voted to let the government censor their mail, and that they knew what
they were doing. We should also make lists of great works of art and
literatre which are technicly illegal to transmit, we should dig up
some dirt on these people to show that they are definitly not 'holier
then thou', and if the CDA actually goes into effect, a few horror
stories of good christian couples (young) having their lives ruined
and their names draged through the mud for talking dirty on the phone
or sending a suggestive e-mail to each other would be good propaganda
too.

And on other fronts, we should make things as difficult as possible
for our government to passively monitor us. Even the simpliest
encryption, nothing more exotic then Xor'ing information by a bitmask
(32 bits or so), will be more then enough to render those tera-cycle
packet-sniffers pretty-much useless. I would love to see sendmail
itself modified to use SSL when available.

Christopher






From declan+ at CMU.EDU  Thu Feb  8 13:52:41 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Fri, 9 Feb 1996 05:52:41 +0800
Subject: Escrow Key Testimony: Witnesses Wanted
Message-ID: <4l6a7Pi00YUr0fFFEV@andrew.cmu.edu>


>From Robert Steele:

        The staff of the Commission on Protecting
 and Reducing Government Secrecy (primary sponsor
 is Senator Moynihan from New York) is looking for
 individuals able to provide authoritative testimony
 for or against the escrow key concept as it applies
 to the effectiveness of law enforcement.

        I suppose this is grand-son of Clipper, but
 it is a serious aspect of their over-all mandate, and
 probably a good idea to help them.

        I recommend direct contact to the deptuy
 staff director, Jacques Rondeau, whose email address
 is .






From lmccarth at cs.umass.edu  Thu Feb  8 14:05:20 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 9 Feb 1996 06:05:20 +0800
Subject: [SILLY] Mailing list
In-Reply-To: <48327.jml216@email.psu.edu>
Message-ID: <199602082053.PAA22765@opine.cs.umass.edu>


jack writes:
>  Hey hey,
>    Please make me apart of your mailing list.

My my,
To separate yourself from the Cypherpunks mailing list, send 
"unsubscribe cypherpunks" in the body of a message to majordomo at toad.com

Hope this helps!

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From perry at vishnu.alias.net  Thu Feb  8 14:10:45 1996
From: perry at vishnu.alias.net (John A. Perry)
Date: Fri, 9 Feb 1996 06:10:45 +0800
Subject: New Type2.list/pubring.mix
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	The new type2.list/pubring.mix combination can be found on 
vishnu.alias.net. Both are available by anonymous FTP and by WWW. Please 
note the new addition, mockingbird.alias.net. Welcome aboard mockingbird!

 John Perry - KG5RG - perry at vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry at vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.

iQEVAwUBMRplRqghiWHnUu4JAQFtIQf/VaUPHx7bRJP1tdtOQABqy2gYMNIvK8LH
elOX1gmDjvhDBxVMA3iyn7nWpgoP4ty87mDNU4bFRDX8yqz3RjdLFkUvYKZCgWIN
qWMKPRqIDycGELI5Z+tvby7MnxtRgpm9qTB4SR/4RXIkVIJyrZ9BR/3dFSNtKUgr
mfYCPfw2qDd4ZCZXLrQwooNCExp0VA1PP8TuGtTPP/QyDVPOJj5sggQIDTSWd/F7
Rm3h9FmvSTJ7cEaXk0v3OkmwkgzlrS7tJP/XjaX+Vky8yllXh2UuFx4K4s6DhosT
a4MPoQen2Zs6GKn2eOKrJy8h1FZ5e0Hkf1mVYZS/U4+fGl0Rj+Hwkw==
=C4U4
-----END PGP SIGNATURE-----





From jcobb at ahcbsd1.ovnet.com  Thu Feb  8 14:29:39 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Fri, 9 Feb 1996 06:29:39 +0800
Subject: POTP gets good press
In-Reply-To: <199602072251.RAA25348@pipe2.nyc.pipeline.com>
Message-ID: 


 
 
  John, 
 
 
  02 08 96 Reuter Information Service newsstory datelined Philadelphia, 
  headlined 
 
               PIONEER SAYS COMPUTER HAS BEEN NICE, 
                          NOT AWESOME 
 
  reports: 
 
   [Herman] Goldstine was working as an army ballistics researcher when 
   he sold the military on an idea of Penn researchers John Mauchly and 
   J. Prosper Eckert that an electronic computer could vastly hasten the 
   calculation of ballistics tables needed in contemporary warfare. 
 
 
  Fortunately, 
 
   The military backed the idea in June, 1943.... 
 
 
  Unfortunately, 
 
   The team faced obstacles such as broken steam pipes and a leaky ceiling 
   in its workroom and scepticism by the engineering and mathematics es- 
   tablishment. 
 
 
  In particular, 
 
   The National Defence Research Committee, a government agency to evalu- 
   ate new technology, concluded that an electronic computer would be 
   too big and unreliable to be practical. 
 

  How nice that 50 years later, we can gratulate ourselves on 
 
                            Lessons Learned. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename is: 
 
                           info24_16459.html 
 
 
  INCLOSURE: 
 
  Date: Wed, 7 Feb 1996 17:51:22 -0500 
  From: John Young  
  To: cypherpunks at toad.com 
  Subject: Re: POTP gets good press 

  Robert "Bob" Harvey once hung out at BBN. Maybe he is the one 
  who seeks slick-kill ripoff with aptly snake-oily-named 
  Internet Security Corp., which may be telephoned at 
  617-863-6400. 
 
 
  POTP was pummeled last fall on c'punks. For the latest 
  lubrications see: 
 
 
       URL: http://www.elementrix.co.il/home.html 
 
 
  Audacious marketing, these NatSec privatizing firms, and the 
  log-rollers for USMA and SAIC, preaching dire threats, 
  promising if-you-knew-what-we-knew security, info-warrioring 
  fundamentalism. 
 
 
 




  





From alano at teleport.com  Thu Feb  8 14:31:00 1996
From: alano at teleport.com (Alan Olsen)
Date: Fri, 9 Feb 1996 06:31:00 +0800
Subject: "Plonk"
Message-ID: <2.2.32.19960208205935.00989d3c@mail.teleport.com>


At 12:42 PM 2/8/96 -0800, anonymous-remailer at shell.portal.com wrote:
>Why do people feel the need to announce to the whole world that they have
>just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
>on with your life.

"On the Internet, no one can hear your killfile."

Sometimes it is not only neccisary to regard someone as an idoit, you have
to make them aware of it as well.  I just wonder where they got the idea
that killfiles have sound effects...  (Maybe it is a feature...)

---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From alano at teleport.com  Thu Feb  8 14:42:07 1996
From: alano at teleport.com (Alan Olsen)
Date: Fri, 9 Feb 1996 06:42:07 +0800
Subject: CDA; Don't get mad, get even!
Message-ID: <2.2.32.19960208210630.009a89dc@mail.teleport.com>


At 12:43 PM 2/8/96 -0800, cjs wrote:
>I think that we should make an example of those responsible for the
>CDA. Ignorance is really not an excuse here, because whoever voted for
>for the bill should have known the CDA was attached to it, and should
>have had some idea of what it did.

Does anyone have a list of who voted for and against this monstrocity?
Campaigns on the Internet made a difference in many campaigns in the last
election.  I am sure that we could help make that pressure felt in the
upcoming elections.

Maybe we can get canidates to sign their press releases with PGP.  Get them
to see that there are very good reasons for them to use crypto and have it
available for the general public as well.

"That will make it hot for them!" - Guy Grand
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From rah at shipwright.com  Thu Feb  8 14:45:16 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 9 Feb 1996 06:45:16 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


>> Plonk.
>
>"Plonk"?  What does that mean?  Does that mean you're going to hit me
>with something?  Sounds like another implied threat to me... ;)

Funny. That's kind of what Dr. Fred said.

PLONK!

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From talon57 at well.com  Thu Feb  8 14:51:06 1996
From: talon57 at well.com (Brian D Williams)
Date: Fri, 9 Feb 1996 06:51:06 +0800
Subject: Black Thursday
Message-ID: <199602082121.NAA29188@well.com>



They signed the telecom bill an hour ago.....

Anyone who needs info on R.U.486 or wants to join the Pro-choice underground
send encrypted E-mail.

Fuck you Clinton!!

Brian





From vanhorn at hks.net  Thu Feb  8 14:55:13 1996
From: vanhorn at hks.net (Kevin S. Van Horn)
Date: Fri, 9 Feb 1996 06:55:13 +0800
Subject: True meaning of CDA
Message-ID: <199602082121.QAA29052@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

cjs at netcom.com (cjs) wrote:
>I think that we should make an example of those responsible for the
>CDA.

And while you're at it, make sure you point out what the acronym CDA
really means:
  Communications Disempowerment Act.

- ------------------------------------------------------------------------------
Kevin S. Van Horn | The really nasty criminals don't break laws --
vanhorn at atext.com | they make them.

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRppPyoZzwIn1bdtAQHwVQF/d7/FiPBRhSUEpBkreF/dvGGQSGOFAluE
OGSOYtZiAWxLBZBh0pcF3O54lgjaGq9w
=Sj4I
-----END PGP SIGNATURE-----





From lmccarth at cs.umass.edu  Thu Feb  8 15:14:13 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 9 Feb 1996 07:14:13 +0800
Subject: Free Speech Mirrors hit Toronto Star
In-Reply-To: 
Message-ID: <199602082158.QAA22922@opine.cs.umass.edu>


Tim Philp writes:
> 	Canada's largest newspaper, The Toronto Star today published an
> account of the Ernst Zundel affair in the Fast Forward Section of the
> paper. Net columnist K. K. Campbell, in what looks like a 1500 word
> article, (I didn't count them) gives a good account of the German attempt
> to censor the Internet. He even mentions the fact that the MIT mirror was
							 ~~~~~~~~~~~~~~~~~~
> ordered removed, but gives no details.
  ~~~~~~~~~~~~~~~

Is this a reporting error, or did I miss something ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From avatar at mindspring.com  Thu Feb  8 15:14:28 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Fri, 9 Feb 1996 07:14:28 +0800
Subject: Tell me whats wrong with this
Message-ID: <199602082209.RAA17085@borg.mindspring.com>


Tell me whats wrong with this section of the telecom bill.  I have a six
year old boy I am trying to raise
and it is hard enough to teach him respect and values without explaining why
Ned Beatty is being
bungholed in the woods by Billy Bob or why the Terminator splattered this
guys brains all over the
wall.  
        Tell me why parents should not be able to censor their OWN
television so that they may raise their children the way THEY see
fit...................Did your dad give you his old
playboys?.........NOOOOO............
Did he take you down to your grandmothers autopsy before her
funeral?...................I Don't Think So.....
        Honestly, don't you believe that what a child is exposed to effects
his judgement, perception,
 attitude,and character??

All I'm saying is it's tough to raise a child these days without the added
distortion of modern 
programing and parents need not be denied any tool that can help them
achieve success.
         
 SEC. 551. PARENTAL CHOICE IN TELEVISION PROGRAMMING.
            (a) FINDINGS- The Congress makes the following findings:
                (1) Television influences children's perception of the values
              and behavior that are common and acceptable in society.
                (2) Television station operators, cable television system
              operators, and video programmers should follow practices in
              connection with video programming that take into consideration
              that television broadcast and cable programming has established
              a uniquely pervasive presence in the lives of American children.
                (3) The average American child is exposed to 25 hours of
              television each week and some children are exposed to as much 
              as 11 hours of television a day.
                (4) Studies have shown that children exposed to violent video
              programming at a young age have a higher tendency for violent
              and aggressive behavior later in life than children not so
              exposed, and that children exposed to violent video programming
              are prone to assume that acts of violence are acceptable
              behavior.
                (5) Children in the United States are, on average, exposed to
              an estimated 8,000 murders and 100,000 acts of violence on
              television by the time the child completes elementary school.
                (6) Studies indicate that children are affected by the
              pervasiveness and casual treatment of sexual material on
              television, eroding the ability of parents to develop
              responsible attitudes and behavior in their children.
                (7) Parents express grave concern over violent and sexual
              video programming and strongly support technology that would
              give them greater control to block video programming in the 
              home that they consider harmful to their children.
                (8) There is a compelling governmental interest in empowering
              parents to limit the negative influences of video programming
              that is harmful to children.
                (9) Providing parents with timely information about the 
              nature of upcoming video programming and with the technological
              tools that allow them easily to block violent, sexual, or other
              programming that they believe harmful to their children is a
              nonintrusive and narrowly tailored means of achieving that
              compelling governmental interest.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From um at c2.org  Thu Feb  8 15:18:35 1996
From: um at c2.org (Ulf Moeller)
Date: Fri, 9 Feb 1996 07:18:35 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: 


>Anyone who listens to crypto advice from people who's purpose in life
>is to listen to *YOU* gets what they deserve. I'll stay with PGP which
>has a 2048 bit key.

ROTFL. Last time I checked, it was 128 bits. BTW, do you know what
"minimal" means?

-- 
Ulf Mvller   *   E-Mail:    *   WWW: http://www.c2.org/~um/





From ses at tipper.oit.unc.edu  Thu Feb  8 15:27:51 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Fri, 9 Feb 1996 07:27:51 +0800
Subject: POTP gets good press
In-Reply-To: 
Message-ID: 


On Thu, 8 Feb 1996, James M. Cobb wrote:
>  
>    The team faced obstacles such as broken steam pipes and a leaky ceiling 
>    in its workroom and scepticism by the engineering and mathematics es- 
>    tablishment. 

Hell, UNC had its entire comms room taken out by a steam pipe breaking 
caused by a water main bursting. Haven't there been any advances in 
technology since the 40s?

Simon





From tallpaul at pipeline.com  Thu Feb  8 15:35:25 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Fri, 9 Feb 1996 07:35:25 +0800
Subject: Nuke em if ya got em "TCMay"
Message-ID: <199602082306.SAA29082@pipe5.nyc.pipeline.com>


On Feb 05, 1996 06:49:57, 'attila ' wrote: 
 
 
> 
>attila sez: 
> 
>	It is not whether paralax does not know shit from beans, but that 
>he proves to all that he would prefer to censor TCMay and James A. 
>Donald than listen to their opinions, despite the fact he posted his 
>own rather trivial and absurd point.  
> 
>political correctness and the liberal news intrepretations of "all 
>men are created equal" with reverse discrimination, destruction of 
>the work ethic for the dole, and the New World Order whose need is 
>more and more cheaper labor, even to the point of disenfranchising  
>whole element of America society to achieve a worker's underclass is  
>the shit part of beans and shit. 
> 
>	with this, I suppose I have been entered upon your "list" of  
>enemies of the 'statist' nation along with TCMay and James A. Donald, 
>and that my prejudged conviction and sentence requires me to write 
>30,000 lines of debugged C source code before the end of this year.  
> 
>	how about 30,000 lines of debugged Ada source for you?  --while 
>I add you to procmailrc: 
> 
>	    :0: 
>	    * ^[FRST].*paralax 
>	    assholes 
> 
 
It seems that the lib'ers on the list continue to behave in their
increasingly demagogic style. 
 
Instead of dealing with substantive criticism they charge those who
disagree with them are "censors". 
 
First Atilla charges one critic "paralax" with "not wanting to listen" when
it seems obvious that paralax is not only listening but responding. Then
Atilla concludes by giving us the code for his mail software whereby he
will not listen, thus doing the very thing he accuses others of. 
 
Second, instead of discussing the substantive issues he goes off to
denounce the various lib'ber horsemen of the "liberal media," "political
correctness," "reverse discrimination," "the dole," and "the New World
Order." 
 
I sense that both groups of lib'bers share the same methodology. 
 
The first group (Rush's "lib'bers") around people like Dworkin and other
professional "anti-rape feminists" have their Politically Correct Agenda
and Politically Correct terminology. If you disagree with it they proceed
with a stream of demagogic and vitupertive abuse, followed by another
stream of off-the-wall political attacks using words like "stalking,"
"sexual harassment," "rape," and "male patriarchal [whatever]" followed by
statements of their personal sense of "indignation" and "outrage." Then
they announce they are no longer going to listen to the very discussion
they started. 
 
Until they start another. 
 
The second group (the lib'bertarians) have their Politically Correct Agenda
and Politically Correct Language. If you disagree with them to also get a
stream of off-the-wall political attacks featuring terms like those Atilla
used. Then they, very much like the radical feminist lib'bers put their
electronic fingers in their electronic ears so they do not have to listen. 
 
These are the people who have the political agenda, the personal maturity,
and the political strategy to make the net and the world a better place? 
 
Not from what I've seen. 
 
--tallpaul





From tcmay at got.net  Thu Feb  8 15:46:30 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 07:46:30 +0800
Subject: Tell me whats wrong with this
Message-ID: 


At 11:06 PM 2/8/96, avatar at mindspring.com wrote:
>Tell me whats wrong with this section of the telecom bill.  I have a six
>year old boy I am trying to raise
>and it is hard enough to teach him respect and values without explaining why
>Ned Beatty is being
>bungholed in the woods by Billy Bob or why the Terminator splattered this
>guys brains all over the
>wall.
>        Tell me why parents should not be able to censor their OWN
>television so that they may raise their children the way THEY see
>fit...................Did your dad give you his old
>playboys?.........NOOOOO............
>Did he take you down to your grandmothers autopsy before her
>funeral?...................I Don't Think So.....
>        Honestly, don't you believe that what a child is exposed to effects
>his judgement, perception,
> attitude,and character??

I think Avatar is having some kind of fit here, but I will attempt to
answer his questions.

First, most televisions and VCRs are currently equipped with the
"O-Switch," which parents have long been using to turn content on and off.

Second, assuming you have televisions and VCRs at this time, you surely
must realize that these will not be affected by the V-Chip? There is no
retrofit plan (thankfully) and so it will take well over a decade at
current replacement rates for most households to have only V-chipped sets.
(Perhaps Avatar is different from most of us, and plans to dump his
existing televisions and VCRs and replace them with V-Chipped machines.)

Third, the main objection most of us have is to the _coercive_ aspect. I
have no objection to you and your 6-year-old son buying a V-chip type of
gadget, but I don't want to be told in a free society that this is the only
choice *I* will have. (Amongst other things, I don't believe the $2 per
machine estimate, and neither do the set makers.)

Fourth, there are major ambiguities in ratings. Will "Schindler's List" be
rated as more violent and sexually explicit than "The Terminator"?
Probably, by objective standards (my objective standards, that is). Imagine
the uproar.

Fifth, there is the general notion that government must screen material
and/or act as babysitter. This leads to all sorts of problems.

>All I'm saying is it's tough to raise a child these days without the added
>distortion of modern
>programing and parents need not be denied any tool that can help them
>achieve success.

"Need not be denied" = "Put this chip in your machines and adopt a ratings
service or we will shut your factory down and close your network."

Some opinion for a Cypherpunk to have. And quite a contrast with your own sig.

In any case, your 6-year-old son will be 8 before the first V-Chip-equipped
sets appear on the market, at the earliest (no technical standards have
even been proposed, no ratings services proposed, etc., so I doubt V-chips
will appear before 1999). However, unless you dump all your existing sets
and VCRs (remember that all VCRs act as tuners...that's how I watch t.v.,
through my VCR tuner), little Johnny will still be able to tune in to Bad
Thoughts.

And even if you get all V-chipped equipment, by, say, 2002, when Johnny is
12, he'll undoubtedly be able to find some of his buddies who have their
own VCRs, DirectTV dishes, etc. They'll have a blast watching "Debbie Does
Fort Meade."


>
>||The government  is my shepherd I need not work. It alloweth me to lie
> down on a good job. It leadeth me beside stilled factories. It destroyeth
> my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
> though I walk through the valley of laziness and deficet spending I shall
> fear no evil, for the government is with me. It prepareth an economic utopia
> for me by appropriating the earnings of my grandchildren. It filleth my head
> with false security. My inefficiency runeth over. Surely, the government
>should care for me all the days of my life, and I will dwell in a fools
>paradise
>forever.................AMEN!   || nuke'm if ya got'em||

You believe this about the government, and yet you want the government to
mandate a chip in receivers to stop Bad Thoughts?

Jeesh.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From m5 at dev.tivoli.com  Thu Feb  8 15:58:50 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Fri, 9 Feb 1996 07:58:50 +0800
Subject: Tell me whats wrong with this
In-Reply-To: <199602082209.RAA17085@borg.mindspring.com>
Message-ID: <9602082334.AA03581@alpha>



avatar at mindspring.com writes:
 > I have a six year old boy I am trying to raise and it is hard
 > enough to teach him respect and values...

What does your six-year-old have to do with my TV?

 >         Tell me why parents should not be able to censor their OWN
 > television so that they may raise their children the way THEY see
 > fit

But what about *my* TV?  Why should I be forced to pay for something I
don't want just because you want it for yourself?  [ Why does this
seem so obvious? ]

 > All I'm saying is it's tough to raise a child these days without the added
 > distortion of modern programing ...

"Don't do the crime if you can't do the time."

 > ... and parents need not be denied any tool that can help them
 > achieve success. 

Oh, OK then.  Parents should be given access to incendiary equipment
as a tool to destroy the studios that produce offensive material.

Parents should be given guns and ammunition with which to kill anybody
that gets in the way of their success at raising their children.

Parents should be given unlimited amounts of cash so that they will be
able to achieve success in raising their children.

Give me a break.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From jml216 at psu.edu  Thu Feb  8 16:14:23 1996
From: jml216 at psu.edu (JOHN MARTIN LEWARS)
Date: Fri, 9 Feb 1996 08:14:23 +0800
Subject: Mailing list
Message-ID: <199602082338.HAA03879@infolink2.infolink.net>


When I wrote:
>   Please make me apart of your mailing list.
I meant:
    Please take me apart on your mailing list.
Thanks, Jack.







From droelke at rdxsunhost.aud.alcatel.com  Thu Feb  8 16:17:01 1996
From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Fri, 9 Feb 1996 08:17:01 +0800
Subject: Tell me whats wrong with this
Message-ID: <9602082321.AA11541@spirit.aud.alcatel.com>



Two things are wrong with the law.

1) Parents still can turn the TV off.  They don't need any V-chip or 
   bills from congress to do that.   (This obvious fact seems
   to escape every bug-eyed person)

2) The v-chip would have already been deployed as an option
   if congress hadn't stepped into the ring.  The marketplace
   saw the demand and had already developed the technology.
   Congress got it's finger in the pie and it will probably be
   2 years now before its actually deployed.  Gee thanks Newt.

Dan

> From owner-cypherpunks at toad.com  Thu Feb  8 17:05:13 1996
> X-Sender: avatar at mindspring.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Thu, 08 Feb 1996 17:06:22 -0600
> To: tcmay at mail.got.net
> From: avatar at mindspring.com
> Subject: Tell me whats wrong with this
> Cc: cypherpunks at toad.com
> Sender: owner-cypherpunks at toad.com
> Content-Length: 4330
> 
> Tell me whats wrong with this section of the telecom bill.  I have a six
> year old boy I am trying to raise
> and it is hard enough to teach him respect and values without explaining why
> Ned Beatty is being
> bungholed in the woods by Billy Bob or why the Terminator splattered this
> guys brains all over the
> wall.  
>         Tell me why parents should not be able to censor their OWN
> television so that they may raise their children the way THEY see
> fit...................Did your dad give you his old
> playboys?.........NOOOOO............
> Did he take you down to your grandmothers autopsy before her
> funeral?...................I Don't Think So.....
>         Honestly, don't you believe that what a child is exposed to effects
> his judgement, perception,
>  attitude,and character??
> 
> All I'm saying is it's tough to raise a child these days without the added
> distortion of modern 
> programing and parents need not be denied any tool that can help them
> achieve success.
>          
>  SEC. 551. PARENTAL CHOICE IN TELEVISION PROGRAMMING.
>             (a) FINDINGS- The Congress makes the following findings:
>                 (1) Television influences children's perception of the values
>               and behavior that are common and acceptable in society.
>                 (2) Television station operators, cable television system
>               operators, and video programmers should follow practices in
>               connection with video programming that take into consideration
>               that television broadcast and cable programming has established
>               a uniquely pervasive presence in the lives of American children.
>                 (3) The average American child is exposed to 25 hours of
>               television each week and some children are exposed to as much 
>               as 11 hours of television a day.
>                 (4) Studies have shown that children exposed to violent video
>               programming at a young age have a higher tendency for violent
>               and aggressive behavior later in life than children not so
>               exposed, and that children exposed to violent video programming
>               are prone to assume that acts of violence are acceptable
>               behavior.
>                 (5) Children in the United States are, on average, exposed to
>               an estimated 8,000 murders and 100,000 acts of violence on
>               television by the time the child completes elementary school.
>                 (6) Studies indicate that children are affected by the
>               pervasiveness and casual treatment of sexual material on
>               television, eroding the ability of parents to develop
>               responsible attitudes and behavior in their children.
>                 (7) Parents express grave concern over violent and sexual
>               video programming and strongly support technology that would
>               give them greater control to block video programming in the 
>               home that they consider harmful to their children.
>                 (8) There is a compelling governmental interest in empowering
>               parents to limit the negative influences of video programming
>               that is harmful to children.
>                 (9) Providing parents with timely information about the 
>               nature of upcoming video programming and with the technological
>               tools that allow them easily to block violent, sexual, or other
>               programming that they believe harmful to their children is a
>               nonintrusive and narrowly tailored means of achieving that
>               compelling governmental interest.
> Charles Donald Smith Jr.
> 
> ||The government  is my shepherd I need not work. It alloweth me to lie
>  down on a good job. It leadeth me beside stilled factories. It destroyeth
>  my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
>  though I walk through the valley of laziness and deficet spending I shall
>  fear no evil, for the government is with me. It prepareth an economic utopia
>  for me by appropriating the earnings of my grandchildren. It filleth my head
>  with false security. My inefficiency runeth over. Surely, the government 
> should care for me all the days of my life, and I will dwell in a fools paradise
> forever.................AMEN!   || nuke'm if ya got'em||
> 

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke at aud.alcatel.com                             Richardson, TX






From tcmay at got.net  Thu Feb  8 16:31:52 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 08:31:52 +0800
Subject: Mailing list
Message-ID: 


At 11:38 PM 2/8/96, JOHN MARTIN LEWARS wrote:
>When I wrote:
>>   Please make me apart of your mailing list.
>I meant:
>    Please take me apart on your mailing list.
>Thanks, Jack.

I think Futplex _did_ take you apart on the list.

--Tim


P.S. To have mercy on you, if you want to subscribe to the Cypherpunks
list, send a message to:

majordomo at toad.com

with this in the body:

subscribe cypherpunks







[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From ravage at ssz.com  Thu Feb  8 16:36:26 1996
From: ravage at ssz.com (Jim Choate)
Date: Fri, 9 Feb 1996 08:36:26 +0800
Subject: Tell me whats wrong with this
In-Reply-To: <9602082334.AA03581@alpha>
Message-ID: <199602090021.SAA08312@einstein.ssz.com>



> 
> Parents should be given guns and ammunition with which to kill anybody
> that gets in the way of their success at raising their children.
> 
> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
>        m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
>                *_______________________________
> 

I will go for this one. Especialy since it is alread in the 2nd.

Of course the obvious responce is:

What has my television got to do with your childrearing? Assuming of course
you aren't sitting in my living room watching my tv. In which case don't let
the door hit you where the dog should have bit ya.


                                             Jim Choate






From lmccarth at cs.umass.edu  Thu Feb  8 16:37:34 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 9 Feb 1996 08:37:34 +0800
Subject: [SILLY] Mailing list
Message-ID: <199602090010.TAA09897@opine.cs.umass.edu>


I knew this was too good to be true:

Forwarded message:
> From owner-cypherpunks at toad.com Thu Feb  8 18:42:54 1996
> Date: Fri, 9 Feb 1996 07:38:08 +0800
> Message-Id: <199602082338.HAA03879 at infolink2.infolink.net>
                                     ~~~~~~~~~~~~~~~~~~~~~~

> From: JOHN MARTIN LEWARS 
> To: cypherpunks at toad.com
> Reply-To: jml216 at psu.edu
> Subject: Re: Mailing list
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> When I wrote:
> >   Please make me apart of your mailing list.
> I meant:
>     Please take me apart on your mailing list.
> Thanks, Jack.





From llurch at networking.stanford.edu  Thu Feb  8 17:16:22 1996
From: llurch at networking.stanford.edu (Richard Charles Graves)
Date: Fri, 9 Feb 1996 09:16:22 +0800
Subject: [Speaking of mail headers] the Zundel 'Censorship' fraud
Message-ID: <199602090037.QAA09266@Networking.Stanford.EDU>


As recently posted by my close friend rich at c2.org.

Ingrid could have fired up a mirror site at cts.com any time she pleased.

-----BEGIN PGP SIGNED MESSAGE-----

wrightd at merlin.magic.mb.ca writes:
>In group can.politics, article <31152afc.732040 at news.snafu.de>,
>tilman at berlin.snafu.de (Tilman Hausherr) wrote:
>
>...
>
>>This info as a reponse to the guy who said that Z�ndel hasn't access to
>>the net himself.
>
>Tilman, if Zundel has his own web server, he doesn't *need* access to the
>internet to get his own web page.  He just has to be on a LAN (local area
>network).  He can fake any part of the internet by having his own server on
>his own network, but that doesn't *prove* that he has access to anything -
>it just shows that he has a good computer system.

N:~> host ezundel.cts.com
ezundel.cts.com has address 204.212.157.52

This is not a troll or a masquerade. You will see that genuine
authenticated email messages and posts from Zundel's official spokesperson
"Ingrid" come from this IP address. 

The contents of this message were lies too, but hey, I'm not into posting
private email. 

Received: from mailhub.cts.com (mailhub.cts.com [192.188.72.25]) by 
Networking.Stanford.EDU (8.6.11/8.6.6) with SMTP id EAA29094 for 
; Wed, 31 Jan 1996 04:15:15 -0800
Received: from [204.212.157.52] by mailhub.cts.com with smtp
        (Smail3.1.29.1 #20) id m0thbRP-000V34C; Wed, 31 Jan 96 04:15 PST
Date: Wed, 31 Jan 96 04:15 PST
X-Sender: ezundel at mail.cts.com
Message-Id: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Rich Graves 
From: ezundel at cts.com (E. Zundel)
Subject: Re: I believe we've been conned.
Cc: declan+ at CMU.EDU

- -rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."

AltaVista/DejaNews fodder:

Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel
Deutsche Telekom Deutsche Telekom Deutsche Telekom Deutsche Telekom Deutsche
Nazi Propaganda Nazi Propaganda Nazi Propaganda Nazi Propaganda Nazi Propaganda 
Censorship Censorship Censorship Censorship Censorship Censorship Censorship
Simon Wiesenthal Center Simon Wiesenthal Center Simon Wiesenthal Center 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRqUJo3DXUbM57SdAQEJ2wP6AvMiAveRWoWJFqcvTO4Q3qFUY1a9iVKN
Aw7NkoJJiH21WmRuATODxi9OtQQ9okVrNxJMMIaXPaF5SAm5Lk4Of+1IG1ULhKcx
QamSe/NN9z4vZLyaM4j1UVJ09On/0TdyzMdRx6S5yDgpCqzLc+2coDcoINtxCRsr
pqmBcsDtAMM=
=qUEe
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb  8 17:21:19 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 9 Feb 1996 09:21:19 +0800
Subject: References for multi-plaintext encryption
Message-ID: <01I0ZDGS414KA0UTTU@mbcl.rutgers.edu>


From:	IN%"lmccarth at cs.umass.edu"  8-FEB-1996 02:53:06.68

>You said you'd deleted this....

[...]

> http://www.hks.net/cpunks/cpunks-12/1451.html, in particular
> http://www.hks.net/cpunks/cpunks-12/1558.html
---------
	Thank you.
	-Allen





From coleman at math.gatech.edu  Thu Feb  8 17:48:13 1996
From: coleman at math.gatech.edu (Richard J. Coleman)
Date: Fri, 9 Feb 1996 09:48:13 +0800
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602090057.TAA07854@redwood.skiles.gatech.edu>


> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.

The group of 7 in question are definitely not `wannabes'.  They are
about as knowledgeable a group as you could find outside of the NSA.

The report discussed the length of key needed for *symmetric*
crytosystems.  As this pertains to PGP, it uses a 128 bit session key
for the IDEA symmetric algorithm.  Not 2048.

Their recommendation was for a *minimum* of 90 bit keys for data
that must remain private for any length of time.  Given the calculations
they stated, this seems reasonable.

Richard Coleman
coleman at math.gatech.edu






From treehole at mockingbird.alias.net  Thu Feb  8 18:17:29 1996
From: treehole at mockingbird.alias.net (Anonymous)
Date: Fri, 9 Feb 1996 10:17:29 +0800
Subject: cypher-list for telcom legislation
Message-ID: <199602090045.QAA05892@myriad>


	Since the telcom legislation has been passed, I thought it might
be prudent to remind everyone that there is a PGP encrypted mailing list
called cypher-list. It can be subscribed to by sending email to
cypher-list-request at vishnu.alias.net. All messages and transactions are
encrypted. The code is a little buggy but it works for the most part. It
seems that cypher-list would make an excellent platform for discussion on
the telcom legislation and maybe even ways to thwart it. If you have
trouble subscribing, perry at vishnu.alias.net has been very helpful. (he got
me on!)

Lazarus






From erc at dal1820.computek.net  Thu Feb  8 18:23:58 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Fri, 9 Feb 1996 10:23:58 +0800
Subject: "Plonk"
In-Reply-To: <199602082042.MAA26733@jobe.shell.portal.com>
Message-ID: <199602090131.UAA24706@dal1820.computek.net>


> Why do people feel the need to announce to the whole world that they have
> just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
> on with your life.

Because Perry has an ego bigger than Bill Clinton, Newt Gingrich, and
Dianne Feinstein all rolled into one, that's why. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From schneier at winternet.com  Thu Feb  8 18:44:15 1996
From: schneier at winternet.com (Bruce Schneier)
Date: Fri, 9 Feb 1996 10:44:15 +0800
Subject: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: <199602090149.TAA00796@parka>



                APPLIED CRYPTOGRAPHY, Second Edition

                              ERRATA
                   Version 1.2 - 1 February 1996



This errata includes all errors I have found in the book, including minor
spelling and grammatical errors.  Please distribute this errata sheet to
anyone else who owns a copy of the book.


Page 7:  In line 31, delete the word "source".

Page 10:  The second sentence would be clearer as "Replace the least
significant bit of each byte of the image with the bits of the message."

Page 11:  Line 18, the reference should be "[703]" and not "[699]".

Page 13:  Fifth paragraph, first sentence, should read: "The original
German Enigma had three rotors, chosen from a set of five,...."  This
increased to three rotors chosen from eight during the war, and the Navy
started using four rotors chosen from eight.

Page 14:  The last sentence should read:  "The smallest displacement that
indicates a multiple of the key length is the length of the key."

Page 16:  Third line from the bottom, "1.44" makes more sense as "1.544".

Page 18:  Table 1.1, second item.  1 in 4,000,000 is 2^22.  This makes the
third item equal to 2^55.

Page 53:  Second to last sentence about SKEY should read: "Similarly, the
database is not useful to an attacker."

Page 55:  William Price's first name is Wyn.

Page 60:  In Step (4) of the Kerberos protocol, change "Bob sends" to "Bob
creates".

Page 61:  Step (3), the second message should contain A instead of B.

Page 62:  In the third line, there's a comma missing.

Page 63:  Second protocol, step (2), the second message should be
"S_T(C,K_C)".

Page 70:  In the first step (4), the equation should be "R XOR S = M".  In
the second step (2), it should be "to generate U".

Page 77:  In step (2), the message is signed with Trent's private key.  And
T_n is mistakenly both the time and the timestamp.

Page 80:  In line 7, "step (3)" should be "step (5)".

Page 82:  Fourth line from the bottom, the correct expression is "up and
died."

Page 99:  Tenth line from the bottom, delete the second word: "will".

Page 104:  Graph isomorphism has never been proven to be an NP-Complete
problem.  It does seem to be hard, and is probably useful for cryptography.

Page 105:  In Step (2), Peggy gives Victor a copy of H'.

Page 106:  In the first line, "step (3)" should be "step (4)".

Page 112:  Step (1) should read "Alice takes the document and multiplies it
by a random value."

Page 116:  The protocol could be worded better.  Step (3) should begin:
"Alice decrypts Bob's key twice, once with each of her private keys."  Step
(4) should begin: "Alice encrypts both of her messages, each with a
different one of the DES keys...."

Page 126:  The "Voting with Blind Signatures" protocol is a little more
complicated.  The voter does not send all the blinding factors in step (2). 
The CTF requests 9 of 10 blinding factors in step (3), and the voter sends
only those blinding factors to the CTF.  Additionally, in step three only
the one messages (containing a set of 
votes) that has not been unblinded will effectively be signed by the CTF.

Page 134:  Another problem with this protocol is that there are numerous
ways that various participants can cheat and collude to find out the salary
of another participant.  These cheaters can misrepresent their own salaries
during their attack.

Page 135:  Lines 13-14; technically Alice and Bob get no additional
information about the other's numbers.

Page 136:  Lines 14-15; technically Alice and Bob get no additional
information about the other's numbers.

Page 144:  Line 27, the odds should be "1 in n".  Line 29, "step (2) should
be "step (1)".

Page 146:  Fourth line from the bottom, delete the word "that".

Page 161:  In the eleventh line from the bottom, "harnesses" should be
"harnessed".

Page 175:  Line 8, it's really triple-DES encryption.

Page 181:  Line 8 should read "he does not know it" instead of "he does
know it".

Page 195:  In line 13, the reference number should be [402].

Page 201:  Error Propagation, lines 5-6.  The sentence should read: "In 8-
bit CFB mode, 9 bytes of decrypted plaintext are garbled by a single-bit
error in the ciphertext."

Page 202:  Third to last line, toggling individual bits does not affect
subsequent bits in a synchronous stream cipher.

Page 203:  Section 9.8, both equations should be "S_i = E_K(S_(i-1))".

Page 209:  Table 9.1.   CFB, Security: Bits of the last block can be
changed, not the first.  CFB, Efficiency: The speed is the same as the
block cipher only in 64-bit CFB.  CFB and OFB, Efficiency: "Ciphertext is
the same size as the plaintext" should be a plus.

Page 213:  In the last line of the third paragraph, "cryptanalyze" is
misspelled.

Page 217:  The Table 10.1 headers got garbled.  They should be:
"Algorithm", "Confidentiality", "Authentication", "Integrity", and "Key
Management".

Page 246:  The last line should be: "#define isEven(x) ((x & 0x01) == 0)".

Page 249:  Line 9, "Euclid's generalization" should be "Euler's
generalization".

Page 251:  Lines 20-21.  The sentence should read: "For example, there are
11 quadratic residues mod 35: 1, 4, 9, 11, 14, 15, 16, 21, 25, 29, and 30." 
See page 505 for more details.

Page 258:  In line 27, his name is spelled "Chandrasekhar".

Page 259:  Lehmann reference "[903]" should be [945]".

Page 275:  Figure 12.4; "46-Bit Input" should be "48-Bit Input".

Page 287:  In line 13, "first and third" should be "second and third".

Page 287:  In Figure 12.6, there should be no period in X or Y.

Page 288:  In figure 12.7, the final output on the right side should be
DELTA=0.

Page 292:  Second line, "b_24" should be "b_26".  In line 10, "1/2 - .0061"
should be "1/2 + .0061".

Page 295:  Fourth line from the bottom, 2^(120/n) should be (2^120)/n.

Page 300:  In the first line, "56" should be "48".

Page 306:  The first sentence is wrong.  The key is rotated to the right;
the key and data move in opposite directions to minimize redundant key bit
operations.  Also, the XOR happens after the rotation.  The third paragraph
should be modified to be the opposite of this.  In any case, Madryga is
vulnerable to differential cryptanalysis with about 5000 chosen plaintexts. 
Don't use it.

Page 307:  Last line, "complementation" is misspelled as "complemention".

Page 311:  Second paragraph, second line should be: "it more quickly than
by brute force..."

Page 316:  In Table 13.2, P_2 should be "379", not "279".

Page 319:  In line 11, Section "25.13" should be "25.14".

Page 322:  Last line, the chip is 107.8 square mm.

Page 325:  Last line, "mod 3" should be "mod 4".

Page 338:  In Figure 14.3 and in the first line, "f" should be "F".

Page 340:  Second equation should be "mod 256".

Page 341:  The current variants of SAFER are SAFER SK-40, SAFER SK-64, and
SAFER SK-128, all with a modified key schedule, in response to a
theoretical attack by Lars Knudsen presented at Crypto '95.

Page 342:  In the description of 3-Way, "K^(n+1)" should be "K_n".

Page 345:  Lines 10 and 11; the + should be a -.

Page 346:  The reference number for BaseKing should be [402].

Page 352:  In line 8, that second "l" should be an "r".

Page 358:  In the decryption equation of Davies-Price mode, the final D
should be an E.

Page 362:  In the first equation, P is used to indicate both padding and
plaintext.  If P is plaintext and p is padding, then the equation should
be: C = E_K3(p(E_K2(p(E_K1(P))))).

Page 362:  Figure 15.2 is wrong.  The middle and top rows of "Encrypt," and
the plaintext feeding them, are shifted right by 1/2 block from where they
should be.

Page 363:  The parenthetical remark would be clearer as: "encryption with
one of n different keys, used cyclically".

Page 363:  Second to last line, the equation should have an I_2 in place of
the I_1.

Page 367:  Second equation, "P XOR K_3" should be "C XOR K_3".

Page 369:  A maximal period linear congruential generator as a period of m,
not m-1.

Page 375:  Third paragraph should read:  "It is easy to turn this into a
maximal period LFSR.  The highest exponent is the size of the register, n. 
Number the bits from n-1 to 0.  The exponents, including the 0, specify the
tap sequence, counting from the right of the register.  The x^n term of the
polynomial stands for the input being fed into the left end."  The next
paragraph is wrong, as is the code and the figure.

Page 379:  Second line of code has an extra close parentheses.

Page 380:  The fourth line should begin: "On the other hand, an
astonishingly...."

Page 382:  In paragraph 4, "LFSR" would be more clear if it were labeled
"LFSR-2".  Similarly, in the first sentence of paragraph 5  "LFSR" would be
more clear if it were labeled "LFSR-3".

Page 384:  Bilateral Stop-and-Go Generator:  To agree with Figure 16.11,
reverse "LFSR-1" and "LFSR-2".

Page 389:  Some more details on the GSM algorithms.  A3 is the
authentication algorithm in the smart card.  A8 is just a bit shuffling
process that takes part of the output of A3 and turns it into a session key
for A5.  A5 is the privacy algorithm.  There are two algorithms used in
GSM: A5/1 and A5/2.  A5/1 can be used by only certain countries; A5/2 can
be used by all countries.

Page 391:  In the 11th line under Fish, it should be "D_j" instead of
"D_i".

Page 393:  In Figure 16.17, there should be an arrow from the fourth byte
to the Output Function.

Page 393:  Second sentence should be: "It's a method for combining multiple
pseudo-random streams that increases their security."

Page 398:  In the third line of the section on SEAL, "kilobytes" is
misspelled as "kiloytes".

Page 411:  Another option for an alternating stop-and-go generator would be
to use a LFSR in Register-2, a FCSR in Register-3, and either in Register-
1.  This may have advantages over either of the three constructions listed.

Page 420:  Table 17.3, the speed should be in kilobytes/second.

Page 429:  The second sentence should be: "It returns a fixed-length hash
value, h."

Page 431:  In step (2), "prepend" instead of "append".

Page 440: In item 3, there is an "AND" missing in the equation.

Page 441:  The compression function of MD2 is confusing without the
indentations.  The two for-loops are nested; the inner loop includes the
next two statements; and the other loop the statement after that.

Page 443:  Last paragraph, the operation number runs from 0 to 79.

Page 444:  In figure 18.7, the a, b, c, d, and e variables are backwards.

Page 445:  Line 14, SHA should be compared to MD4.

Page 447:  Lines 3-4 should read: "...CFB in [1145], CBC in [55,56,54]...."

Page 449:  Figure 18.9, M_i and H_i-1 in the upper-left diagram should be
reversed.

Page 454:  Seventh and sixth lines from the bottom, Z is the sum of the
message blocks as if they were 256-bit integers.

Page 456:  Table 18.2.  It's "Hash Speeds", not "Encryption Speeds", and it
is measured in "kilobytes/second".  "SNEERU" should be "SNEFRU".

Page 465:  In the third line of text, the number should be n^-1.

Page 469:  Table 19.3, the "Clock Cycles" entry for the Siemens chip should
be ".3M".

Page 470:  Sixth line from the bottom, the n' should be an m'.

Page 470:  The second to last line is missing an "is".

Page 471:  In the sixth line from the bottom, "n'^d mod n" should be "m'^d
mod n"





From perry at piermont.com  Thu Feb  8 18:54:42 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 9 Feb 1996 10:54:42 +0800
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081935.OAA08993@jekyll.piermont.com>
Message-ID: <199602090206.VAA09894@jekyll.piermont.com>



So, Ed Carp couldn't leave well enough alone. I killfiled him and
apparently he had the bad taste to send me some mail about it, and
when my robot replied to him informing him that I had no interest in
whatever he might have had to say, he seems to have a desperate need
to get in the last word by forwarding the message from my robot to the
mailing list.

Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
ever see anything you have to say ever again.

Perry


"Perry's Mail Filter" writes:
> 
> I am sorry, but your message with the Subject:
> 
> 	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 
> 
> was rejected by Perry Metzger's mail filter and will not be read by
> him. This is likely because Perry decided to place you on his reject
> list. Perry tends to clean out his filter lists every six months, so
> you may be able to send him electronic mail again sometime in the
> future.
> 
> If you absolutely need to contact Perry, please use means other than
> electronic mail, or ask a third party to contact him on your behalf.
> 
> You will not receive further copies of this notice.
> 
> Perry's Mail Filter
> 
> 





From bruce at aracnet.com  Thu Feb  8 18:57:06 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Fri, 9 Feb 1996 10:57:06 +0800
Subject: Tell me whats wrong with this
Message-ID: <2.2.32.19960209015903.0069ba94@mail.aracnet.com>


At 07:49 PM 2/8/96 -0600, Avatar wrote:

>You probably had no problem with seat belts being manditory eqiupment ,
>because they 
>protected YOU and the people YOU cared about. 
>You probably had no problem with manditory airbags, public building smoke
>alarms, unleaded
>fuel, restaurant health codes,etc....Because they protected you and or
>people you care about,
>even though they cost YOU more money.

Gee, there's nothing like false speculations as a basis for attack. I, for
instance, have a friend who's been in two serious car accidents in recent
years. In one she was belted in, and survived a nasty tumble that otherwise
almost certaily would have killed her. In the other, she was in a truck from
the pre-mandated-belts era, and was thrown free before the car collided with
a pole that pierced all the way through the driver's seat. The mandate could
have killed her.

Sure, that's rare. I always belt up, or virtually always. Do I approve the
mandate? No. ditto with all of the others. I want _information_, not
_behavior control_.

So. For those of us who do not generally approve of pushing responsibility
for our morals (or health needs, for those of us with severe immune
problems) onto others, how do you justify compelling us to spend money to
make your life easier?

>It's obvious that you watch a lot television your an excellent sensationalist.
>Besides, we both no that the cost of the chip is insignificant. This device
>hurts no one!

In the first place, we don't know anything of the sort. Show the chip
implemented in a mass-market TV or VCR, and back up your claims. Second, by
putting more rating power into the hands of the State, it does emphatically
threaten freedom of expression. And remember: anyone with your sig file,
assuming you believe its sentiments, has no great ground for confidence that
his views, rather than those of the worst and best-organized busybodies
around, will prevail.

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From pgut001 at cs.auckland.ac.nz  Thu Feb  8 19:08:34 1996
From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz)
Date: Fri, 9 Feb 1996 11:08:34 +0800
Subject: Encryption and Backups
Message-ID: <199602090222.PAA01997@cs26.cs.auckland.ac.nz>


Death rays from Mars made jpp at software.net (John Pettitt) write:

>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.

It's slightly more secure than the widespread double rot-13 encryption.  PC
Tools uses 2-round DES (or at least it did the last time I looked).  There's 
some criticism of this in the SFS docs somewhere.

Peter.





From stevenw at best.com  Thu Feb  8 19:12:23 1996
From: stevenw at best.com (Steven Weller)
Date: Fri, 9 Feb 1996 11:12:23 +0800
Subject: Nando Times and the "decency" act
Message-ID: 


The NandO Times is an online newspapaer (www.nando.com) that has George
Carlin's seven dirty words and lots more as their lead story today:

see

   http://152.52.2.152/nt/nando.cgi


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From tcmay at got.net  Thu Feb  8 19:37:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 11:37:12 +0800
Subject: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: 


At 1:49 AM 2/9/96, Bruce Schneier wrote:
>                APPLIED CRYPTOGRAPHY, Second Edition
>
>                              ERRATA
>                   Version 1.2 - 1 February 1996
>
...

Wow. Does this mean the Third Edition will be coming out soon?

(Not to sound harsh, but that's a *lot* of errors still in the book...I
thought a lot of reviewers were going to squish out these sorts of things?)

--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]







From norm at netcom.com  Thu Feb  8 19:49:05 1996
From: norm at netcom.com (Norman Hardy)
Date: Fri, 9 Feb 1996 11:49:05 +0800
Subject: Money & CreditCard URLs
Message-ID: 


Here is a fragment of html that points to several online money or payment
systems.
The first two, SEPP & STT, are the two credit card protocols from the
previously competing camps and out of which the new standard, SET, is
supposed to emerge. STT and SEPP are vague in different ways. Perhaps their
offspring will be more completely specified. They both hide the credit card
number from the merchant. I would be pleased to receive further such URLs.


Money Protocols

SEPP;
STT;
NetBill 
Cybercash, and
Ecash.
Mondex
First Virtual,
The Millicent
	Protocol for Inexpensive Electronic Commerce; NetMarket
Mark Twain Bank









From merriman at arn.net  Thu Feb  8 19:50:51 1996
From: merriman at arn.net (David K. Merriman)
Date: Fri, 9 Feb 1996 11:50:51 +0800
Subject: Blue Ribbons
Message-ID: <2.2.32.19960208145144.00699838@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

For as long as my 10-yard spool of blue ribbon and box of paperclips hold out, I'm sending a ribbon/paperclip to any snailmail address in the U.S.

Note that each one is an individually hand-crafted work of art :-)

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRnw4cVrTvyYOzAZAQGXUQP/fu7/K7dkjSkbcDAgrOmVNH0OaUn6t5SP
E6DKfyfz3Wlu2VIhxCAS0KGHaLdCSH1teGFfIuhwOWikq+FdidJjXjep04/MAuAe
+KXI0QoaFYY4dVVi9qX8Uzz1igOHs2MXDXG/6eZ1AlSux+HG1DHPz44PyUY7flWP
sVizJ7plH2w=
=qrdr
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From erc at dal1820.computek.net  Thu Feb  8 20:02:14 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Fri, 9 Feb 1996 12:02:14 +0800
Subject: Perry's whining
Message-ID: <199602090321.WAA02247@dal1820.computek.net>


Why doesn't Perry just shut the hell up?  I've got more important things 
to worry about than Perry's ignorant, fetid whining.  Such as that CDA 
thing in the Telecommunications Bill.

Anyone for suing Bill?
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From dlv at bwalk.dm.com  Thu Feb  8 20:06:23 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 9 Feb 1996 12:06:23 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <6BH1iD5w165w@bwalk.dm.com>


Ed Carp  writes:
> > Ed, Let me make one thing about you perfectly clear.
> >
> > Plonk.
>
> "Plonk"?  What does that mean?  Does that mean you're going to hit me
> with something?  Sounds like another implied threat to me... ;)

This is the imaginary sound one makes when hitting the killfile.

(I wish I could run procmail on this box...)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dm at amsterdam.lcs.mit.edu  Thu Feb  8 21:50:29 1996
From: dm at amsterdam.lcs.mit.edu (David Mazieres)
Date: Fri, 9 Feb 1996 13:50:29 +0800
Subject: PGP's "only for your eyes"
In-Reply-To: <199602062336.PAA24566@infinity.c2.org>
Message-ID: <199602090532.AAA26688@amsterdam.lcs.mit.edu>


In article <199602062336.PAA24566 at infinity.c2.org> cmca at alpha.c2.org (Chris McAuliffe) writes:

> 	Maybe some of you already know about this.
> 
> 	Whe reading PGP's "Only for your eyes" messages, the program
> 	creates a temporary file containing the plaintext in the
> 	directory where the cyphertext file is.
> 
> 	So, don't worry about this option, it's quite useless.
> 
> The manual points out that you shouldn't rely on it. Its main purpose is
> simply to prevent accidentally or automatically leaving the plaintext
> lying around, not to actually securely guarantee that behaviour. After
> all, you could always cut-and-paste the text, or (since you have the PGP
> source) alter PGP to ignore the flag.

I've gotten burned by this because it created a temp file over NFS.
If I'd been able to read the message with my mail reader "pgp -f", I
would not have disclosed the information.  The for your eyes only
option is more than useless, it's dangerous.

> The real problem is not what it does, but what people *think* it might
> do.
> 
> I take that back. When I check the manual, it doesn't say that it is
> insecure. It really ought to. At least one of the books about PGP does
> though, I know I've read it somewhere other than email.

David





From stewarts at ix.netcom.com  Thu Feb  8 22:58:42 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 1996 14:58:42 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <199602090618.WAA24316@ix13.ix.netcom.com>


[This email rated FZ]


>Now that we all have web pages that are naughty and might be seen by 
>little children, I'd like to hve some kind of a graphic that can 
>universally be seen as a "Warning:  The following material is unsuitable 
>for children and close-minded twits".  (or words to that effect).

A Frank Zappa icon would be highly appropriate for that - I don't know how
his record publishers would feel about someone scanning it off an album cover
and retouching for the web, but you could probably work out something.
A Zappa IMG button with HREF to a copy of his album language rating label 
would seem very fitting.

        Before Bill Clinton signed the Exon Internet Censorship Bill,
                Tipper Gore brought you Music Censorship.
        Uncle Frank says ""

I suppose it's a bit beyond Fair Use?


#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From jamesd at echeque.com  Thu Feb  8 23:48:04 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Fri, 9 Feb 1996 15:48:04 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602090726.XAA27422@blob.best.net>



On Mon, 5 Feb 1996, Duncan Frissell wrote:
>> Unfortunately, [a privacy act] would also:
>> 
>> *  Require government registration of computers and databases containing
>> information about people (whether these computers are used by business or
>> individuals).  This eases regulation of computers and future confiscation.

At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
>I don't believe that this follows at all. All that would be required 
>would be a statutory obligation to comply with the legislation.

And how can you enforce this statutory obligation?  Privacy laws 
against private citizens run into the same problem as drug laws:  
You need intrusive means to enforce them.

A law "protecting" privacy would require government supervision 
of what is on my computer and your computer.  

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From wlkngowl at unix.asb.com  Fri Feb  9 00:25:56 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Fri, 9 Feb 1996 16:25:56 +0800
Subject: RSA-China Crypto
Message-ID: <199602090802.DAA02899@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

BTW, there's an article about it on RSA's home page now.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRr/eyoZzwIn1bdtAQHRBAF+PNYhhytVCUQ5LDn9vM5sSFNJ9l0zKm8T
mfzCvhN/eE/qLpl8fDi1gvLJDnrWte/Z
=t5nc
-----END PGP SIGNATURE-----





From stewarts at ix.netcom.com  Fri Feb  9 00:28:01 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 1996 16:28:01 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602090803.AAA00727@ix6.ix.netcom.com>


At 01:45 PM 2/8/96 -0500, Perry wrote:

>You are annoying me. How much do people want to bet someone kills 
>Jim Bell in the next six months?

6 cypherbucks, if I can get the ecash software to work again.
12, if you'll accept killfiling as well...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Fri Feb  9 00:28:11 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 1996 16:28:11 +0800
Subject: DSN
Message-ID: <199602090803.AAA00707@ix6.ix.netcom.com>


At 12:47 AM 2/1/96 -0500, you wrote:
>Anyone heard of DSN? I think thats the right order of the initials...
>... its supposedly the only crypto-hardware solution for protecting an 
>entire network on the Internet. You put one of these $5,000 units at one 
>end of a lan, and another one somewhere else on the Internet, and the 
>company gaurantees secure, encrypted transmissions. The TCP/IP headers 
>and data are mangled, encrypted, etc.

Anybody who supposedly makes the "only [whatever-category] hardware solution"
for a problem has either not done their literature searching, is going for
a really obscure market niche, doesn't understand the problem, or
(very rarely) is the first product out on the bleeding edge, or has
had their competitors go out of business on them.  VSLAN (I forget the 
manufacturer) used to make an encrypting Ethernet board for PCs, Suns, etc.,
and did the software work behind it to get a B2 Red Book rating from the NSA.
Boeing had a secure FDDI ring about the same time (~5 years ago.)
Motorola has made several products for encrypting Ethernets, X.25s, and
other networks, which the military buys and likes.  Don't know which of
these are still on the market, and what new toys have appeared.

Meanwhile, the swIPe encrypted/authenticated IP protocol is available,
and the similar IPng security protocols are emerging (i.e. the RFCs are
written and folks are working on reference implementations.)
They'll cost you $0 for software plus a 386-box for Linux, or a used Sun.

>It uses 512bit keys and I was just wondering how the authentication is
>done. Does anyone have any specs on these units? Supposedly it does not
>require a 3rd party entity to verify that the two units are both valid,
>when determining the initial public/key pairs. Perhaps there is hardcoded
>data in the units that is used to verify this? The company supposedly has 
>some proprierty method ... how can we be sure this expensive unit can do 
>its job if information on the encryption has not been released. 

If you can't get the company to show you the protocols, at least under
non-disclosure, ask them if it's NSA-certified and see what the NSA has to say
about it.  512-bit keys seem a bit short for either RSA or Diffie-Hellman
these days...

>[RSA in 5 lines of Scheme, deleted.]
Got any short prime-number generators?
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From lunaslide at loop.com  Fri Feb  9 01:26:39 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Fri, 9 Feb 1996 17:26:39 +0800
Subject: Tell me whats wrong with this
Message-ID: 


>Tell me whats wrong with this section of the telecom bill.  I have a six
>year old boy I am trying to raise
>and it is hard enough to teach him respect and values without explaining why
>Ned Beatty is being
>bungholed in the woods by Billy Bob or why the Terminator splattered this
>guys brains all over the
>wall.
>        Tell me why parents should not be able to censor their OWN
>television so that they may raise their children the way THEY see
>fit...................Did your dad give you his old
>playboys?.........NOOOOO............



A note here...my dad also did not go to jail for two years and get fined
$100,000 when I weasled my way into his closet, without his knowledge, and
found his Playboys at age five!

>All I'm saying is it's tough to raise a child these days without the added
>distortion of modern
>programing and parents need not be denied any tool that can help them
>achieve success.



I didn't see anything really wrong with that part of the bill.  What it
will encourage is advertisers to withdraw from the more violent shows, and
in turn will encourage television producers to prefer funding less violent
shows.  Since I don't watch television that often anyhow, it won't affect
me very much.

I do see where it will deny those who wish to see such shows the violence
they wish to see.  This is an issue, and it is indirectly caused by the
bill, but it can not be used effectively against the govt. because they did
not directly outlaw violence.

It is particularly the CDA which boils my blood.  One other concern,
however, is that the lifting of restrictions on who can compete for what
will result in mergers and buyouts of internet providers and that when only
a few major companies own the bulk of the industry, the consumers will
suffer from content restriction, technological lag and possibly price
gouging.  I note the car, oil, software and media industries as a few
examples.  For example, journalists have traditionally been in support of
free speech and civil rights; they are, for the most part, rather liberal.
However, they, particularly those in television journalism, have been
notably absent in this battle over net censorship and have definitely not
been there to support us.  In fact, they have even spoken to our cause's
detriment on many occasions, by the slant of their pieces!  I can only
attribute this logically to the fact that the internet takes attention away
from their industry.  The internet competes with television and print as an
information source, and this the owners of the media do not want.  It's
sort of an unspoken conspiricy (appologies, I've already been accused of
turning this into ConspiricyPunks once before:-)

Nontheless, those are some of my concerns over the telcom bill aside from
the obvious CDA.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller








From attila at primenet.com  Fri Feb  9 02:12:11 1996
From: attila at primenet.com (attila)
Date: Fri, 9 Feb 1996 18:12:11 +0800
Subject: violating politicians privacy
In-Reply-To: <199602090618.WAA24333@ix13.ix.netcom.com>
Message-ID: 


On Thu, 8 Feb 1996, Bill Stewart wrote:

> attila said:
>
> >	well, I take it as assumed correct that illegally violating the
> >    credit and personal information of member os Congress (might as well 
> >    include the Clintons and the Gores) would get a response on privacy.
> 
> _Is_ it violating their privacy to get their credit information?
> After all, they're applying for some mighty big loans from everybody,
> and putting everybody who pays US taxes down as a credit reference....
>
    attila writes: 

        well, remember, Congress has a prime function that their "duty" 
    is to legislate a bunch of laws for _us_ to live buy; and, that being 
    done, to legislate a second set of laws, more to their liking, for
    _them_ to live by and collect $5M pensions, and 100% health coverage
    at the very best for the rest of their lifes. 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From carlos at Conrad.Harvard.EDU  Fri Feb  9 18:22:33 1996
From: carlos at Conrad.Harvard.EDU (Carlos Perez)
Date: Fri, 9 Feb 96 18:22:33 PST
Subject: digital cash &c.
In-Reply-To: <199602080259.SAA13025@Thinkbank.COM>
Message-ID: 




On Wed, 7 Feb 1996, Jordan Hayes wrote:

> 	> it _is_ anonymous ...
> 
> And then:
> 
> 	> can be refilled at ATMs
> 
> You make a deposit or something?  How does the transaction clear?
> When they finally look in the envelope, they credit the card?
> 
> Or do you mean just 'anonymous' between the user and the merchant?
> 
> /jordan
> 

sorry i wasn't clear: it is anonymous between the user and the merchant, 
and between the user and the card distributer (in this case Visa). 
"Refilling" at ATMs is essentially a download of "cash" from your bank 
account into the card.





From llurch at networking.stanford.edu  Fri Feb  9 18:27:02 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Fri, 9 Feb 96 18:27:02 PST
Subject: glide.c??
In-Reply-To: <199602092027.UAA04128@ex500.saic.com>
Message-ID: 


On Fri, 9 Feb 1996, Jim Small wrote:

> DO you know where I can find glide.c , or (newer) to bruteforce
> .pwl files?

http://www.c2.org/hackmsoft/

There will also be a utility for extracting and decrypting file sharing
(Win95 as server) passwords as soon as the code is refined and the ReadMe 
is written.

-rich





From stewarts at ix.netcom.com  Fri Feb  9 18:28:56 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 96 18:28:56 PST
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22301@ix10.ix.netcom.com>


At 08:39 AM 2/9/96 -0800, jamesd wrote:
>If you have one law for men who run businesses and one law [for] other folks, 
>then we have selective enforcement and application of the laws, 
>that enables governments to act selectively and capriciously.   
>For example here in California private citizens who attempt to organize 
>recall elections are often subject to extraordinary and confiscatory fines.

On the other hand, of course, there are laws that are ostensibly for
the purposes of regulating businesses whose primary effect is
to limit the privacy or actions of individuals.  For instance,
California's law requiring that mailbox renters provide two forms of ID
and make their mailbox companies agents for service of process 
is ostensibly to "protect" consumers by regulating businesses that 
operate out of mailboxes (which the law claims there are 7 million of here);
it furthermore lets the Post Office specify what kind of ID to use
(which some local postmasters are far more extreme about than others),
and requires revealing True Addresses.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Fri Feb  9 18:29:00 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 96 18:29:00 PST
Subject: [NOISE] #/%age of CDA-blackened sites
Message-ID: <199602100357.TAA22317@ix10.ix.netcom.com>


>Sorry to post this question here, but I know of no other group with
>folks who would know. Have any of the "spiders" such as Alta Vista
>been sent to see just how many US sites have been blackened in the
>protest? The approximate number and percentage of US sites blackened
>might be interesting. In my limited surfing, I have been gratified
>to see the _widespread_ response -- but I am not the typical user.

I don't think it's updated enough things recently (or else it only indexes
the contents of a page and not the header details in the  statement.)
For instance, BGCOLOR="#000000" had 197 hits, but most of them were old,
and on topics like "How to set the background colors on your web page",
and NO documents matched both BGCOLOR="#000000" and vtw.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Fri Feb  9 18:29:04 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 96 18:29:04 PST
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22191@ix10.ix.netcom.com>


At 06:28 AM 2/9/96 -0500, Duncan wrote, regarding the appallingly
invasive British Privacy Act:

>Computer bureaux which process personal data for others or allow data users
>to process personal data on their computers must also register. Their
>register entries will contain only their name and address.
>
>Data users and computer bureaux who should register but do not, are
>committing a criminal offence, as are those operating outside the
>descriptions contained in their register entries. In these cases the
>Registrar regularly prosecutes. The penalty for non-registration can be a
>fine of up to �5,000 plus costs in the Magistrates Courts, or an unlimited
>fine in the Higher Courts."

Ouch - does this mean that if you offer shell accounts, you either have
to contractually limit the processing your users may do, or be fined
as a criminal for not registering?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Fri Feb  9 18:29:15 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 96 18:29:15 PST
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22245@ix10.ix.netcom.com>


At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to. I am more
>concerned about corporations who hold information about me and release it
>to the highest bidder. When it comes to individual versus corporate
>rights, I am clearly on the side of the individual. 

Remember that there's a major difference between "corporations"
and "business"; you seem to be mixing them up.  A corporation is
a legal fiction that treats a cooperative effort by one or more people
as if it were a person in itself, and normally involves limiting the
liability of the corporation's investors by putting it all on the
fictional person.  A business is what one or more people do to make money.
Most corporations are businesses, though not all.

Governments can legitimately tell corporations what to do because
that's part of the price of the legal fiction; a government can't
abuse a corporation because you can't beat up a legal fiction,
though it can say "Poof!  You're not a legal fiction any more",
and conversely, if the people who own the legal fiction don't like
what the government's telling it to do, they can dissolve it.
(Governments also enjoy regulating non-corporate businesses,
but they're no longer on solid moral ground.)

>	I have also not suggested some form of prior restraint that would 
>require government access to computers. I simply suggest that should a 
>violation occur, that I have the right of civil and criminal law as a 
>recourse to both compensate me for my loss of privacy as well as deter 
>future damage. A company knowing that civil and criminal penalties could 
>result from a violation would take extra care to ensure the security of 
>my data.

How are you going to _know_ that a "violation" occurred, if company A
tells company B your address or favorite liquor?  Only by having access
to the records of both companies.  Getting that through the courts,
for only the parts of their information relevant to you, is better than
blanket permission for the government to rummage through their files,
but after the first lawsuit lets investigators in, everything they've got
is clam bait anyway.  It's still major privacy violation - for the company
whose machines are being violated, and for the non-suing individuals
whose data is also on those machines.  
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From stewarts at ix.netcom.com  Fri Feb  9 18:29:24 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 9 Feb 96 18:29:24 PST
Subject: Benefits of the V-Chip
Message-ID: <199602100357.TAA22279@ix10.ix.netcom.com>


At 10:11 AM 2/9/96 -0500, olbon at dynetics.com (Clay Olbon II) wrote:
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
..
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

Just as many people program their televisions using VCR-Plus codes to
record the shows they want (using TV Guide as a rating service)
it would be easy for any rating service to publish a list of the
codes for Approved Shows, Banned Shows, Rated-by-interestingness shows, etc.
without putting any government-mandated rating chip in the TVs
or forcing the TV producers to rate them (which also has a chilling
effect on the shows produced.)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From tcmay at got.net  Fri Feb  9 18:41:29 1996
From: tcmay at got.net (Tim May)
Date: Fri, 9 Feb 96 18:41:29 PST
Subject: World's Financial Police To Cast Money Laundering Net Wider
In-Reply-To: <4fbg19$nv1@ixnews7.ix.netcom.com>
Message-ID: <199602100539.VAA23895@you.got.net>



I found this article in misc.survivalism, but despite its presence there,
it actually has some interesting things to say about developing directions
in money laundering enforcement, including mention of electronic purses.
And "The Financial Times" is no slouch of a paper.

--Tim May



In article <4fbg19$nv1 at ixnews7.ix.netcom.com>, taxhaven at ix.netcom.com(Adam
Starchild ) wrote:

> From The Financial Times (London) for February 3-4, 1996:
> 
> 
>    WORLD'S FINANCIAL POLICE TO CAST MONEY LAUNDERING NET WIDER
> 
>              by George Graham, Banking Correspondent
> 
> 
>      The world's leading financial policemen are to consider
> targeting money laundering from arms trafficking, extortion and
> bribery as well as the drugs trade.
>      Members of the Financial Action Task Force, grouping senior
> government officials from the European Commission, the Gulf Co-
> operation Council and 26 other countries, have launched a review
> of their guiding principles.
>      The review is expected to be completed by June, and could
> result in the criminalisation of money laundering linked to any
> serious crime.
>      The Task Force's current recommendations, which set out
> minimum standards for money laundering laws in member countries,
> only require the criminalisation of drug money laundering,
> although countries are also urged to consider extending the
> offence to other crimes with a narcotics link.
>      Mr. Ronald Noble, under-secretary for enforcement at the US
> Treasury and president of the Task Force, said the group had not
> yet decided whether to widen the definition of money laundering. 
> Including all serious crimes could, however, make it simpler for
> law enforcement officials to launch investigations of
> transactions that look suspicious but have no obvious drugs link.
>      "It would make it much easier to collect information," Mr.
> Noble said. "People who before were engaged in the illegal
> transfer of funds would find it more difficult and more costly."
>      A broader definition might, however, make it more difficult
> to apply the Task Force recommendation that countries should have
> the power to confiscate laundered money.
>      The review is not expected to result in big changes to the
> 40 principles currently recommended by the Task Force, which
> officials believe have already contributed to substantial
> advances in the fight against money laundering.
>      But the review will also have to consider whether to address
> the new issues raised by the development of "cybercash," new
> varieties of payments systems such as stored value cards or
> electronic purses.
>      "We have to be concerned as an organisation to come up with
> principles which recognize that technologies could pose a threat
> but do not define them in such a way that you are dated as soon
> as you publish them," Mr. Noble said.
>      Law enforcement officials are keen that the developers of
> new financial technologies should think about their criminal
> potential before they launch them, so that governments do not
> have to clamp down on them afterwards with rigid rules.
>      Possible safeguards against the misuse of electronic purses
> could include limiting their maximum value or restricting their
> use to certain closed systems.
> 
> Posted by Adam Starchild
>      Asset Protection & Becoming Judgement Proof on the World
> Wide Web at http://www.catalog.com/corner/taxhaven





From twcook at cts.com  Fri Feb  9 18:45:21 1996
From: twcook at cts.com (Tim Cook)
Date: Fri, 9 Feb 96 18:45:21 PST
Subject: CDA Yes Votes; Collection
Message-ID: 



Duncan,

> badly as you are upset. That is why some of us want less legislation
> and less regulation to minimize just this sort of human suffering. 
> Maybe next time those of you who are into "proactive" government
> will think before you crush other people's lives.
> 
That's why I support Lamar Alexander! .

Another "Logical Conclusion" by:
Tim Cook 
Support THE US Constitution...
Vote Alexander in '96 and '00!





From markson at osmosys.incog.com  Fri Feb  9 03:37:08 1996
From: markson at osmosys.incog.com (Tom Markson)
Date: Fri, 9 Feb 1996 19:37:08 +0800
Subject: SKIP Alpha-2 Source release
Message-ID: <9602091120.AA19142@monster.incog.com>


Hi,

We've just released the Alpha-2 SKIP reference source for SunOS 4.1.3.
This is a bug fix release of our Alpha-1 Source reference Source.

The source is available from http://skip.incog.com.    Included in this
mail message are excerpts from the README file for the the package.

Please direct comments to freeskip at incog.com.

Enjoy!

Tom Markson
Sun Microsystems

-------------------------------------------------------------------------


	ALPHA 2 Release of SKIP Reference Source for SunOS 4.1.3
	--------------------------------------------------------
			Overview and Release Notes

Overview
--------
SKIP is a Key-management protocol for IP based protocols.  It is an 
acronym for Simple Key-management for Internet Protocols. SKIP is 
documented in the SKIP IETF IPSEC draft included in this directory 
as draft-ietf-ipsec-skip-06.txt.  The most recent SKIP draft is 
always available at http://skip.incog.com and the Internet-Drafts
directories.

>From this public domain source release, you can build a fully 
functional IP-layer encryption package which supports DES and 
Triple-DES for SunOS 4.1.3.  This means that every IP networked 
application can have it's network traffic encrypted.   Unlike
application level encryption packages, this package encrypts 
IP packets.  Thus, applications do not need to be recompiled or 
modified to take advantage of encryption.

The SKIP source is possible through the efforts of engineers in Sun
Microsystems Internet Commerce Group.  The developers and designers
are Ashar Aziz, Tom Markson, Martin Patterson, Hemma Prafullchandra and
Joseph Reveane.  Linda Cavanaugh worked on the documentation.

The package compiles under both the SunPro compiler and GCC.  We expect 
that this release should port without too much pain to any operating 
system which uses BSD style networking (mbufs).  

A legal warning: Because this package contains strong encryption, the
Software must not be transferred to persons who are not US citizens or
permanent residents of the US, or exported outside the US (except
Canada) in any form (including by electronic transmission) without
prior written approval from the US Government. Non-compliance with
these restrictions constitutes a violation of the U.S. Export Control
Laws.

This source release may be used for both commercial and noncommercial 
purposes, subject to the restrictions described in the software and
patent license statements.  

Furthermore, Sun Microsystems has licensed the Stanford public key patents 
from Cylink Corp. which are available to users of this package on a royalty 
free basis. The patent statement is in README.PATENT.  Be sure to read this,
as it contains some restrictions and other important information.  

Also included in this release is a high speed Big Number package written 
by Colin Plumb. bnlib/legal.c contains Colin's software license statement. 

Features
--------
	1.  SKIP V2 compliant implementation using ESP encapsulation.
	2.  Support for DES/3DES for traffic and key encryption.
	3.  Diffie-Hellman Public Key Agreement based system.
	4.  Full Support for manual establishment of master keys.
	5.  Support for multiple NSIDs and multiple local certificates.
	6.  GUI tool for user friendly manipulation of access control lists
	    and key statistics.
	7.  Command line tools for manipulating access control lists, etc.
	8.  Implementation of the Certificate Discovery protocol fully
	    integrated into SKIP.
	9   Implementation of X.509 public key certificates.
	10. Implementation of DSA signature algorithm for certificate
	    signatures.
	11. Implementation for MD2, MD5 and SHA message digest algorithms.
	12. Implementation of ASN.1 DER encoding/decoding.
	13. SunScreen(tm) SKIP compatibility mode.
	14. Implementation of hashed public keys as defined in the SKIP 
	    draft.  Implementation of programs to generate hashed public
	    keys.
	15. Certificate utilities to convert X.509 Certificates to hashed
	    keys and  print both X.509 and Hashed certificates.
	16. High performance Big Number library for Diffie-Hellman 
	    calculations.
	17. Implementation is effectively "public domain" and may be used both 
	    commercially and non-commercially.
	18. Patent Agreement with Cylink allows roylaty-free use of the 
            Diffie-Hellman and other Stanford patents with this package for 
	    commercial and non-commercial use.  Read README.PATENT for 
	    some restrictions.
	19. Inclusion of prime generation program used to generate the 
	    primes in SKIP draft.

Release Notes
-------------
Here are the release notes for this Alpha 2 release of the SKIP source.

	1.  This release is a bug fix release for Alpha-1.  Major areas
	    of change include:
			o Fix ESP and AH protocol numbers.
			o Fix Unsigned DH Public encoding.
			o Remove truncatation of shared secret (for this
			  release only).
			o Various other Bug fixes.
			o Fix Triple DES.

	2.  This release does not interoperate with Alpha-1.   Alpha-1
	    sites should upgrade.  Alpha-1 had a bug where unsigned public
	    keys were being encoded incorrectly.  Therefore, unsigned DH 
	    keys generated with alpha-1 do not work with Alpha-2.  
	    Regenerate your unsigned public keys.  X509 Certificates from
	    alpha-1 will continue to work.

	3.  This release interoperates with Swiss ETH SKIP using unsigned
	    DH keys and DES and triple DES.  It was tested at the Dallas 
	    1995 IETF.  However, the certificate discovery protocol does 
	    not interoperate.  This will be fixed in the next release.

	4.  This release does not fully comply with the SKIP drafts.   It
	    is closest to the 05 version of the draft.  However, the shared
	    secret is not truncated according to that draft.  This change is
	    made to interoperate with the ETH implementation.  The next
	    release will correspond to the 06 draft. 





From frissell at panix.com  Fri Feb  9 03:55:41 1996
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 9 Feb 1996 19:55:41 +0800
Subject: Tell me whats wrong with this
Message-ID: <2.2.32.19960209113928.00e1c95c@panix.com>


At 01:00 AM 2/9/96 -0800, lunaslide at loop.com wrote:
>to speak your mind on the matter, as you are now.  People talking about gay
>rights, abortion options, better sex (a la Dr. Ruth) can no longer do that
>on the net without wondering whether they are in violation of the bill or
>not.

If people where more used to regularly violating laws, one more law
violation would mean much.  Practice makes perfect.

"Your Honor, I plead necessity.  The reason I violated this law was so that
I would have plenty of practice in case I ever find myself in a totalitarian
state.  Since the laws of the US and International Law permit (and in some
cases require) me to violate the laws of a totalitarian state, I need to
practice law violation under the less stressful circumstances of the current
US.  Without practice, I won't be able to violate totalitarian laws smoothly
and thus might have to obey them.  This could put me in jeopardy under
International Law.  Necessity defense."

DCF






From frissell at panix.com  Fri Feb  9 04:10:10 1996
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 9 Feb 1996 20:10:10 +0800
Subject: Not so fast
Message-ID: <2.2.32.19960209115159.00e1fd18@panix.com>


At 02:37 AM 2/9/96 -0800, anonymous-remailer at shell.portal.com wrote:

>Coppolino also told U.S. District Judge Ronald L. Buckwalter that 
>the Justice Department will stand by its longstanding policy
>``unchristian speech will be vigorously prosecuted.''

We warned you what would happen if you elected *Southern Baptists* to the
White House.

DCF 

"Of course, Algore used to be an Episcopalian until he had a political
conversion to Southern Baptism."






From adam at sub.toad.com  Fri Feb  9 05:02:58 1996
From: adam at sub.toad.com (Adam Philipp)
Date: Fri, 9 Feb 1996 21:02:58 +0800
Subject: PGP & Seamless Pegasus
Message-ID: <12335060901367@compuvar.com>


-----BEGIN PGP SIGNED MESSAGE-----

Can I just add a loud HURRAH! on the integration of PGP and Pegasus 
using the PGPJN add-on. 

It is by far the smoothest melding of PGP and a e-mail routine to 
date. The only way it would be smoother is on one program. THe 
learning curve is also negligible. 

For all those griping about no good PGP windoze e-mail programs, your 
wait is over. This mail program won over a die hard Eudora fan in 
about 15 minutes... Someone else already posted the sites to get this 
so forgive my laziness of not repeating their words.

Oh, did I mention this is seamless under Windoze 95 as well?


Adam, Esq.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRs/RAaMHlrz9swxAQGWUwf/amggouHkGjrjoYQ3JXYXiWblHc2NBvQx
wwy1jMSvEEiP0kQD1iaysA6fw4t+xU1bFAftqACRa3rTF7ZgCRRgFuhgwTwhwR8u
HZ8zDed5PIgywsn9/jqXW+nqneNx2uboUjq7FsncZiC7EG90/SMK78et8QZ/sT0l
ifiCvoLXaYhW4anmIeHMADLwDRqUlhVWX5RX1ccG2MrOrrrKHjJcveG4CF72M8EV
hftXDTWdElUuPUHD0JUBlp555+YMuolSUuu4sq1eodwlX0L4tq9vv4QBCwnBvq0H
4XONwa9BaRvEjVJ0Gg6+HjC4/IHOt/5CJ+SfwvQAaysH7Q11nkKTZw==
=/zQA
-----END PGP SIGNATURE-----





From vince at offshore.com.ai  Fri Feb  9 05:05:27 1996
From: vince at offshore.com.ai (Vincent Cate)
Date: Fri, 9 Feb 1996 21:05:27 +0800
Subject: New Internet Privacy Provider - Press Release
Message-ID: 




PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.

As a result of recent efforts to censor the Internet in France, Germany,
China, and now the USA, Offshore Information Services Ltd. (OIS)
anticipates a larger market for privacy services over the Internet. OIS is
well suited to provide such service since it is located in Anguilla, a
taxhaven in the Caribbean with strict secrecy laws.  OIS is now entering
this market. 

OIS makes it easy for users to setup an online identity offshore. Setting
up an offshore email identity can be as easy as changing the POP server
name, user name, and password in their mail program.  Using this new
idendity they can again have free-speech on the Internet.

If users choose, they can login to a machine in Anguilla using ssh so that
their communication over the Internet is encrypted. 

Users can also maintain web pages offshore almost as easily as if they
were onshore. 

Anguilla has no restrictions on publications about dead presidents of
France, or information about birth control, etc.

The OIS web page is http://online.offshore.com.ai/ 






From campbelg at limestone.kosone.com  Fri Feb  9 05:33:51 1996
From: campbelg at limestone.kosone.com (Gordon Campbell)
Date: Fri, 9 Feb 1996 21:33:51 +0800
Subject: "Plonk"
Message-ID: <2.2.32.19960209131356.006c5e08@limestone.kosone.com>


At 07:31 PM 08/02/96 -0600, Ed Carp wrote:
>
>Because Perry has an ego bigger than Bill Clinton, Newt Gingrich, and
>Dianne Feinstein all rolled into one, that's why. 



This from a guy whose signature is 12 times the length of the message that
it was attached to?
Puh-lease....

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.






From liberty at gate.net  Fri Feb  9 06:13:04 1996
From: liberty at gate.net (Jim Ray)
Date: Fri, 9 Feb 1996 22:13:04 +0800
Subject: [NOISE] #/%age of CDA-blackened sites
Message-ID: <199602091349.IAA02800@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Sorry to post this question here, but I know of no other group with
folks who would know. Have any of the "spiders" such as Alta Vista
been sent to see just how many US sites have been blackened in the
protest? The approximate number and percentage of US sites blackened
might be interesting. In my limited surfing, I have been gratified
to see the _widespread_ response -- but I am not the typical user.
JMR

Regards, Jim Ray  --    

Boycott espionage-enabled software! http://www.shopmiami.com/prs/jimray
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  --  IANAL
_______________________________________________________________________

 "In wise hands, poison is medicine.
  In foolish hands, medicine is poison." -- Cassanova


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMRtQhW1lp8bpvW01AQGxaAP+LJ/C88WfFv4NzPY8jZ8JcguHk2p+knbA
lp/ZW76u6U3JUPRG0qT12nF4yLzrKLL3+N4osiJvpREbuqC2YMAEg2NNJhC2e+RQ
Nepe8QzU/KGuHj3Fge5Tc+Uyvaq4rzcuXMSSlemHNdlIm3JroVQ68Iebswcknjqh
4ZI3J5Cgq3o=
=RYeD
-----END PGP SIGNATURE-----






From m5 at dev.tivoli.com  Fri Feb  9 06:35:46 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Fri, 9 Feb 1996 22:35:46 +0800
Subject: Tell me whats wrong with this
In-Reply-To: <199602090054.TAA03816@borg.mindspring.com>
Message-ID: <9602091410.AA04159@alpha>


avatar at mindspring.com writes:
 > > >         Tell me why parents should not be able to censor their OWN
 > > > television so that they may raise their children the way THEY see
 > > > fit
 > >
 > >But what about *my* TV?  Why should I be forced to pay for something I
 > >don't want just because you want it for yourself?  [ Why does this
 > >seem so obvious? 
 > 
 > You probably had no problem with seat belts being manditory eqiupment ,
 > because they  protected YOU and the people YOU cared about. 

Incorrect.  I do have a problem with that.

 > You probably had no problem with manditory airbags, public building smoke
 > alarms, unleaded fuel, restaurant health codes,etc....Because they
 > protected you and or people you care about, even though they cost
 > YOU more money. 

I'm trying to see what this has to do with a mandatory chip in my
TV...  SOmehow the link between that and a smoke alarm seems tenuous
at best.

The intent of making the V chip (what does "V" stand for anyway?
"Violence?" Eerily Orwellian if so...) mandatory seems to be that it's
necessary to "protect" the people who want to "protect" their children
but are too stupid to seek out and purchase a TV equipped with an
optional filtering device.   "Oh darn; I want to protect my children
from all this horrible damaging programming, but I bought the wrong
kind of TV!  If only the government had made it impossible for me to
do so!"

 > Besides, we both no that the cost of the chip is
 > insignificant. This device hurts no one!
 > Charles Donald Smith Jr.
 > 
 > ||The government  is my shepherd I need not work. It alloweth me to lie
 >  down on a good job. It leadeth me beside stilled factories. It
 >  destroyeth  my initiative...

Could you please change your signature block?  My hypocrisy meter is
pegged. 

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From bplib at wat.hookup.net  Fri Feb  9 06:37:11 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Fri, 9 Feb 1996 22:37:11 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <199602090726.XAA27422@blob.best.net>
Message-ID: 



On Thu, 8 Feb 1996 jamesd at echeque.com wrote:

> 
> On Mon, 5 Feb 1996, Duncan Frissell wrote:
> >> Unfortunately, [a privacy act] would also:
> >> 
> >> *  Require government registration of computers and databases containing
> >> information about people (whether these computers are used by business or
> >> individuals).  This eases regulation of computers and future confiscation.
> 
> At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
> >I don't believe that this follows at all. All that would be required 
> >would be a statutory obligation to comply with the legislation.
> 
> And how can you enforce this statutory obligation?  Privacy laws 
> against private citizens run into the same problem as drug laws:  
> You need intrusive means to enforce them.
> 
> A law "protecting" privacy would require government supervision 
> of what is on my computer and your computer.  
> 

	Private individuals are not what I was refering to. I am more
concerned about corporations who hold information about me and release it
to the highest bidder. When it comes to individual versus corporate
rights, I am clearly on the side of the individual. 
	It is not unreasonable to expect corporations to comply with 
environmental laws to prevent the poisoning of our air and water. I 
think that it is also not unreasonable to expect that personal 
information that we have to release to participate in society be held in 
secure trust and be used only for the purposes that we released it in the 
first place.
	I have also not suggested some form of prior restraint that would 
require government access to computers. I simply suggest that should a 
violation occur, that I have the right of civil and criminal law as a 
recourse to both compensate me for my loss of privacy as well as deter 
future damage. A company knowing that civil and criminal penalties could 
result from a violation would take extra care to ensure the security of 
my data.
Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From jeffb at sware.com  Fri Feb  9 07:22:13 1996
From: jeffb at sware.com (Jeff Barber)
Date: Fri, 9 Feb 1996 23:22:13 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: 
Message-ID: <199602091453.JAA17982@jafar.sware.com>


Tim Philp writes:

> On Thu, 8 Feb 1996 jamesd at echeque.com wrote:

> > A law "protecting" privacy would require government supervision 
> > of what is on my computer and your computer.  

> 	Private individuals are not what I was refering to. I am more
> concerned about corporations who hold information about me and release it
> to the highest bidder. When it comes to individual versus corporate
> rights, I am clearly on the side of the individual. 

So, I take it you have no problems with me as a private individual
selling information about you to the highest bidder so long as I don't
file letters of incorporation?  This is a silly distinction.

But more to the point: The word corporate does not necessarily denote a
huge company with millions of dollars in revenue, thousands of employees
and stock publicly traded on the NYSE.  Most "corporations" are small
companies, one or two or a few employees.  Every time the government-as-
nanny types come up with a new law "to protect us from the evil
corporations", every company big and small is saddled with additional
costs and hassles.  This means dollars to you and me, either directly --
because you're an owner or employee of the company -- or indirectly --
because the price of goods sold increases.  Why is this so hard to grasp?


>                                                                   I 
> think that it is also not unreasonable to expect that personal 
> information that we have to release to participate in society be held in 
> secure trust and be used only for the purposes that we released it in the 
> first place.

Yes, it *IS* unreasonable as applied to information.  If you don't want
an individual or company to have information about you, don't give it
to them.  Pay cash for your purchases.  Or make them (contractually)
agree not to release the information.  Sure, it may cost you extra
dollars, and sometimes they may not be willing, so you'll have to take
your business elsewhere or live with the realization that you're trading
convenience (and other benefits) for privacy.


-- Jeff





From nobody at REPLAY.COM  Fri Feb  9 07:27:03 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Fri, 9 Feb 1996 23:27:03 +0800
Subject: Tsu.con Rishabed
Message-ID: <199602091450.PAA12401@utopia.hacktic.nl>



WSJ, 9 Feb 1996

Shimomura, Pursuer of Hackers, Finds Himself Homeless on
Web

By Jared Sandberg

A renowned hacker catcher who co-wrote the book
"Takedown" just got a bit of a takedown himself.

Tsutomu Shimomura, the Internet security expert credited
with catching fugitive hacker Kevin Mitnick last year,
set up a site on the Internet's World Wide Web to
chronicle the famous cat-and-mouse chase. To supplement
the book, the on-line database includes audio clips of
taunting messages Mr. Mitnick left for Mr. Shimomura and
transcripts of chat sessions that the hacker held with
friends, under the heading "Kevin On Demand."

But over the weekend, the address of the Web site,
"takedown.com," was deleted at a hacker's request and
replaced with a bogus entry, "takendown.com."

Not exactly hilarious, but this is hacker humor.

"It's pretty juvenile," said Mr. Shimomura, who got his
address back by Wednesday night. But he notes that
hackers could easily change the Internet addresses of
corporations or even America Online Inc. "I expect that
businesses like AOL would be much less amused if they
were renamed 'aohell.com,' and that would cost them real
money."

The problem arose when Network Solutions Inc., the
company that sets up addresses on the Internet, was
apparently conned by someone claiming to be Mr.
Shimomura. A company official said that he hadn't been
able to investigate the matter because the company has
been deluged with electronic mail in an unrelated prank.

But many experts are concerned that Network Solutions
doesn't verify the authenticity of Internet address
requests, which number as many as 3,000 a day, and that
the company simply takes people at their word.

"They do it all the time, and they shouldn't," said
Steven Bellovin, a security expert at AT&T Corp.'s
research unit, who fears such dupes will grow more
common. Mr. Bellovin noted that hackers have also
exchanged software tools that can redirect users to phony
sites. "Hackers share tools better than the good guys,"
he said.

Network Solutions is working on a tool to check the
authenticity of requests for address changes. But some
think that such moves are a little late.

Mr. Shimomura said, "Unfortunately, we live in a world
where things need to break before they're fixed."

--











From olbon at dynetics.com  Fri Feb  9 07:48:57 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Fri, 9 Feb 1996 23:48:57 +0800
Subject: Benefits of the V-Chip
Message-ID: 



There is one potential side-benefit to the V-chip -- The inverse-V-chip
(the idea for which I stole from someone on this list, sorry I don't
remember who to credit).

I am looking forward to a time when I will never, even accidentally, have
my TV tuned to "Full House" ;-)

        Clay


        READ THIS NOW:http://www.newshare.com/Reporter/today.html
(warning: just thinking about this URL puts you in violation of the CDA of 1996)

---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From jamesd at echeque.com  Fri Feb  9 09:14:09 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sat, 10 Feb 1996 01:14:09 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602091642.IAA19346@shell1.best.com>




>On Thu, 8 Feb 1996 jamesd at echeque.com wrote:
>> A law "protecting" privacy would require government supervision 
>> of what is on my computer and your computer.  

At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to.    I am more
> concerned about corporations

First:  You will not get that, because governments invariably privilege large 
businesses above small businesses and individuals. and invariably privilege 
old established businesses against new businesses.

Secondly if you were able to get that, it would be even worse than the what 
you will actually get.

If you have one law for men who run businesses and one law other folks, 
then we have selective enforcement and application of the laws, 
that enables governments to act selectively and capriciously.   
For example here in California private citizens who attempt to organize 
recall elections are often subject to extraordinary and confiscatory fines.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From lunaslide at loop.com  Fri Feb  9 09:56:02 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 01:56:02 +0800
Subject: cypherpunks press
Message-ID: 


>ecarp at netcom.com sez:


>My feeling is that Mitnick getting past security, and Mitnick not having
>to decrypt at every stage, and stuff like that is good material, but these
>topics generally have big ol' love handles attached to them. Describing
>people's hot tub parties, for example, is not exactly cypherpunk material.



>I am imagine many people use (and I am headed this way) nntp.hks.net merely
>to avoid large boring non crypto/political threads. Not everyone has this
>capability, and now some of them have left because of the S/N. I'm talking
>about real cryptographers, not weekend warriors like, well, ok I'm more like
>a yearend warrior.On the other hand, Alice and others haven't posted lately,
>so perhaps the noise is just the fill-the-vacuum pheonominon.
>
>> Why don't you go and write some code?  Put those busy fingers to better
>
>Perhaps he is. I am. Are you?

I am too, but the other half of my major is philosophy.  I can't help BSing
about the social issues too.....which seems to be common on the list.
Perhaps there is a compromise since there seem to be interests on the part
of both parties?  Like cypherpunks-tech at toad,com.  Any words?

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From sandfort at crl.com  Fri Feb  9 10:10:59 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 10 Feb 1996 02:10:59 +0800
Subject: LAST REMINDER
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I have 100+ confirmations for my party tomorrow.  It's still not
too late, though, to RSVP (or even show up without doing so if
you have a good excuse).  E-mail me or leave a message on my
answering machine (510-839-3441).

If you've misplaced the URL for the invitation (duh), it is:

		http://www.c2.org/party/masquerade.html

If you miss the party (you'll regret it), there will be pictures
on the above Web site sometime next week.


 S a n d y

P.S.	Among the guests will be a Cypherpunk who is
	flying in from out of state.  Another guest will
	be an absolute stranger who had an ad in the
	personals.  One guest is a movie star.  Of course,
	many Cypherpunk luminaries will be in attendance.
	There will be a significant 2nd Amendment presence.
	Be there, or be square.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From tighe at spectrum.titan.com  Fri Feb  9 10:16:15 1996
From: tighe at spectrum.titan.com (Mike Tighe)
Date: Sat, 10 Feb 1996 02:16:15 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: 
Message-ID: <199602091730.LAA20917@softserv.tcst.com>


Simon Spero writes:

>>         Before Bill Clinton signed the Exon Internet Censorship Bill,
>>                 Tipper Gore brought you Music Censorship.

>No she didn't! She brought us voluntary labelling, which is completely 
>different. Some local governments have then tried to use those labels to 
>commit censorship, but that's illegal. Ms. Gore's attitude is and always 
>has been that parents should be responsible.

Actually, she did try to get music censorship. When that failed, she
settled for labelling.





From tcmay at got.net  Fri Feb  9 10:28:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 02:28:31 +0800
Subject: Tell me whats wrong with this
Message-ID: 


At 2:10 PM 2/9/96, Mike McNally wrote:

>The intent of making the V chip (what does "V" stand for anyway?
>"Violence?" Eerily Orwellian if so...) mandatory seems to be that it's

The "V-Vhip" stands for "Virtue-Chip," as it will protect the virtue of
Christians, children, and small animals who will not be subjected to
cybersmut, cyberporn, and cyberbadthoughts.

(An alternate theory, emanating out of the Great White North, is that it
came from "View-Chip," the chip that is (apparently) availalbe in some
places in Canada. I saw a blurb on t.v. (no V-chip in it) about how a panel
of educators, social scientists, and moral persuaders reviews each
television program and gives the show a 0-5 rating on each of 3 scales:
violence, sexuality, and explicit language. The viewer sets her
preferences: a 5-5-5 would let everything through, etc. The developer of
the chip claimed he could mass produce the chip for a buck, and this may be
where all those estimates of "$1-2 per set" have come from. However, seeing
the chip--apparently a 20-30-pin square flatpack--and knowing how much PCB
real estate would have to be used to accomodate it, and factoring in design
and other expenses, that $1 chip will likely translate it into a $30
overall increase in t.v. set price. Not necessarily prohibitive, though I
still think the effort a waste.)

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From frankw at in.net  Fri Feb  9 10:49:53 1996
From: frankw at in.net (Frank Willoughby)
Date: Sat, 10 Feb 1996 02:49:53 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602091814.AA10924@su1.in.net>


As a brief aside to the current discussion.

About 2 days ago, NPR (National Public Radio) had a short news
blurb about a person who was suing U.S. News & World Report. 
It seems that his name appeared on a mailing list that USN&WR
sold to a credit card company (Citibank, I believe).

Basically, his main argument was that the information was private
and that the had the right to control how the information was used.

It should be interesting to see how this case gets settled.

Sorry I didn't post this sooner, but I've been very busy with a 
security assessment for a company in town.

Best Regards,


Frank 

The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist








From dan at dpcsys.com  Fri Feb  9 10:59:55 1996
From: dan at dpcsys.com (Dan Busarow)
Date: Sat, 10 Feb 1996 02:59:55 +0800
Subject: personal web proxy?
In-Reply-To: <199602080225.DAA25629@utopia.hacktic.nl>
Message-ID: 


On Thu, 8 Feb 1996, Anonymous wrote: 
> Does anyone know whether there's a freely available web proxy available
> anywhere?

The CERN http daemon can be configured as a proxy server.  Since the
proxy can run on an unprivileged port you should not need root access
to install it.

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California






From PADGETT at hobbes.orl.mmc.com  Fri Feb  9 11:00:09 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sat, 10 Feb 1996 03:00:09 +0800
Subject: E-Mail security
Message-ID: <960207222006.20217dac@hobbes.orl.mmc.com>


> The Sun Observer -- "An Independent Journal Devoted to the 
> Sun and Compatible Markets" -- ran an article in the Feb 96
> issue entitled "New technology eliminates need for keys to
> encrypt e-mail messages".

Well I consider PGP to be "Good Enough" (C - quantum economics). And
with the new "enclyptor", encrypt/decrypt from Windoze is just
a clipboard away. Seems like there are two kinds of crypto/firewalls/???
these days: those that are like French cars with beautiful GUIs and a
4 cyl engine, and the American ones with great drivetrains and terrible
coachwork (why is purple so popular ?). And then there was the Facel-Vega 
HK-500...
						Warmly,
							Padgett





From lunaslide at loop.com  Fri Feb  9 11:11:55 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 03:11:55 +0800
Subject: Regarding employee rights on company equipment
Message-ID: 


A day or so ago, I reasoned incorrectly that university students and
employees were free to encrypt mail they sent through their student or work
accounts.  This was in response to a statement that the govt could retain
at least some control of internet traffic through the universities and
businesses.  I would credit the person who called me on it, by I do not
remember who it was.  It seems that, at least for employees, it is totally
up to the employer:

>From Edupage Feb 8, 1996,

INTERNET USAGE POLICIES
Neal J. Friedman, a specialist in online computer law, says that "employees
are under the misapprehension that the First Amendment applies in the
workplace --  it doesn't.  Employees need to know they have no right of
privacy and no right of free speech using company resources."  According to
Computerworld, a number of employers are adopting Internet usage polcies,
such as one developed at Florida Atlantic University: <
http://www.fau.edu/rinaldi/net/netpol.txt > (Computerworld 5 Feb 96 p55)

It's still to bad that I was wrong :-(, but such is life.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From david at sternlight.com  Fri Feb  9 11:15:44 1996
From: david at sternlight.com (David Sternlight)
Date: Sat, 10 Feb 1996 03:15:44 +0800
Subject: Forgery--wasUnknown address
Message-ID: 


I send this to you for your amusement and delectation. The core message
below, about plonking, is a crude forgery--I did not write it nor did I
send it.

David

>From: postmaster at warehouse.mn.org (Postmaster)
>Subject: Unknown address
>Date: Fri,  9 Feb 1996 09:32:32 GMT
>Organization: The Warehouse BBS
>To: david at sternlight.com
>
>The user this message was addressed to does not exist at this site.  Please
>verify the name and domain in the original message that follows.
>Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
>
>                     ----- Original Message follows -----
>
>From: David Sternlight 
>To: cypherpunks at toad.com
>Date: Fri, 9 Feb 1996 10:28:00 +0800
>Subject: Re: PLONK
>
>Plonking is an outrageous abuse of net courtesy.
>Shame on you!
>
>David







From mianigand at unique.outlook.net  Fri Feb  9 11:22:48 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Sat, 10 Feb 1996 03:22:48 +0800
Subject: CDA Yes Votes; Collection
Message-ID: <199602091837.MAA02844@unique.outlook.net>


-----BEGIN PGP SIGNED MESSAGE-----

On  8 Feb 96 at 22:10, Tim Cook wrote:

Basically here is the problem.  Like it or not, most people in the world are 
utter morons that behave more like stupid helpless heard animals than higher 
life forms.

> Besides, what makes the US Congress think they have any control over 
> a worldwide network?

Because, the are dumb as shit.  It's simple really, back to the origional 
point, most people are about as bight as a rock, they don't care about anything 
other than stuffing there pathetic faces, waching the idoit box, and passing on 
their bad genetic structure and pathetic world view.  That is all they have, 
it's not that they have anything to contribute to the world.  They are 
pathetic, since they have no life, and know that their world view hasn't got a 
prayer in a free market place of ideas, they choose to maintain it by force.

[snip]
> Support THE US Constitution...
> Vote Alexander in '96 and '00!

Vote? we are dealing with a nation of braindeads here.  Do whatever the hell 
you want and fuck the law.  Does anybody honestly believe I actually care what 
the law says I should and should not do, like I actually care what other people 
think?  I do what I want, and if somebody(s) else gets in my face, they will 
get hurt, if not perished.

Tim May made the point, there are hundreds of nations consisting of braindead 
persons.

All of them  trying to preserve their outdated way of life, I have zero respect for 
them. They want to protect there religion, or national idetity, or morals, or 
whatever, and they know that the majority of thinking people will choose there 
way of life if they could pick form all of the alternatives.

I do not vote, I live in AmeriKa, but do not consider myself and AmeriKian, I 
just happened to be born among them, and stuck living with them, not like 
anyother place is any better or worse, although their are degrees, they are all 
ran by and for brain deads.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRsj0kUffSIjnthhAQHyQwQAgBlOPBx3nTMDZFswLUbRwcvk63q6VqAc
K7Nm7NqIBUKcCng/mcblhtljkSDsUckYYB9UBJnygATeIgWux2TZwyaXYUmlQ+ux
c0kwpNaSyxbGHjfretxMthnsmz4w6eV9P2+9IbWMXbgwFhNxz0+2YPJaECX6b8cR
3ftdttHXQWo=
=5BLE
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From david at sternlight.com  Fri Feb  9 11:23:29 1996
From: david at sternlight.com (David Sternlight)
Date: Sat, 10 Feb 1996 03:23:29 +0800
Subject: Forgery
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I just sent you a message, forwarding a forged message attributed to me about
plonking. It strikes me that to reduce the possibility that some might
claim THAT message was a forgery, I might have signed it. Too late. Well,
I'll sign this one.

Best;
David

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: MacPGPv262

iQCVAwUBMRuVP0wgH+NYrQ81AQHXAQP+NYB6xyO24vDDJORyp1PhN9ax0oorgkQu
lCUKZ/G5lrCUnrDMTksy4RqA3N1401QKQGAGWmwlVESWNrMoUP1kjFX8orKZej+/
MHefCtRuh4FB6VmAWeC769Mhza0m02Fu7//R+o95em60wUk0z0O0f5KUe85V3T3T
aRV47lmDQjg=
=w/Nv
-----END PGP SIGNATURE-----







From anon-remailer at utopia.hacktic.nl  Fri Feb  9 11:39:09 1996
From: anon-remailer at utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 10 Feb 1996 03:39:09 +0800
Subject: Telnet-ietf: AUTH, ENCRYPT
Message-ID: <199602091910.UAA20013@utopia.hacktic.nl>



Heads up:
	A discussion is starting up on the telnet-ietf list re: adding
message integrity checking to option negotiation, so it can't be hacked
with an active attack to defeat, for example, the AUTH and ENCRYPT options.
Highlights:
	- Authentication and encryption are (should be) orthogonal.
	- The "default" encryption should be something stronger than DES
	  OFB, which supposedly was chosen to accomodate dog-slow PCs.
	- Negotiation for non-authenticated, non-encrypted connections has to
	  be protected, too, to prevent attacks.

'telnet berserkly.cray.com 23000' gets you to an interactive browser of the
list archives.  Subscriptions to telnet-ietf-request at cray.com.

a






From frissell at panix.com  Fri Feb  9 11:42:41 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 10 Feb 1996 03:42:41 +0800
Subject: Tell me whats wrong with this
Message-ID: <2.2.32.19960209114604.00e1d0d4@panix.com>


At 01:00 AM 2/9/96 -0800, lunaslide at loop.com wrote:

>It is particularly the CDA which boils my blood.  One other concern,
>however, is that the lifting of restrictions on who can compete for what
>will result in mergers and buyouts of internet providers and that when only
>a few major companies own the bulk of the industry, the consumers will
>suffer from content restriction, technological lag and possibly price
>gouging.  I note the car, oil, software and media industries as a few
>examples. 

The total number of firms is greater and the average size in these firms is
smaller than in the past.

Average institutional size in America has been declining since the late 1960s.
http://www.ios.com/~lroth/clips/bussiz.html.

DCF






From anonymous-remailer at shell.portal.com  Fri Feb  9 11:48:54 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Sat, 10 Feb 1996 03:48:54 +0800
Subject: Not so fastNewsspeak Times Article on the CDA
Message-ID: <199602091037.CAA24747@jobe.shell.portal.com>



Double Plus Ungood Thought Crime Regulations Unchallenged
By Asphyxiated Press, 02/08/96


PHILADELPHIA (AP) - The government's ban on sending "incendiary"
and politically explicit material to minors over computer networks
was unchallenged in court the moment President Clinton signed it
into law Thursday.

The Justice Department pledged not to initiate prosecutions for
a week, and a federal judge declined to temporarily block the
Decency Act, giving prosecutors until Wednesday to collect names
of subversives.

Thanks to a last-minute addition by Rep. Henry Hyde, R-Ill., it
also extends a rarely enforced, 123-year-old law into cyberspace, 
making it a violation of obscenity laws to use computers to
to teach evolutionary theory.

Supporters say the law will protect children from pornography,
drug traffickers, cryptographers, and evolutionists.

U.S. Attorney Anthony J. Coppolino, said restrictions are necessary
because computers have become increasingly pervasive and bring
thoughtcrime right into people's homes.

``It's not an exaggeration to say that many of these incendiary
ideas are available on a computer by ... a click of a mouse,''
said Coppolino.

Coppolino also told U.S. District Judge Ronald L. Buckwalter that 
the Justice Department will stand by its longstanding policy
``unchristian speech will be vigorously prosecuted.''

The Clinton Administration has also repeatedly raised concerns
about the constitutionality of the evolution provisions, as it
wasn't immediately clear how they conflicted with the teachings of
Adam Smith.

Vice President Al Gore dodged the question Thursday when asked by 
The Associated Press in Washington which side the Justice
department would support.

``We're obligated to follow orders, but we said from the
start this particular provision will not contradict NAFTA,''
Gore responded.

Coppolino said the contested provisions will not be enforced
until at least Wednesday, but gave no assurances that people who
use the Internet over the next few days would not be persecuted
in the future for freethinking.

The law prohibits all ``speech about sex other than "lie down and
think of George Washington".''  Sen. Jim Exon, D-Neb., who sponsored
the wide-ranging Telecommunications Reform Act of 1996, expressed
confidence in the anti-pleasure provisions.

``The Goldsteinists continues to raise red herrings that have nothing
to do with our proposal,'' he said. ``The legislation will not ban
works of Ingsoc or reminders to contribute to the Party.''

Cathy Cleaver, a lawyer with the Family Research Council in Washington,
compared the new act to the existing sedition law, which requires all
unbaptised persons to be tattooed with an identification number -
to keep minors from communicating with subversives.









From frissell at panix.com  Fri Feb  9 11:50:32 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 10 Feb 1996 03:50:32 +0800
Subject: CDA Yes Votes; Collection
Message-ID: <2.2.32.19960209105613.00a04c70@panix.com>


At 10:10 PM 2/8/96 +0000, Tim Cook wrote:
>Find out if yours ( or any ) representative or senator voted for the 
>CDA.  Send me email with the subject CDA-YES.  Put their name and 
>where they are from in the body. I'll compile the list and post it.
>When this is over they'll wish they realized how powerful the 
>internet REALLY is.

Most of those voting against the Telecoms Bill did so because they were
against the dereg provisions not the CDA.  Most of those who voted for it
favored the general technical provisions.  Most who thought about the CDA
and still voted for the bill decided to let the courts handle the
unconstitutional provisions because "federal judges don't have to stand for
election."  Political retaliation is useless in the face of a 90% yes vote.

If you are deeply upset by the high-handed manner in which the legislature
has screwed around with your life, welcome to the club.  Every bill they
pass and every regulation upsets someone just as badly as you are upset.
That is why some of us want less legislation and less regulation to minimize
just this sort of human suffering.  Maybe next time those of you who are
into "proactive" government will think before you crush other people's lives.

DCF

"Par Example -- I hate the Pure Food and Drug Act and the FDA just as much
as I hate the CDA.  Both are utterly evil."
 






From frissell at panix.com  Fri Feb  9 11:54:53 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 10 Feb 1996 03:54:53 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <2.2.32.19960209112824.00a0e73c@panix.com>


At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
>On Mon, 5 Feb 1996, Duncan Frissell wrote:
>
>> Unfortunately, it would also:
>> 
>> *  Require government registration of computers and databases containing
>> information about people (whether these computers are used by business or
>> individuals).  This eases regulation of computers and future confiscation.
>> 
>I don't believe that this follows at all. All that would be required 
>would be a statutory obligation to comply with the legislation. Should a 
>breach occur, civil and criminal penalties would apply. No need for prior 
>restraint.

Perhaps if you had read the British Privacy Protection Act (in force since
1984 or so) and similar Continental regs you would see that this sort of
registration was a common method of enforcement.  The PPA is on the WEB and
the Data Protection Registrar (you know as in "registration") has a web page:

http://www.open.gov.uk/dpr/dprhome.htm

"What does the Act mean to computer users?

Registration

With few exceptions, if you hold or control personal data on computer, you
must register with the Data Protection Registrar.  Registration is normally
for three years and one standard fee is payable to cover this period.
Registration forms are available from the Registrar's office, including a
special shortened registration form (DPR4) for those who process personal
data only for payroll
and bought/sales ledger purposes.

Computer bureaux which process personal data for others or allow data users
to process personal data on their computers must also register. Their
register entries will contain only their name and address.

Data users and computer bureaux who should register but do not, are
committing a criminal offence, as are those operating outside the
descriptions contained in their register entries. In these cases the
Registrar regularly prosecutes. The penalty for non-registration can be a
fine of up to �5,000 plus costs in the Magistrates Courts, or an unlimited
fine in the Higher Courts."

>It would not make it harder for buyers and sellers to get together, it 
>would simply increase the risk. It may lead to higher prices, but I am 
>prepared to pay something to protect my privacy.

Then just pay the higher price personally by not giving other people
information you want to keep private.  Get an accommodation address, use
secured credit cards (or none at all), get a voice mail phone number, lie
when people ask you for info.

>I agree that in the absolute sense, this is true. However, it is not 
>practical to do so in our modern society. If you are prepared to live 
>without credit or health insurance you can do this but the price is too 
>high for most people to consider.

You can get health insurance without giving personal data by lying.  You can
get credit from friends and relatives (borrowed credit) or save money first
and use secured credit cards (or bank debit VISA cards) to minimize reporting.

Look, the reason we hate the CDA is because it restricts speech.
Restrictions on credit agencies gossiping about you are also speech
restrictions.  If you are out in the world, people are going to talk about
you.  The credit agencies are much easier to handle and less intrusive than
the women were who talked about you while beating cloth on the rocks in the
stream back in the old village.

DCF

"Nice black pages on the Infoseek results screen.  We are everywhere."






From dneal at electrotex.com  Fri Feb  9 12:05:04 1996
From: dneal at electrotex.com (David Neal)
Date: Sat, 10 Feb 1996 04:05:04 +0800
Subject: Benefits of the V-Chip
Message-ID: <199602091924.NAA00590@etex.electrotex.com>


> Date:          Fri, 9 Feb 1996 10:11:38 -0500
> To:            cypherpunks at toad.com
> From:          olbon at dynetics.com (Clay Olbon II)
> Subject:       Benefits of the V-Chip

> 
> There is one potential side-benefit to the V-chip -- The inverse-V-chip
> (the idea for which I stole from someone on this list, sorry I don't
> remember who to credit).
> 
> I am looking forward to a time when I will never, even accidentally, have my
> TV tuned to "Full House" ;-)
> 
>         Clay
> 

Or more to the point, a presidential address. 


Just kidding.  You want to monitor 'the other side' in any situtation,
just as The FBI and NSA must have people watching this group.


David 'My V-Chip is set for extra-heaping helpings of the Beverly Hillbillies' 
Neal.





From anonymous-remailer at shell.portal.com  Fri Feb  9 12:07:23 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Sat, 10 Feb 1996 04:07:23 +0800
Subject: Thus it begins.
Message-ID: <199602091921.LAA06181@jobe.shell.portal.com>



       http://www.zdnet.com/pcweek/news/0205/o08paol.html





From admin at dcwill.com  Fri Feb  9 12:21:09 1996
From: admin at dcwill.com (Fred)
Date: Sat, 10 Feb 1996 04:21:09 +0800
Subject: Forgery
In-Reply-To: 
Message-ID: <199602091934.LAA20708@python.ee.unr.edu>


 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I just sent you a message, forwarding a forged message attributed to me about
> plonking. It strikes me that to reduce the possibility that some might
> claim THAT message was a forgery, I might have signed it. Too late. Well,
> I'll sign this one.

Well, the fact that it's a "bad signature" does a lot to assuage concerns
about forgery. 

Now we'll probably see another message attempting to validate this one,
which attempted to validate an earlier message about a forgery that no
one (with the possible exception of the author) cared about in the first 
place. 

David (or whoever is forging this stuff for you), you should have quit 
while you were ahead. It's been all downhill for you since the first
message.

Will the real David Sternlight (and DS wanna-bees) please sit down?


Fred  






From tedwards at wam.umd.edu  Fri Feb  9 12:32:26 1996
From: tedwards at wam.umd.edu (Thomas Edwards)
Date: Sat, 10 Feb 1996 04:32:26 +0800
Subject: Rally against Internet Censorship in D.C. this Saturday!
Message-ID: 



[ObCrypto: Crypto may be the only answer if the ACLU loses its court case...]

      ======================================================
      =  RALLY AGAINST THE COMMUNICATIONS DECENCY ACT!!!!  =
      =							   =
      =         12:00 Noon Saturday Feb. 10, 1996          =
      =          Lafeyette Park, Washington, D.C.          =
      =             Next to the WHITE HOUSE                =
      =                                                    =
      ======================================================

      Congress has passed laws calling for sweeping censorship
      of computer networks, and the President is ready to
      sign it.  Are YOU just going to sit back and take it?

      Join hundreds of D.C. Internet users in rallying against
      the Communications Decency Act and Internet Censorship.
	
      Find out about the ACLU court case to challenge the CDA.

      ...And tell the Congress to repeal the CDA!!!!!!!!!

	Confirmed Speakers include:

	   o  Jonathan Wallace (A plaintiff in the ACLU court case
	        against the CDA, and Editor of The Ethical Spectacle)
	
	   o  Jonah Seiger (Policy Analyst, The Center for Democracy
	      	and Technology)

	   o  Kaz Vorpal (Owner of UltaPlex, a local Internet service
		provider)

	   o  Mark Mangan (co-author of "Sex, Laws, and Cyberspace")

	   o  William Winter (Communications Director, National
	        Libertarian Party)
	 
	   o  Plus open mike time to make your own views heard!

	Bring signs, banners, and tell your friends!

	For more information, send email to tedwards at wam.umd.edu.
 
"With this act of Congress, the very same materials which are legally
available today in book stores and libraries would be illegal if posted on
World Wide Web sites or usenet newsgroups. If signed by President Clinton
as expected, this bill will transform the Internet overnight from the
freest communications medium to the most heavily regulated medium in the
United States." 

	- The Center for Democracy and Technology Policy Post 2:5.


	






From lunaslide at loop.com  Fri Feb  9 12:32:31 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 04:32:31 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I        wrong?
Message-ID: 


>        I had been working on a series of questions/problems with the
>Assasination Politics idea as initially presented, to be sent to Jim and to
>people on the NWLIBERTARIANS list, as he requested, but you've kind of
>preempted one of them.
>
>From:   IN%"lunaslide at loop.com"  7-FEB-1996 06:57:58.30



>>Organization B would thrive, make no mistake.  And the people who would be
>getting in on all the action are the rich.  All the politicians who oppose
>their interests would be hit immediately.  Anyone trying to change the
>status quo would be eliminated.  Why do you think we are still using
>combustion engines in the last decade of the 20th century?  We could have
>had better alternatives 20 years ago, but the oil companies would loose out
>so they have either bought out these ideas or had killed the inventors and
>bought their patents and are sitting on them.  A capitalist economy does
>not always breed competition that brings out the best and most desireable
>products because some advancements are bad for all the businesses involved
>in that market.   Big business and the rich would benifit the most from the
>Assination Politics model.
>------------------------
>        Umm.... as much as it seems otherwise, this is not ConspiracyPunks.
>Actually, the involvement of wealth instead of votes (the first can be lost,
>the second cannot) is an argument in _favor_ of Assasination Politics. I
>generally have the objection to most anarcho-capitalist systems that the
>average person does not have enough foresight to do the kind of banding
>together most of them require. This one has the advantage of increased power to
>the wealthy, who have enough foresight to gain their wealth (or at least
>keep it, in the case of inheritance).

:-)  That's exactly what I was afraid of (ConspiricyPunks).  My point is
not to drag out conspiricy arguments.  I am trying to state that the
balance of power would remain lopsided in the direction it has been, even
with the new system; the power would remain with the rich.  Are you saying
that just because the average person is not rich, they do not deserve the
same voting power as the rich?  I must remind *you* that this is not
alt.elitism either ;-)

>>But what if OrgB stops taking donations for "predictions" for
>"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
>organization will crop up to take their place AND the people operating OrgB
>could be hit for their "ethical" action.  There is simply too much
>opportunity offered by OrgB type organizations for people to pass up.  They
>will not let the higher prices stop them.
>
>If the answer to that problem is to regulate the lists of "victims", then
>the next question is who are these people who are regulating and what
>guidelines are they following?  Who decides who gets to be the moderators?
>Could there be exceptions to the (NIOFP)-offender standard?  Who would they
>be and why?    Could the organizations be anonymous as well?  How would the
>money be transmitted to them in that case?  How can we trust or redress
>grivances with an organization?  There are still many concerns regarding
>the organizations.  If the organizations fail, the whole system fails.
>---------------------
>        The organizations themselves can be perfectly anonymous, especially
>with some improvements onto the basic system that I am considering (and
>researching). One idea to keep things more honest would be a "deathstamping"
>organization, which would be above-board and have the "legitimate" function of
>ecash life insurance (I'll explain further later).

That "deathstamping" organization would then become the new govt. and would
be just as vunerable to corruption as any other govt, except that now we
don't even know who the unjust leaders are!  I await your further
explainations.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From sasha1 at netcom.com  Fri Feb  9 12:47:53 1996
From: sasha1 at netcom.com (Alexander Chislenko)
Date: Sat, 10 Feb 1996 04:47:53 +0800
Subject: V-Chip
Message-ID: <199602091903.LAA05218@netcom.netcom.com>



  I assume that this chip works on some password scheme..

Here's a little excerpt from a letter sent by a Cybermind list member
Robert A. Kezelis to Mr. President:


>3) V-chip technology is cute, but ineffective. You realistically suggest
>(with a straight face, no less)  that a parent who probably has trouble
>programing a VCR (which sits on the TV and suffers from a constant flashing
>12:00am)  can outfox and hide the proper command from a computer-literate,
>intuitive, aggresive and creative teen?  Surely you jest.  Ask your
>daughter and her schoolmates, not some older advisor whose experience with
>teen hackers is limited. The V-chip is like telling a child, you can go
>into the candy store, but don't open this jar  when I walk to the other
>side of the store!
>

  Some kids also have friends.  Friends whose parent are more permissive
then theirs, and friends who are smarter than their parents.
Kids whose V-Chip has 1-1-1 rating allowing them to watch nothing but
selected episodes of Barney demoing new versions of V-Chip, may be
embarrassed to invite anybody over.  Kids with 5-5-5 rating will be
the New Cool Guys.

  Now if your child wants to go over to Billy's, you may want to call
Billy's mom and ask her what her V-Chip settings are.
Do not forget to ask her when was the last time she beat Billy at any computer
game...

  One restriction that I could possibly consider for my child, would
be a 'crap' factor.  I think it's a much more serious danger to the
young americans; IMO, watching baseball and psychic idiocy is much
less natural and a lot more harmful to a young mind than seeing a
picture of a breast.   This factor is the reason why I restrict *myself*
from watching most of TV programs.

-----------------------------------------------------------
| Alexander Chislenko | sasha1 at netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------





From tcmay at got.net  Fri Feb  9 12:50:53 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 04:50:53 +0800
Subject: V-Chip Settings Escrow
Message-ID: 


At 7:03 PM 2/9/96, Alexander Chislenko wrote:

>  Now if your child wants to go over to Billy's, you may want to call
>Billy's mom and ask her what her V-Chip settings are.
>Do not forget to ask her when was the last time she beat Billy at any computer
>game...

It seems to me that by the logic--and possibly the direct language--of the
Communications Decency Act, parents who "expose" the children of others to
higher levels of V-Chip ratings than they get at home would themselves be
liable.

Plus, how long will it be before Children's Protective Services interviews
children at their schools to determine if parents have set their V-Chip
levels too high?

Will divorcing parents demand specific V-Chip settings when the kids are at
the ex-spouse's place? Or use the V-Chip settings in custody battles? ("My
ex-husband has a setting of 2-3-2, according to my son, and I find this
completely unacceptable.")

Maybe we'll see "V-Chip Settings Escrow."  "Under this system, V-Chip
settings must be voluntarily escrowed with Child Protective Services.
Should an incident of abuse be alleged, the escrowed V-Chip settings can be
examined by social service workers for evidence of deviant viewing
behaviors."

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From llurch at networking.stanford.edu  Fri Feb  9 13:08:29 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 10 Feb 1996 05:08:29 +0800
Subject: Regarding employee rights on company equipment
In-Reply-To: 
Message-ID: 


On Fri, 9 Feb 1996 lunaslide at loop.com wrote:

[There are none]

> It's still to bad that I was wrong :-(, but such is life.

I don't see why that's such a big deal, now. How much does a netcom or
c2.org account cost anyway? 

If you want to claim the right to use other people's equipment for 
personal purposes, then you're accepting that they will do the same 
thing. I don't think you want your CEO to have an endless array of 
perks, or your political representatives to abuse government resources 
for personal and political use (which is not to say that they don't, 
just that they shouldn't, and you shouldn't legitimize it).

-rich





From alano at teleport.com  Fri Feb  9 14:03:52 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 10 Feb 1996 06:03:52 +0800
Subject: Benefits of the V-Chip
Message-ID: <2.2.32.19960209205822.008eeda0@mail.teleport.com>


At 10:11 AM 2/9/96 -0500, Clay Olbon II wrote:
>
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
>(the idea for which I stole from someone on this list, sorry I don't
>remember who to credit).
>
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

The statements i have seen as to what the V-Chip (The V stands for
"Verbage"), it will not be that selectable.  You might be able get a version
that will not show you anything with a sex rating less than x, but then the
thought police will come and take you away.  (Crimethink in the presence of
minors is punishable by death.)

You have to remember that such products are brought to you by "People
Against Fun In Our Lifetime(tm)" and the "Hell On Earth Foundation".  Any
misuse of such products will be against Federal Law.  (Similar to the laws
on other household products.)
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From lunaslide at loop.com  Fri Feb  9 14:08:56 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 06:08:56 +0800
Subject: Mailing list
Message-ID: 


>When I wrote:
>>   Please make me apart of your mailing list.
>I meant:
>    Please take me apart on your mailing list.
>Thanks, Jack.

POOF!  Your wish has been granted :-)

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller








From lunaslide at loop.com  Fri Feb  9 14:10:18 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 06:10:18 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


>jim bell writes:
>> >This has gone off into political theory. Could we take it to private
>> >mail or some such?
>>
>> Apparently, other people are just as unhappy with your attempts to act as
>> "moderator" of this list.  Wake up!  Freedom is on the line.
>
>You are annoying me. How much do people want to bet someone kills
>Jim Bell in the next six mont

You are annoying _everyone_!  How much you want to bet someone kills _you_
in the next month?

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller








From unicorn at schloss.li  Fri Feb  9 14:10:47 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 10 Feb 1996 06:10:47 +0800
Subject: Nyms with keys
In-Reply-To: 
Message-ID: 


On Sun, 4 Feb 1996, Don wrote:

> I am compiling a list of PGP keys from well known nyms. I only remember a few,
> I was wondering if anyone could think of any others:
> 
> Pr0duct Cypher
> CancelMoose
> Cypherpunk Enquirer needs one, if nothing more than for kicks
> Scamizat
> any signatures on RC2, RC4 for HP, etc.
> 
> I'd swear there's a couple more but I can't think of them.

Uh, me?

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From lunaslide at loop.com  Fri Feb  9 14:13:19 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 06:13:19 +0800
Subject: Tell me whats wrong with this
Message-ID: 


avitar wrote:

>You probably had no problem with seat belts being manditory eqiupment ,
>because they
>protected YOU and the people YOU cared about.
>You probably had no problem with manditory airbags, public building smoke
>alarms, unleaded
>fuel, restaurant health codes,etc....Because they protected you and or
>people you care about,
>even though they cost YOU more money.

You are your child's seat belt for the internet.  There are plenty of tools
at your disposal that do not require govt. intervention.  As for the
television, I'm sure you already have my email on that.  I also don't have
problems with eviornmental regulations, labor codes, electronic safety
standards for computers and such even though those cost me money as well.
All of those laws, however, do not restrict my freedom of speech.  If not
wearing a seat is your idea of free speech, I personally can't vouch for
your intelegence (I can't do that anyway:-)), but you still have the right
to speak your mind on the matter, as you are now.  People talking about gay
rights, abortion options, better sex (a la Dr. Ruth) can no longer do that
on the net without wondering whether they are in violation of the bill or
not.
>>
>> > All I'm saying is it's tough to raise a child these days without the added
>> > distortion of modern programing ...
>>
>>"Don't do the crime if you can't do the time."
>>
>> > ... and parents need not be denied any tool that can help them
>> > achieve success.
>>
>>Oh, OK then.  Parents should be given access to incendiary equipment
>>as a tool to destroy the studios that produce offensive material.
>>
>It's obvious that you watch a lot television your an excellent sensationalist.
>Besides, we both no that the cost of the chip is insignificant. This device
>hurts no one!

I "no" no such thing.  The price of the chip has been estimated to be
higher than was stated tonight on the news, that's for sure.  (Anyone got a
figure?  I'd like to hear how much the TV makers will think it will cost.)

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller








From lmccarth at cs.umass.edu  Fri Feb  9 14:14:19 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sat, 10 Feb 1996 06:14:19 +0800
Subject: Money & CreditCard URLs
In-Reply-To: 
Message-ID: <199602090846.DAA24940@opine.cs.umass.edu>


Norm Hardy writes:
> Here is a fragment of html that points to several online money or payment
> systems.
[...]
> I would be pleased to receive further such URLs.

RAH recommends Phill H-B's page o' annotated links, and I think I'll second
that right now: 
	http://www.w3.org/hypertext/WWW/Payments/roadmap.html

RAH's e$ page has a pile of good links too: 
	http://thumper.vmeng.com/pub/rah/sites.html 

Coincidentally I am in the midst of sifting through the results of an Alta
Vista search for "micropayment". I just ran into a site dated yesterday that
doesn't seem to be on Phill's list yet. I haven't seen it mentioned here, but
I admit my eyes have been glazing over amid the tide of net.payment systems
PR. 

	http://www.webatm.com/

I found these folks via an article in the Jan. 10 Web Week
(http://pubs.iworld.com/ww-online/wed/0110.html). 

The under-construction welcome page says in part:

"The WebATM will soon begin worldwide testing of the first truly anonymous, 
cash-based online transaction system - no credit cards or bank accounts 
needed. Totally anonymous cash "virtual" accounts will now be possible via 
the WebATM, allowing anyone to quickly and easily purchase goods and services
anywhere on the Web - including very small purchases of a few pennies 
(micro-payments.) Of course if you prefer to use a credit card for your 
online purchase you may do so - safely and securely - through the WebATM
system."

There's a rather critical off-line step:

"Your anonymous pre-paid WebATM WebCard will soon be available at retail 
stores in denominations of $10, $20, $50 and $100 and can be recharged if you 
want - just like pre-paid calling cards!"

It's nice to see them pitching anonymity, though.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From JMKELSEY at delphi.com  Fri Feb  9 14:16:37 1996
From: JMKELSEY at delphi.com (JMKELSEY at delphi.com)
Date: Sat, 10 Feb 1996 06:16:37 +0800
Subject: RC2's key schedule and passphrase hashing
Message-ID: <01I0ZVV5YJBC985HB3@delphi.com>


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks, sci.crypt ## Date: 02/09/96 01:44 am ##
  Subject:  RC2's key schedule and passphrase hashing ]

Summary:  Don't use RC2's key schedule to hash passphrases, with or
          without the export hack.  Instead, hash the passphrase
          first, and then pass the result into RC2 to get expanded.
          (This is a good rule to follow with any cipher whose
          designers didn't specifically intend for it to be used to
          hash passphrases.)  Don't use phase two at all--if you
          need exportable 40 bit security, generate a 128-bit random
          value, and leak 88 bits as salt.  Hash the value, and use
          the result as the RC2 key.

>Date: Fri, 02 Feb 1996 10:02:37 -0800 (PST)
>From: baldwin  (Robert W. Baldwin)
>Subject: RC2 technical questions

>- How does the length of the key influence the mixing
>  of bits during each pass of the expansion algorithm?

>- If the first pass of expansion is viewed as a hash
>  function that produces 40 or 128 bits out, what are
>  its properties?

These are good questions, and they turn out to be pretty
educational.  I no longer can see any good reason for the
effective-bits hack.  Let me explain why, briefly:

Suppose I'm hashing a 64-character passphrase, where each character
has about three bits of actual entropy, for use in an export-
controlled application.  Clearly, this gives us plenty of entropy
(192 bits) in the whole user key.  How much entropy can make it to
the last five bytes of expanded key?  These last five bytes are a
function of the last five bytes of user passphrase (total entropy of
about 15 bits), and the previous byte of expanded key (which can't
have more than eight bits of entropy). Those are the only inputs
that aren't known to all attackers.  This means that in this (very
degenerate) case, we'd have 23 bits of entropy in our last 40 bits.
If we then did phase two of the key expansion based on those 40
bits, we'd wind up with a total expanded key entropy of 23 bits. In
short:  Guess an 8 bit random number and the last five bytes of the
user key, and you've got the entire expanded key.  (Of course, if
the application always padded the user passphrase with blanks or
something to make it 64 bytes long, and then scheduled the key with
the export control hack, we'd have *eight* bits of entropy in our
expanded key, which probably qualifies for some kind of special
thank-you note from Fort Meade or something.)

Suppose I'm hashing a 32 character user passphrase.  The same
analysis applies to the bytes 60..63 of expanded key.  Those bytes
can have no more than 23 bits of entropy, if each character of the
passphrase carries three bits of entropy. This means that bytes
92..95 carry at most 31 bits of entropy, and thus that bytes
124..127 carry at most 39 bits of entropy.  If we pad the passphrase
out on the right to 32 bytes before sending it into the RC2 key
schedule, then we wind up with about 24 bits of entropy in the whole
expanded key after phase two.

Our assumptions about entropy in user passphrases can make this
better or worse.  For example, we may assume that it costs us 16
bits to guess the first three characters of any passphrase
substring, and one bit per character after that.  In that case,
processing a 64-character passphrase into 40 effective key bits gives
us 26 bits of entropy.  If we assume that each additional character
after the first three guessed costs us two bits, then processing a
64-character passphrase down to 40 bits gives us 28 bits of entropy,
and processing it down to 56 bits gives us 32 bits.

Without phase two, long user passphrases simply leave most of the
expanded key fairly predictable, especially in the high couple of
bits of each byte.  I haven't tried to analyze yet what this does to
RC2's security, but it's almost never a good idea to have
highly-predictable bits anywhere in a cipher's expanded key.

The moral of the story seems to be this:  Don't use key schedules as
passphrase hashing functions, unless they're specifically designed
as such.  In particular, don't use RC2's key schedule to hash your
passphrase.  Pass your passphrase (and salt) through a good one-way
hash function like SHA1, and feed the result into your key schedule.

Can anyone guess what the effective-bits parameter is used for?  It
doesn't seem to be secure for hashing passphrases, making some
reasonable-sounding assumptions about actual entropy per character
in user passphrases.  I can't see an intelligent use for it.

Note that setting effective bits to 40, we have only a 40-bit
key--no salt.  This means that using alleged-RC2 with phase two of
the key schedule and effective bits set to 64 or less, we're
potentially vulnerable to a precomputation attack.  This is a real
problem if we're doing something like encrypting a constant block at
the beginning of the encryption, to verify that we have the right
decryption key.  (It's enough of a potential problem to be
worrysome, anyway--note that almost all of my notes to John Smith
start out with the same eight characters:  "[ To: Jo".
Precomputation attacks based on this are quite feasible.)  I am very
curious about how this is dealt with in practical implementations.
The obvious way to do this would be to leave effective-bits = 1024,
and just hash an 88-bit salt with a 40-bit session key to get the
128-bit key actually passed into RC2.  But that begs the question:
What's the use of having the effective-bits parameter? I certainly
hope nobody is using RC2 with effective-bits set to 40 in any
important, real-world applications.

>--Bob

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsR1kHx57Ag8goBAQFzOAQAnjL06eTNMkqgT9OatMa2FRm2dFU7yffU
lH3blWxV2Wv8XrMGTB3WTES6ME1D84qJMk641MNxAtH1PAigFzEFDeBHxDr83fR4
tJFECzQ0KWGUu3Pn9/sHJFhjOWUbg6AAtNQ94XN4kBx+NSb3rF/AtoEMyJr6azug
FA5T+AQq+Jo=
=Y7P+
-----END PGP SIGNATURE-----





From cea01sig at gold.ac.uk  Fri Feb  9 14:35:09 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Sat, 10 Feb 1996 06:35:09 +0800
Subject: The Resistor
Message-ID: 


Does anyone out there know where I can find the latest issues of a 
magazine called The Resistor?

Sean Gabb
Editor,
Free Life
======================================================================
    $$$$$$  $$$$$   $$$$$$  $$$$$$     $$      $$   $$$$$$  $$$$$$
    $$      $$   $  $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$$$    $$$     $$$$    $$$$       $$      $$   $$$$    $$$$
    $$      $$ $    $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$      $$   $  $$$$$$  $$$$$$     $$$$$$  $$   $$      $$$$$$
 
        A Journal of Classical Liberal and Libertarian Thought

    Production:                                   Editorial:
    c/o the Libertarian Alliance                  123a Victoria Way
    25 Chapter Chambers                           Charlton
    London SW1P 4NN                               London SE7 7NX

Tel: **181 858 0841  Fax: **171 834 2031  E-mail: cea01sig at gold.ac.uk

                    EDITOR OF FREE LIFE:  SEAN GABB
______________________________________________________________________

How to subscribe:  Send cheque for GBP10 or US$20 made out to the
                   Libertarian Alliance.
======================================================================
                 FOR LIFE, LIBERTY AND PROPERTY
======================================================================






From shamrock at netcom.com  Fri Feb  9 14:37:05 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 10 Feb 1996 06:37:05 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: 


At 22:18 2/8/96, Bill Stewart wrote:

>        Before Bill Clinton signed the Exon Internet Censorship Bill,
>                Tipper Gore brought you Music Censorship.
>        Uncle Frank says ""
>
>I suppose it's a bit beyond Fair Use?

Sounds like fair use to me. Certainly Zappa wouldn't have minded. Then
again, he isn't around anymore to defend you against whatever lawers now
have the rights for his works. What a shame.


-- Lucky Green 
   PGP encrypted mail preferred.







From mhh at tripper.netkonect.co.uk  Fri Feb  9 14:49:22 1996
From: mhh at tripper.netkonect.co.uk (Tripp Hardy)
Date: Sat, 10 Feb 1996 06:49:22 +0800
Subject: PGP & Seamless Pegasus
Message-ID: <01BAF734.1BFF82C0@tripper.netkonect.co.uk>


Let's not celebrate just yet.  While it is a great improvement, it still causes errors if you try to encrypt an attached file and conventional encryption still doesn't work here.  The only one that is working all around for me is Private Idaho.  We are moving in right direction though.

Tripp

----------
From:  Adam Philipp[SMTP:adam at sub.toad.com]
Sent:  Friday, February 09, 1996 4:34 AM
To:  cypherpunks at toad.com
Subject:  PGP & Seamless Pegasus

-----BEGIN PGP SIGNED MESSAGE-----

Can I just add a loud HURRAH! on the integration of PGP and Pegasus 
using the PGPJN add-on. 

It is by far the smoothest melding of PGP and a e-mail routine to 
date. The only way it would be smoother is on one program. THe 
learning curve is also negligible. 

For all those griping about no good PGP windoze e-mail programs, your 
wait is over. This mail program won over a die hard Eudora fan in 
about 15 minutes... Someone else already posted the sites to get this 
so forgive my laziness of not repeating their words.

Oh, did I mention this is seamless under Windoze 95 as well?


Adam, Esq.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRs/RAaMHlrz9swxAQGWUwf/amggouHkGjrjoYQ3JXYXiWblHc2NBvQx
wwy1jMSvEEiP0kQD1iaysA6fw4t+xU1bFAftqACRa3rTF7ZgCRRgFuhgwTwhwR8u
HZ8zDed5PIgywsn9/jqXW+nqneNx2uboUjq7FsncZiC7EG90/SMK78et8QZ/sT0l
ifiCvoLXaYhW4anmIeHMADLwDRqUlhVWX5RX1ccG2MrOrrrKHjJcveG4CF72M8EV
hftXDTWdElUuPUHD0JUBlp555+YMuolSUuu4sq1eodwlX0L4tq9vv4QBCwnBvq0H
4XONwa9BaRvEjVJ0Gg6+HjC4/IHOt/5CJ+SfwvQAaysH7Q11nkKTZw==
=/zQA
-----END PGP SIGNATURE-----







From gbroiles at darkwing.uoregon.edu  Fri Feb  9 15:24:34 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Sat, 10 Feb 1996 07:24:34 +0800
Subject: Regarding employee rights on company equipment
Message-ID: <199602092120.NAA15507@darkwing.uoregon.edu>


At 10:32 AM 2/9/96 -0800, lunaslide wrote:

>A day or so ago, I reasoned incorrectly that university students and
>employees were free to encrypt mail they sent through their student or work
>accounts.  This was in response to a statement that the govt could retain
>at least some control of internet traffic through the universities and
>businesses.  I would credit the person who called me on it, by I do not
>remember who it was.  It seems that, at least for employees, it is totally
>up to the employer:
>
>>From Edupage Feb 8, 1996,
>
>INTERNET USAGE POLICIES
>Neal J. Friedman, a specialist in online computer law, says that "employees
>are under the misapprehension that the First Amendment applies in the
>workplace --  it doesn't.  Employees need to know they have no right of
>privacy and no right of free speech using company resources."  According to
>Computerworld, a number of employers are adopting Internet usage polcies,
>such as one developed at Florida Atlantic University: <
>http://www.fau.edu/rinaldi/net/netpol.txt > (Computerworld 5 Feb 96 p55)

I don't think this issue is as simple as Friedman wants to make it sound.
(Then again, he may have been quoted out of context.) In any event, what he
said is true, modulo explicit or implicit contracts to the contrary, rules
about union activity, common-law privacy rights, Title VII, the ECPA and
similar state statutes, and so forth. The quote sounds like a self-serving
statement intended to scare people into believing that their rights are as
limited as the speaker wishes they were. That's not so unusual, but it's not
always useful to get legal advice from someone who sees their interests as
adverse to yours.

(We've gone over the "I think the law regarding employers rights vis-a-vis
employees rights *should* be 'x'" ground a zillion times, and another rehash
seems unproductive. I don't intend to respond to messages along those lines.)

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From Richard_J_Harris at msn.com  Fri Feb  9 15:27:09 1996
From: Richard_J_Harris at msn.com (Richard Harris)
Date: Sat, 10 Feb 1996 07:27:09 +0800
Subject: Yeah, Yeah But what are we gonna do!
Message-ID: 


It may just be me but ...

i)	This in-fighting and bickering doesn't seem very productive

ii)	What are we gonna do about the CDA?
	The bikers fought the helmet law and won (in places)
	We should do the same.

	"It is better to have tried and failed than never have tried at all"

	Our strength is in our numbers and our abilities we should use them
	to ensure our freedom.  Science fiction has become our reality and 	their 
paranoia.  

	All we have to lose is our freedom.






From pgf9240 at usl.edu  Fri Feb  9 15:32:20 1996
From: pgf9240 at usl.edu (Fraering Philip G)
Date: Sat, 10 Feb 1996 07:32:20 +0800
Subject: Hello out there... Following up on China
Message-ID: <199602092137.AA03481@c52.ucs.usl.edu>


(I tried subscribing a while back... I never got the flood of
cypherpunk mail messages, so I guess it didn't work. Well, netscape
is working tolerably well for reading the archives, and I wanted to
comment on the following:

Begin excerpt from alex at proust.suba.com:

-------------------------------------------------------------------------------
I've seen a couple of pointers to information about China's ambitious
attempt to build their own censorable net, but not a lot of discussion.
The Chineese net strikes me as a very signifiant (and very negative)
development.

In a worst case scenario, I could see them shopping their net around the
world as an alternative to the Internet. China's size might make it
possible for them to put together something that might be in the
Internet's ballpark as an information resource, especially for technical
and commercial applications. This would make it attractive to other
countries -- Islamic, for example -- who want to use networking to stay
competitive economically with the West, but who are unwilling to allow
information to flow freely.

<


	Whoops. I didn't mean to send that one to the list (re: ethics of
assasination). Sorry. I am still trying to decide on whether other discussions
of the non-Crypto aspects of Assasination Politics are appropriate; I would
appreciate mail back from Perry in response to my email to him.
	Sorry again,
	-Allen





From sunder at dorsai.dorsai.org  Fri Feb  9 15:49:31 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Sat, 10 Feb 1996 07:49:31 +0800
Subject: American Reporter on CDA 2/8/96 (fwd)
Message-ID: 





---------- Forwarded message ----------
>From oregon.democrats at digibbs.com Thu Feb  8 18:26:34 1996
From: oregon.democrats at digibbs.com
Message-Id: <199602082312.PAA27828 at desiree.teleport.com>
Date: Thu, 8 Feb 1996 15:18:40 +0500 
Subject: American Reporter on CDA 2/8/96
To: stop314 at vtw.org
X-WG-GMID: -1111895843/9218
X-WG-THRID: -1295340081
X-WG-RPLTO: 0/0

       ***********************************************************
       THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT
       ***********************************************************
 
                            by  Steve Russell
                     American Reporter Correspondent
 
 SAN ANTONIO, Texas -- You motherfuckers in Congress have dropped over the
 edge of the earth this time.  I understand that very few of the swarm of
 high dollar lobbyists around the Telecommunications Bill had any interest
 in content regulation -- they were just trying to get their clients an
 opportunity to dip their buckets in the money stream that cyberspace may
 become -- but the public interest sometimes needs a little attention.
 Keeping your eyes on what big money wants, you have sold out the First
 Amendment.
 
 First, some basics.  If your children walked by a public park and heard
 some angry sumbitches referring to Congress as "the sorriest bunch of
 cocksuckers ever to sell out the First Amendment" or suggesting that
 "the only reason to run for Congress these days is to suck the lobbyists'
 dicks and fuck the people who sent you there," no law would be violated
 (assuming no violation of noise ordinances or incitement to breach the
 peace).  If your children did not wish to hear that language, they could
 only walk away.  Thanks to your heads-up-your-ass dereliction of duty,
 if they read the same words in cyberspace, they could call the FBI!
 
 Cyberspace is the village green for the whole world. It is the same as the
 village green our Founders knew as the place to rouse the rabble who became
 Americans, but it is also different.  Your blind acceptance of the dubious -
 - make that dogass dumb --idea that children are harmed by hearing so-called
 dirty words has created some pretty stupid regulations without shutting down
 public debate, but those stupid regulations will not import to cyberspace
 without consequences that even the public relations whores in Congress
 should find unacceptable.
 
 In cyberspace, there is no time.  A posted message stays posted until it is
 wiped.  Therefore, there is no way to indulge the fiction that children do
 not stay up late or cannot program a VCR.  In cyberspace, there is no place.
 The "community standards" are those of the whole world.  An upload from
 Amsterdam can become a download in Idaho.  By trying to regulate obscenity
 and indecency on the Internet, you have reduced the level of expression
 allowed consenting adults to that of the most anal retentive blueballed
 fuckhead U.S. attorney in the country. The Internet is everywhere you can
 plug in a modem.  Call Senator Exon an "ignorant motherfucker" in Lincoln,
 Nebraska and find yourself prosecuted in Bibleburg, Mississippi.
 
 In cyberspace, you cannot require the convenience store to sell Hustler in
 a white sleeve.  The functional equivalent is gatekeeper software, to which
 no civil libertarian has voiced any objection. Gatekeeper software cannot be
 made foolproof, but can you pandering pissants not see that any kid smart
 enough to hack into a Website is also smart enough to get his hands on a
 hard copy of Hustler if he really wants one?
 
 In cyberspace, there is the illusion of anonymity but no real privacy.
 It is theoretically possible for any Internet server to seine through all
 messages for key words (although it seems likely the resulting slowdown
 would be noticeable).  Perhaps some of you read about America On Line's
 attempt to keep children from reading the word "breast?"  An apparently
 unforeseen consequence was the shutdown of a discussion group of breast
 cancer survivors.  Don't you think more kids are aware of "teat"
 (pronounced "tit") than of "breast?"  Can skirts on piano legs, er, limbs
 be far behind?
 
 But silly shit like this is just a pimple on the ass of the long-term
 consequences for politics, art and education.  You have passed a law that
 will get less respect than the 55 m.p.h. speed limit dead bang in the middle
 of the First Amendment.  Indecency is nothing but a matter of fashion;
 obscenity is the same but on a longer timeline.  This generation freely
 reads James Joyce and Henry Miller and the Republic still stands.
 The home of the late alleged pornographer D. H. Lawrence is now a beautiful
 writers' retreat in the mountains above Taos, managed by the University of
 New Mexico.
 
 Universities all have Internet servers, and every English Department has at
 least one scholar who can read Chaucer's English -- but not on the Internet
 anymore.  Comparative literature classes might read Boccaccio --but not on
 the Internet anymore.  What if some U. S. Attorney  hears about Othello and
 Desdemona "making the beast with two backs" -- is interracial sex no longer
 indecent anywhere in the country, or is Shakespeare off the Internet?
 
 Did you know you can download video and sound from the Internet?
 Yes, that means you can watch other people having sex if that is interesting
 to you, live or on tape.  Technology can make such things hard to retrieve,
 but probably not impossible.  And since you have swept right past obscenity
 and into indecency, the baby boomers had better keep their old rock 'n roll
 tapes off the Internet.
 
 When the Jefferson Airplane sang "her heels rise for me," they were not
 referring to a dance step.  And if some Brit explains the line about
 "finger pie" in Penny Lane, the Beatles will be gone.  All of those school
 boards that used to ban "The Catcher in the Rye" over cussing and spreading
 the foul lie that kids masturbate can now go to federal court and get that
 nasty book kept out of cyberspace.
 
 But enough about the past.  What about rap music?  No, I do not care much
 for it either -- any more than I care for the language you shitheads have
 forced me to use in this essay -- but can you not see the immediate
 differential impact of this law by class and race?  What is your defense -
 -that there are no African-Americans on the Internet, since they are too
 busy pimping and dealing crack?  If our educational establishment has any
 sense at all, they will be trying to see more teens of all colors on the
 Internet, because there is a lot to be learned in cyberspace that has
 nothing to do with sex.
 
 There are plenty of young people in this country who have legitimate
 political complaints.  When you dickheads get done with Social Security,
 they will be lucky if the retirement age is still in double digits.
 But thanks to the wonderful job the public schools have done keeping sex
 and violence out, we have a lot of intelligent kids who cannot express
 themselves without indecent language. I have watched lawyers in open court
 digging their young clients in the ribs every time the word "fuck" slipped
 out.
 
 Let's talk about this fucking indecent language bullshit.  Joe Shea, my
 editor, does not want it in his newspaper, and I respect that position.
 He might even be almost as upset about publishing this as I am about
 writing it. I do use salty language in my writing, but sparingly, only
 as a big hammer.  Use the fucking shit too fucking much and it loses its
 fucking impact --see what I mean?  Fiction follows different rules, and if
 you confine your fiction writing to how the swell people want to see
 themselves using language, you not only preclude literary depiction of
 most people but you are probably false to the people you purport to depict.
 
 Do you remember how real language used by real people got on the air and in
 the newspapers?  Richard Nixon, while he was president, speaking in the
 White House about official matters.  A law professor and a nominee for
 Supreme Court Justice arguing about pubic hairs and porno movies during
 Senate hearings. Are these matters now too indecent for the Internet?
 How much cleansing will be required of the online news services?
 Answer: Enough cleansing to meet the standard of what is appropriate
 for a child in the most restrictive federal judicial district.
 
 This is bullshit -- unconstitutional bullshit and also bad policy bullshit.
 To violate your ban on indecency, I have been forced to use and overuse
 so-called indecent language.  But if I called you a bunch of goddam
 motherfucking cocksucking cunt-eating blue-balled bastards with the morals
 of muggers and the intelligence of pond scum, that would be nothing compared
 to this indictment, to wit: you have sold the First Amendment,
 your birthright and that of your children.  The Founders turn in their
 graves.  You have spit on the grave of every warrior who fought under the
 Stars and Stripes.
 
 And what mess of pottage have you acquired in exchange for the rights of a
 free people?  Have you cleansed the Internet of even the rawest pornography?
 No, because it is a worldwide system.  You have, however, handed the
 government a powerful new tool to harass its critics: a prosecution for
 indecent commentary in any district in the country.
 
 Have you protected one child from reading dirty words?  Probably not, if you
 understand what the economists call "substitution" -- but you have leveled
 the standards of political debate to a point where a history buff would not
 dare to upload some of the Federalist v. Anti-Federalist election rhetoric
 to a Website.
 
 Since the lobby reporting requirements were not law when the censorship
 discussion was happening, I hope you got some substantial reward for what
 you gave up.  Thirty pieces of silver doesn't go far these days.
 
                                  # # #
 
  (Steve Russell, retired after 16 years as a trial judge in Texas, is
  Assistant Professor of Criminal Justice at the University of Texas at
  San Antonio.)
 
              This article may be reproduced free forever.
 
                                  * * *
 
                        * Chair * Online Activism *
       ********** Fifth Congressional District Democrats **********
       * Lincoln * Benton * Marion * Polk * Clackamas * Tillamook *
       ************************************************************







From rah at shipwright.com  Fri Feb  9 16:21:16 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 10 Feb 1996 08:21:16 +0800
Subject: Fwd: Web900 -  The easiest way to charge users ...
Message-ID: 



--- begin forwarded text

Date: Fri, 09 Feb 1996 12:29:14 -0800
From: "J. Kent Hastings" 
Organization: The Agorist Institute
MIME-Version: 1.0
To: ecash at digicash.com
CC: sek3 at loop.com
Subject: Fwd: Web900 -  The easiest way to charge users ...
Sender: owner-ecash at digicash.com
Precedence: bulk

I just received this in email:

Web_Design_and_Promotion Mailing List wrote:
>
> to remove yourself from this list, please scroll to the bottom...
>
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
>
> Dear WebMaster,
>
> We'd like to use this bandwidth to introduce you to a new service
> called Web900. Simply put, Web900 is the easiest way to charge your
> users for products, services, or accessing areas on your web site. The
> net is finally becoming a place where all of us can make money and
> Web900 is the easiest, most secure way that we've seen to collect that
> money from people surfing the net.
>
> We'd also like to take this opportunity to tell you a little bit about
> our company. Logicom has been in the online industry since 1987. We
> were one of the first developers for a BBS package called The Major BBS
> (now called Worldgroup) by Galacticomm, Inc. Since then, we've grown
> into a successful developer and Galacticomm's largest reseller.
>
> In 1994, we entered into the 900 access code business with a service
> called "Quick Credit 900." Quick Credit 900 works strictly with The
> Major BBS and Worldgroup systems by Galacticomm and it quickly grew
> into one of the largest 900 billing services available for the online
> industry. At the end of 1995, we bought out T.A.B.S. 900 in order to
> expand our market beyond just Galacticomm systems. T.A.B.S. covers
> other BBS packages such as Wildcat!, PCBoard, Searchlight, Mindwire and
> TBBS. This buyout made us the largest 900 billing service for the
> online industry.
>
> The next logical progression was to add Web900. Web900 enables Logicom
> to completely blanket the entire online industry with an easy to use
> 900 billing service. Our first few Web900 customers have been
> resoundingly successful. Contrary to popular belief, people really are
> spending money on the net! We have hundreds of clients using Quick
> Credit 900 and T.A.B.S. already and hopefully you'll be one of our new
> Web900 clients and help us grow Web900 into the success that our other
> 900 services are enjoying, while at the same time increasing real
> commerce on the web.
>
> Web900 is great for E-Zines, Adult Sites, Low cost product sales,
> Nonprofit organizations collecting donations, Member based information
> services, and virtually any web site that wants to charge for access.
> If you or any of your customers currently charge for access (or even if
> you're just thinking about it), we invite you to check out the
> information on Web900. Our URL is http://www.logicom.com - we do offer
> services other than Web900, so feel free to surf around while you're
> visiting. Once you're at our site, to get to the Web900 information,
> just click on the Web900 icon found on the clickable image map.
>
> Here's how it works: A web surfer gets to your site and wants to access
> a restricted area. You will have a form (see our web site for a sample
> form) that tells them to call a 900 number with their voice phone. They
> will call the 900 number, enter your Web Site's System ID (referenced
> on your form), and they will be given a redemption code. Then, they
> simply enter the redemption code into the form and they're all done -
> they have access. They will be billed on their phone bill and you (the
> webmaster) will receive a check from us (Logicom) 45 days after the end
> of the billing period for all codes obtained during that billing period.
>
> You'll find that Web900 is better than Cybercash, DigiCash, First
> Virtual or any other electronic cash method because it's so easy to
> use. Your customers don't have to fill out some sort of application ...
> they don't have to deal with "wallets", "VirtualPINs", or "ecash" ...
> they don't have to give ANYONE their credit card number or checking
> account number ... and they don't have to figure out what the heck
> "electronic cash" is. All this means that you don't have to sell them
> on any new payment concepts - everyone pays their phone bill with real
> money right now. They don't have to change their spending habits in any
> way.
>
> It's also important to mention that Web900 is totally secure. Web
> surfers don't have to give anyone their credit card number at any time.
> In fact, they don't even need to have a credit card number. The
> redemption code that they get from Web900 is only good on your system
> and it's only good for one use. You, the Webmaster, will be downloading
> a set of codes via a secure modem connection (not over the internet)
> for redemption purposes. There's no need for encryption to be used -
> everything can be done "in the clear" without any security concerns.
>
> Lastly, Web900 costs you absolutely nothing to setup, so you really
> have nothing to lose. (There is a 20% fee taken out of each call to pay
> the phone company and our administration fees.) In closing, we'd like
> to ask you to please look at the information on Web900 located at
> http://www.logicom.com and compare them to the other options (URLs are
> located at the bottom of this letter). If you have any questions,
> please feel free to e-mail us at web900 at logicom.com or give us a call
> at (800) 764-4266 (international callers please use (954) 726-3868).
> Thank you for the time you've taken to read this letter, we hope you've
> find this knowledge useful.
>
> --------------------------------------------------------------
> Web900 is a trademark of Logicom, Inc. - http://www.logicom.com
> Worldgroup and The Major BBS are trademarks of Galacticomm, Inc. -
> http://www.gcomm.com
> Cybercash is a trademark of Cybercash, Inc. - http://www.cybercash.com
> Digicash and ecash are trademarks of Digicash bv -
> http://www.digicash.com
> First Virtual and VirtualPIN are trademarks of First Virtual Holdings
> Corproation - http://www.fv.com
>
> Note: Web900 is only available for *your* customers in the United
> States.
>
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
>
> You are on the PostMaster Direct Mailing List.  You are on this list either
> by request or as a result of using the PostMaster system at
> http://www.netcreations.com/postmaster/
>
> If you wish to stop receiving mailings from us, please forward this message
> INTACT to deleteme at netcreations.com or for faster response, visit
> http://www.netcreations.com/postdirect/
>
> Thanks!
>
> ** Web_Design_and_Promotion zeus at pinsight.com    11076

--
J. Kent Hastings
Assistant Director of The Agorist Institute
zeus at pinsight.com, http://www.pinsight.com/~zeus/agorist/

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From tallpaul at pipeline.com  Fri Feb  9 16:21:51 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Sat, 10 Feb 1996 08:21:51 +0800
Subject: Tell me whats wrong with this
Message-ID: <199602091703.MAA06951@pipe9.nyc.pipeline.com>


On Feb 09, 1996 06:39:28, 'Duncan Frissell ' wrote: 
 
 
> 
>"Your Honor, I plead necessity.  The reason I violated this law was so
that 
>I would have plenty of practice in case I ever find myself in a
totalitarian 
>state.  Since the laws of the US and International Law permit (and in some

>cases require) me to violate the laws of a totalitarian state, I need to 
>practice law violation under the less stressful circumstances of the
current 
>US.  Without practice, I won't be able to violate totalitarian laws
smoothly 
>and thus might have to obey them.  This could put me in jeopardy under 
>International Law.  Necessity defense." 
> 
 
Perry: I plead necessity. 
 
"The reason I posted my latest tract on why all men are rapists to the
cypherpunk list was so that I would have plenty of practice in case I ever
find myself in a society trying to argue against fundamental rights. I need
to practice arguing against these things under less stressful circumstances
of the current US. Without practice, I won't be able to argue for civil
liberties smoothly and thus might have to obey bad laws in a society
without those liberties. This could put me in jeopardy under those laws.
Necessity defense." 
 
     ==Andr*a Dw*rk*n 
 
Other than that, nothing is wrong with it, Duncan. Within limits you can
argue in court whatever the judge lets you argue. I am not sure that the
judge would even listen. 
 
I also suspect that if you relied on this defense you would rapidly be
convicted. But that,of course, is something you have the freedom to do. 
 
--tallpaul 





From rsalz at osf.org  Fri Feb  9 16:32:36 1996
From: rsalz at osf.org (Rich Salz)
Date: Sat, 10 Feb 1996 08:32:36 +0800
Subject: http://www.aqui.ibm.com -- a "links" search engine
Message-ID: <9602092352.AA08189@sulphur.osf.org>


I got email because I got linked to; this is the first I've heard of it.
AltaVista's upped the stakes on WWW data collection.  Apaprently aqui
(the spanish word for here) is a "link" database -- it lets you make
links and profile who would be interested in them.  You can register
(altho the intro page says "I wanna play anonymously" as a link) and
get links of interest to you.





From dubois at dubois.com  Fri Feb  9 17:02:10 1996
From: dubois at dubois.com (Philip L. Dubois)
Date: Sat, 10 Feb 1996 09:02:10 +0800
Subject: Zimermann Legal Defense Fund
Message-ID: <199602100013.RAA26234@teal.csn.net>


I've received reports that the signature on my recent Cypherpunks post did
not check out.  I have no idea why it didn't check out, but I've re-signed
the message and now append it to this one.  

-----BEGIN PGP SIGNED MESSAGE-----


*

MESSAGE FROM ZIMMERMANN DEFENSE TEAM

FOR IMMEDIATE WIDE DISTRIBUTION WITHOUT MODIFICATION

I write on behalf of Philip Zimmermann and his legal defense team
for two reasons:  to offer thanks and to make an announcement.

First, we offer our thanks to all the generous souls who donated
money and services to the Zimmermann Legal Defense Fund.  Without
you, we could not have mounted the defense that we did, and we
would not have achieved the result that we did.  Your contributions
were made from a commitment to the causes of privacy and justice,
and we are grateful.

The announcement:  as you may know, I am the only lawyer who
was not working pro bono, i.e., without expectation of being
paid.  Three of our lawyers-- Ken Bass in D.C., Eben Moglen in New
York, and Curt Karnow in San Francisco-- devoted hundreds of
hours of time and substantial expenses for which they've not been
paid.  Tom Nolan in Palo Alto and Bob Corn-Revere in D.C. also
spent a great deal of time on this case for which they were not
paid.  And, of course, Joe Burton in San Francisco toiled in
obscurity on behalf of the other person who was also targeted by
the federal investigation.

I agreed up front not to bill for all my time, and judging from
the rate of current contributions, it now appears that the Defense
Fund will cover the fees and costs that I billed.  I would like to
see these other lawyers receive some compensation for their efforts.
Accordingly, all donations to the Zimmermann Legal Defense Fund
mailed, authorized, or generally "made" (as opposed to "received")
after midnight local time on 14 February 1996 will be distributed
among these other lawyers to defray their costs and, if possible,
to compensate them for a little of their time.

I make this announcement because people contributing to the Fund
have a right to know that Mr. Zimmermann's actual defense costs
are now covered and that additional donations will go to lawyers
who agreed to work for free and who were absolutely essential to
the defense.

Again, my thanks.


Philip L. Dubois
Counsel for Philip Zimmermann
Philip L. Dubois, P.C.
2305 Broadway
Boulder, CO  80304-4106
voice:  303-444-3885
fax:  303-444-1051
email:  dubois at dubois.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRvtf7Z7C+AHeDONAQHBDQQAmRtNlm3CyEi47PPJCwH6IFRprm9dJwgy
TqzEZj+WPCBDe599Dwx4x2MXx6OQRQ1QUwKDgafSs8BfDEHmxvXe8PMrdlQhIKCm
ztfATlqbY3vDOhxNf8qNCbFAARerDI3jgQ3n07GbgnCz7PmKRiNbsZv/ddNOV1RO
ygI4TODD5A8=
=rDv6
-----END PGP SIGNATURE-----






From tao at presence.lglobal.com  Fri Feb  9 17:19:44 1996
From: tao at presence.lglobal.com (The Anarchives)
Date: Sat, 10 Feb 1996 09:19:44 +0800
Subject: AT&T buys a Bill
Message-ID: 


		"The name of the game is Monopoly"
The Anarchives 				Volume 3 Issue 2
	The Anarchives			Published By
		The Anarchives		The Anarchy Organization
			The Anarchives	tao at lglobal.com

		Send your e-mail address to get on the list
		Spread The Word Pass This On...

               --/\--			AT&T buys
             /  /  \  \			a Bill
         ---|--/----\--|---		
             \/      \/			Welcome to the
             /\______/\			Information Age

-~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~

February 9 1996

With the passing of the U$ 1996 Telecommunications Bill, we begin the 
game of monopoly, and we will see the rise of a new monopoly, a 
conglomeration of existing information providers, the ministry of 
communications for the emerging corporate state, an embodiment if not 
explicitly AT&T.

The telecommunications  
industry is inherently a monopoly. At least that's what the monopoly will 
argue when it finally wins the game.
Traditionally communication monopolies have been held in check by 
regulation from public institutions, and geographic separation by 
containing monopolies within regional markets.
The U$ Telecommunications Bill removes regulation, and introduces the 
double-speak 'competition', freeing monopolies to compete with each other 
across areas of local and long-distance markets. The double-speak comes 
in the fact that you need billions of dollars to compete in the first place.

In quoting Robert E. Allen, Chairman and C.E.O. of AT&T, "the fast lane 
has opened up", we are witnessing the continued acceleration of 
technological change, and the simultaneous acceleration of AT&T's 
imperial penetration into all communication markets.

The Telecommunications Bill carried with it provisions for the V-Chip, a 
piece of technology that promises to 'filter' television violence.
This part of the bill is a RED HERRING for both supporters and opponents, 
drawing attention away from the crucial decision of telecom. deregulation.
As if filtering television violence will even dent the rise of violence 
in our society. Violence that stems with an indentity crisis induced by 
the rapid deployment of information technology, and the submersion of 
the self within the technological mass. Of course we're told the 
solution to violence is just more technology, itself enhancing our 
virtual reality.
'here let's put some salt on that wound...'

Two 'baby bells', NYNEX and Bell Atlantic, local phone monopolies 
covering the north-eastern U$, are about to merge, and form a runner-up 
to monolith AT&T. Concentration justified by competition.
Everyone will grow fat, cause everyone is getting fatter.
Those who don't eat, will be eaten.

And with AT&T's recent announcement of a divestiture, they will have the 
flexibility and Ca$h necessary to traverse local and global markets, 
benefitting from the cross-subsidized marketing machine, and the value of 
a loyal and established 'brand'.

To quote Robert E. Allen again:
"We'll build our own network facilities to offer local services."

As AT&T brags about 'building' the Global Information Infrastructure, 
they also announce a huge sale where they're selling all of their 
equipment manufacturing facilities. Why? Cause they were no longer the 
most profitable and successful telecomm equipment makers in the world. 
Northern Telecom now is. Why? Because NorTel adopted the digital switch a 
decade ahead of AT&T. So why is AT&T claiming they're going to be 
building the infohighway? Cause they're going to buy Northern Telecom. 
NorTel has recently scored contracts in China, Brazil, and the U$. 
They're the company building the networks of the world. With the money 
from the divestiture AT&T could easily buy NorTel.
If they were really keen, they could increase there 2% stake in Bell 
Canada Enterprises, thus buying NorTel, Bell, and Bell Northern Labs, 
securing the world's best equipment corp., Canada's top R&D lab, and the 
Ontario and Quebec telecomm markets. Thus AT&T would be creating the 
foundation for North American corporate governance.

Yet how does AT&T dominate the market, and how will they continue to 
dominate and eventually conquer the market?
The easy and obvious answer is of course capital. AT&T has more, and 
controls more, and this certainly helps with ye olde corporate 
organization. However that is not the key focus of their success.
AT&T will conquer markets as a result of the strategic use of artificial 
intelligence and neural networks.
Artificial intelligence to navigate information networks, to manage 
marketing campaigns, to handle statistical and research data, to manage 
capital, and to manage the huge networks that are emerging as the global 
information infrastructure.
This is the technology that AT&T markets as 'Intelligent Assistants', and 
this is the technology that will give AT&T the competitive advantage.

In beginning his speach, Robert E. Allen said:
"We've seen an all-out bi-partisan effort. The administration and both 
parties in Congress pullled together on a major issue that will touch the 
lives of everyone in this - and we've seen it happen at the beginning of 
a major election year."

When i and i first read this paragraph I passed over it as just filler in 
the intro, but as i and i read on i and i realized the revealing nature of 
the passage.
All levels of the U$ government, congress, senate, and the executive, 
both parties, all supported the Bill.
Why?
Cause they _all_ got bought off by the powerful telecommunications industry.
AT&T sponsored the 1996 U$ elections, and in return can now enter the
$US 80 Billion dollar local phone market, let alone the rest of the 
communications market they now spread unto.

The name of the game is monopoly,
and the medium is the machine,
the thinking evolving corporate machine.

love and mighty media analysis
from the tao properganja center...

--------------------------------------------------------------
	To receive the Anarchives via email send a note to
	Majordomo at lglobal.com with the message in the body:
		subscribe anarchives
			Also check out:
		http://www.lglobal.com/TAO/










From avatar at mindspring.com  Fri Feb  9 18:09:25 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Sat, 10 Feb 1996 10:09:25 +0800
Subject: Yeah, Yeah But what are we gonna do!
Message-ID: <199602100027.TAA13064@borg.mindspring.com>


At 04:07 PM 2/9/96 UT, you wrote:
>It may just be me but ...
>
>i)	This in-fighting and bickering doesn't seem very productive
>
>ii)	What are we gonna do about the CDA?
>	The bikers fought the helmet law and won (in places)
>	We should do the same.
>
>	"It is better to have tried and failed than never have tried at all"
>
>	Our strength is in our numbers and our abilities we should use them
>	to ensure our freedom.  Science fiction has become our reality and 	their 
>paranoia.  
>
>	All we have to lose is our freedom.
>
Actually, I fought the Bill by writing and getting others to write to their
congressmen.
I also rebutted the passing of the Bill into law. Each time writing to 144
House members
and  64 Senate members.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From perry at vishnu.alias.net  Fri Feb  9 18:27:53 1996
From: perry at vishnu.alias.net (John A. Perry)
Date: Sat, 10 Feb 1996 10:27:53 +0800
Subject: IRC chat
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I've opened #remailop on EFnet if anyone would like to drop by and give 
their views on the telcom bill (or anything else for that matter). See 
you there!

 John Perry - KG5RG - perry at vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry at vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6.b2, a Pine/PGP interface.

iQEVAwUBMRvpqKghiWHnUu4JAQFGTwf+J7h60z0eZ9r7BprjzGASBGLRpPdQDpSg
tJ7kog5VWtToFEK4ljXa+eu9KerpkqdqqbG9G8RMIABapbn41091VfeuYeEpgAuc
nkUhF7rNYSbvuUlqLc/F/KhnUm6Ki0fsNnj+J6hyWCcwN3alhkWpSox5wJKo3fmc
xJemYufEUcby1MiAupKyHLDHk8+dT9OdrlitHzWBKIsfv/1eLj9u9CnJOJu+Ndq8
+SgqGxNt+z8EDduK2x4jfxxdSHtp8ApMw2WLZ9sctlzCX9iz48wnw3NZcT0pU3pD
OSyb9catClwzOEEyPlRBVVZClqbP3CSTQIbSbKOTAJfPPBenA6cXrQ==
=18tD
-----END PGP SIGNATURE-----





From jya at pipeline.com  Fri Feb  9 18:32:50 1996
From: jya at pipeline.com (John Young)
Date: Sat, 10 Feb 1996 10:32:50 +0800
Subject: DUR_fum
Message-ID: <199602100036.TAA26122@pipe4.nyc.pipeline.com>


   2-10-96. EcoMist:

   "We know you're reading this." A survey of US privacy
   issues, with GAK, crypto and anonymity options. 

      Americans think they have a right to privacy but they 
      have lost control over who knows what about them. The 
      chief culprits are lots of little brothers, all 
      gossiping with each other over computer networks. But 
      Big Brother is doing his bit: in the struggle against 
      crime, terrorism, deadbeat parents, illegal immigrants 
      and even traffic jams, the government keeps an 
      ever-closer eye on its citizens. Technology itself 
      may provide a partial answer. All-but-foolproof 
      encryption technology is freely available over the 
      Internet and will not go away no matter how much 
      Uncle Sam wishes it would. 

   "Virtual privacy." A related editorial which examines
   privacy protection regulation.

   "Magic armour."

      The Shortstop system deploys coherent jamming to fool
      a proximity fuse into thinking that its shell has
      arrived at detonation height when it is actually at an 
      altitude of 100 metres or so. To do this, Shortstop 
      uses a special "durfum" chip.

   DUR_fum  (For the 3)













From merriman at arn.net  Fri Feb  9 18:45:41 1996
From: merriman at arn.net (David K. Merriman)
Date: Sat, 10 Feb 1996 10:45:41 +0800
Subject: Req. for soundbites
Message-ID: <2.2.32.19960209130800.00688be4@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

A local TV station has asked me for an interview, after I sent a graphic of a mono-digital hand gesture with the phrase "censor this!" to the Prez, Veep, and the area congresscritters (cc'd to 2 TV stations and a radio station), accompanied by a 'confession' and demand for swift prosecution.

Anyone got any nifty sound bites I can try to toss in?

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsp68VrTvyYOzAZAQGAkAP/UeEHWF7vl1zYTiR0otsLoZ+jaa9BuSU6
JrGHtr+nKzN8eS2U+URK41B//n9+Ag9o7VlAF4+QPqNwgzugO5AWdbeOBQZ54V0H
HoM8uNSJoU1wJ4QHhtVYN0BDhrsvZ99dTxhGOmvHH3EUyxOFib6kDYxKNR4WgvWJ
1EGt3o8rb3Q=
=AFTX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From nobody at REPLAY.COM  Fri Feb  9 18:56:31 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 10 Feb 1996 10:56:31 +0800
Subject: IBM, RSA Security
Message-ID: <199602100134.CAA06117@utopia.hacktic.nl>



More On IBM's Internet SecureWay Security Plans

London, 9 February 1996 -- IBM UK has revealed a little
more of the detail surrounding its deal with RSA Data
Security for the Big Blue range of SecureWay Internet
security products and services.

According to Kathy Kincaid, director of IT (information
security) programs with Big Blue, the idea behind the
development project is to develop a set of open
cryptography standards for the Internet and other
networks, so supporting secure electronic commerce.

Both companies plan to develop interoperable security
across IBM products and other vendor platforms. According
to IBM, their efforts will provide customers and
developers with safe universal access to the Internet,
consistent with US and non-US export regulations
governing cryptographic products.

The linkup between the two companies, Kincaid explained,
will allow them to modify RSA's BSAFE encryption engine
and Big Blue's Common Cryptographic Architecture (CCA)
for interoperability between RSA's toolkits and IBM's
CCA-based hardware systems.

"The complementary skills, technology and experience of
IBM and RSA will greatly benefit our customers and the
security industry," Kincaid said, adding that both
companies have been testing interoperability across a
series of virtual private networks (VPNs).

Jim Bidzos, RSA's CEO, claims that the deal will involve
several levels of close cooperation between RSA and Big
Blue, with staff at RSA's labs working with IBM's crypto
researchers at its T J Watson facility to produce "more
efficient and secure commercial cryptography.

"In addition, there will be close cooperation on the
development of protocols and interfaces. The result
should be trusted, seamless, interoperable security
across not only the IBM product line, but across vendor
products as well, when the resulting technology is
adopted by both RSA and IBM's large customer vase," he
explained.

In parallel with the launch of the SecureWay range of
Internet products and services, IBM's Internet decision
has agreed to begin an internal pilot test of RSA Secure,
RSA's disk and file encryption technology, which includes
a facility for emergency key access.

Further details of IBM's SecureWay range of Internet
products and services can be found on Big Blue's World
Wide Web ages, at http://www.ibm.com . According to IBM,
its security products support the security component of
the Open Blueprint. A white paper on security in the Open
Blueprint is available from IBM's Canada's test lab Web
pages at

http://www.torolab.ibm.com/openblue/openblue.html . 

--

IBM & RSA Develop "SecureWay" Internet Products

London, 8 February 1996 -- IBM and RSA Data Security have 
teamed up to develop open cryptography systems for the
Internet and other networks. Thanks to the linkup, IBM
plans to ship a whole range of Internet security products
to tie in with its existing range of Internet services,
over the next few months.

Anna Russell, a spokesperson for IBM's UK and European
operations, said that the RSA technology and products
deal applies worldwide, with the resultant security
products expected to dovetail in with Big Blue's existing
range of Internet services for businesses, end users, and
major corporations.

The whole ensemble of services, hardware and software,
will be banded together under the umbrella name of
SecureWay, a name that Russell claims will get the
message across to potential users that the IBM portfolio
covers many different aspects of computer networking.

"The SecureWay products and services will be offered
throughout IBM channels, ranging from dealers, right
through to value-added resellers. The SecureWay range
will be offered through all channels on a global basis,"
she explained.

According to Russell, the SecureWay range include access
controls, cryptographic hardware and software for the IBM
server series, smart cards and readers, gateway
firewalls, single logon security admin systems,
anti-virus software, distributed security management,
directory and security services for network servers, and
Internet browsers and servers, as well as secured
networks.

Kathy Kincaid, director of IBM's information technology
(IT) security programs in the UK and Europe, explained
that the SecureWay product range will include an
emergency response service, "ethical hacking" by Big
Blue's global security analysis labs, and turnkey
firewall installation services. ...

--






From PADGETT at hobbes.orl.mmc.com  Fri Feb  9 19:15:15 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sat, 10 Feb 1996 11:15:15 +0800
Subject: Top this one
Message-ID: <960208225252.2021859a@hobbes.orl.mmc.com>



>Hell, UNC had its entire comms room taken out by a steam pipe breaking 
>caused by a water main bursting. Haven't there been any advances in 
>technology since the 40s?

At a place I worked once upon a time, long, long ago. We had an "advanced
projects laboratory" which was considered essential. It had its own
mains power drop, a massive diesel generator, and a room full of lead-acid
batteries for redundant backup in case the diesel didn't start.

Dump truck lost its brakes, hit a power pole which fell on the generator 
shed, crushing the roof onto the diesel, incidently rupturing the coolant/
water pipes which flooded the adjacent battery room (batteries were in a 
well to contain the acid if it leaked. Well filled.)

							P.fla





From alano at teleport.com  Fri Feb  9 19:16:34 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 10 Feb 1996 11:16:34 +0800
Subject: Zimermann Legal Defense Fund
Message-ID: <2.2.32.19960210021412.00915dcc@mail.teleport.com>


At 06:07 PM 2/9/96 -0700, Philip L. Dubois wrote:

>I agreed up front not to bill for all my time, and judging from
>the rate of current contributions, it now appears that the Defense
>Fund will cover the fees and costs that I billed.  I would like to
>see these other lawyers receive some compensation for their efforts.
>Accordingly, all donations to the Zimmermann Legal Defense Fund
>mailed, authorized, or generally "made" (as opposed to "received")
>after midnight local time on 14 February 1996 will be distributed
>among these other lawyers to defray their costs and, if possible,
>to compensate them for a little of their time.
>
>I make this announcement because people contributing to the Fund
>have a right to know that Mr. Zimmermann's actual defense costs
>are now covered and that additional donations will go to lawyers
>who agreed to work for free and who were absolutely essential to
>the defense.

Remember that nothing says "Thanks" like Cash!  Don't forget the people who
donated their time and efforts in keeping Phil out of jail and cryptography
that much more free.
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From merriman at arn.net  Fri Feb  9 19:20:09 1996
From: merriman at arn.net (David K. Merriman)
Date: Sat, 10 Feb 1996 11:20:09 +0800
Subject: Perry's whining, Ed's Sniveling
Message-ID: <2.2.32.19960208160834.0069f340@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 09:21 PM 02/8/96 -0600, ecarp at netcom.com wrote:
>Why doesn't Perry just shut the hell up?  I've got more important things 
>to worry about than Perry's ignorant, fetid whining.  Such as that CDA 
>thing in the Telecommunications Bill.
>
>Anyone for suing Bill?

I am, if it will get you and Perry to stop sounding like a couple of 3-year-olds:

"He hit me first!"

"Did not!"

"Did too!"

"Did not!"

ad nauseum

Hell (that's my crypto-relevance: a clear violation of the CDA :-),
I've got two cats that get along better....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRoC2sVrTvyYOzAZAQFUbAP/a3g+Ykd1nSQuWP1SYP7RayFEYnIBHBRX
yvcktG2iStZZ/bw7I59EBJPHVZDtMnx11ujl41wiK1V/49hoWyrHV5xUxcoId+c2
dSqM9yOKkVx8vdMuXxNEcHyVJRINryf+1xDVnCSDgtamKcWbbxWVnPGU4CvA/lq0
16TAZwXsxR4=
=vEeX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From lharrison at mhv.net  Fri Feb  9 19:22:39 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Sat, 10 Feb 1996 11:22:39 +0800
Subject: FWD: ACLU Lawsuit
Message-ID: <9602090342.AB14013@mhv.net>


Excuse cross-post for those of you who are own both lists.  This from the
ACLU's New York office.



@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Date:          Thu, 8 Feb 1996 17:36:18 -0500
Subject:       To All Plaintiffs in Online Decency Lawsuit

To all Plaintiffs in the Online Decency Lawsuit:

This morning we filed the lawsuit in Philadelphia.  Judge Buckwalter,
to whom the lawsuit was assigned, held a hearing this afternoon on our
motion for a temporary restraining order to prohibit enforcement of
the Act.  The Government agreed at argument not to enforce the
"indecent" and "patently offensive" provisions of the Act for 7 days. 
We count this as a victory.

However, the Government did not agree not to eventually prosecute
for material available during the next 7 days.  Thus, we believe
there is still a risk.  With regard to the abortion provisions, the
Government conceded that they are unconstitutional and will not be
enforced.  We will not be satisfied on this matter until they so
stipulate in writing.  The Judge gave the Government until Wednesday
to respond in writing to our motion.  He will then rule on our
motion.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

   ~ CYBER-RIGHTS ~
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-
Visit The Cyber-Rights Library,  accessible via FTP or WWW at:

ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
http://www.cpsr.org/cpsr/nii/cyber-rights/Library/

You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-








*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison at mhv.net         |      - Go to bed."
*******************************************************






From perry at piermont.com  Fri Feb  9 19:26:45 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Sat, 10 Feb 1996 11:26:45 +0800
Subject: just repeating
Message-ID: <199602090312.WAA10037@jekyll.piermont.com>



In response to the several mail messages I got asking why I'd posted
my "robot" message here, I just want to say yet again that Ed Carp was
the one who forward it to cypherpunks. The mail headers in the
message, which I reproduce below, make this obvious.  The mail went
from me to Carp, with appropriate "for" portions of the Received:
headers indicating that the mail was destined for him, and somehow
mysteriously moved from Carp's machine to toad.com -- the only
possible source being Ed forwarding the thing since his name was all
over the previous hops. Don't blame me, folks.

Now, can we get back to cryptography?  Pretty-please?

Perry

Received: from toad.com by geech.gnu.ai.mit.edu (8.6.12/8.6.12GNU) with SMTP id UAA13412; Thu, 8 Feb 1996 20:41:19 -0500
Received: by toad.com id AA13518; Thu, 8 Feb 96 17:33:50 PST
Received: from dal1820.computek.net by toad.com id AA13512; Thu, 8 Feb 96 17:33:36 PST
Received: (from erc at localhost) by dal1820.computek.net (8.7/8.6.10) id UAA24985 for cypherpunks at toad.com; Thu, 8 Feb 1996 20:33:49 -0500
Received: by dal1820.computek.net (Linux Smail3.1.28.1 #52)
	id m0tkcB9-0009AzC; Thu, 8 Feb 96 14:38 EST
Received: from mail6.netcom.com (ecarp at mail6.netcom.com [192.100.81.142]) by dal1820.computek.net (8.7/8.6.10) with SMTP id OAA29375 for ; Thu, 8 Feb 1996 14:38:49 -0500
Received: by mail6.netcom.com (8.6.12/Netcom)
	id LAA28210; Thu, 8 Feb 1996 11:37:54 -0800
Received: from jekyll.piermont.com by mail6 (8.6.12/Netcom)
	id LAA28165; Thu, 8 Feb 1996 11:37:44 -0800
Received: from localhost (perry at localhost) by jekyll.piermont.com (8.7.3/8.6.12) with SMTP id OAA08993 for ; Thu, 8 Feb 1996 14:35:10 -0500 (EST)
Message-Id: <199602081935.OAA08993 at jekyll.piermont.com>
X-Authentication-Warning: jekyll.piermont.com: Host perry at localhost didn't use HELO protocol
To: ecarp at netcom.com
From: "Perry's Mail Filter" 
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: Your message of "Thu, 08 Feb 1996 13:29:41 CST."
             <199602081929.OAA28586 at dal1820.computek.net> 
Date: Thu, 08 Feb 1996 14:35:10 -0500
Sender: owner-cypherpunks at toad.com
Precedence: bulk
X-UIDL: 823831065.014


I am sorry, but your message with the Subject:

	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 

was rejected by Perry Metzger's mail filter and will not be read by
him. This is likely because Perry decided to place you on his reject
list. Perry tends to clean out his filter lists every six months, so
you may be able to send him electronic mail again sometime in the
future.

If you absolutely need to contact Perry, please use means other than
electronic mail, or ask a third party to contact him on your behalf.

You will not receive further copies of this notice.

Perry's Mail Filter







From lunaslide at loop.com  Fri Feb  9 19:34:01 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 11:34:01 +0800
Subject: CDA; Don't get mad, get even!
Message-ID: 


>I think that we should make an example of those responsible for the
>CDA. Ignorance is really not an excuse here, because whoever voted for
>for the bill should have known the CDA was attached to it, and should
>have had some idea of what it did.
>
>Lets get a list of whos supporting this thing and bad press them back
>before the dawn of time.

Here's the votes from the Senate.  I'll look for the House and get back.

Forwarded message from Voter Tellecommunications Watch follows:
\/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
Senate Response on the CDA (Communications Decency Act)
Where to find this information
You can get this file by sending mail to vtw at vtw.org
with "send response" in the subject line of the message.
To receive VTW alerts via email, send a message to listproc at vtw.org
with "subscribe vtw-announce firstname lastname" in the body of the
message..  You can also get this file at
URL:http://www.panix.com/vtw/exon/senate-response.html.


Urgent news
The Senate has passed the Communications Decency Act.  The vote
breakdown is below.


The tally of the 6/14/95 vote on the Communications Decency Act

Senators who voted to defeat the Communications Decency Act
(A polite letter to congratulate them for defending your free speech
 rights would be appropriate.)

      D ST Name (Party)               Phone           Fax
      = == ==================         ==============  ==============
      D CT Lieberman, Joseph I.       1-202-224-4041  1-202-224-9750
      D DE Biden Jr., Joseph R.       1-202-224-5042  1-202-224-0139
      D IL Simon, Paul                1-202-224-2152  1-202-224-0868
                                        senator at simon.senate.gov
      D IL Moseley-Braun, Carol       1-202-224-2854  1-202-224-2626
      D MA Kennedy, Edward M.         1-202-224-4543  1-202-224-2417
                                        senator at kennedy.senate.gov
      D MI Levin, Carl                1-202-224-6221  na
      D MN Wellstone, Paul            1-202-224-5641  1-202-224-8438
      D NM Bingaman, Jeff             1-202-224-5521  na
                                        Senator_Bingaman at bingaman.senate.gov
      D NY Moynihan, Daniel P.        1-202-224-4451  na
      D OH Glenn, John                1-202-224-3353  1-202-224-7983
      R RI Chafee, John H.            1-202-224-2921  na
      D VA Robb, Charles S.           1-202-224-4024  1-202-224-8689
                                        Senator_Robb at robb.senate.gov
                                        vascr at CapAccess.org
      D VT Leahy, Patrick J.          1-202-224-4242  1-202-224-3595
                                        senator_leahy at leahy.senate.gov
      R VT Jeffords, James M.         1-202-224-5141  na
      D WA Murray, Patty              1-202-224-2621  1-202-224-0238
      D WI Feingold, Russell          1-202-224-5323  na
                                        russell_feingold at feingold.senate.gov


Senators who voted to support the (CDA) Communications Decency Act
(They voted for the CDA and to curtail your free speech rights.
 Writing them an impolite and nasty letter would be a bad idea, and
 may soon be illegal under the CDA anyway.  Take some time to cool down.)

      D ST Name (Party)               Phone           Fax
      = == ==================         ==============  ==============
      R AK Murkowski, Frank H.        1-202-224-6665  1-202-224-5301
      R AK Stevens, Ted               1-202-224-3004  1-202-224-1044
      D AL Heflin, Howell T.          1-202-224-4124  1-202-224-3149
      R AL Shelby, Richard C.         1-202-224-5744  1-202-224-3416
      D AR Bumpers, Dale              1-202-224-4843  1-202-224-6435
      D AR Pryor, David               1-202-224-2353  1-202-224-8261
      R AZ Kyl, Jon                   1-202-224-4521  1-202-228-1239
      R AZ McCain, John               1-202-224-2235  1-602-952-8702
      D CA Boxer, Barbara             1-202-224-3553  na
      D CA Feinstein, Dianne          1-202-224-3841  1-202-228-3954
      R CO Campbell, Ben N.           1-202-224-5852  1-202-225-0228
      R CO Brown, Henry               1-202-224-5941  1-202-224-6471
      D CT Dodd, Christopher J.       1-202-224-2823  na
      R DE Roth Jr.  William V.       1-202-224-2441  1-202-224-2805
      D FL Graham, Robert             1-202-224-3041  1-202-224-2237
      R FL Mack, Connie               1-202-224-5274  1-202-224-8022
      D GA Nunn, Samuel               1-202-224-3521  1-202-224-0072
      R GA Coverdell, Paul            1-202-224-3643  1-202-228-3783
      D HI Akaka, Daniel K.           1-202-224-6361  1-202-224-2126
      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
      D IA Harkin, Thomas             1-202-224-3254  1-202-224-7431
      R IA Grassley, Charles E.       1-202-224-3744  1-202-224-6020
      R ID Craig, Larry E.            1-202-224-2752  1-202-224-2573
      R ID Kempthorne, Dirk           1-202-224-6142  1-202-224-5893
      R IN Coats, Daniel R.           1-202-224-5623  1-202-224-8964
      R IN Lugar, Richard G.          1-202-224-4814  1-202-224-7877
      R KS Dole, Robert               1-202-224-6521  1-202-224-8952
      R KS Kassebaum, Nancy L.        1-202-224-4774  1-202-224-3514
      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
      R KY McConnell, Mitch           1-202-224-2541  1-202-224-2499
      D LA Breaux, John B.            1-202-224-4623  na
      D LA Johnston, J. Bennett       1-202-224-5824  1-202-224-2952
      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
      D MD Mikulski, Barbara A.       1-202-224-4654  1-202-224-8858
      D MD Sarbanes, Paul S.          1-202-224-4524  1-202-224-1651
      R ME Snowe, Olympia             1-202-224-5344  1-202-224-6853
      R ME Cohen, William S.          1-202-224-2523  1-202-224-2693
      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834
      R MN Grams, Rod                 1-202-224-3244  na
      R MO Bond, Christopher S.       1-202-224-5721  1-202-224-8149
      R MO Ashcroft, John             1-202-224-6154  na
      R MS Cochran, Thad              1-202-224-5054  1-202-224-3576
      R MS Lott, Trent                1-202-224-6253  1-202-224-2262
      D MT Baucus, Max                1-202-224-2651  na
      R MT Burns, Conrad R.           1-202-224-2644  1-202-224-8594
      R NC Faircloth, D. M.           1-202-224-3154  1-202-224-7406
      R NC Helms, Jesse               1-202-224-6342  1-202-224-7588
      D ND Conrad, Kent               1-202-224-2043  1-202-224-7776
      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
      D NE Kerrey, Bob                1-202-224-6551  1-202-224-7645
      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
      R NH Gregg, Judd                1-202-224-3324  1-202-224-4952
      R NH Smith, Robert              1-202-224-2841  1-202-224-1353
      D NJ Bradley, William           1-202-224-3224  1-202-224-8567
      D NJ Lautenberg, Frank R.       1-202-224-4744  1-202-224-9707
      R NM Domenici, Pete V.          1-202-224-6621  1-202-224-7371
      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
      D NV Reid, Harry                1-202-224-3542  1-202-224-7327
      R NY D'Amato, Alfonse M.        1-202-224-6542  1-202-224-5871
      R OH Dewine, Michael            1-202-224-2315  1-202-224-6519
      R OK Inhofe, James              1-202-224-4721
      R OK Nickles, Donald            1-202-224-5754  1-202-224-6008
      R OR Hatfield, Mark O.          1-202-224-3753  1-202-224-0276
      R OR Packwood, Robert           1-202-224-5244  1-202-228-3576
      R PA Santorum, Rick             1-202-224-6324  na
      R PA Specter, Arlen             1-202-224-4254  1-717-782-4920
      D RI Pell, Claiborne            1-202-224-4642  1-202-224-4680
      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
      R SC Thurmond, Strom            1-202-224-5972  1-202-224-1300
      D SD Daschle, Thomas A.         1-202-224-2321  1-202-224-2047
      R SD Pressler, Larry            1-202-224-5842  1-202-224-1259*
      R TN Thompson, Fred             1-202-224-4944  1-202-228-3679
      R TN Frist, Bill                1-202-224-3344  1-202-224-8062
      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
      R TX Gramm, Phil                1-202-224-2934  1-202-228-2856
      R UT Bennett, Robert            1-202-224-5444  1-202-224-6717
      R UT Hatch, Orrin G.            1-202-224-5251  1-202-224-6331
      R VA Warner, John W.            1-202-224-2023  1-202-224-6295
      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
      D WI Kohl, Herbert H.           1-202-224-5653  1-202-224-9787
      D WV Byrd, Robert C.            1-202-224-3954  1-202-224-4025
      D WV Rockefeller, John D.       1-202-224-6472  na
      R WY Simpson, Alan K.           1-202-224-3424  1-202-224-1315
      R WY Thomas, Craig              1-202-224-6441  1-202-224-3230



Voters Telecommunications Watch / vtw at vtw.org

.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From rah at shipwright.com  Fri Feb  9 19:39:27 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 10 Feb 1996 11:39:27 +0800
Subject: Black DaveMail: I Promised My Grandfather
Message-ID: 



--- begin forwarded text

Mime-Version: 1.0
Date: Fri, 9 Feb 1996 08:53:06 -0800
To: haeberli at apple.com (Martin Haeberli -- Apple),
        rmiller at telematica.com (Richard Miller), davenetworld at wired.com,
        mquinn at netcom.com, idig at nbn.com (David Biedny),
        rick_lepage at macweek.ziff.com, jlg at be.com (Jean-Louis Gassee),
        alecs at microsoft.com (Alec Saunders),
        combee at techwood.org (Benjamin L. Combee),
        pmcq at utxvms.cc.utexas.edu (Pam McQuesten),
        ivan.myrvold at grimstad.nett.telenor.no
From: dwiner at well.com (DaveNet email)
Subject: I Promised My Grandfather
Sender: owner-davenetworld at wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/9/96; 8:46:03 AM PST
---------------------------------------

  I said: "I'm voting against Clinton in November."

  Kyle D. Skrinak, kylesk at nando.net, said: "Perhaps I missed it, but
  may I suggest you declare who you intend to support. Outside of a
  libertarian candidate, I am unfamiliar with which presidential
  candidate would be against this censorship.

  Fair enough. A lot of people asked that question. And Mr. Skrinak
  asked it with respect.

  My answer: I don't know!

  I can say I'm going to vote against Clinton without saying who I'm
  going to vote for. That's my right as a US citizen.

  It's only February. The US presidential election is in November.
  There's lots of time. Between now and November the web will grow by an
  order of magnitude. Try to remember what it looked like in June 1995.
  It was a sleepy backwater then, even though it looked like a boom. We
  still have spring, summer and fall before we have to make a choice.
  Perhaps even Clinton can get my vote. But he's got a bunch of digging
  (and explaining!) to do.

  People have also questioned my use of the term "crime against
  humanity" to describe the attempted censorship of the Internet.
  People say I'm off here, not in direction, but in scale. They ask how
  can you compare this act with the other acts that have been called
  crimes against humanity?

  I have two answers. First, it's a felony to leave the scene of an
  accident, and it's a felony to blow up a Federal courthouse in
  Oklahoma City. Scale has nothing to do with it. If this isn't a crime
  against humanity, who is it a crime against? Do we hold our
  politicians accountable for their actions, especially if they're
  on a global scale? Are just US citizens offended by their attempt to
  shut down free speech on the Internet? No. The mail has been coming in
  from all over the planet. And rightly so. This act has global
  implications.

  Second, I made a promise to my grandfather to oppose this kind of shit.
  I'm a first-generation US citizen. Both sides of my family left
  Europe, fleeing Hitler, for their lives! I listened to my parents and
  grandparents. I've read about this stuff. How did Hitler start? How
  many people said "It can't happen here!" And how sorry were they
  later, when they couldn't do anything about it but run for their
  lives.

  Well, it's still early, we *can* do something about it. These ideas
  must meet our resistance. I think it's our obligation, if not to
  humanity, to evolution and peace.

  ***It Can Happen

  Saying it's unconstitutional is like saying it can't happen here.
  You're trusting something that might not be trustworthy.

  A year ago, when the Exon amendment was first discussed, did you think
  that Congress could pass such a bill? It can happen. Did you think that
  Clinton would sign it? It happened. Could the courts go along with it?
  Hmmm. Could people go to jail? What do *you* think?

  The opposition is incredibly well financed and organized.
  According to the EFF they're distributing kits to federal
  prosecutors all over the country, teaching them how to prosecute
  under the new censorship law. They're going to make hay while the sun
  shines. Maybe the law is unconstitutional. Maybe the courts will say
  so. But for now, it's on the books, it's the law of the land. Can you go to
  jail for your opinions in the USA? According to the law -- yes. Some of
  us will go to jail. I think we know that now.

  Hey -- I'm pissed when I get a jury duty notice. Imagine how it would
  feel to get arrested for speaking my mind, for writing DaveNet? How
  would it feel to get convicted and sent to jail? I don't want to find
  out! I like my life. I want to be free. I don't want to be a prisoner!

  I made a promise to my grandfather, but I also made a promise to myself.
  I thought we had cleansed this kind of crap from our society after
  Vietnam. We lost a whole generation on that one. Let's not lose
  another one.

  Yes, it can happen here.

  It can happen anywhere, anytime.

  All it takes is your silence.

  Wake up!

  ***What a day!

  Yesterday was a day of great growth for me. It started at 4AM, writing
  my ode to Rick Smolan, entitled "Holding Hands in Cyberspace". Then
  it turns out I was wildly and unrealistically optimistic. I look at
  Rick's website, there's Al Gore, talking about the fucking
  environment! I want to believe Rick is a good guy, but the evidence
  indicates otherwise. I leave him a voicemail, explaining that our
  thirteen year friendship is in jeopardy. No answer. I feel I've
  misled my readers. So I retract my support for his project. A few hours
  later a blue ribbon shows up on his site. Click on it. Nothing happens.

  Is this good enough? No.

  I think Rick truly has a good heart. He wants to do the right thing, deep
  inside. But he didn't do the right thing.

  I can't support him. Can you have a friend who you can't support? No.

  I said in an email that this is the first time in my life that I didn't
  sell out for friendship. That's where the growth came from.

  In the early evening, I spoke with Howard Rheingold, hlr at well.com.

  He encouraged me to work something out with Rick. His magic words were
  -- "eventually Rick will thank you for doing this." That gets inside
  of me, it resonates.

  Howard is a great writer! I asked him to write something for DaveNet. I
  asked him to write about his day, yesterday -- his 24 Hours --
  something for Rick and others to think about.

  Here's what Howard said.

  ***Howard Rheingold speaks

  I got up this morning and headed for Planet Hollywood, a place I never
  would have stepped foot in otherwise, to do a panel with Paul Saffo and
  Esther Dyson. Illustra got this big to-do together weeks ago, as
  self-promotion leveraged on Rick Smolan's self-promotion.

  I thought Rick was doing a pretty cool thing, bringing people's
  attention to some of the pleasant and beneficial things happening in
  cyberspace. God knows we need as much of that as possible to counter
  the hysteria whipped up by Ralph Reed and buddies. Illustra seems
  like a cool product. Empowers people to publish. And they paid me.

  This morning turned out, through one of those weird accidents that
  history hands you, the day of the Web blackout. I blacked out my main
  page before I headed out this morning.

  The Illustra thing, frankly, was one of the biggest wasted
  opportunities I've ever seen. They did a great job getting a couple
  hundred interesting people together and then put on a boring
  blah-blah for hours.

  Then came the panel. I always take the opportunity to seize the
  subject and wrench it over to how the fuck are we going to look our
  children in the eyes ten years from now when they ask us what we were
  doing while a bunch of tiny-minded puritan fascists shat on
  liberties that Americans have died for. I think some people woke up.
  At least they said so. I hope I gave them something to talk about. I feel
  fine about the bux I took from Illustra to do the gig. And I felt fine
  about helping Illustra promote 24 Hours promote Illustra. Until I
  read my Davemail tonight.

  Rick. Be a journalist. You are the last hope on an ugly day.

  American journalists, with a few exceptions should hang their heads
  in shame. I'm one of the guys who gets the calls for the quotes and
  soundbites. For years. Ever since this Internet stuff started
  heating up. I've done ABC, CBS, NBC, CNN, BBC, NHK. I've done German,
  French, Austrian, Italian, Australian TV. I've given the quotes to
  the reporters from the New York Times, Washington Post, L.A. Times,
  and a hundred podunk papers. And every goddamn sound bite about
  democracy hits the cutting room floor and is replaced by the same
  idiotic shtick about cyberporn or sexual predators in chat rooms.
  Over and over again. For years.

  I have asked reporters whether they care about the kind of country
  their children grow up in. I literally got down on my knees and begged
  the last CBS crew that came out here. The reporters and field
  producers are sincere. There is some asshole sitting in LA or New York
  whose job it is to kill the stuff that isn't as shallow as a tin pan full
  of cold dogpiss, and substitute some off-the-rack sleaze.

  There is a code of ethics for journalists, and right up there at the top
  is a reminder that the press in a free society has an obligation to
  inform citizens about events that affect our freedom. Well,
  journalism is now a wholly-owned subsidiary of entertainment, and
  these journalists have loaded the shotgun, handed it to their
  enemies, dropped their trousers, bent over, and put the muzzles in
  their own asses. I believe most of the editors and producers who
  failed us so miserably have done it out of cluelessness more than
  malice or conspiracy or craven sucking-up-to-the-owners.

  The most important piece of legislation in the past fifty years took a
  year to work its way through Congress and is now law. A multi-trillion
  dollar industry has been divvied up. Do any of us know who really won
  and who really lost? Does anybody know about any of it except the
  cyberporn stuff? It was a sideshow, a juicy piece of meat to distract
  the watchdogs of our minds, while the real action took place
  elsewhere.

  I've been writing columns about this since 1994. So has Brock. Wired
  has been on the case. And very few others.

  It isn't just the politicians who deserve our wrath, the craven
  cowards. It's the journalists and their bosses.

  But history handed us this delicious opportunity. After a year of
  failure to get the attention of the New York Times and CNNs of the
  world, Rick Smolan, media lubricator extraordinaire, managed to
  get a lot of attention focused on something happening on the Net that
  *isn't* sinister.

  And now Dave Winer tells us that Rick isn't going to acknowledge the
  Web blackout.

  Rick, it's this simple. You are a journalist. You chose February 8 as
  your day to cover. To ignore the anti-CDA protest that is one of the
  biggest stories on the day you chose to cover months ago is to abrogate
  the right to ever call yourself a journalist again.

  It isn't too late. I know this is a headache you didn't ask for.
  Sometimes history asks people to make a judgement call at a bad time.
  Sometimes people regret the decisions they failed to make. We have an
  opportunity here to use all the attention you have masterfully
  focused on this event to shed some light. You gotta do it.

  Acknowledge the protest.

  ***One more screed

  The following story has been floating around the net, attributed to
  Charles Phillip Whitedog. I don't have an email address for Mr.
  Whitedog. His signature reads "Charles Phillip Whitedog, Ojibway
  and Network Man; Multimission Ground Systems Office (Mission
  Control); Jet Propulsion Laboratory, NASA

  "About 1966 or so, a NASA team doing work for the Apollo moon mission
  took the astronauts near Tuba City where the terrain of the Navajo
  Reservation looks very much like the lunar surface. With all the
  trucks and large vehicles were two large figures that were dressed in
  full Lunar spacesuits.

  "Nearby, a Navajo sheep herder and his son were watching the strange
  creatures walk about, occasionally being tended by personnel. The
  two Navajo people were noticed and approached by the NASA personnel.
  Since the man did not know English, his son asked for him what the
  strange creatures were and the NASA people told them that they are
  just men that are getting ready to go to the moon. The man became very
  excited and asked if he could send a message to the moon with the
  astronauts.

  "The NASA personnel thought this was a great idea so they rustled up a
  tape recorder. After the man gave them his message they asked his son
  to translate. His son would not.

  "Later, they tried a few more people on the reservation to translate
  and every person they asked would chuckle and then refuse to
  translate.

  "Finally, with cash in hand, someone translated the message: 'Watch
  out for these guys, they come to take your land.'"

  ***I felt sorry for him!

  I did eventually talk with Rick, and at 10:30PM I drove to San
  Francisco to get my picture taken by him, and to chat with some of the
  people doing the "24 Hours in Cyberspace" project. Rick had been up
  for 36 hours. You could tell. Look in his eyes. He's barely standing
  up. I felt sorry for him!

  We don't understand each other. Yes, there is a blue ribbon on the 24
  Hours website, . Cooool -- kind of. But
  it doesn't go anywhere, it's not a link. It's just a picture.

  And in that I think we have the perfect metaphor for Rick's project.

  Smolan could be an online journalist if he wants to be one. By an
  accident of history, he could have been a *great* online journalist.
  In a real sense, the first one. Welcome Rick! I said in "Holding Hands
  in Cyberspace".

  ***But...

  Imagine running CNN on the day of a big plane crash.

  And not covering it. (That sounds like an Alanis Morissette song!)

  You have the co-pilot of the plane on camera.

  And he talks drivel about the global environment.

  Ouch!

  Rick was asleep during his 24 Hours.

  But, as Howard says, there's still time.

  For me, I've had to take a stand against a man I admire.

  And I hate that!

  So what?

  Dave Winer

  PS: The most eloquent rant I've seen on this stuff so far. Read it all
  the way thru. Be patient. Now you understand what's really going on.
  .

---------------------------------------------------------------------
Webmasters: 

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From frantz at netcom.com  Fri Feb  9 22:45:48 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 10 Feb 1996 14:45:48 +0800
Subject: Tell me whats wrong with this
Message-ID: <199602090646.WAA29149@netcom7.netcom.com>


At  4:37 PM 2/8/96 -0800, Timothy C. May wrote:
>First, most televisions and VCRs are currently equipped with the
>"O-Switch," which parents have long been using to turn content on and off.

I agree strongly with Tim on this one.  The one time the OFF switch didn't
work for me with my sons, (the disagreement was about quantity, not
content), I used wire cutters on the cable.  Very effective. 

Bill

-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz at netcom.com             Los Gatos, CA 95032, USA







From stewarts at ix.netcom.com  Fri Feb  9 22:46:55 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 10 Feb 1996 14:46:55 +0800
Subject: violating politicians privacy
Message-ID: <199602090618.WAA24333@ix13.ix.netcom.com>


>	well, I take it as assumed correct that illegally violating the
>    credit and personal information of member os Congress (might as well 
>    include the Clintons and the Gores) would get a response on privacy.

_Is_ it violating their privacy to get their credit information?
After all, they're applying for some mighty big loans from everybody,
and putting everybody who pays US taxes down as a credit reference....

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From mch at squirrel.com  Fri Feb  9 22:49:06 1996
From: mch at squirrel.com (Mark C. Henderson)
Date: Sat, 10 Feb 1996 14:49:06 +0800
Subject: Encryption and Backups
Message-ID: <199602090713.XAA08209@squirrel.com>


On Feb 4, 14:13, Alan Olsen wrote:
} Subject: Encryption and Backups
} Something that I have not seen addressed is the need for strong encryption
} in backup software.
} 
} Most backup software has an "encryption" option, but I have seen few that
} have anything resembling strong encryption.  Furthermore, I have seen no
} real push for strong encryption for backups at all.

GNU tar is not the commercial backup solution many folks will be 
looking for, but it works, and has nice built-in hooks which are 
intended to call a compression program. 

One can also use these options to call an encryption program, as long 
as the encryption program takes stdin as input, stdout as output, 
encrypts by default, and decrypts when given the -d option. 

e.g. if the encryption program happens to be called /usr/local/bin/mg,
something like

gtar --use-compress-program /usr/local/bin/mg --block-compress -b 96 -cvf /dev/rst0 directory

will backup "directory" to tape in encrypted form under Sun OS 4.1.3

It also has support for incrementals, etc.


-- 
Mark Henderson -- markh at wimsey.bc.ca, henderso at netcom.com, mch at squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.2.tar.gz





From stewarts at ix.netcom.com  Fri Feb  9 22:51:24 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 10 Feb 1996 14:51:24 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602090618.WAA24283@ix13.ix.netcom.com>


At 08:25 AM 2/5/96 -0500, you wrote:
>Probably the easiest way of ensuring that personal information isn't 
>wantonly distributed by credit agencies or (anyone else) is to update 
>our Privacy Act - which is ridiculously out-of-date and badly in need of
>being re-written.  It is also hampered by its apparent lack of teeth.

The parts of the Privacy Act that I remember are all restrictions on
_government_ actions, not private actions.  It's an important distinction;
even though TRW may know way too much about you, it's all information that
you voluntarily released to somebody, unlike data that the government 
requires you to give them.  And, yes, it's out-of-date and toothless.

...
>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>would have a (mandatory) legal requirement to:
...
>o Ensure that databases are *not* being maintained which describe the
>   characteristics of individuals (buying habits, income, property 
>   ownership, etc) wantonly propagated by marketing (direct mail, 
>   telemarketing, etc) companies.  

If you're going to propose laws, you should not only think about
whether they'll do what you want, but also about what else they'll do,
how they'll be enforced, what are the side effects of that enforcement, etc.
How is the government going to ensure _non_existence of databases?
If I'm a prosecutor, and claim that you _might_ have personal data about
somebody on your machines beyond the Politically Correct Data Elements,
can I get a search warrant for _all_ your databases?  What about that
encrypted file on your PC at work?  Such things have been used to hold
personal data before (even by police like the LAPD or Stasi.)
No thanks.

If you want to require that a database exists, then a business can
demonstrate that they have it by producing it (though proving
whether or not in really includes all transactions is still difficult.)

On the other hand, if you don't make the law adequately enforceable,
you're encouraging violation and selective enforcement.

>o the promotion of the use & implementation of encryption - including
>   the possibility of ITAR being reduced or eliminated for the export
>   of encryption products

Yes!  GAKed encryption, to be sure - once there's a requirement that
you be able to produce your data for the government, they'll discover
that they need guaranteed access to data that would otherwise be guaranteed
inaccessible by strong encryption.

>o reduced propagation of personal information

A much stronger way to increase privacy is to eliminate one of the most
popular unique keys used by these databases - the Social Security Number
which the government requires you to give almost anybody who gives you money.
Give each taxpayer a pile of taxid numbers (either cryptographically related,
or just randomly generated and stored in a big tax-department database)
so you can use a different taxid for everyone who needs one, making it
impossible for anybody but the government to correlate them.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From jzychik at via.net  Fri Feb  9 23:21:37 1996
From: jzychik at via.net (Joe Zychik)
Date: Sat, 10 Feb 1996 15:21:37 +0800
Subject: What is really happening in Oregon
Message-ID: <2.2.32.19960210002941.00f1c3e0@via.net>


Excerpted from today's Zychik Chronicle

The Los Angeles Times writes: "rivers raged through Oregon" [should say
"Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
in three decades" [should say, "State of Oregon has been wasting tax payer
money for 30 years"]. "At least 3 deaths were attributed to the flooding
[should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
were declared a disaster area [should say, "State of Oregon has been
screwing these 13 counties especially"] "And the worst is yet to come" [the
citizens will blame the weather]. "Rats by the hundreds started crawling out
of Portland's sewers" [should say, "The parents of Oregon's politicians and
bureaucrats came forward."]

------------
The Zychik Chronicle is a daily, liberty oriented e-zine.
To subscribe send e-mail with sub-cy in the header.



jz






From owner-cypherpunks at toad.com  Fri Feb  9 23:53:10 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 15:53:10 +0800
Subject: No Subject
Message-ID: 


At 10:11 AM 2/9/96 -0500, olbon at dynetics.com (Clay Olbon II) wrote:
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
..
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

Just as many people program their televisions using VCR-Plus codes to
record the shows they want (using TV Guide as a rating service)
it would be easy for any rating service to publish a list of the
codes for Approved Shows, Banned Shows, Rated-by-interestingness shows, etc.
without putting any government-mandated rating chip in the TVs
or forcing the TV producers to rate them (which also has a chilling
effect on the shows produced.)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From owner-cypherpunks at toad.com  Fri Feb  9 23:59:33 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 15:59:33 +0800
Subject: No Subject
Message-ID: 


>Sorry to post this question here, but I know of no other group with
>folks who would know. Have any of the "spiders" such as Alta Vista
>been sent to see just how many US sites have been blackened in the
>protest? The approximate number and percentage of US sites blackened
>might be interesting. In my limited surfing, I have been gratified
>to see the _widespread_ response -- but I am not the typical user.

I don't think it's updated enough things recently (or else it only indexes
the contents of a page and not the header details in the  statement.)
For instance, BGCOLOR="#000000" had 197 hits, but most of them were old,
and on topics like "How to set the background colors on your web page",
and NO documents matched both BGCOLOR="#000000" and vtw.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From owner-cypherpunks at toad.com  Sat Feb 10 00:00:02 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 16:00:02 +0800
Subject: No Subject
Message-ID: 


At 06:28 AM 2/9/96 -0500, Duncan wrote, regarding the appallingly
invasive British Privacy Act:

>Computer bureaux which process personal data for others or allow data users
>to process personal data on their computers must also register. Their
>register entries will contain only their name and address.
>
>Data users and computer bureaux who should register but do not, are
>committing a criminal offence, as are those operating outside the
>descriptions contained in their register entries. In these cases the
>Registrar regularly prosecutes. The penalty for non-registration can be a
>fine of up to =A35,000 plus costs in the Magistrates Courts, or an=
 unlimited
>fine in the Higher Courts."

Ouch - does this mean that if you offer shell accounts, you either have
to contractually limit the processing your users may do, or be fined
as a criminal for not registering?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com=
 +1-415-442-2215
# http://www.idiom.com/~wcs






From owner-cypherpunks at toad.com  Sat Feb 10 00:12:15 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 16:12:15 +0800
Subject: No Subject
Message-ID: 


At 08:39 AM 2/9/96 -0800, jamesd wrote:
>If you have one law for men who run businesses and one law [for] other folks, 
>then we have selective enforcement and application of the laws, 
>that enables governments to act selectively and capriciously.   
>For example here in California private citizens who attempt to organize 
>recall elections are often subject to extraordinary and confiscatory fines.

On the other hand, of course, there are laws that are ostensibly for
the purposes of regulating businesses whose primary effect is
to limit the privacy or actions of individuals.  For instance,
California's law requiring that mailbox renters provide two forms of ID
and make their mailbox companies agents for service of process 
is ostensibly to "protect" consumers by regulating businesses that 
operate out of mailboxes (which the law claims there are 7 million of here);
it furthermore lets the Post Office specify what kind of ID to use
(which some local postmasters are far more extreme about than others),
and requires revealing True Addresses.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From lunaslide at loop.com  Sat Feb 10 00:34:57 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 16:34:57 +0800
Subject: A temporal remailing (was: CDA = death of crypto)
Message-ID: 


>At 3:26 AM 2/7/96, anonymous-remailer at shell.portal.com wrote:
>>CDA means that virtually all underground or 'illegal' traffic will be
>>distributed via encryption.
>>
>>As soon as the loony right and fundo Christians realise this, they *will*
>>call for legislation against encryption, and if the CDA is any benchmark,
>>they will easily win.
>
>
>4-1-99. NYT:
>
>   "Congress Passes "Children's Protection and Safe Information Highways" Bill"
>
>      "In a vote of 479-12 in the House of Representatives and 93-5 in the
>Senate, the "Children's Protection and Safe Information Highways Bill" was
>sent to the President, who is expected to sign it on Thursday.
>
>      "The Bill criminalizes the possession of unauthorized cryptographic
>programs and extends the Telecom Act of 1996 and the Digital Telephony Act
>of 1994 to regulate the new cyberspace frontier.
>
>      "Attorney-General Louis Freeh pushed for the legislation, citing the
>growing use of cryptography by dissidents and criminals. "We are hoping
>Congress will next pass the "Secure and Decent Cyberspace Bill." This bill,
>nick-named the "Crypto-Kingpins Bill," will subject traffickers in illegal
>crypto to the same harsh penalties meted out to drug kingpins. "While it
>may seem harsh to execute a person for possession of a key greater than 60
>bits, we must consider the terrible consequences for our children of people
>writing down things the government cannot read," Freeh said.
>
>
>   BAD_nws

So the're going to arrest us all?  It's unconstitutional (of course!) and
unenforcable.  It will have the same effect as Prohibition.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From lunaslide at loop.com  Sat Feb 10 00:35:04 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 16:35:04 +0800
Subject: Why am I wrong?
Message-ID: 


>(Was referring to the govs ability to control communications *with them*)
>>Perhaps I do not understand your point.  They can perhaps
>>control the communication between them and me, but not between me and
>>everyone else.
>
>Ok please view my three points fromn the standpoint that so much of the
>total traffic would be affected by at least one, that "uncontrolled"
>communications would be minimal.

Do you mean readable by "controlled"?  I thought I knew what you meant by
that :-)  If you do mean readable, I don't see how that would make a
difference since so many people would still be encrypting their mail.  If
you mean controled as in being able to encrypt messages would be
controlled, that the govt. would have final say over whether one could
encrypt or not, then unless they pass legislation specifically outlawing
encryption, or encryption not readable by them, they could have no such
control.  Even if they did legislate, they could not enforce reliably
because to many would be breaking that law anyway.  Plus, the law would
(should, he says kneeling and praying) be struck down as unconstitutional
by the fourth.
>
>>>2) communications using someone else's equipment/network (university,
>>>   employer, etc)
>
>>Employers nor universities have any jurisdiction over whether you use
>>encryption in your transmissions while using their networks unless it
>>specifically does not allow it when you first agree to have an account with
>>them.
>
>I think you had better review the concept of "property rights". Unless you
>have a contract that says you can, or can establish "expectation", the
>property owner who allows you to use their equipment may control how it is
>used.

Perhaps I had better.  I do know that if employers do have jurisdiction,
then my point about employers encouraging encryption should still hold
(barring legislative prohibition).  If it does not, then I conceed that you
are correct in saying that it would *affect* traffic, but it would not
totally control it.  As for universities, the traffic here would be
affected as well, as you say.  There would still have to be some
justification for imposing such a restriction and it would be demanded by
the students and the parents of the students, but it still could be
sucessful (how frightening this is!)

>>>3) communications with anyone (Internet merchant, etc) who says "this
>>>   is not what  approves..."
>
>>I don't quite understand your meaning.  I am a merchant and I encourage my
>>customers to use PGP when they send information over the internet, whether
>>to me or to anyone else.
>
>That is fine but what if MasterCard refuses to accept this method ? (Not
>saying they will, just "what if" ? You are free to use digicash if you
>want but is not "legal tender for all debts public and private".

I think that the comming standards announced by credit companies will take
care of secure transactions, and I still don't see where the govt. would
have to do with controlling traffic here.  Just as we have many credit
cards, we will have many online accounts, each with their methods of
secure, verifiable trasactions.  Methods for payment and security will
become increasingly easy to use and software will be written to accomidate
these features.

>>Comments?  Bring 'em on! :-)
>
>I dood it.

The debates roll on...

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----







From owner-cypherpunks at toad.com  Sat Feb 10 00:52:14 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 16:52:14 +0800
Subject: No Subject
Message-ID: 


At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to. I am more
>concerned about corporations who hold information about me and release it
>to the highest bidder. When it comes to individual versus corporate
>rights, I am clearly on the side of the individual. 

Remember that there's a major difference between "corporations"
and "business"; you seem to be mixing them up.  A corporation is
a legal fiction that treats a cooperative effort by one or more people
as if it were a person in itself, and normally involves limiting the
liability of the corporation's investors by putting it all on the
fictional person.  A business is what one or more people do to make money.
Most corporations are businesses, though not all.

Governments can legitimately tell corporations what to do because
that's part of the price of the legal fiction; a government can't
abuse a corporation because you can't beat up a legal fiction,
though it can say "Poof!  You're not a legal fiction any more",
and conversely, if the people who own the legal fiction don't like
what the government's telling it to do, they can dissolve it.
(Governments also enjoy regulating non-corporate businesses,
but they're no longer on solid moral ground.)

>	I have also not suggested some form of prior restraint that would 
>require government access to computers. I simply suggest that should a 
>violation occur, that I have the right of civil and criminal law as a 
>recourse to both compensate me for my loss of privacy as well as deter 
>future damage. A company knowing that civil and criminal penalties could 
>result from a violation would take extra care to ensure the security of 
>my data.

How are you going to _know_ that a "violation" occurred, if company A
tells company B your address or favorite liquor?  Only by having access
to the records of both companies.  Getting that through the courts,
for only the parts of their information relevant to you, is better than
blanket permission for the government to rummage through their files,
but after the first lawsuit lets investigators in, everything they've got
is clam bait anyway.  It's still major privacy violation - for the company
whose machines are being violated, and for the non-suing individuals
whose data is also on those machines.  
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From allyn at allyn.com  Sat Feb 10 00:55:10 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sat, 10 Feb 1996 16:55:10 +0800
Subject: Yeah, Yeah But what are we gonna do!
In-Reply-To: 
Message-ID: <199602100157.RAA26060@mark.allyn.com>


Allright. That does it.

I am going to volunteer to try to make a perl script that 
I will make available that will automatically email every
congressman that has an email address. I will include a pre
pared text of the email message. All you would have to do is
to sign it and it would send the same message to all of them
with email addresses automatically. I can even have it have
several prepaired texts so that they are all slightly different
so that any funky gatekeepers at the congress email sites that
attempt to keep out spams could be defeated.

What do you think? Is this worth it?

Mark





From perry at piermont.com  Sat Feb 10 00:56:55 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Sat, 10 Feb 1996 16:56:55 +0800
Subject: What is really happening in Oregon
In-Reply-To: <2.2.32.19960210002941.00f1c3e0@via.net>
Message-ID: <199602100102.UAA12734@jekyll.piermont.com>



Can you explain what the hell you sent this to Cypherpunks for? It has
nothing to do with cryptography, privacy, or anything else discussed
on the list.

Joe Zychik writes:
> Excerpted from today's Zychik Chronicle
> 
> The Los Angeles Times writes: "rivers raged through Oregon" [should say
> "Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
> in three decades" [should say, "State of Oregon has been wasting tax payer
> money for 30 years"]. "At least 3 deaths were attributed to the flooding
> [should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
> were declared a disaster area [should say, "State of Oregon has been
> screwing these 13 counties especially"] "And the worst is yet to come" [the
> citizens will blame the weather]. "Rats by the hundreds started crawling out
> of Portland's sewers" [should say, "The parents of Oregon's politicians and
> bureaucrats came forward."]





From alano at teleport.com  Sat Feb 10 00:57:41 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 10 Feb 1996 16:57:41 +0800
Subject: What is really happening in Oregon
Message-ID: <2.2.32.19960210022427.00902720@mail.teleport.com>


At 04:29 PM 2/9/96 -0800, Joe Zychik wrote:
>Excerpted from today's Zychik Chronicle
>
>The Los Angeles Times writes: "rivers raged through Oregon" [should say
>"Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
>in three decades" [should say, "State of Oregon has been wasting tax payer
>money for 30 years"]. "At least 3 deaths were attributed to the flooding
>[should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
>were declared a disaster area [should say, "State of Oregon has been
>screwing these 13 counties especially"] "And the worst is yet to come" [the
>citizens will blame the weather]. "Rats by the hundreds started crawling out
>of Portland's sewers" [should say, "The parents of Oregon's politicians and
>bureaucrats came forward."]

You need to cut back on your medication (or increase it).  The water damage
in oregon has little to do with the action or inaction of government.  It
has much more to do with a strange set of weather patterns in Oregon.
(Mainly a whole lot of snow and ice followed by heavy rains.)

Right now the weather here is just creating lots of land slides and
flooding.  The worst seems over for now.  Time to wait for the water to
recede and then clean up the mess.  How this can be blamed on the Oregon
State government is beyond me...

What it has do do with Cypherpunks, I have no idea...  (Not even much of a
conspiracy there.)

Sounds like someone just wnats to rant.
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From owner-cypherpunks at toad.com  Sat Feb 10 01:39:48 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 17:39:48 +0800
Subject: No Subject
Message-ID: 



Duncan,

> badly as you are upset. That is why some of us want less legislation
> and less regulation to minimize just this sort of human suffering. 
> Maybe next time those of you who are into "proactive" government
> will think before you crush other people's lives.
> 
That's why I support Lamar Alexander! .

Another "Logical Conclusion" by:
Tim Cook 
Support THE US Constitution...
Vote Alexander in '96 and '00!





From owner-cypherpunks at toad.com  Sat Feb 10 01:40:28 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 17:40:28 +0800
Subject: No Subject
Message-ID: 


I put I time line I've been keeping for my own reference up at:

http://rpcp.mit.edu/~reagle/commerce/line.html


>   --> The following is an extension of a timeline detailing the protocol
>   battles for Internet side credit card encryption and "processing" that
>   was an appendix of a paper Brett Leida and myself wrote. (One day it
>   will be on-line, as you can see, our argument that Visa/MC should
>   cooperate was a good one!)]
>
>   I'll add to it as time goes on, and hopefully updates should find
>   there way to the web server eventually.
>
>   I tried to provide the best reference I could, you can try to email me
>   if you need more info...
>
>
_______________________
Regards,               Talent develops in tranquillity, character in the
		       full current of human life. -Goethe
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle at mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88






From owner-cypherpunks at toad.com  Sat Feb 10 01:46:01 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 17:46:01 +0800
Subject: No Subject
Message-ID: 




>We ought to speak out against this Chineese net, and start asking
>questions about Western companies that are collaborating in its
>construction.  

*definitely*!

>We ought to allow the free export of any crypto tools to any country for
>any reason.  

     No!  You have no duty to promote an entity that actively acts against your
fundamental principles

>But if there are going to be any restrictions at all, it 
>ought to be on tools used for anti-democratic controls.

     The essence of the measure, or guideline stated in your previous paragraph 
is to protect freedom and the individual.  Therefore, we must *personnally* put
try to act in a way compatible with our basic view of how life should really be.







From stend at grendel.texas.net  Sat Feb 10 01:51:05 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sat, 10 Feb 1996 17:51:05 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602070848.AAA05915@darkwing.uoregon.edu>
Message-ID: <199602080331.VAA01313@grendel.texas.net>


Greg Broiles  said:

GB> How about the circle-slash "no" symbol superimposed on the
GB> Constitution?

	Well, many people in this country don't respect, or
appreciate, the Constitution any more - look at all of the complaints
about alleged criminals getting off because of 'technicalities' like
unreasonable searches.  It needs to be something that at least some of
the supporters of the CDA have reverence for - the circle/slash on a
Bible.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.
CDA Bait: Look, I have two daughters who haven't been laid yet.  How
about you rape them right here, instead of my guests?  Gen 19:8





From lmccarth at cs.umass.edu  Sat Feb 10 01:58:30 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sat, 10 Feb 1996 17:58:30 +0800
Subject: Free Speech Mirrors hit Toronto Star
In-Reply-To: 
Message-ID: <199602090106.UAA03245@themis.cs.umass.edu>


Tim Philp writes:
> The paragraph in question was as follows:
> 
> "The EFC says at least 10 mirrors sites have appeared, including ones at 
> Carnegie Mellon University, Stanford University, and MIT. (The one at the 
> University of Massachusetts was ordered removed.)"

OK, this clears it up. MIT != University of Massachusetts





From frantz at netcom.com  Sat Feb 10 02:05:28 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 10 Feb 1996 18:05:28 +0800
Subject: The V-Chip glass is half full
Message-ID: <199602100721.XAA18354@netcom7.netcom.com>


As a incurable optimist, I would like to offer a view contrary to all the
V-Chip doom and gloom.

Consider the Movie rating system as a precedent.  In the old days there was
a rating system in Hollywood which made it impossible to show a married
couple sleeping in the same bed.  This situation is analogous to modern TV
where George Carlin's 7 naughty words may not be spoken.

Contrast that with today's movies.  There is a much wider latitude about
the movies you can make and distribute.  All you have to do is label them
NC-17, R. or X and you are clean.  Of course, there are newspapers which
will not allow you to advertise and theaters which will not show the
X/NC-17 movies, but that's the way the market works.

With some luck, we will be able to see on TV what we can now see in the
movie theater, and the prudes will screen it out with the V-Chip the same
way they now screen it out with the movie rating.  Everyone is (more or
less) happy.

Panglossianly yours - Bill







From owner-cypherpunks at toad.com  Sat Feb 10 02:05:59 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 18:05:59 +0800
Subject: No Subject
Message-ID: 


On Fri, 9 Feb 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 08:27 AM 02/9/96 -0800, Simon Spero  wrote:
> > The Administration has repeatedly stated its belief that those parts of 
> >the bill are unconsitutional, and does not intend to enforce them. 
> 
> So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.
> 
['Fornicate' isn't really a synonym for 'fuck' - only single people can 
'fornicate', but married people can still 'fuck' (though apparently there 
isn't the same motivation)]

Basic laws of politics... The reason the telecommunications bill got
signed into law in spite of the Exon ammendment is that the bill it was 
attached to was politically unvetoable. Not only was telecommunications 
reform an important part of the Clinton/Gore Agenda from 92, but also the 
amount of lobbying and financial muscle being put behind the bill was 
such that a veto just because of the CDA would not have been sustained - 
further, such a veto would be perfect fodder for this Autumn's festival 
of negative delights. Since it is clear that the courts must reject this 
part of the bill, it's better to denounce the measure, but sign the bill 
anyway, knowing that the nasty bits will be cut out (or rather, the nasty 
bits won't be ... oh, you know what I mean).

If the CDA wasn't so blatantly unconstitutional, then I believe that the
President would have vetoed it- the anti-abortion elements make it
completely unacceptable; however, since the courts really have no choice 
but to remove the indeceny provisions, Bill gets a pretty nice equivalent 
of a retroactive line-item veto.

Simon

p.s.

Talking about Negative Ad's: there's a great new book out called "Going
Negative" by Stephen Ansolabehere and Shanto Iyengar. This book is an
extended write up of some extremely well designed experiments designed to
measure the effect of poltical advertisments on the public. For perhaps
the first time ever in the Social Sciences, the authors performed actual,
real, honest to goodness experiements, and the data are quite convincing.
The most worrying results are that 

1) Political advertising is isomorphic to the prisoners dilemma, and once
an opponent uses a negative ad, the only way to respond is with
counter-attacks

2) One of the main effects of negative advertising is not to change 
peoples votes, but to reduce turnout. 






From bplib at wat.hookup.net  Sat Feb 10 02:09:22 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Sat, 10 Feb 1996 18:09:22 +0800
Subject: Free Speech Mirrors hit Toronto Star
In-Reply-To: <199602082158.QAA22922@opine.cs.umass.edu>
Message-ID: 


On Thu, 8 Feb 1996 lmccarth at cs.umass.edu wrote:

> Tim Philp writes:
> > 	Canada's largest newspaper, The Toronto Star today published an
> > account of the Ernst Zundel affair in the Fast Forward Section of the
> > paper. Net columnist K. K. Campbell, in what looks like a 1500 word
> > article, (I didn't count them) gives a good account of the German attempt
> > to censor the Internet. He even mentions the fact that the MIT mirror was
> 							 ~~~~~~~~~~~~~~~~~~
> > ordered removed, but gives no details.
>   ~~~~~~~~~~~~~~~
> 
> Is this a reporting error, or did I miss something ?
> 

The paragraph in question was as follows:

"The EFC says at least 10 mirrors sites have appeared, including ones at 
Carnegie Mellon University, Stanford University, and MIT. (The one at the 
University of Massachusetts was ordered removed.)"

I don't know the truth of this statement but the article was very 
anti-censorship and struck a pro-freedom stance.

K.K. Campbell, the author of the piece, is eye weekly's net.editor and 
Webmaster (http://www.interlog.com/eye)

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================






From Anonymous  Fri Feb  9 23:09:57 1996
From: Anonymous (Anonymous)
Date: Sat, 10 Feb 1996 18:09:57 +1100 (EST)
Subject: new zip cracking code
Message-ID: <3f81e57e9db66b581941ceff328cf1fb@NO-ID-FOUND.mhonarc.org>


Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From perry at piermont.com  Sat Feb 10 02:10:03 1996
From: perry at piermont.com (Perry's Mail Filter)
Date: Sat, 10 Feb 1996 18:10:03 +0800
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <199602081935.OAA08993@jekyll.piermont.com>



I am sorry, but your message with the Subject:

	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 

was rejected by Perry Metzger's mail filter and will not be read by
him. This is likely because Perry decided to place you on his reject
list. Perry tends to clean out his filter lists every six months, so
you may be able to send him electronic mail again sometime in the
future.

If you absolutely need to contact Perry, please use means other than
electronic mail, or ask a third party to contact him on your behalf.

You will not receive further copies of this notice.

Perry's Mail Filter






From proff at suburbia.net  Sat Feb 10 02:10:29 1996
From: proff at suburbia.net (Julian Assange)
Date: Sat, 10 Feb 1996 18:10:29 +0800
Subject: new zip cracking code
Message-ID: <199602100709.SAA03239@suburbia.net>


Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From avatar at mindspring.com  Sat Feb 10 02:12:00 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Sat, 10 Feb 1996 18:12:00 +0800
Subject: OK, here's what's wrong.
Message-ID: <199602090105.UAA08342@borg.mindspring.com>


At 03:55 PM 2/8/96 -0800, you wrote:
>
>
>>Tell me whats wrong with this section of the telecom bill.  I have a six
>>year old boy I am trying to raise
>>and it is hard enough to teach him respect and values without explaining why
>>Ned Beatty is being
>>bungholed in the woods by Billy Bob or why the Terminator splattered this
>>guys brains all over the
>>wall.  
>>        Tell me why parents should not be able to censor their OWN
>>television so that they may raise their children the way THEY see
>>fit...................Did your dad give you his old
>>playboys?.........NOOOOO............
>>Did he take you down to your grandmothers autopsy before her
>>funeral?...................I Don't Think So.....
>
>Agreed. And the government didn't have to force him.
>
>>        Honestly, don't you believe that what a child is exposed to effects
>>his judgement, perception,
>> attitude,and character??
>
>Yes.
>
>>All I'm saying is it's tough to raise a child these days without the added
>>distortion of modern 
>>programing and parents need not be denied any tool that can help them
>>achieve success.
>
>Agreed, the question is, should the "V." chip be forced in, by government,
>or should free-market demand, like your very eloquent demand above, be the
>engine. I choose the free market. I might think differently about child-
>rearing than you. I may want my kid to see violence or sex, or I may just
>not want him/her to see both together. I may want him/her to see the truth
>about history and hemp, and you may not. That's the point of a free society,
>I don't get to affect your kid's upbringing, and you don't effect mine. The
>problems come in when something is forced instead of being allowed to develop
>naturally in the marketplace ecosystem. In the ecosystem, there would be 
>multiple systems and multiple standards of what is "indecent." Filtering
>services would flourish, without taxing me. In a coercive government system,
>I am forced to buy a TV whith a goddam chip I will never use (no kid) and
>there is one standard, and I get taxed.
>
>
>>                (3) The average American child is exposed to 25 hours of
>>              television each week and some children are exposed to as much 
>>              as 11 hours of television a day.
>
>My parents limited me to 1hr / day, after homework, I chose what to view.
>[But I turned into a guy who is a cypherpunk, likes nice blowjobs, reads
>Playboy, smokes cigars, etc., so what did they know? 

Nuff said, point taken. 
>
>
>
>>                (6) Studies indicate that children are affected by the
>>              pervasiveness and casual treatment of sexual material on
>>              television, eroding the ability of parents to develop
>>              responsible attitudes and behavior in their children.
>
>So get rid of your TV altogether! [Some really do, with excellent results.]

Agreed.
>
>>                (7) Parents express grave concern over violent and sexual
>>              video programming and strongly support technology that would
>>              give them greater control to block video programming in the 
>>              home that they consider harmful to their children.
>
>So obviously, the free-marketplace won't work here.

Your right again.

>>                (8) There is a compelling governmental interest in empowering
>>              parents to limit the negative influences of video programming
>>              that is harmful to children.
>
>There is compelling individual interest in being left alone and taxed less.

And again.

>>                (9) Providing parents with timely information about the 
>>              nature of upcoming video programming and with the technological
>>              tools that allow them easily to block violent, sexual, or other
>>              programming that they believe harmful to their children is a
>>              nonintrusive and narrowly tailored means of achieving that
>>              compelling governmental interest.
>
>And the marketplace will never do _that_!

Alright,  Alright already, I can admit
defeat..................................Which is more than I can say for
most of us.

>[Sorry I must be as sarcastic as I am, it's a symptom of Libertarianism;)]
>
>PS -- Much better .sig.
THANX
>Sighpsi.
>
>Thanks for your point of veiw.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From EALLENSMITH at ocelot.Rutgers.EDU  Sat Feb 10 02:12:20 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 10 Feb 1996 18:12:20 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0ZF581Y8WA0UTTU@mbcl.rutgers.edu>


From:	IN%"ravage at ssz.com"  "Jim Choate"  7-FEB-1996 01:02:52.78

>> 	If someone has comitted serious enough violations of rights in the
> past, then I would call killing that person justified. First, it prevents any

Who defines what the rights are? How are the standards to be applied?
Self-defence by the person being killed is not ruled out. 
--------------
	Ultimately, as any other system decides whether rights have been
violated. Individual determination, no matter how much the cops and courts may
claim they're just following the law, is in the end the deciding factor in how
they behave. In other words, each person must decide what rights exist. If that
person sees another violating those rights, then they ethically must try to do
something about the rights-violator - to stop them at the bare minimum.
Solutions which also serve the functions of justice (retribution) and
discouragement are optimal.
-------------

>It also prevents any understanding of what caused that individual to act the
way they did. It also prevents any chance of repentance or growth. It also
leaves any question of a mistake moot. I personaly don't want to live in a
society where by any stretch of the imagination some group of strangers
decide if I live or die. This is ultimately the basic human right. If you
seriously support this then it is unreasonable for you to support freedom of
speech and the elimination of federal intrusions into it. Killing a person
is a very effective method to silence speech. If it is a right then no
amount of people are sufficient to take it from you. I don't want my
great-great-great-grandchildren to live in that kind of world either.
-----------
	The mistake one is a problem. There are some cases, though, in which
the evidence tends to be pretty clear... and those tend to be the ones in which
the person thinks they're justified, or claims as much. These tend to be
the governmental cases. Regarding restrictions of rights, if someone
violates the rights of another, it is right to take away (permanently or
temporarily) some of their rights. First, it is necessary in order to prevent
further violations - a variety of self-defense. Second, it is just retribution.
Third, the manner of such punishment may be chosen to serve as a
discouragement; while it would not be right to chose to punish someone on this
basis alone, one may consider it when deciding on details.
	If you don't agree with the above, how do you justify violating
someone's rights in self-defense? Shooting them for trying to kill you
definitely prevents their speech, for instance. The concept in question is
just a temporally altered version.
------------

>> people in question- government agents, etcetera- are generally a bit
> different than the gang members who so regularly ignore prison sentences
> and the death penalty.)

I disagree strongly with this. Historicaly those gang members have risen to
become the government. It occurs often enough to clearly indicate that
groups in concert tend to behave the same way toward outsiders. It is a
function of human psychology.
-----------
	You're vastly oversimplifying the motivations of the people in
government. They can be divided into two basic groups; the ones who believe in
a cause, and the ones who just want power. The first can only be stopped by
death when their cause is wrong, although if the cause itself is not wrong but
their method of gaining it is, they should be discouragable from using certain
methods. The second are quite discouragable - they don't have much power when
they're dead.
----------

>> Third, and getting away from the self-defense argument, it is
> justice.

Whose justice? The victims? Does it bring them justice or just ease your
feelings of threat? Would you feel justified? I would feel guilty being
involved in any manner with the death of another human being. For me, life
is the ultimate treasure (hoaky as that may be), no body irrispective of
quantity is wise enough to decide that question in any situation. 
-------------
	Justice in the sense of balancing the scales. If one person has taken
away from the rights of another, it is balanced to take away that first
person's rights to compensate. They caused another to lose freedom; now they
will have their freedom limited.
-------------

>> >How many people have to decide that another should be killed for it to be
> ethical? In short, how many people does it take to decide it is a legitimate
> act to take your own life?
> ----------------------
> 	Why should "how many people" make a difference?

A democracy consists of groups acting in concert in various sizes toward a
quasi-shared mental model. The majority rule is a basic tenent of government
theory. The current system says 12 people are sufficient to decide a persons
life. Is 12 strangers sufficient to decide your life? I don't think they are
sufficient to decide mine.
----------
	I don't really care whether majority rule is a basic tenent of
government theory (it isn't, aside from studies of democracies). It's all up
to each individual anyway. Democracy is bullshit (fuck Exon and the CDA).
	Since you left me with a "thought question" that I've tried to answer,
I'll leave you with one. Were the assasination attempts on Hitler justified?
	-Allen





From lunaslide at loop.com  Sat Feb 10 02:14:58 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sat, 10 Feb 1996 18:14:58 +0800
Subject: Req. for soundbites
Message-ID: 


>-----BEGIN PGP SIGNED MESSAGE-----
>
>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

I think a few of this sig quotes I've seen float through here would be
apprapo.  It has the be short and concise, and be easily understood by both
side of the issue.  Insulting or alienating the do-gooders with a quote
that could follow us around for awhile would not be in our best interest.
Some good ones I've collected are:

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."
-- Benjamin Franklin (1773)

"It is not the function of our Government to keep the citizen from falling
into error; it is the function of the citizen to keep the Government from
falling into error."
Robert H. Jackson (1892-1954), U.S. Judge


"To sin by silence instead of protest makes cowards out of men."
-- Abraham Lincoln

"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

Let's hear some more.


lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From jzychik at via.net  Sat Feb 10 02:16:04 1996
From: jzychik at via.net (Joe Zychik)
Date: Sat, 10 Feb 1996 18:16:04 +0800
Subject: Req. for soundbites
Message-ID: <2.2.32.19960210050116.006a6880@via.net>


At 07:08 PM 2/9/96 +0600, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>A local TV station has asked me for an interview, after I sent a graphic of
a mono-digital hand gesture with the phrase "censor this!" to the Prez,
Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

This guy has some Congressional Soundbites on his site:

Damon Lust
http://www.lust.org/~damon/


I didn't stay around to listen to them. But, his head seems to be in the
right place.
He refers to Congress as Corporate Pyscho Criminals.


jz

Publisher of the Zychik Chronicle.
To subscribe send e-mail with sub-cy in the header






From stewarts at ix.netcom.com  Sat Feb 10 02:16:10 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 10 Feb 1996 18:16:10 +0800
Subject: IBM, RSA Security
Message-ID: <199602100521.VAA08049@ix11.ix.netcom.com>


>London, 9 February 1996 -- IBM UK has revealed a little
>more of the detail surrounding its deal with RSA Data
>Security for the Big Blue range of SecureWay Internet
>security products and services.

It's certainly nice to see such a range of products coming
out of a non-US site, and from IBM at that!

Does anybody know if they're using RSAREF-compatible software
as part of their system?
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From ethridge at onramp.net  Sat Feb 10 02:16:10 1996
From: ethridge at onramp.net (Allen B. Ethridge)
Date: Sat, 10 Feb 1996 18:16:10 +0800
Subject: V-Chip Settings Escrow
Message-ID: 


>At 7:03 PM 2/9/96, Alexander Chislenko wrote:
>
>>  Now if your child wants to go over to Billy's, you may want to call
>>Billy's mom and ask her what her V-Chip settings are.
>>Do not forget to ask her when was the last time she beat Billy at any computer
>>game...
>
>It seems to me that by the logic--and possibly the direct language--of the
>Communications Decency Act, parents who "expose" the children of others to
>higher levels of V-Chip ratings than they get at home would themselves be
>liable.
>
>Plus, how long will it be before Children's Protective Services interviews
>children at their schools to determine if parents have set their V-Chip
>levels too high?

When i was a child we were taught in school that our society was better
than the USSR's 'cause (( wow, the CD i'm playing on my computer just said
"shit"! ) er, ah, excuse me ) children were encouraged to spy on their
parents and turn them in and wouldn't it be horrible if we American
children had to do the same.  As an adult in my twenties i discovered that
children were being encouraged to spy on their parents and turn them in
here in the wonderful USA, in the Holy Name of the War on Drugs (everybody
in my family gets their psychotropic drugs by perscription now so we're all
safe).  It's already too late.

Unless there's another youth revolution maybe?  First the twenties, then
the sixties, next the double noughts?  Dare i hope?

        allen







From mclow at owl.csusm.edu  Sat Feb 10 02:16:14 1996
From: mclow at owl.csusm.edu (Marshall Clow)
Date: Sat, 10 Feb 1996 18:16:14 +0800
Subject: Hey, didn't he used to be...?
In-Reply-To: 
Message-ID: 


At , there is a link to a paper by
Stuart A. Baker, formerly (if I remember correctly) NSA's Chief Counsel.

     EMERGING JAPANESE ENCRYPTION POLICY
     by
     Stewart A. Baker


Acouple of choice paragraphs:

Japan's encryption policymaking is in its early stages, but there are
strong signs that encryption is increasingly seen as a key technology for
improving Japan's penetration of the Global Information Infrastructure. A
highly selective (and possibly biased) sampling of informed Japanese
opinion on cryptography suggests a growing determination to treat
cryptography as a national Japanese economic priority.

- and -

For a variety of reasons, commercial interests are predominant in Japanese
government thinking about encryption. Time after time during my interviews,
I was reminded that Japan was an island nation that has not had to defend
itself for fifty years and so has not had to confront the national security
concerns associated with encryption. And Japanese police face severe
political and constitutional constraints on wiretapping, so the prospect of
losing this criminal investigative tool seems not to be as troubling to the
Japanese government as to the United States and many European nations.


There's lots more here, and I haven't read it all.


-- Marshall

Marshall Clow     Aladdin Systems   

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column







From btmoore at iquest.net  Sat Feb 10 02:16:20 1996
From: btmoore at iquest.net (Benjamin T. Moore)
Date: Sat, 10 Feb 1996 18:16:20 +0800
Subject: Dealing with Credit Reporting Agencies...
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:31 AM 2/5/96 -0600, Karl Ike wrote:
>Attila: I'm not in the business of running or hiding. I'm just an average,
>everyday working guy that doesn't like credit reporting agencies, what they
>stand for or what they do for money. I didn't say that I was going to do
>this. I just had the idea! I don't have the knowledge or the money to spend.
>That doesn't mean that there is someone out there that would jump at the idea.
>
>I just don't like the idea that these assholes know more about me than my
>mother and sell my private and personal information to anyone for big bucks.
>My credit is fine, just ask my banker or better yet, my mom.
>
>I am assumming that you know far more people on the internet since I have
>only been on for a month and have done three e-mail. I'm just suggesting to
>get the idea out and someone will take the ball and run. Yes, they will be a
>hunted man, but not a US citizen. Someone out there with a laptop and a
>cellular, living on a cruise ship, just may enjoy the idea.
>
>Just me, Karl

Well Karl, It seems I missed your idea/solution in this post, however, some of 
us figured this out some years ago... I begin a campaign almost 10 years ago 
of feeding the computers false information about myself. I never use the Social
Insecurity Number assigned to me... I don't even give it to the Bank. This makes
for some rather dicey situations. I rarely use my real name or give out my real
phone number. At this point in my life... I have *NO* credit history. I currently 
have *NO* bank account. My goal is to be completely invisible to the system.
Yes I have had a few glitches in this plan from time to time... but I continue to 
work on it.

I just have never felt warm and fuzzy knowing that any government agency,
business, or whoever can get my personal information off a computer could come
knock on my door some dark night. If you're interested in fortifying your privacy,
I can give you a few pointers.

1.) Go to your local DMV and inform them you've had a change of address. I
     selected a high rise apartment building with 15 floors and selected an address
     on a non-existant 23rd floor. Getting your Driver's License address changed
     should cost less than $10.00.

2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
     nominal compared to the added privacy and security. The distinction between
     a mailbox and a Post Office Box is with a mailbox you have an actual street
     address. You can receive deliveries from UPS and Federal Express at a 
     mailbox. You can't at a P.O. Box.

3.) This part requires some skill... befriending a graphic artist is a good idea for 
     this one. But what you need is a phony work identification.  Pick a name! A 
     couple of "Pass Port Photos" and some lamination and you're good to go.

4.) Take your new persona down to your local utility companies and get the serv-
     ice switched to the name of your new persona. Even get your phone switched
     and have the number non-published. You'll be pleasantly surprised from now
     on, everytime your phone rings, it will be someone you really want to talk to.

5.) Go down to your local Post Office and file a change of address form. Use the
     address of your mailbox. Remember, most companies that provide Mailbox
     service, will need to see your drivers license... which of course now has a
     non-existant address on it.

You can take this as far as you want... Just doing these 5 things will give you a
sense of comfort and security you've probably not had in a long time. How does
this fit into cyperpunks and encryption? The philosophy is the same! What good
is it encrypting your messages to ensure your privacy when everything else is
exposed! It's a lot like an Ostrich burying his head in the sand to hide, but leaving
all his good parts exposed!

        Benjamin T. Moore, Jr.
        btmoore at iquest.net
        (Jian #AJF IRChat)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRlexoSAJOVFNaChAQFBCQf8Drm04x2YT5gZb8cklwep1eBVKxOMyVzn
/ZN3Tk+lKT05CAT0TCmHm+8oztqxWhgjMklYT228C5u4zvaF8ZrYvLxMp7RQPHvK
D2fSKdMGMs+pPvJxPUC5UXssoIsBS0W+i4dO5jDIj/MkXM4JFHsDHvFqr9Q7FqwE
Xr75lHjiNP4Gcv06WkVpJewJMaflP5zcrSam577/fbbCkYM6e4nhQPGdqdi83txM
hzvCs8cHalPa9UJGuSbIZObe1fAUkQMsVqEomXe5HuBzukJigwdqj4IK9SJixTVx
m0Fxf/W74j4lS1TXpqjCQoSD4EPRAleCYR6SFbqV/p0/cMYqv6kErA==
=4HYS
-----END PGP SIGNATURE-----






From pete at loshin.com  Sat Feb 10 02:19:16 1996
From: pete at loshin.com (Pete Loshin)
Date: Sat, 10 Feb 1996 18:19:16 +0800
Subject: Web900 -  The easiest way to charge users ...
Message-ID: <01BAF752.C34B9780@ploshin.tiac.net>


Bob Hettinga forwarded to the list this:

>--- begin forwarded text
[deletia]
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
[more deletia]

Rather than rely on the text Bob forwarded, I took a look at the Web page and
it appears to not have much more information than provided here.

Without knowing any more about this system than what is on their Web page,
one (apparently) obvious flaw is that it makes it real easy for me to charge my 
Web fees to my mother-in-law/friend/whoever's house I can get into and make 
the 900 # call.

Presumably this flaw can be minized by giving the access code a short
time to live so you have to enter it in the system real soon after getting it,
to discourage running around to all your (soon to be ex-)friends' houses.

Of course, this brings up the even more obvious flaw:

You have to cut short your browsing session (if you dial in) to make the phone
call, and then dial back in.  This strikes me as being much more complicated
and burdensome than any other method cited.  Also, since it seems that you
set up an account with the merchant through a single call/code, you could run
up quite a tab on someone else--untraceably--before you would get cut off.

It would be interesting to hear more about how this system
handles these issues.

-Pete Loshin
 pete at loshin.com






From twcook at cts.com  Sat Feb 10 02:19:23 1996
From: twcook at cts.com (Tim Cook)
Date: Sat, 10 Feb 1996 18:19:23 +0800
Subject: Your Point Is ?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

> Because, the are dumb as shit.  It's simple really, back to the
> origional point, most people are about as bight as a rock, they
> don't care about anything other than stuffing there pathetic faces,
> waching the idoit box, and passing on their bad genetic structure
> and pathetic world view.  That is all they have, it's not that they
> have anything to contribute to the world.  They are pathetic, since
> they have no life, and know that their world view hasn't got a
> prayer in a free market place of ideas, they choose to maintain it
> by force.
> 
I'm sorry. I seem to have missed your point. I thought you made one 
in the above text.  But after that, you seemed to have grouped 
yourself with those braindead no-lifers.  Where did YOU lose ME? 
.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRwopHZBD5a0GJkxAQGkUAQAwnKZ9E9znTul/abjiH/bYEMoJnlY27mE
2Ylk37HZWp3g9JVNmF0YvZWWsw1l3B+lzu1SC8GgG4V9h7Q483d4o0Nj995qVhhu
TQTkimH7XM0KH9Cc6Rw1PgcoZPaQgjjQg+loA1/N9lwCa9GZc2hTQlvDF/qV8d9B
wAxEpKGca9o=
=I0yG
-----END PGP SIGNATURE-----

Another "Logical Conclusion" by:
Tim Cook 
Support THE US Constitution...
Vote Alexander in '96 and '00!





From bplib at wat.hookup.net  Sat Feb 10 02:20:58 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Sat, 10 Feb 1996 18:20:58 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <199602100357.TAA22245@ix10.ix.netcom.com>
Message-ID: 



On Fri, 9 Feb 1996, Bill Stewart wrote:

> How are you going to _know_ that a "violation" occurred, if company A
> tells company B your address or favorite liquor?  Only by having access
> to the records of both companies.  Getting that through the courts,
> for only the parts of their information relevant to you, is better than
> blanket permission for the government to rummage through their files,
> but after the first lawsuit lets investigators in, everything they've got
> is clam bait anyway.  It's still major privacy violation - for the company
> whose machines are being violated, and for the non-suing individuals
> whose data is also on those machines.  

I agree that this is a problem but I still feel that an individual should 
have more rights than a corporation. It is true that there is a 
possiblity of the owners of the corporation may have their rights 
diminished, but you have to balance this against the protection that they 
get by being incorporated. Either the files belong to the corporation or 
they belong to the owner or shareholders. If they belong to the 
corporation, the individual wins the rights contest. If I follow your 
scenario, one need only form a corporation to avoid responsibility for 
any violations of the law.
I wish to reiterate here and now, that I am NOT advocating government 
access to computers or files. I am simply suggesting that data 
corporations should be required to take responsibility for the data that 
is in their care. If they do not take such care, they should be subject 
to sanction.

Regards, 
Tim Philp





From ses at tipper.oit.unc.edu  Sat Feb 10 02:23:46 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sat, 10 Feb 1996 18:23:46 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602090618.WAA24316@ix13.ix.netcom.com>
Message-ID: 


This post rated SB for Southern Babe. My credit rated NC-17.

On Thu, 8 Feb 1996, Bill Stewart wrote:

>         Before Bill Clinton signed the Exon Internet Censorship Bill,
>                 Tipper Gore brought you Music Censorship.
>         Uncle Frank says ""

No she didn't! She brought us voluntary labelling, which is completely 
different. Some local governments have then tried to use those labels to 
commit censorship, but that's illegal. Ms. Gore's attitude is and always 
has been that parents should be responsible.

 Exon's CDA (Chicks, Dicks, and Arseholes) is different because it
restricts content by law, including material protected by the first 
ammendment.

 The Administration has repeatedly stated its belief that those parts of 
the bill are unconsitutional, and does not intend to enforce them. 
Unfortunately, because the rider was attached to such an incredibly 
corporately popular bill, it would have been politically impossible to 
veto it for this, epecially since they believe that the courts will throw 
out the (ir)relevant parts. These corporate interests in getting the bill 
past also make's those who did vote against the bill in the house and 
senate especially deserving of praise; they won't be getting many 
Telebucks this year. maybe CypherPAC can reward them? 

Simon





From cea01sig at gold.ac.uk  Sat Feb 10 02:45:53 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Sat, 10 Feb 1996 18:45:53 +0800
Subject: American Reporter on CDA 2/8/96 (fwd)
In-Reply-To: 
Message-ID: 


What a splendid article!  I will keep it on disk forever.

Sean Gabb.





From bart at netcom.com  Sat Feb 10 02:55:39 1996
From: bart at netcom.com (Harry Bartholomew)
Date: Sat, 10 Feb 1996 18:55:39 +0800
Subject: USPS Electronic Commerce Services
Message-ID: <199602101036.CAA24634@netcom2.netcom.com>



    Because I registered for the upcoming Internet Expo in San Jose,
    I got, by mail, an announcement of forthcoming Post Office services.
    These "Postal Electronic Commerce Services" will be demo'd at 
    Booth 626 at this show on February 20-21.

    The flyer says:
    "Postal Electronic Commerce Services will provide end-to-end
    security, confidentiality, integrity, and proof of origin to
    all your electronic information transfer and storage."

    Interestingly they suggest that the government is to be a prime
    beneficiary:  "For governments to get full value from the increased
    use of personal computers and public access terminals (kiosks)
    the privacy and security of every transaction must be guaranteed."

    Under the HOW IT WORKS section, after a quick gloss on public key
    cryptography they state: "Once a person generates a unique key
    (using their own software), they will take the "public" part of
    that key to a postal representative along with documents that
    prove their identity. Postal Electronic Commerce Services will
    then issue a certificate which guarantees that the identity of
    the person matches the "public" key that they presented.
    PECS will also electronically postmark the document using its own
    set of "keys".  This guarantees the validity of the stamp and
    legally establishes the existence of the document."

    They offer a FAX number for further info: (202) 268 4399
    and a phone too at (202) 268 3435.

    No mention of GAK or key length limits that I could see.
    I will surely be at their booth on the 20th.






From owner-cypherpunks at toad.com  Sat Feb 10 02:57:59 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sat, 10 Feb 1996 18:57:59 +0800
Subject: No Subject
Message-ID: 



I found this article in misc.survivalism, but despite its presence there,
it actually has some interesting things to say about developing directions
in money laundering enforcement, including mention of electronic purses.
And "The Financial Times" is no slouch of a paper.

--Tim May



In article <4fbg19$nv1 at ixnews7.ix.netcom.com>, taxhaven at ix.netcom.com(Adam
Starchild ) wrote:

> From The Financial Times (London) for February 3-4, 1996:
> 
> 
>    WORLD'S FINANCIAL POLICE TO CAST MONEY LAUNDERING NET WIDER
> 
>              by George Graham, Banking Correspondent
> 
> 
>      The world's leading financial policemen are to consider
> targeting money laundering from arms trafficking, extortion and
> bribery as well as the drugs trade.
>      Members of the Financial Action Task Force, grouping senior
> government officials from the European Commission, the Gulf Co-
> operation Council and 26 other countries, have launched a review
> of their guiding principles.
>      The review is expected to be completed by June, and could
> result in the criminalisation of money laundering linked to any
> serious crime.
>      The Task Force's current recommendations, which set out
> minimum standards for money laundering laws in member countries,
> only require the criminalisation of drug money laundering,
> although countries are also urged to consider extending the
> offence to other crimes with a narcotics link.
>      Mr. Ronald Noble, under-secretary for enforcement at the US
> Treasury and president of the Task Force, said the group had not
> yet decided whether to widen the definition of money laundering. 
> Including all serious crimes could, however, make it simpler for
> law enforcement officials to launch investigations of
> transactions that look suspicious but have no obvious drugs link.
>      "It would make it much easier to collect information," Mr.
> Noble said. "People who before were engaged in the illegal
> transfer of funds would find it more difficult and more costly."
>      A broader definition might, however, make it more difficult
> to apply the Task Force recommendation that countries should have
> the power to confiscate laundered money.
>      The review is not expected to result in big changes to the
> 40 principles currently recommended by the Task Force, which
> officials believe have already contributed to substantial
> advances in the fight against money laundering.
>      But the review will also have to consider whether to address
> the new issues raised by the development of "cybercash," new
> varieties of payments systems such as stored value cards or
> electronic purses.
>      "We have to be concerned as an organisation to come up with
> principles which recognize that technologies could pose a threat
> but do not define them in such a way that you are dated as soon
> as you publish them," Mr. Noble said.
>      Law enforcement officials are keen that the developers of
> new financial technologies should think about their criminal
> potential before they launch them, so that governments do not
> have to clamp down on them afterwards with rigid rules.
>      Possible safeguards against the misuse of electronic purses
> could include limiting their maximum value or restricting their
> use to certain closed systems.
> 
> Posted by Adam Starchild
>      Asset Protection & Becoming Judgement Proof on the World
> Wide Web at http://www.catalog.com/corner/taxhaven





From wlkngowl at unix.asb.com  Sat Feb 10 03:45:01 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sat, 10 Feb 1996 19:45:01 +0800
Subject: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: <199602090747.CAA02854@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:
> 
> At 1:49 AM 2/9/96, Bruce Schneier wrote:
> >                APPLIED CRYPTOGRAPHY, Second Edition
> >
> >                              ERRATA
> >                   Version 1.2 - 1 February 1996
> >
> ...
> 
> Wow. Does this mean the Third Edition will be coming out soon?
> 
> (Not to sound harsh, but that's a *lot* of errors still in the book...I
> thought a lot of reviewers were going to squish out these sorts of
> things?)

That would depend on hw long you'd want to delay releasing a book.

When I finished reading 1st ed., I decided I was going to try coding the 
MMB cipher, got ahold of the erratta which read "MMB has been cracked. 
Don't use it" or something like that.  Had nothing to do with a typo.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRr8GioZzwIn1bdtAQH+XAGAjFImro/S6WQYJpmuGEA8L0eQAWw21ECT
AE0+m81jRK9AtXlbFLkg24ou6mU8N357
=noJq
-----END PGP SIGNATURE-----





From tbyfield at panix.com  Sat Feb 10 03:48:05 1996
From: tbyfield at panix.com (t byfield)
Date: Sat, 10 Feb 1996 19:48:05 +0800
Subject: bullshit (was: Re: Fair Credit Reporting Act and Privacy Act)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 10:18 PM 2/8/96, Bill Stewart wrote:

>The parts of the Privacy Act that I remember are all restrictions
>on _government_ actions, not private actions.  It's an important 
>distinction; even though TRW may know way too much about you, it's all information that >you voluntarily released to somebody, unlike data that 
>the government requires you to give them.  And, yes, it's out-of-date 
>and toothless.

        It's important to distinguish between information that you've voluntarily released as such (e.g., giving someone your SSN) and information derived from analysis of your actions (e.g., repayment patterns, value-added with a proprietary scoring system) and/or consolidated from small releases of info here and there--and most of the material in a typical TRW or Equifax dossier is of the latter kind.
        ObCrypto? Vaguely. I've been thinking about the possibilities of "bullshit generators"--simple programs that would generate names and various kinds of facts about people who don't exist and "make this info available": email addresses to SSNs, addresses, credit histories, medical records, you name it. If "bullshit bots" became generally available and easy to implement, "information markets"--a phrase that's far too general to capture the complexity of the dynamics it refers to--would stratify pretty fast: groundfeeders like the fine folks who're now grepping newsfeeds for email addresses + interests could be laid waste to pretty fast by a handful of dormant newsgroups systematically flooded with posts from gjhfkj at opihk.com or poipoh at axsx.org. Who'd pay for a DB that's half bogus? Alternatively: who'd pay to prevent their DB from being corrupted? Companies like Equifax would be harder to penetrate, but by no means beyond reach: there are so many people out there who they don't have files on yet--in ghettoes, in Eastern Europe--that they could be duped. We tend to think of information markets as markets for _true_ information; but as those markets mature, they'll breed parallel "counterweight" markets--markets, in essence, for _false_ information. Equifax and TRW got the goods on you? How much would you pay to vanish into a crowd of newly created people with excellent credit ratings who are all just a few diddled digits away from you, your SSN, your address, your phone number, your mother's maiden name...? The latest issue of RISKS (2/8/96, 17:70) has a kvetch about , "The Red Herring Home Page":

>        A little experimentation revealed that almost ANY obscure search
>would match "The information source", often as the only matching 
>document found. As near as I could figure out, his site recognized
>probes by web robots and then threw a dictionary at them!

        Congress would be hard pressed to illegalize fiction.

        ;)


Ted
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRsCX3Shd2boiy7BAQGS1gf+KK/VG9EGHkHBE/zaH2saf2Kb1Qgq4Ez1
wUABgo5JFAwbYFMY4aPZJIOcU2gPlVSDEHZtRMRI/JW2FTqGD8BwMneBjEFI9uHs
K9jUhT3sSyzWgwW/9H8rb/mO8gHJig9jcWseyK/z3Cyk8MFbP5h0nLcougTIhRFr
f2X/i4y3JNajtUYfkWQVUbDr0yS/5NesiMX79KB560clhPgXqTVgfU15DJOytWGZ
aRSfUU7Fu05BypfylcqW2nltgnvkAVrI+4Scf/nolZEqBT3PJ3MmWXNetbULxd4A
Jr3IRG/E3CVwBcOAhFLyw48c5Qseu7pSs6OA5VqgmGD/0SEdI1raWA==
=8XnL
-----END PGP SIGNATURE-----







From campbelg at limestone.kosone.com  Sat Feb 10 06:07:35 1996
From: campbelg at limestone.kosone.com (Gordon Campbell)
Date: Sat, 10 Feb 1996 22:07:35 +0800
Subject: Forgery--wasUnknown address
Message-ID: <2.2.32.19960210133829.006b7d48@limestone.kosone.com>


At 10:38 AM 09/02/96 -0800, David Sternlight wrote:
>
>I send this to you for your amusement and delectation. The core message
>below, about plonking, is a crude forgery--I did not write it nor did I
>send it.
>

I got one of these, too. My assumption was/is that somebody forgot to sign
off the list before their account was closed down.

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.






From amehta at doe.ernet.in  Sat Feb 10 06:19:20 1996
From: amehta at doe.ernet.in (Arun Mehta)
Date: Sat, 10 Feb 1996 22:19:20 +0800
Subject: China
In-Reply-To: <199602081727.LAA01429@proust.suba.com>
Message-ID: 


On Thu, 8 Feb 1996, Alex Strasheim wrote:

> I've seen a couple of pointers to information about China's ambitious
> attempt to build their own censorable net, but not a lot of discussion. 

Agreed, and not just about China. The Internet community is supposedly 
international, yet can be remarkably parochial. 

> The Chineese net strikes me as a very signifiant (and very negative)
> development.  

I'm sure it surprises nobody that the perpetrators of Tiananmen will 
not let the Internet slip through, without an attempt at censorship. 
However, on this subject, I stand by the conclusion of my "Radio Free 
Usenet" July 95 Byte commentary, that if ever they attempt a Tiananmen 
Square in cyberspace, the students will deploy the more powerful tanks. 
Running an ISP isn't easy, and if you are an authoritarian, it is even 
harder. Once they set up the infrastructure, the genie will be out of the 
bottle. Remember that starting this year, satellites of Iridium and other 
LEO satellite projects will start to go up, spreading bandwidth around 
the world. How will the Chinese government build a firewall against 
satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
happen some day.

However, that is not a reason for complacency. I think your warning is 
timely, and discussion, perhaps even action, may be called for. If people 
can mirror a web site so that Germans get access to it (an action I 
entirely support) what is being done about the large numbers of 
newsgroups that India and China have no access to? 

A lot of noise is made about how Compuserve users do not have access to
the sexusenet. Guess what -- in India, now China, we've *never* had such
access. Why is that any more acceptable? 

Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta at doe.ernet.in a.mehta at axcess.net.in amehta at cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi







From PADGETT at hobbes.orl.mmc.com  Sat Feb 10 06:35:33 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sat, 10 Feb 1996 22:35:33 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <960210090710.20214ab9@hobbes.orl.mmc.com>


Tim rites:
>The viewer sets her preferences: a 5-5-5 would let everything through, etc. 
>The developer of the chip claimed he could mass produce the chip for a buck, 
>and this may be where all those estimates of "$1-2 per set" have come from. 

Am in favor of this since it puts the control in the hands of the property
owner. One question would be "how often is the V-rating code transmitted ?"
(are the kiddies protected from channel-surfing ?) Do suspect that the $1-$2
cost could be met *at the manufacturing level*.

Do also see the need for regulation to put it in. It was required for UHF
channels else no one would try to build one. I am also thankful that is was
required for closed-captioning even though my TVs are not new enough (have
a $99 discount-house box on the TV in the family room. Makes many shows
more relaxing. Only annoyance is that we have to be even faster on Jeopardy
since the caption appears before the players speak.

Motorcycle helmets (required in Florida as is seat belt use) are another 
matter. Requiring the lights to be on is different - that makes the bike
easier for others to see. Helmet and seat belt laws are purely economic
in nature: the state wants them to reduce the load on the state supported
medical structure, motorcycle manufacturers (and auto manufacturers) support
them to keep insurance rates low (high insurance rates affect sales).

In this case the laws are "special interest" and have nothing to do with
the individual though the rationale is often "for your own good" (have been
wearing seat belts and helmets for many years - have a scar on my forehead
that took fourteen stitches where the Snell approved Bell Magnum helemet
*split* under the impact - sudder to think what the effect would have been
without it.

Similarly, I do not like air bags since I worry about second and side impacts.
Still was an easy way out for the manufacturers to appease the insurance 
companies (see above).

Getting a bit far afield from cyphers though. Bottom line is that the V-chip
seems like a good idea to me so long as the 5-5-5 setting is the default
and there are no "backdoors".
						Warmly,
							Padgett





From PADGETT at hobbes.orl.mmc.com  Sat Feb 10 07:02:40 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sat, 10 Feb 1996 23:02:40 +0800
Subject: "Rights"
Message-ID: <960210093506.20214ab9@hobbes.orl.mmc.com>


>A day or so ago, I reasoned incorrectly that university students and
>employees were free to encrypt mail they sent through their student or work
>accounts.  This was in response to a statement that the govt could retain
>at least some control of internet traffic through the universities and
>businesses.  I would credit the person who called me on it, by I do not
>remember who it was.  It seems that, at least for employees, it is totally
>up to the employer.

Is something I have been saying for years & has nothing to do with "free
speech", rather it is "property rights" and in the USA they always *must* win
because when you get down to it the US is based on property rights. One
of the most basic is that "citizens are not the property of the state".

"We hold these truths...all men are created equal" referred to the separation
of nobility from the "common man". Is part of the reason Amurricns may not be
titled. However computers and networks are not people, they are property. All 
are owned by someone who exercises control over them. To say "you must let me 
use yours as I wish" is to deny "all men are created equal" (and coporations 
enjoy the legal fiction of being an entity. Some time in the future we may 
have to consider other beings (porposes ?) but not yet just as at one time 
slaves and "injuns" were conveniently denied.

Now if an employer/university choses not to exert any control, that is their
decision but does not mean they have given up anything (AFAIK "adverse 
possesion" has never been applied to a computer or network) so why be surprised
when some exercise those rights ? I agree that proper notice should be given
but that is only to stay out of court in the first place. *Every court case
I know of has been decided in favour of the property owner*.

Remedy exists. If you do not like the rules at one site, choose another. In
most places you can find a PPP provider for $20/month unmetered who will let
you do what you will. True, if you want to use the web properly, the price of
a PC has gone up from $25 since Windoze and a 256 colour display is needed,
but not much.

Sorry for being a bit off topic but once this is understood (and am open to
argument on the issue but expect to prevail), I suspect that a lot of the
noise level on this list will go down.

						Warmly,
							Padgett





From david at sternlight.com  Sat Feb 10 07:09:56 1996
From: david at sternlight.com (David Sternlight)
Date: Sat, 10 Feb 1996 23:09:56 +0800
Subject: PLONK
Message-ID: <199602090228.KAA05732@infolink2.infolink.net>


Plonking is an outrageous abuse of net courtesy.
Shame on you!
 
David







From tcmay at got.net  Sat Feb 10 07:16:14 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 23:16:14 +0800
Subject: Kill Files and Plonking
Message-ID: 



A predictable round of "Public Plonkings" and "You're in my kill file,
nyah, nyah, nyah!" postings.

Personally, I regret ever mentioning adding anyone to my filter file, as it
then generated the expected "But Tim won't see this...." nonsense. I
shouldn't have done it. Public plonkings rarely accomplish anything.

I move names and topics in and out of my filter files as the mood strikes
me. I have the option of looking at the mail that's ended up in one of my
various filter files, and deciding to move someone out of that file and
back into the main list file.

(With Eudora, I filter _every_ incoming message into one of a dozen or so
files. It's just a question of which one. For a few really obnoxious
people, I filter their stuff into Eudora's "Trash" file; when I empty the
trash (Macintosh TM), their message is irretrievably gone.)

I think it's best _not_ to publicize who is in one's filter or kill file
for a couple of reasons:

1. It cuts down on the acrimonious plonkings and couter-plonkings.

2. It leaves open the door for gracefully reversing the process.

3. The filtered or killfiled person never really knows if he's being
filtered, so there's a "random reinforcement" element which may, I am
guessing, have an effect on posts.

To satisfy any curiousity aroused, at this moment there are 12 names which
I filter into a file called "Kill File" (but which is persistent, and can
be looked at by me at any time) and only 2 names which I filter into
"Trash" (which gets emptied fairly often, usually without my having looked
to see what went into it). (No name I have ever mentioned publically in
this context is in this Trash file.)

Some people who write to me and get no response may of course be left
wondering....this is the beauty of random reinforcement.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From adam at lighthouse.homeport.org  Sat Feb 10 07:27:33 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sat, 10 Feb 1996 23:27:33 +0800
Subject: The wisdom of Mark Twain
Message-ID: <199602090532.AAA07658@homeport.org>


Better to keep silent and be thought a fool than to open ones mouth
and remove any doubt.

ObCypherpunk:
	Mark Twain was a pseudonym.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From dlv at bwalk.dm.com  Sat Feb 10 07:27:40 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 10 Feb 1996 23:27:40 +0800
Subject: Perry's whining
In-Reply-To: <199602090321.WAA02247@dal1820.computek.net>
Message-ID: <2BJ1iD12w165w@bwalk.dm.com>


Ed Carp  writes:

> Why doesn't Perry just shut the hell up?

I wonder if any Russian speakers on this list know a good English
equivalent of the Russian expression: "Whose cow should moo"?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From twcook at cts.com  Sat Feb 10 07:29:07 1996
From: twcook at cts.com (Tim Cook)
Date: Sat, 10 Feb 1996 23:29:07 +0800
Subject: CDA Yes Votes; Collection
Message-ID: 


Find out if yours ( or any ) representative or senator voted for the 
CDA.  Send me email with the subject CDA-YES.  Put their name and 
where they are from in the body. I'll compile the list and post it.
When this is over they'll wish they realized how powerful the 
internet REALLY is.

Besides, what makes the US Congress think they have any control over 
a worldwide network?

PS. Repost this msg where appropriate.  I'm only posting to 
cypherpunks.
Another "Logical Conclusion" by:
Tim Cook 
Support THE US Constitution...
Vote Alexander in '96 and '00!





From dlv at bwalk.dm.com  Sat Feb 10 07:29:30 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 10 Feb 1996 23:29:30 +0800
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602090303.WAA00539@dal1820.computek.net>
Message-ID: 


Ed Carp  writes:
> > Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
> > ever see anything you have to say ever again.
>
> Why, thank you, Perry!  I'll be sure to mention the fact that you think I
> have bad ... excuse me, "extremely bad taste" in my next performance
> review.  I'm sure it will affect the outcome immeasurably. ;)

I see we're into cannibalism now...
 "I don't like your chief."
 "If you don't like him, don't eat him."

I envy Perry and wish I had procmail for (DOS) Waffle.

One of the many things that I dislike about Americans is their pronounced
tendency to express pride in their ignorance; as in, "I've never heard of
X's work, and I'm proud of it!". Now, that's tasteless.

The crypto relevance of the above remark is that this mailing list appears
to have been invaded by non-technical people who don't know anything about
cryptography beyond what they may have read in Schneier, who don't write code,
and who contribute nothing but childish flames and censorship attempts.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From stevenw at best.com  Sat Feb 10 07:29:39 1996
From: stevenw at best.com (Steven Weller)
Date: Sat, 10 Feb 1996 23:29:39 +0800
Subject: [NOISE]More meaty CDA material
Message-ID: 


Forwarded:

The article starts with "SAN ANTONIO, Texas -- You motherfuckers in
Congress have dropped
over the edge of the earth this time." and gets better.

>The American Reporter, working in conjunction with other groups opposed
>to the CDA, commissioned a writer to produce a special article to
>celebrate Clinton's signing of the new the law.
>
>Steve Russell, the author, retired after 16 years as a trial judge
>in Texas and is an Assistant Professor of Criminal Justice at the
>University of Texas at San Antonio.
>
>This article was specifically and carefully designed to be completely
>and utterly in breach of the CDA. If you are opposed to the CDA and
>you are not offended by the "seven bad words", you'll probably find
>it highly entertaining and insightful.
>
>OTOH, if you are easily offended and don't like bad language, JUST
>DON'T READ IT.
>
>If you are easily offended and like to be offended and then like to
>file Police Reports, please go ahead. After all it was written to
>help ensure that the CDA gets challenged in the courts as soon as
>possible.
>
>Here's the URL and don't tell me I didn't warn you:
>
>http://www.newshare.com/Reporter/today.html
>
>
>--
>|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
>| Malcolm Hoar           "The more I practice, the luckier I get". |
>| malch at malch.com                                     Gary Player. |
>| http://www.malch.com/               Shpx gur PQN.                |
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From PADGETT at hobbes.orl.mmc.com  Sat Feb 10 08:14:37 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Date: Sun, 11 Feb 1996 00:14:37 +0800
Subject: Why ? You really want to know =>
Message-ID: <960210103932.20214ab9@hobbes.orl.mmc.com>


>> The Administration has repeatedly stated its belief that those parts of 
>>the bill are unconsitutional, and does not intend to enforce them. 

>So why the fornicate did they include them? What's the point of passing 
>laws that they say they're not going to enforce, unless it's either to 
>enforce them later, or soften up the public for something _slightly_ more 
>tolerable later.

If you already knew the answer, why ask ? It also could be that under our
system of laws, once a rider is attached to a bill (in this case the
telecommunications bill) it is almost impossible to remove. Congress has
been using this quirk to provide pork-barrel & special interest thingies
for years.

I would prefer to think that some, realizing the impossibility of removal,
increased it to the point of obvious unconstitutionality so that it would
be separated as soon as possible. I suspect that both the three-judge special
panel and the following supreme court decisions are already known and time
is just needed to craft the SC decision so finely that this never happens
again. (ever the optomist but believe that while the congressional agenda
may be different and unobvious, it is rarely stupid.)

- Pick almost any chapter in the Old Testament. Read it halfway. Look at
how the famous figures look *at that point*. Just do not quote the "Song of
Solomon" (KJV) on the net. Today.
						Warmly,
							Padgett





From merriman at arn.net  Sat Feb 10 08:26:59 1996
From: merriman at arn.net (David K. Merriman)
Date: Sun, 11 Feb 1996 00:26:59 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960209112844.0068f1a8@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 08:27 AM 02/9/96 -0800, Simon Spero  wrote:
> The Administration has repeatedly stated its belief that those parts of 
>the bill are unconsitutional, and does not intend to enforce them. 

So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.

feh.

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsSBMVrTvyYOzAZAQHm0AQAtEjLduasFOvLKpFPXmkqLjQS+6pnj4Sp
NoLVGNUiV3xIGzMHSgCxYCYVQ8h5X7OreSxo6R4x4RGpgG6tadGkwvr6GUBbWg+W
j9+0/dsiIhlCfe2dv7pSGBjgLeXIp4jSb9BniMbiebdov/VLvEUs47fffzsui9vm
mBecJhZk0S4=
=HAa3
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From ghio at netcom.com  Sat Feb 10 08:29:48 1996
From: ghio at netcom.com (Matthew Ghio)
Date: Sun, 11 Feb 1996 00:29:48 +0800
Subject: The V-Chip glass is half full
In-Reply-To: <199602100721.XAA18354@netcom7.netcom.com>
Message-ID: <199602101540.HAA03913@myriad>


frantz at netcom.com (Bill Frantz) wrote:
> With some luck, we will be able to see on TV what we can now see in the
> movie theater, and the prudes will screen it out with the V-Chip the same
> way they now screen it out with the movie rating.  Everyone is (more or
> less) happy.

Maybe the courts will rule that if people put an X-rated header flag on
their web pages then it's legal because concerned parents can have SurfWatch
block it.  The result of that would probably be that a large percentage of
sites would mark their content X-rated just so they are off the hook
legally, whether or not they really have anything pornographic.  But I can
live with that.

--                  xx
                    XXXXXXXXXXXXXXXXXXXXXx*####w
|~~ |  |  /~~ | /   XXXXXXXXXXXXXXXXXXXXXXx#####*       |~~ \  /  /\  |\  |
|~~ |  | <    |<    XXXXXXXXXXXXXXXXXXXXXXx*####o o     |-   ><  <  > | \ |
|   |__|  \__ | \   XXXXP"~~~~~~~~~~~~~~~    ""     o   |__ /  \  \/  |  \|
                    XXXXX:,                          o
                    9P^"',





From erc at dal1820.computek.net  Sat Feb 10 08:36:51 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 11 Feb 1996 00:36:51 +0800
Subject: "Rights"
In-Reply-To: <960210093506.20214ab9@hobbes.orl.mmc.com>
Message-ID: <199602101615.LAA11603@dal1820.computek.net>


> Remedy exists. If you do not like the rules at one site, choose another. In

What happens when there *is* no remedy, when there are no other sites to 
go to, when there are no employers who would refrain from violating an 
employee's privacy?  What then?
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From rartym at galacta.demon.co.uk  Sat Feb 10 09:08:19 1996
From: rartym at galacta.demon.co.uk (Dr. Rich Artym)
Date: Sun, 11 Feb 1996 01:08:19 +0800
Subject: Reasons in support of crypto-anarchy
Message-ID: <199602101157.LAA00451@galacta.demon.co.uk>


In message <199602070213.UAA03036 at einstein.ssz.com>, Jim Choate writes:

> If the intent is to motivate others to kill or otherwise harm others simply
> because you don't agree with them or their actions is reprehensible and
> moraly or ethicaly undefensible.

I agree, but not for your reasons.  "Reprehensible" and "ethically
undefensible" both presupose that *you* can make an objective moral
judgement that you are right and others are wrong, which is no better
than the moral judgement that the politicians are making.  A better
reason for agreeing with your position is simply that value judgements
of any kind are subjective, and therefore they cannot apply to everyone
and hence it is a clear coercion to try to apply them to everyone.
Coercion of one man's subjective views onto another is the fundamental
fault in the position of the censors;  it's a very fundamental attack on
perhaps the most basic freedom we have, regardless of whether there is
a Constitution or Ammendments in the country in which we live.

> > 2.  How can we keep the government from banning encryption, digital
> > cash, and other systems that will improve our freedom?
> > 
>
> By making shure they don't have the authority to make the decision in the
> first place.

It might well be too late for that:  they've already taken the authority.
Now we're starting a process of taking it back, and we can do so without
bloodshed by moving the source of their power (monetary transactions and
the consequent taxation) beyond their reach.  That's where crypto comes in,
and that's why many of us are here.

> Every citizen of this country is a 'government employee' in one sense or
> another.

It is important that we adopt this overtly innocent view of civil servants
and governments as our *servants*, because it is on the grounds of service
that they justify their positions and actions on the single day every few
years that we get to vote them in.  Shoving the term "servant" down their
throats at every opportunity is an excellent attack on their positions of
power over us.

Rich.
-- 
###########  Dr. Rich Artym  ================  PGP public key available
# galacta #  Internet: rich at galacta.demon.co.uk     DNS 158.152.156.137
# ->demon #            rich at mail.g7exm[.uk].ampr.org   DNS 44.131.164.1
# ->ampr  #  NTS/BBS : g7exm at gb7msw.#33.gbr.eu
# ->nexus #  Fun     : Unix, X, TCP/IP, OSI, kernel, O-O, C++, Soft/Eng
# ->NTS   #  More fun: Regional IP Coordinator Hertfordshire + N.London
###########  Q'Quote : "Object type is a detail of its implementation."






From rah at shipwright.com  Sat Feb 10 09:19:21 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 11 Feb 1996 01:19:21 +0800
Subject: OK, how *do* you spell it?
Message-ID: 


I got a spelling ping this morning.

I'd never really thought about it, before.

Is it infocalypse or infoclypse?

Cheers,
Bob

--- begin forwarded text

Date: Sat, 10 Feb 1996 10:22:47 -0500
To: rah at shipwright.com
X-URL: mailto:rah at shipwright.com
X-Personal_name: David R. Conrad
From: ab411 at detroit.freenet.org
Subject: Spelling glitch

Robert,

   On the e$ home page, "Infocalypse" is misspelled "Infoclypse".

Regards,
--
David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad
Hardware & Software Committee : finger -l conrad at grfn.org for public key
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From avatar at mindspring.com  Sat Feb 10 09:30:21 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Sun, 11 Feb 1996 01:30:21 +0800
Subject: Tell me whats wrong with this
Message-ID: <199602090054.TAA03816@borg.mindspring.com>


At 05:34 PM 2/8/96 -0600, you wrote:
>
>avatar at mindspring.com writes:
> > I have a six year old boy I am trying to raise and it is hard
> > enough to teach him respect and values...
>
>What does your six-year-old have to do with my TV?
>
> >         Tell me why parents should not be able to censor their OWN
> > television so that they may raise their children the way THEY see
> > fit
>
>But what about *my* TV?  Why should I be forced to pay for something I
>don't want just because you want it for yourself?  [ Why does this
>seem so obvious? 

You probably had no problem with seat belts being manditory eqiupment ,
because they 
protected YOU and the people YOU cared about. 
You probably had no problem with manditory airbags, public building smoke
alarms, unleaded
fuel, restaurant health codes,etc....Because they protected you and or
people you care about,
even though they cost YOU more money.
>
> > All I'm saying is it's tough to raise a child these days without the added
> > distortion of modern programing ...
>
>"Don't do the crime if you can't do the time."
>
> > ... and parents need not be denied any tool that can help them
> > achieve success. 
>
>Oh, OK then.  Parents should be given access to incendiary equipment
>as a tool to destroy the studios that produce offensive material.
>
It's obvious that you watch a lot television your an excellent sensationalist.
Besides, we both no that the cost of the chip is insignificant. This device
hurts no one!
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From an5877 at anon.penet.fi  Sat Feb 10 10:20:23 1996
From: an5877 at anon.penet.fi (deadbeat)
Date: Sun, 11 Feb 1996 02:20:23 +0800
Subject: Nyms with keys
Message-ID: <9602101724.AA22523@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

I mostly lurk these days. 

DEADBEAT 

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBMRwQdPFZTpBW/B35AQH+7wGAss68V8aPaLMra/yLHtk5CpO2Zt8Yp7B1
qZKr+hOVJmphvZFmC7UmEk8TZu7a1GTY
=zI0k
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From stend at grendel.texas.net  Sat Feb 10 10:24:49 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sun, 11 Feb 1996 02:24:49 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602090618.WAA24316@ix13.ix.netcom.com>
Message-ID: <199602101726.LAA00945@grendel.texas.net>


Simon Spero  said:

SS> The Administration has repeatedly stated its belief that those
SS> parts of the bill are unconsitutional, and does not intend to
SS> enforce them.

	Then why didn't the Prez announce that he was ordering the
Justice Department to not defend the CDA provisions, like he did the
AIDS expulsion provision in the military spending bill?

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From jya at pipeline.com  Sat Feb 10 10:34:45 1996
From: jya at pipeline.com (John Young)
Date: Sun, 11 Feb 1996 02:34:45 +0800
Subject: Witness Protection Program
Message-ID: <199602101734.MAA28690@pipe2.nyc.pipeline.com>


The NYT Sunday magazine tomorrow has a longish article on the 
federal Witness Protection Program. It traces in detail one 
family's entry, the arrangements for the "death" of the old 
identity and the new "birth," and describes the unsettling 
nymity transformation.


It also lays out the ballooning cost of a program once thought 
to be relatively cheap.


Some techno stuff about carefully orchestrated communication 
between the relocated family and relatives.


Is everyone in the galaxy still able to get free and easy 
access to the NYT Web site at:


     http://www.nytimes.com


?








From Kevin.L.Prigge-2 at tc.umn.edu  Sat Feb 10 10:37:13 1996
From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge)
Date: Sun, 11 Feb 1996 02:37:13 +0800
Subject: OK, how *do* you spell it?
In-Reply-To: 
Message-ID: <311cd7256d77002@garnet.tc.umn.edu>


Robert Hettinga said:
> 
> I got a spelling ping this morning.
> 
> I'd never really thought about it, before.
> 
> Is it infocalypse or infoclypse?
> 

I think the former is the common spelling.

-- 
Kevin L. Prigge         | "You can always spot a well informed man -
UofM Central Computing  |  his views are the same as yours."  
email: klp at tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  






From mixmaster at obscura.com  Sat Feb 10 11:11:58 1996
From: mixmaster at obscura.com (Mixmaster)
Date: Sun, 11 Feb 1996 03:11:58 +0800
Subject: This is not...
Message-ID: <199602101811.KAA01416@obscura.com>


Lemeur Alexanderpunks, or perryrants vs. perryisanasspunks,
or CDAisdumbpunks, it's CYPHERpunks. Could everyone please
get closer to back on topic, there is work to do. Rant at
congress, not here!
XYZ







From lharrison at mhv.net  Sat Feb 10 11:14:23 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Sun, 11 Feb 1996 03:14:23 +0800
Subject: Nyms with keys
Message-ID: <9602101810.AA22714@mhv.net>


  Perhaps while you're lurking, you should consider downloading and
installing a more recent version of PGP than version 2.4 which you're still
using.

At 05:24 PM 2/10/96 UTC, deadbeat wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I mostly lurk these days. 
>
>DEADBEAT 
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.4
>
>iQBFAgUBMRwQdPFZTpBW/B35AQH+7wGAss68V8aPaLMra/yLHtk5CpO2Zt8Yp7B1
>qZKr+hOVJmphvZFmC7UmEk8TZu7a1GTY
>=zI0k
>-----END PGP SIGNATURE-----






From tcmay at got.net  Sat Feb 10 11:14:55 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 03:14:55 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: 


At 2:07 PM 2/10/96, "A. Padgett Peterson, P.E. Information Security"
Tim rites:
>>The viewer sets her preferences: a 5-5-5 would let everything through, etc.
>>The developer of the chip claimed he could mass produce the chip for a buck,
>>and this may be where all those estimates of "$1-2 per set" have come from.
>
>Am in favor of this since it puts the control in the hands of the property
>owner. One question would be "how often is the V-rating code transmitted ?"
>(are the kiddies protected from channel-surfing ?) Do suspect that the $1-$2
>cost could be met *at the manufacturing level*.

This is what I said, that maybe the _chips_ could be made for $1-2, but
integrating them into systems (VCRs, t.v.s,  tuner cards for computes--did
you think we'd let Little Johnny evade the V-Chip by using one of those
tuner cards?) will likely cost 20-40x more, based on the usual cost
factors.

The Canadian V-Chip prototype was shown sending out V-Chip codes
"frequently" (seconds or faster), so Little Johnny might see a flash of
thoughtcrime, but not much more.


>Do also see the need for regulation to put it in. It was required for UHF
>channels else no one would try to build one. I am also thankful that is was

The whole "mandatory UHF" thing was utter nonsense from the gitgo. In
nearly all commercial markets (big cities) there are but a few UHF channels
being used, and in most places none are being used. Meanwhile, unused VHF
spectrum exists.

As someone else posted recently, the "market" solution gave us
"cable-ready" sets and VCRs without government/FCC regulation.

>required for closed-captioning even though my TVs are not new enough (have
>a $99 discount-house box on the TV in the family room. Makes many shows

Well there you have it. Many of the poor clearly are not buying new sets
that have closed-captioning. Meanwhile, we all pay for it when we buy new
sets and VCRs. A hidden tax, that does not benefit those in need. (I'm not
a tax strategist, and consider taxes to be theft, but if I were to design
such a tax, I'd just steal the money "fair and square" and then pay the
$100 or whatever to the deaf--excuse me, "the alternately soundspaced"--to
subsidize an external closed-caption decoder. Of course, this would leave
the broadcasters, and under no circumstances would I insist that they CC
their programs, and thankfully the law does not now require them to.)

ObCypherpunks: A truly surprising number of people on this list are on the
one hand lambasting the government for thievery, incompetence, corruption,
and violation of their rights, while on the other hand explaining why they
think some particular intrusion is justified. We have people arguing for
mandatory V-Chips, for Data Privacy Inspection Services, for
anti-discrimination laws, and for government key signing services.

It's not a far jump from arguing any of these points to talking about the
"legitimate" (their term) needs of the government to ensure that encryption
is not used for criminal purposes, for kidnapping and extortion, for tax
evasion, etc.

People need to think about the powerful implications of strong crypto, and
decide if they are _for_ access to strong crypto by citizens, or _against_
it. All things follow from this decision.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From lharrison at mhv.net  Sat Feb 10 11:35:17 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Sun, 11 Feb 1996 03:35:17 +0800
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <9602101815.AA22921@mhv.net>


At 11:26 AM 2/10/96 -0600, Sten Drescher wrote:
>
>	Then why didn't the Prez announce that he was ordering the
>Justice Department to not defend the CDA provisions, like he did the
>AIDS expulsion provision in the military spending bill?

   Because it's an election year and, IMO, the topics he discussed in his
State of the Union address gave a clear message that he was going to sign
this bill.


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison at mhv.net         |      - Go to bed."
*******************************************************






From steve at miranova.com  Sat Feb 10 11:50:57 1996
From: steve at miranova.com (Steven L Baur)
Date: Sun, 11 Feb 1996 03:50:57 +0800
Subject: CDA; Don't get mad, get even!
In-Reply-To: <199602082043.MAA02979@netcom20.netcom.com>
Message-ID: 


>>>>> "cjs" == cjs   writes:

cjs> I think that we should make an example of those responsible for the
cjs> CDA. Ignorance is really not an excuse here, because whoever voted for
cjs> for the bill should have known the CDA was attached to it, and should
cjs> have had some idea of what it did.

Things do work both ways.  Fill the web indexers with information on
yes voters to the CDA.

An Altavista search on ``voting record congress'' yields the URL:
	http://www.vote-smart.org/congress/votes/

Pick either House Votes or Senate Votes as appropriate, look for the
Communications category.

If people opposed to the bill were to attach something to their
.signature referring to their wayward congressman, it would make a
dejanews or altavista news search on that congressman's name most
interesting.  As Tim May has pointed out, this stuff will live forever.

A quick small Web page can be set up merely containing text like:

Andrea Seastrand (CA congressional rep, 22nd district)
Dianne Feinstein (CA Senator)
voted yes on the CDA, reward them appropriately in the next election
(Di-Fei will have to wait until 2002 :-( ).

Barbara Boxer (CA Senator)
voted no on the CDA.

Submit the web page via submit-it to as many indexers as possible.

-- 
steve at miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.





From frogfarm at yakko.cs.wmich.edu  Sat Feb 10 11:51:57 1996
From: frogfarm at yakko.cs.wmich.edu (Damaged Justice)
Date: Sun, 11 Feb 1996 03:51:57 +0800
Subject: WEB: Heterodoxy Bashes MIT and Internet
Message-ID: <199602101855.NAA22791@yakko.cs.wmich.edu>


Very little cpunk relevance. I bash Heterodoxy for bashing MIT and the
Internet at

http://yakko.cs.wmich.edu/~frogfarm/hetrant1.html

Also available at alt.wired and talk.politics.libertarian.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.





From frantz at netcom.com  Sat Feb 10 11:54:07 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 11 Feb 1996 03:54:07 +0800
Subject: Req. for soundbites
Message-ID: <199602101827.KAA16020@netcom7.netcom.com>


>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

"Give me the liberty to know, to utter, and to argue freely according to
conscience, above all liberties."

"Though all the winds of doctrine were let loose to play upon the earth, so
Truth be in the field, we do injuriously, by licensing and prohibiting, to
misdoubt her strength.  Let her and Falsehood grapple; who ever knew Truth
put to the worse, in a free and open encounter?"

Both are John Milton, Areopagitica (1644)


And theis .sig:
Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta at doe.ernet.in a.mehta at axcess.net.in amehta at cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi

Bill







From alano at teleport.com  Sat Feb 10 12:04:19 1996
From: alano at teleport.com (Alan Olsen)
Date: Sun, 11 Feb 1996 04:04:19 +0800
Subject: [silly] Re: OK, how *do* you spell it?
Message-ID: <2.2.32.19960210184124.0091cac0@mail.teleport.com>


At 11:58 AM 2/10/96 -0500, Robert Hettinga wrote:
>I got a spelling ping this morning.
>
>I'd never really thought about it, before.
>
>Is it infocalypse or infoclypse?

It is Infocalypso.

Infocalypso is a new dance involving laptops.  It is similar to clog
dancing, except the laptops are hit together in a rhythmic fashion while a
lively beat is played on magnetic drums.  It is usually found in countrys
which have alot of spare laptops.  It was made popular during certain MIT
social gatherings and EFF meetings. The dance has gotten more and more
violent as the speed of laptops have increased.
  
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From adam at lighthouse.homeport.org  Sat Feb 10 12:17:51 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sun, 11 Feb 1996 04:17:51 +0800
Subject: Yeah, Yeah But what are we gonna do!
In-Reply-To: <199602100157.RAA26060@mark.allyn.com>
Message-ID: <199602101817.NAA11972@homeport.org>


Spam beget filters.

Most congresscritters delete email from people other than their
constituents already.

Adam

| I am going to volunteer to try to make a perl script that 
| I will make available that will automatically email every
| congressman that has an email address. I will include a pre

| What do you think? Is this worth it?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From avatar at mindspring.com  Sat Feb 10 12:30:27 1996
From: avatar at mindspring.com (avatar at mindspring.com)
Date: Sun, 11 Feb 1996 04:30:27 +0800
Subject: Yeah, Yeah But what are we gonna do!
Message-ID: <199602101947.OAA25312@borg.mindspring.com>


At 01:17 PM 2/10/96 -0500, you wrote:
>Spam beget filters.
>
>Most congresscritters delete email from people other than their
>constituents already.
>
>Adam
>


Untrue most of them have responded to my correspondence.
For example, I live in Atlanta Ga. and Senator Bradley is a representative
of New Jersey. Here is his letter. By the way I have many more from
many other members of both House and Senate.
					              
     Thank you for contacting me to express your views concerning
     the Communications Decency Act of 1995, which was recently passed as 
     part of S. 652, the Telecommunications Act of 1995.  I greatly 
     appreciated the opportunity to review your thoughts on this issue.
     
          Although the advances being made in our nation's information
     and communications network are revolutionary and welcome, they also 
     provide openings for individuals to transmit obscene materials to 
     children and to lure children.  Throughout my career in the U.S. 
     Senate, I have consistently encouraged the recording industry and the 
     television industry to limit explicit violence and sex on television.  
     Given the widespread growth of information networks, I supported the 
     Communications Decency Act as a means to curtail children's exposure 
     to offensive materials and to give parents some control over the 
     things their children see and hear.
     
          While I supported this amendment because I believe there is a
     need for some safeguards against obscenity, I do have some concerns 
     about the implementation of this provision, if it becomes law. There 
     should be a distinction between indecent and obscene material, as 
     there is in other relevant laws.  Furthermore, this particular 
     amendment does not adequately reflect the unique nature of the 
     Internet, in which information crosses many computers and access 
     points before reaching the user.  Finally, I was disappointed that the 
     Senate did not have an opportunity to consider an alternative proposal 
     suggested by Senator Leahy.  This measure would have provided more 
     safeguards to ensure that First Amendment rights were preserved, but 
     still would have accomplished the overall objective of the adopted 
     version. 
     
          Determining who should be held responsible for disseminating
     obscene material may be difficult.  I am concerned that this could 
     lead to an overall chilling effect on online communication as users 
     fear that they may be held responsible for material they did not 
     originate.
     
          Please be assured that I will keep your views in mind as the
     joint House-Senate conference committee attempts to reconcile the 
     differences between the two versions of the Telecommunications Act of 
     1995. 
     
          Again, thank you for contacting me to share your views.  I
     hope to hear from you again in the near future.
     
          Best wishes.
      
     
                                     Senator Bill Bradley
                                     Washington, DC 20510
                                     (202)224-3224
>
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||






From dlv at bwalk.dm.com  Sat Feb 10 12:46:52 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 04:46:52 +0800
Subject: China
In-Reply-To: <199602101429.BAA22868@suburbia.net>
Message-ID: <4PJ4iD13w165w@bwalk.dm.com>


Julian Assange  writes:
> [...]
> > bottle. Remember that starting this year, satellites of Iridium and other
> > LEO satellite projects will start to go up, spreading bandwidth around
> > the world. How will the Chinese government build a firewall against
> > satellites? Say, for instance orbiting anonymous remailers with pgp? Will
> > happen some day.
>
> Radio *reception* of non goverment approved frequences is illegal in a
> number of countries, China included. Possesion of the equipment needed
> to received these frequencies is also illegal in a number of countries
> (including Australia). Sale of that equipment is illegal in still more
> countries, including the USA.

Governments and organized religions sought to regulate book printing
almost since the time in was invented.

In the last few decades, oppressive governments controlled the possession of
short-wave radio receivers (confiscated by several sides during WWII to prevent
citizens from listening to enemy propaganda); xerocopiers and computer
printers; even typewriters (I read that in today's Iraq every typewriter must
be registered and the government must be supplied with type samples).

It's not difficult to imagine that governments will seek to regulate the
possession of modems again. Some may recall that in the U.S. it used to be
technically illegal to connect a modem to the phone jack without a permission
from AT&T.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Feb 10 12:50:32 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 04:50:32 +0800
Subject: [silly] Re: OK, how *do* you spell it?
In-Reply-To: <2.2.32.19960210184124.0091cac0@mail.teleport.com>
Message-ID: 


Alan Olsen  writes:
> At 11:58 AM 2/10/96 -0500, Robert Hettinga wrote:
> >I got a spelling ping this morning.
> >
> >I'd never really thought about it, before.
> >
> >Is it infocalypse or infoclypse?
>
> It is Infocalypso.
>
> Infocalypso is a new dance involving laptops.  It is similar to clog
> dancing, except the laptops are hit together in a rhythmic fashion while a
> lively beat is played on magnetic drums.  It is usually found in countrys
> which have alot of spare laptops.  It was made popular during certain MIT
> social gatherings and EFF meetings. The dance has gotten more and more
> violent as the speed of laptops have increased.

Could someone please point out to me the crypto-relevance of this nonsense,
if any?

Thank you.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tcmay at got.net  Sat Feb 10 13:31:54 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 05:31:54 +0800
Subject: This is not "This-is-not-punks" either
Message-ID: 


At 6:11 PM 2/10/96, Mixmaster wrote:
>Lemeur Alexanderpunks, or perryrants vs. perryisanasspunks,
>or CDAisdumbpunks, it's CYPHERpunks. Could everyone please
>get closer to back on topic, there is work to do. Rant at
>congress, not here!
>XYZ

Is anyone stopping you or anyone else from talking about quadratic
residues, or Fiat-Shamir protocols, or the IETF proceedings? I didn't think
so.

People talk about what is on their mind. This week it's the CDA, a while
back it was Jim Clark, and at various times we have talked about a truly
vast number of subjects. Sometimes we talk about C code (not often), often
we repeat ancient conversations about random numbers and steganography, and
very occasionally we get into a new topic. This is not surprising, echoing
as it does the patterns of conversations in real life.

The scolding by people who think things are "off-topic" is not
constructive. If they think people should be talking about some topic they
consider more appropriate, let them start talking about it.

Crypto is a hard subject, the technical part of it. If the list confined
itself to this subject, very little discussion would take place. A Wei Dai
might announce a new package every few months, someone might ask whether
IDEA is better than Blowfish every couple of weeks, and maybe a Hal Finney
would note that his analysis of RC4 is complete. Not much discussion, given
the "depth" of these subjects.

(And isn't sci.crypt a much better place for these discussions anyway? Why
have the Cypherpunks mailing list at all if the only "appropriate" topics
are those that duplicate what is already going on in sci.crypt?)

Finally, I am always struck by how the most consistently scolding folks
here ("Can't we get back to crypto?") are also the ones most prone to going
off on their own rants when the mood hits them. Perhaps this is what they
fear--the fear that someone else will say something that *must be rebutted*
and thus cause them to go off on their own rant! Instead of ignoring the
words that bother them, they declare that a topic is not suitable.

Worse, they even engage in what psychologists call "magical thinking": they
confuse cause and effect and claim that the actions of others will "cause"
bad things to happen. We see this is the stupid comments along the lines of
"I hope you're happy when the NSA wins, all because you made the list talk
about Vince Foster instead of DES!!!!"

People will talk about what they want to talk about. The way to shift the
focus to what you think should be talked about is to write interesting and
persuasive posts, not decry the topics others think important.

The best way not to have the list "sidetracked" is to not respond to things
you think are off-topic.

Another version of this plaintive wail about topicality is the repetition
of that comforting mantra "Cypherpunks write code." Overused in the extreme
(though based on good ideas, that actually implementing systems is more
interesting and more world-changing than merely discussing theory), this is
used by people who wish others would shut up about some subject. As a way
to have the last word. Sort of like writing, "As I've just finished
explaining to you dullards in this 5-page post about why the Jacobins were
actually proto-Libertarians, I must repeat that "Cypherpunks write code."
So I now ask must ask you to accept what I have written on the French
attitude toward libertarianism and get back to what this list is really
about. If you continue to argue with me, you will be doing the NSA's work
for them." (There's that magical thinking again.)

(Why anyone would want others to shut up is beyond me...this is what
filters are for. Anyone who can't filter out messages, either directly or
by deleting them quickly, probably isn't in a position to "write code"
anyway, so what's the issue? No, what I really think the issue is for these
"control freaks" (to use the accepted term) is that it simply grates on
them that other people are not more like themselves, are not interested in
the same things they are at the same time they are. And they think that by
scolding others they can force them to change their ways. Guess what? It
doesn't work.)

I was recently accused in private mail, and maybe public mail as well, by
someone of "diverting" the list into a discussion of the Hiroshima bomb and
its moral implications. I disagree. When Rich Graves asked originally, "Who
holds up the nuking of Hiroshima and Nagasaki as great victories against
tyranny?" I said "Since you ask, I do. A land invasion of Japan would've
likely cost half a million American lives, and perhaps a million or more
Japanese citizen lives, according to comprehensive studies I think are on
the mark."

This simple response--admittedly not related to DES or IETF or even
Netscape--elicited flames, charges of racism, counter-arguments, and such.
So? While I chose to sit out most of that flame war, you didn't hear me
wailing "Can't we just get back to talking about Diffie-Hellman?"

This is what filters are for. And what ignoring threads is for.

I repeat, if you want others to spend more time talking about the things
that you think need talking about, then set an example and begin the
conversation. Don't just childishly wail about what others are talking
about isn't "on charter."

--Tim May, who will continue to write about what he wishes to write about

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From bruce at aracnet.com  Sat Feb 10 13:59:29 1996
From: bruce at aracnet.com (Bruce A. Baugh)
Date: Sun, 11 Feb 1996 05:59:29 +0800
Subject: Privacy Without Tears
Message-ID: <199602102136.NAA11894@trapdoor.aracnet.com>



-----BEGIN PGP SIGNED MESSAGE-----

Since it wouldn't do me any good to write code (I've _seen_ my code, it's not 
pretty), I'm writing in English instead. :-)

I've started work on what I currently call Privacy Without Tears, a guide to 
PGP and related programs pitched specifically at a novice audience. I would 
appreciate comments, particularly in the fact-checking line (more on this in 
a  moment). I'd also appreciate anyone who feels like it passing the URL I'll 
give in a moment on to crypto newbies and seeing if they can follow the 
instructions and get good results.

So far, I've only written an intro and a section on PGP. Now I'm working on 
a section on DOS and Windows front ends.

I'm only discussing software I can actually use on my own system, so 
explaining to me about the merits of tools for other OSes won't do any good. 
But if you have useful information about such, I'd be happy to link to your 
pages. Likewise, I'm deliberately not getting in a number of technicalities 
up front - only in the last section, for instance, will I explain about IDEA's 
role in PGP keys. This is for _novices_, the people who have as much need to 
protect their privacy as any of us but fewer clues.

One thing I could really use is a short - paragraph-length - discussion of 
probable times to crack keys of various lengths.

The URL (for the moment):

http://www.aracnet.com/~bruce/privacy/privacy.html

Thanks in advance for constructive comments!

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMR0Phn3AXR8sjiylAQGkMgfRAcH5qowi9wG/4o2cYR0qwlNXZM92TLJJ
G8Klpk//5Hd3q5PAdz6QOL3ct7QYhlpjlT/UYrJ/dhjpIxWX6jmgxM0jTDdDr1q8
qXcWwzNMz5d1V0z+95NkD7hCOV7inP5ycqFRRPtAgF4LCiT4V0GrbaTLaqKbi7G+
1YXo6ginBOjQ8WABRtpwIgGbxmJPQmTue5SqTX6zuGhTGrounCGShYZKT8ViLqtl
swtD6sG6TPCAOpAgeV8TOPnJEKdbd9ASHAFdEN63DnTHNgjUWLo2bO3VcblRHVjf
1fi+UkeEF/yYXD4nryhhA8E95GUqBdIasN2E8J214Wp4Qoo=
=5fO2
-----END PGP SIGNATURE-----






From tbyfield at panix.com  Sat Feb 10 14:20:05 1996
From: tbyfield at panix.com (t byfield)
Date: Sun, 11 Feb 1996 06:20:05 +0800
Subject: a chat w/ Paul Strassman about his remailer article
Message-ID: 


Now I have a firmer grasp on the dynamics of escalation. ;)
        A couple of notes. (1) The people Mr. Strassman CCed in his first
response remained CCed throughout; one of them is his co-author, William
Marlow (Senior Vice President, Science Applications International
Corporation [SAIC]). (2) He hasn't responded to my last mail, and probably
won't, at least in private; obviously, he's free to respond to it on
Cypherpunks. (3) I find his claims to understand and properly represent the
arguments for remailers to be, er, lacking: claims like "remailing
capabilities are operated [...] as a public service, almost always at no
charge because it costs so little to set one up," the absence of the
standard penet-type arguments--about support-group discussion re sexual
abuse etc.--speak for themselves, imo.
        Anyway:


>To: paul at strassmann.com (Paul A. Strassmann)
>From: tbyfield at panix.com (t byfield)
>Subject: Re: your article on remailers
>
>Greetings.
>        Your article on remailers anon-remail.html> was fascinating.
>        The "connection" you draw between disease and techniques of
>anonymity is arbitrary and tendentious: in place of a careful, sustained
>analysis of anonymous remailers _as such_, your article relies on a
>bizarre rhetorical substitution of disease for anonymity--"Information
>terrorism poses a threat; anonymity prevents punishment; the fact that
>legislative and policy bodies aren't dealing with the issue reminds me of
>the history of public medicine; therefore anonymity is a disease like
>AIDS; Russian criminals are using remailers; this is how remailers
>work..." This isn't an argument--it's a hodgepodge of free-associations
>and very peculiar allegations. What evidence is there that "the Russian
>(ex-KGB) criminal element" (whatever that is) constitutes a *statistically
>significant* segment of remailer-users? If they aren't statisticaly
>significant, why mention them? In the absence of any specific evidence, I
>can only assume that this claim is pure fantasy--like the confusing
>association between "AIDS" and "terrorism." Certainly, both are bad for
>society, but so are many other things--littering, starvation, and poor
>workmanship.
>        If you plan to develop your work on remailers further and present
>it to governmental agencies and NGOs, please take the time to *understand*
>the arguments of remailer advocates, rather than merely quoting them at
>length. You'll be doing yourself a favor--because, really, the only
>sections of your article that seem to make much sense are the quotations
>from people who develop and maintain remailers.
>
>Ted Byfield
 


-----------------------------
>X-Sender: pas at pop.connix.com
>Mime-Version: 1.0
>Date: Wed, 7 Feb 1996 10:31:10 -0500
>To: tbyfield at panix.com (t byfield)
>From: paul at strassmann.com (Paul A. Strassmann)
>Subject: Re: your article on remailers
>Cc: "William Marlow" ,
>        "Tim Leshan" ,
>        BRIAN KAHIN 
>
> Dear Mr. Byfield:
>
>Thanks for your comments about our remailer paper. I believe a few points
>are in order in response to your observations:
>
>1. It does not seem that you have finished reading the paper. There is a
>long section in the end captioned  which summarizes a wide
>spectrum of opinions and beliefs of those who develop and offer remailer
>services. I am satisfied that I have represented fairly the views of those
>who see in remailers the defense of privacy and civil liberties. I also
>conclude that remailers are here to stay.
>
>2. With regard to the evidence of that remailers are used by the criminal
>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>evidence I have seen so far. As court proceedings become unsealed, everyone
>will have an opportunity to examine that evidence. Meanwhile, you may wish
>to browse for recent stories with the keywords  and 
>for such disclosures.
>
>3. In your letter you employ a technique which is not appropriate for the
>conduct of a civilized discourse. You start by  attributing to me
>statements which I did not make. Then, you proceed to debunk them. Let me
>illustrate:
>
>I did not use the expression "statistically significant" in describing the
>use of remailers by the criminal element. Therefore, your argument "...if
>they aren't statistically significant why mention them?" is both false as
>well as logically inconsistent.
>
>Your debating style shows similar flaws by avoiding facts and arguing your
>own constructs of what you attribute as my views. It is only because of the
>importance of this subject matter that I have decided to respond to your
>"flame".
>
>Sincerely,
>
>Paul Strassmann
 

---------------------------------------------
>To: paul at strassmann.com (Paul A. Strassmann)
>From: tbyfield at panix.com (t byfield)
>Subject: Re: your article on remailers
>
>At 10:31 AM 2/7/96, Paul A. Strassmann wrote:
>
>Mr. Strassmann--
>        Since you may not wish to pursue any further discussion with
>someone you don't know, I'll cut to the chase: may I submit your response
>(unabridged) to the Cypherpunks mailing list? I notice that you've CCed my
>mail to three people unknown to me without my permission. (Hi,
>everyone...)
>        Here are a few further remarks, if you're interested; I hope you are.
>I've reproduced your remarks out of their original order for purposes of
>brevity.
>
>>3. In your letter you employ a technique which is not appropriate for the
>>conduct of a civilized discourse. You start by  attributing to me
>>statements which I did not make. Then, you proceed to debunk them. Let me
>>illustrate:
>
>        You are, I trust, familiar with the phenomenon commonly called
>"asking a question"? That is what I did when I asked you whether Russian
>criminal elements constitute a statistically significant segment of
>remailer users: I asked you a question. This process can sometimes be
>confusing--for example, when the criteria that questioner and questionee
>judge to be important differ. I feel that, in matters of public policy,
>relative numbers are important: thus, if tens or hundreds of thousands of
>people use remailers for benign purposes while only a handful of Russian
>criminals do so for nefarious purposes, then public policy decisions on
>remailers should not be founded primarily on the latter fact. By analogy,
>it seems likely that someone, somewhere, has taught a monkey to drive a
>car--there might even be a documented instance of it; should we then take
>this into consideration in debating national automotive policy? After all,
>if it weren't illegalized, the chaos that could be caused by pet
>chimpanzees tooling around on public roads can't be understated...
>        Obviously, you're free to differ on the subject of relative
>numbers and their bearing on policy, just as you're free to persevere
>under the belief that a question can be "false."
>        I can't, however, resist pointing out that asking c[are]fully
>worded questions that conform to established scientific criteria is
>considered "appropriate for the conduct of a civilized discourse." Again,
>you're free to disagree, of course. [brackets in 1st line = spelling
>correction]
>
>>2. With regard to the evidence of that remailers are used by the criminal
>>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>>evidence I have seen so far. As court proceedings become unsealed, everyone
>>will have an opportunity to examine that evidence. Meanwhile, you may wish
>>to browse for recent stories with the keywords  and 
>>for such disclosures.
>
>        "If you knew what I knew" arguments have needlessly become a
>staple of the national security establishment; but in all but the rarest
>instances are they a valid basis for policy decisions. I understand full
>well that the Russian "mafia" and former apparatchiks throughout the
>former Soviet bloc are serious problems that we ignore only at our peril;
>and, also, that invoking them increases one's chance of funding in the
>security establishment. But I also understand that certain segments of the
>USG would ultimately be better off distinguishing between its citizenry
>and the Russian mob, rather than continually invoking the latter in
>advocating legislation that pertains primarily to the former.
>
>        In any case, I cannot wish you well in your endeavors in this
>regard, since I disagree with most of what you say; I can, however, wish
>you well in other regards, and I do.
>        Please take a moment to answer my original question regarding the
>Cypherpunks mailing list.
>
>Regards,
>
>Ted Byfield
 


-----------------------------
>X-Sender: pas at pop.connix.com
>Mime-Version: 1.0
>Date: Wed, 7 Feb 1996 22:00:05 -0500
>To: tbyfield at panix.com (t byfield)
>From: paul at strassmann.com (Paul A. Strassmann)
>Subject: Re: your article on remailers
>Cc: "William Marlow" ,
>        "Tim Leshan" ,
>        BRIAN KAHIN 
>
>I have no problem with your posting my messages. Thanks for asking except
>you should do so only after you include the text of all messages, including
>this one.
>
>You have totally  misunderstood my response to your points about the
>relevance of whether ex-KGB criminals ( or monkeys)  are a statistically
>significant number. The problem with your communications has been that you
>have continued to disregard my conclusions where I stated that anonymous
>remailers are here to stay for good reasons. Whether the number of abusers
>is or is not statistically significant has therefore no bearing on our
>exchanges. For that reason I did not read your text at all as "asking a
>question", but as your own assertion. This makes it unacceptable as an
>argument.
>
>I disagree with  your assertion that you have "...asked a carefully worded
> questions that conform to established scientific criteria." My experience
> as editor of several scientific journals prevents me from acknowledging
> your messages as conforming to any scientific criteria. You have
> selectively picked arguments from the front of my paper, while totally
> disregarding what I said at the end. What you have is not scientific, but
> extractions to support  your arguments.
>
>You are using inference (such as "chance of funding the security
>establishment", "advocating legislation" etc.) for attributing to me what
>you see as reprehensible views. You do that by saying that I have used the
>"if you knew what I knew" arguments as a cover. Again, you are exhibiting a
>debating technique where you assign to me a position I have not taken and
>then proceed to argue against it.
>
>Let me repeat again, your allegation that I have not taken into
>consideration the arguments of remailer advocates is not only  false but
>totally misleading. If you would  bother to read the entire paper, you
>would  find that the  views or remailer advocates are not only represented,
>but found to be of sufficient weight and importance to warrant my
>conclusion that anonymous remailers are here to stay. I also say  that in a
>democratic society it "...becomes politically unacceptable  to designate
>remailers as a potential source of criminal actions. Such absolute
>prohibitions would never pass through a legislative process in a free
>society."
>
>If you are looking for some totalitarian monster, you better look somewhere
>else to vent your apprehensions.
>
>Paul
 
------------------------------------------

>To: paul at strassmann.com (Paul A. Strassmann)
>From: tbyfield at panix.com (t byfield)
>Subject: Re: your article on remailers
>
>>You have totally  misunderstood my response to your points about the
>>relevance of whether ex-KGB criminals ( or monkeys)  are a statistically
>>significant number. The problem with your communications has been that you
>>have continued to disregard my conclusions where I stated that anonymous
>>remailers are here to stay for good reasons. Whether the number of abusers
>>is or is not statistically significant has therefore no bearing on our
>>exchanges. For that reason I did not read your text at all as "asking a
>>question", but as your own assertion. This makes it unacceptable as an
>>argument.
>
>        You seem quite adamant that your repeated assertion that
>"remailers are here to stay" somehow serves to stave off any criticism (or
>at least any criticism from your struly) of your article. I read your
>article in its entirety and understood it quite well, and I agree with
>*some* of it--for example, with your conclusion that remailers are here to
>stay. I could just as easily read some lngthy tome full of rubbish whose
>conclusion is that "stuff exists" and agree with its conclusion while
>remaining skeptical about the bulk of the book.
>        I would submit to you that your article would be much improved if
>you edited out this pathological-biological metaphor.
>
>>I disagree with  your assertion that you have "...asked a carefully worded
>> questions that conform to established scientific criteria." My experience
>> as editor of several scientific journals prevents me from acknowledging
>> your messages as conforming to any scientific criteria. You have
>> selectively picked arguments from the front of my paper, while totally
>> disregarding what I said at the end. What you have is not scientific, but
>> extractions to support  your arguments.
>
>        Of course I've selectively picked arguments from your paper--I
>even addressed some from the *middle*! (As for the end, see my remarks
>above.) Unfortunately, try as you might, my remarks aren't really what's
>at issue here. You published an article that made extensive use of dubious
>metaphor and made unsubstantiated allegations that, even if they were
>substantiated, are of doubtful significance; when I pointed out that this
>method of argumentation is generally inappropriate for a democratic
>society, you redouble your efforts to assess my reading comprehension as
>low and my remarks as utterly without merit.
>
>>You are using inference (such as "chance of funding the security
>>establishment", "advocating legislation" etc.) for attributing to me what
>>you see as reprehensible views. You do that by saying that I have used the
>>"if you knew what I knew" arguments as a cover. Again, you are exhibiting a
>>debating technique where you assign to me a position I have not taken and
>>then proceed to argue against it.
>
>        I've said nothing of "reprehensible views," nor need I do so; I'm
>quite content with merely _disagreeing_ with some of what you have
>written. As for "assign[ing] to you a position [you] have not taken": (1)
>in your article you mentioned that "the Russian (ex-KGB) element" uses
>remailers; (2) I questioned the truth and noteworthiness of this claim;
>(3) you responded...
>
>>2. With regard to the evidence of that remailers are used by the criminal
>>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>>evidence I have seen so far. As court proceedings become unsealed, everyone
>>will have an opportunity to examine that evidence. Meanwhile, you may wish
>>to browse for recent stories with the keywords  and 
>>for such disclosures.
>
>        ...very clearly asserting that you have seen evidence that is not
>publicly availlable because it remains sealed: "if you knew what I knew,"
>in shorthand. (4) I said that, imo, by and large this is not a valid basis
>for policy decisions. And now you tell me that I'm arguing against a
>position you haven't taken?
>
>>Let me repeat again, your allegation that I have not taken into
>>consideration the arguments of remailer advocates is not only  false but
>>totally misleading. If you would  bother to read the entire paper, you
>>would  find that the  views or remailer advocates are not only represented,
>>but found to be of sufficient weight and importance to warrant my
>>conclusion that anonymous remailers are here to stay. I also say  that in a
>>democratic society it "...becomes politically unacceptable  to designate
>>remailers as a potential source of criminal actions. Such absolute
>>prohibitions would never pass through a legislative process in a free
>>society."
>
>        To be sure, you "represent" the views of remailer advocates,
>though for the most part through extensive quotation--extensive enough,
>indeed, that one of the authors quoted has publicly expressed misgivings
>about the fact that you never sought permissions. Editor of several
>scientific journals, you say? Perhaps your extensive experience with
>classified documents, which of course quote material beyond fair use
>without permission, has shaped your editorial sensibilities?
>
>>If you are looking for some totalitarian monster, you better look somewhere
>>else to vent your apprehensions.
>
>        I think maybe you've strayed a bit from the subject. This is, I
>think, a strange way to respond to my closing:
>
>>        In any case, I cannot wish you well in your endeavors in this regard,
>>since I disagree with most of what you say; I can, however, wish you well in
>>other regards, and I do.
>
>        You're rather keen to pathologize things, aren't you? First it's
>remailers, which "remind" you of diseases; and now you've doubly
>pathologized me, as someone positively bent on finding "totalitarian
>monsters" where there are none. Please rest assured that I don't think
>you're anything of the sort.
>
>Cheers,
>Ted








From stend at grendel.texas.net  Sat Feb 10 14:29:24 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sun, 11 Feb 1996 06:29:24 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <9602101815.AA22921@mhv.net>
Message-ID: <199602102158.PAA01166@grendel.texas.net>


"Lynne L. Harrison"  said:

LLH> At 11:26 AM 2/10/96 -0600, Sten Drescher wrote:
>>  Then why didn't the Prez announce that he was ordering the Justice
>> Department to not defend the CDA provisions, like he did the AIDS
>> expulsion provision in the military spending bill?

LLH>    Because it's an election year and, IMO, the topics he
LLH> discussed in his State of the Union address gave a clear message
LLH> that he was going to sign this bill.

	He signed the military spending bill, too.  And, unfortunately
(because of the bigotry it reflects), being painted as protecting gays
isn't going to be much better than being painted as protecting
pornography.  My point is that Clinton _doesn't_ have the same "this
provision is unconstitutional" feeling about the CDA as he does about
the AIDS provision.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From printing at explicit.com  Sat Feb 10 14:37:41 1996
From: printing at explicit.com (William Knowles)
Date: Sun, 11 Feb 1996 06:37:41 +0800
Subject: The Agincourt Project
Message-ID: 


Here is a thank you rant from the OCAF that I got in
my mail today.  

William Knowles
printing at explicit.com


--(Fwd)--

>From Oklahomans for Children And Families (OCAF)
ocaf at aol.com
ocaf at telepath.com
-----------------


Thank you for requesting our document "The Agincourt Project".
We hope you have had time to read and digest it.  And we very
much hope you will join us in our fight to end illegal pornography
and child pornography on the Internet.

-  If you are a concerned citizen, we hope you will follow the
   suggestions in our Action Plan.  We need your help to get
   our document in the hands of law enforcement officials
   across America.  This is a complicated issue, but we have
   found that once the police and prosecuting attorneys
   understand how an ISP operates, the criminal liability of
   the ISP becomes obvious.

-  If you are a law enforcement official or a prosecuting
   attorney responding to our notices of potential illegal
   activity in your jurisdiction, we are ready to answer
   any questions you or your staff may have.

-  If you are a representative of a media organization, we 
   stand ready to answer any questions you may have and to
   make ourselves available for interviews.

-  And, finally, if your are an Internet Service Provider
   who is concerned about our activities, your concern is 
   justified.  We hope that you have already made the 
   decision to remove illegal pornography and child
   pornography from your news server.  And we sincerely
   thank you if you have done so.  If you have not, 
   please understand that we are receiving help from
   concerned citizens across the United States.  Sooner
   or later, the police in your area will be contacted.

   Also understand that we do not intend to find one large
   ISP for a test case.  We are encouraging law enforcement
   in every city to use existing laws to put an end to 
   the illegal pornography and child pornography in 
   newsgroups. 
   
Again, thank you for your interest in our work.


--(End fwd)--






From jya at pipeline.com  Sat Feb 10 14:59:29 1996
From: jya at pipeline.com (John Young)
Date: Sun, 11 Feb 1996 06:59:29 +0800
Subject: The Idiot Chip
Message-ID: <199602102228.RAA04586@pipe3.nyc.pipeline.com>


   The New York Times, February 10, 1996


   The Idiot Chip

   By Frank Rich [Columnist]
    
     
   In the annals of dumb solutions to serious problems,
   history will have a ball with the V-chip, the antidote to
   trash TV that became the law of the land on Thursday when
   Bill Clinton signed the telecommunications bill. Far from
   making television safer for children, the V-chip will
   merely postpone and confuse the issue until well into the
   next century -- even as it provides politicians with
   convenient cover.

   By embracing the V-chip, Democrats and Republicans alike
   can posture as if they care about children without actually
   having to do anything to improve their cultural lot.

   Let Mr. V-chip do the job instead!

   The V-chip is a gimmick that has as much to do with
   ameliorating TV for kids as the Forbes flat tax has to do
   with serious tax reform.

   To see why, it's essential to realize that a cultural
   revolution took place in America this week.

   Contrary to the headlines and sound bites, the new
   telecommunications law is not just about cable rates and
   phone service, the explosion of new technologies and the
   unconstitutional effort to stamp out "indecency" and
   abortion information on the Internet.

   If you look at the bigger picture, this law is also about
   a mammoth expansion of mass culture -- more media, more
   outlets -- and a rapid expansion of power for the handful
   of mega-corporations that control it all, from TV, movies,
   music and publishing to both print and electronic news. It
   was perfectly symbolic that on the day Mr. Clinton signed
   the bill, Disney got its official Federal approval to
   swallow up ABC.

   Into this vast new universe of omnipotent media goliaths
   comes the tiny V-chip, designed to help parents block the
   coarse outpourings of an exploding digital universe.

   Common sense alone dooms this gizmo to failure.
  
   Who can rate some 600,000 hours of programming broadcast
   per year by even our current 70-channel cable systems?
   (Hollywood only has to rate roughly 550 movies -- 1,000
   hours -- per year.) Should crime-sated local news be
   blocked? "MASH" reruns? Reports from a future gulf war?
   "E.R."? Pro football? "Schindler's List"? (If so, a network
   may be tempted to duck a V-chip block -- which would lower
   ratings and revenue -- by sanitizing the Holocaust.)

   Even if all the practical, political and legal questions
   raised by the V-chip could be miraculously resolved
   overnight, it is still pie-in-the-sky. The chips are only
   required on new TV sets, so it will be years before most
   households, especially multi-set households, will be in the
   V-chip's harness.

   Even then, parents with kids in different age groups will
   have to choose between their younger and older children as
   they decide whether to flick the switch each night. Weaker
   parents will take the same path of least resistance they do
   now.

   As the founder of Action for Children's Television, Peggy
   Charren has been fighting for kids decades longer than most
   politicians.

   She is not only skeptical that the V-chip will transform
   lax parents into concerned ones, but points out that the
   chip doesn't even address the Saturday morning blight of
   brainwashing commercials ("worse than the programming") for
   violent toys and junk food.

   Nor, Ms. Charren adds, is there any language in the
   telecommunications law to require networks to increase the
   quantity and quality of good children's TV that might offer
   an after-school alternative to "Jenny Jones."

   Mr. Clinton will press for better programming when he meets
   with Hollywood potentates -- some of whom are his campaign
   contributors -- at the White House on Feb. 29. A far
   tougher idea -- one adopted by the British Government last
   month -- is being promoted by the Media Access Project, a
   public-interest organization.

   It argues that the one gift the networks still want from
   Congress and didn't get in the telecommunications law --
   more space on the public airwaves (so-called "spectrum")
   for additional channels -- be given only if they agree to
   cede some of it to public-service broadcasting, including
   top-notch children's TV.

   But the greedy media goliaths will fight any such proposal
   as vehemently as they oppose the V-chip.

   The politicians, hiding behind the V-chip, will let them
   get away with it.

   Delinquent parents, told that their children will soon be
   in the hands of an electronic nanny, will have a new excuse
   for doing nothing.

   And like each TV generation before it, today's children
   will grow up to fight this battle for their children on yet
   another day.

   [End]















From ampugh at mci.newscorp.com  Sat Feb 10 15:39:58 1996
From: ampugh at mci.newscorp.com (Alan Pugh)
Date: Sun, 11 Feb 1996 07:39:58 +0800
Subject: Strange Sounds of Silence
Message-ID: <199602102305.SAA05611@camus.delphi.com>


Please reply to amp at pobox.com as this email address dies on the 14th.


-----BEGIN PGP SIGNED MESSAGE-----

AEN News
Commentary by Alan M. Pugh


The Strange Sounds of Silence

Has anyone else out there noticed the strange sounds of silence
emmanating from the american print and broadcast media concerning the
rider attached to the Telecommunications Act recently signed by
President Clinton known as the CDA (Communications Decency Act)?

Here we have a piece of legislation that has enormous ramifications
to the free flow of information and ideas through various electronic
media, and yet we hear hardly a peep from the "defenders of the 1st
amendment". Many readers here have probably noticed the screams of
censorship and gnashing of teeth that accompany any attempt to pass
legislation or regulations that have even tangental relationships to
the 1st amendment. The first amendment has, during this century, been
greatly expanded from the protections it was widely recognised to
afford at the begining of this century. It has been "incorporated"
through the courts to bar states from infringing on our freedoms as
well as the federal government. The definition of "speech" has been
stretched to the point that the act of burning a flag is considered
to be an act of speech, and not destruction of property. (I agree
with the court wholeheartedly on this point.) We've so expanded its
scope, and rightly so, that it is difficult if not impossible to win
in court on a charge of slander or libel. 

The press in this country enjoys wide lattitude. They cannot be
forced to divulge sources except under very specific and limited
circumstances. They have recently been restricted more than in the
past on military operations. These restrictions have garnered almost
universal cries of "censorship!" from those news organizations
affected. 

Why then, when almost all of cyberspace is up in arms over this
provision is this story almost universally ignored or distorted to be
merely an issue of "child pornography" or "protecting our children"?
I recall several prominent news organizations across the country
coming to the aid of Larry Flint, the publisher of _Hustler_ magazine
a few years ago through amicus briefs filed with the court when an
overzealous prosecutor was attempting to nail him for the
distribution of material that violated his puritanical
interpretations of local "community standards".

Where are these papers now? Where is their outrage? I'd like to know
what the difference is between a picture of Michelangelo's David
displayed in an article by the _Smithstonian Institution_, and the
same picture when displayed on someone's home page? Where is the
outrage that someone who makes a copy of _Catcher in the Rye_
available to people who visit their home page who may very well now
be open to prosecution by that same puritanical prosecutor? Where is
it? Has the "free" press in this country suddenly discovered the
virtues of censorship? 

Do these organizations not realize that the precidents that will soon
be laid down on this issue will soon be affecting them as well? Any
major publisher who is not looking at electronic media as a method of
distribution is a fool. The _New York Times_ is now available on the
World Wide Web. Perhaps they are living in a delusion that *they*
will not be held to the same standards that will soon be enforced
against the small publisher who sees the Web as means for cheap mass
distribution. Perhaps for a time, they won't. Eventually, the bird
will come home to roost. One would think that they would understand
that the free flow of information is important enough that we will
have to stand a little pornography and other distasteful material -
the same way we allow magazines to be sold at the local convienience
store. If you don't want to see it, don't look at it. If you don't
want to read racist material, go somewhere else. Noone will *force*
you to consume that which you cannot abide. 

They also do not seem to recognise the international nature of the
internet. It is not something that operates entirely within the
confines of the united States. It is an international community that
reaches nearly every corner of the globe. What is proper to be
displayed in New York City or Los Angeles, is probably not something
that, say the government of Saudi Arabia would like to see available
to its subjects. By the same token, what is deemed to satisfy the
"community standards" of Amsterdam, may very well not fly in many
places in the united States. In order for any government to restrict
access to any country that flaunts its standards, it would have to
disconnect itself from the internet. It is not possible to build
walls around a country and still have all the good benifits of the
internet still available. 

Is it a bad thing for a group of children to be able to become
electronic pen-pals with another group of students in Malaysia, or
Russia? Do we not think that personal relationships with people from
another culture helps personalize our understanding of their
cultures? I think many wars could have been avoided in the past if
each side knew each other better. How can someone claim that "all
russians are evil" when they have a personal relationship with Ivan
in St. Petersburg? 

For better or worse, the technology is now out there. The world will
always be smaller than it once was. We are no longer limited in our
circle of friends by distance or time. (Time could indeed be an issue
if one were attempting to place a phone call to someone in Paris
from Dallas. Many people don't want to talk at 4am their time.) We
are also not limited by the delays and expense of postage. I've met
good people around the world through electronic communications who
have points of view that I would probably never have considered. 

Again I ask, "Where is the media?" Why is the censorship of
individuals a good thing? Don't come crying to me when you find, a few
years down the road that this camel's nose has snuck into the tent
with its bad breath, prelediction to spit, and no potty training.

Since this message is being transmitted electronically, I feel that
it is my moral duty to include the following so this message will
fall under the purview of the act I so abhor.

Shit, Piss, Cunt, Fuck, Cocksucker, Motherfucker, and Teats.

There they are. Come and get me Big Brother.

=end of article=

This article was digitally signed with PGP so as to further aid
prosecutors. A signed document is hard to deny.

amp
<0003701548 at mcimail.com>

PGP Key = 57957C9D
February 10, 1996   15:23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRz+6YdTfgZXlXydAQG2qgf+Omae9/yVYvcyX1ADp6mmSHQJlQJ3qS4C
AnT4VK4AepDHnqrh7gVsNPQB58QAWekY4IZBGws0mdxDQF9h3q8+pu+CNEFB2CDo
Zi24IqjbCD2wYnovPOAZVmppOCoD0Au6XdUPdY2rLN/AEqo7H4H3RefTXDozu1J6
9QTOytuwLhaSlQ6BeBi2XhTrKFM7g1EtpA8O+B2tEOqvghQgq9f5SeY2kOY+5792
RY4EKlhcGIeT95pevnoQFPWTQA5wJghpXD1D4gfg7hULDZM1ZXLZRHF+XxlQImgZ
SrxISrE1kDxlwHe4BYM4WXPH3OU0Gj4H9pH2J0YZA5H5pZS90u7mwA==
=aNzy
-----END PGP SIGNATURE-----
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0


if anyone is interested...

>Here's the fax number for the White House...(202) 456-2461. 






From declan+ at CMU.EDU  Sat Feb 10 16:04:05 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 11 Feb 1996 08:04:05 +0800
Subject: A Rant about Senator James Exon
In-Reply-To: 
Message-ID: <8l7GaN600bk=8YzEFQ@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 9-Feb-96 A Rant about Senator James
.. by Timothy C. May at got.net 
> >What do you think? Is this worth it?
>  
> Here's something I did about Senator James Exon:

In my protest against the Hon. Jim Exon, I went to his office this week
and dropped off a printout of indecent speech that I have on the Justice
on Campus Project:

   http://joc.mit.edu/lawsuit/examples.html

I told the bewildered receptionist that his boss was to blame for making
me a criminal.

I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
Two articles on our lawsuit are at:

   http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
   http://fight-censorship.dementia.org/fight-censorship/dl?num=1067

-Declan






From declan+ at CMU.EDU  Sat Feb 10 16:05:35 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 11 Feb 1996 08:05:35 +0800
Subject: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: 
Message-ID: <0l7GNu200bk=4YzNJr@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 9-Feb-96 New Internet Privacy
Provid.. by Vincent Cate at offshore.co 
> PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.
>  
> As a result of recent efforts to censor the Internet in France, Germany,
> China, and now the USA, Offshore Information Services Ltd. (OIS)
> anticipates a larger market for privacy services over the Internet. OIS is
> well suited to provide such service since it is located in Anguilla, a
> taxhaven in the Caribbean with strict secrecy laws.  OIS is now entering
> this market. 

Thanks, but no thanks. I don't need a shell account at $1,200 a year.

-Declan

PS: Spelling "identity" incorrectly in your press release posted here
and on your web site makes you look pretty silly.






From deepthroat at alpha.c2.org  Sat Feb 10 16:50:39 1996
From: deepthroat at alpha.c2.org (deepthroat at alpha.c2.org)
Date: Sun, 11 Feb 1996 08:50:39 +0800
Subject: The Communications Decency Act
Message-ID: <199602102336.PAA02080@infinity.c2.org>


Why The Communications Decency Act passed, or
Follow the money



	There's been a lot of commentary the last few days about this
bill, this strange creature, seemingly of the 'Christian Right.'  Talk
of how and why its unconstitutional, protests; web pages blackened.
But, oddly, no one seems to have examined who pushed the bill through
Congress, or why.

	Theres been a lot of talk lately about 'the rise of the new
media,' how first interactive TV, then the net, are going to become
this new thing, a way of getting news events.  The 'old media' even
reported on it; how could it not, it was being pre-empted.  IRC beat
CNN five years ago during the US-Iraq war.  Bill Clinton's campaign
took his message (a little) to the net, a little to MTV.  But where
does that leave the big guys?  ABC, NBC, CBS??  Can they survive in
this brave new world which the net threatens to be?

	By and large, they looked at themselves, and saw they could
not.  They are gargantuan dinosaurs, threatened by, well, hell,
you've heard the metaphors.  So had the dinosaurs.  And, as you should
have expected, they reacted, the main way they knew how.  They bought
themselves a law.  This is the way broadcasters have always worked.
When there was competition, they created the F.C.C. to tell them what
to say and not say.  When cable came along, and threatened to destroy
them, they got cable regulated.  It was interstate commerce after all.
Not that space in the ground is a scarce resource, but the
broadcasters are a powerful group.  They create and maintain
campaigns, name recognition, politicians.

	And they were threatened.  Not only where they threatened, but
their symbiotes, the politicians they created and maintained, where
threatened.  Theres not a politician alive who doesn't remember how
Nixon looked next to Kennedy.  But now, they understand the game, and
they play it.

	Kristol once defined conservatism as the fear of change.  Big
Media is inherently conservative, and with good reason.  They make
lots of money the way things are.  They don't want that to change.
And they weren't going to let it.

	The net is free-wheeling, easy going, and useful.  Its not the
stiltified, self-referential, wasteland of television.  It has to be
stopped.

	But how to do it?  You can't very well say 'This threatens our
business interests,' when you're as widely disliked as the mass media.
You need allies.  You need a cover story.  A Gulf of Tonkin incident.
You need to protect the children.  And who more manipulable today than
the religious right?  Heads spinning with newfound power and
influence, they're the perfect dupes, with a perfect cause.

	And in driving through a bill to castrate the internet, the
religious right had the perfect ally.  The media.  After all, the
media is running scared.  They're not going to present this as a big
government issue, or a matter of censorship.  They're not even going
to portray the opposition.  They're going to portray it as reasonable
people, protecting our kids, vs ACLU free speech absolutists.

	And they did.  The CDA passed.  Not only did it pass, it
steamrollered the opposition, because the opposition didn't see what
was coming.  We were deer in their headlights, and now they're
feasting on roadkill.

	So what do we do about it?  The satisfying response would be
to kill your television.  But that really doesn't do any good.
Neither does killing your Senator.  Ignoring it, in a massive act of
uncivil disobedience might work.  But turn your web pages obscene
won't carry the big ISPs, the way turning them black did.  What a
waste of time.  (Actually, it might not have been.  People on the web
now all know about the CDA, and can't claim ignorance.)

	So ignoring it might work.  But a better response is
arbitrage.  Move your web business to Anguilla.  Jersey.  The Isle of
Man.  The Seychelles.  It doesn't cost much more than hosting them in
the USA.  Tell your Senators.  Tell your Representatives.  Tell your
President.  But most importantly, tell your friends.  Your relatives.
Your customers.  Let business flee these expensive halls, and see how
long the regulations last.  No Senator can vote against the
information superhighway, and when it becomes clear to every American
that the CDA is causing America to become a backwater, the rules may
change.


DT.
Deepthroat at alpha.c2.org





From ses at tipper.oit.unc.edu  Sat Feb 10 16:52:40 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sun, 11 Feb 1996 08:52:40 +0800
Subject: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: 


On Sat, 10 Feb 1996, Alan Pugh wrote:

> The Strange Sounds of Silence
> 
> Has anyone else out there noticed the strange sounds of silence
> emmanating from the american print and broadcast media concerning the
> rider attached to the Telecommunications Act recently signed by
> President Clinton known as the CDA (Communications Decency Act)?
> 

Are you sure? The coverage has been wall to wall out here (Bay area); 
front page above the fold, business pages, computer columns, editorials 
and editorial cartoons. Apparently it's the same level of coverage back 
in the RTP.

What part of the country are you in? I guess the coverage is different 
in the major geek zones like the bay area and RTP

Simon






From usura at berserk.com  Sat Feb 10 16:58:58 1996
From: usura at berserk.com (Alex de Joode)
Date: Sun, 11 Feb 1996 08:58:58 +0800
Subject: http://www.eubank.ag
Message-ID: <199602110010.BAA04271@asylum.berserk.com>

A non-text attachment was scrubbed...
Name: not available
Type: application/x-pgp-message
Size: 26 bytes
Desc: not available
URL: 

From liberty at gate.net  Sat Feb 10 17:21:05 1996
From: liberty at gate.net (Jim Ray)
Date: Sun, 11 Feb 1996 09:21:05 +0800
Subject: Deafening silence [was Re: Need a "warning" graphic...]
Message-ID: <199602110017.TAA48888@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

>Sten Drescher wrote:



>"Lynne L. Harrison"  said:
>
>LLH> IMO, the topics he
>LLH> discussed in his State of the Union address gave a clear message
>LLH> that he was going to sign this bill.
>
>	He signed the military spending bill, too.  And, unfortunately
>(because of the bigotry it reflects), being painted as protecting gays
>isn't going to be much better than being painted as protecting
>pornography.  My point is that Clinton _doesn't_ have the same "this
>provision is unconstitutional" feeling about the CDA as he does about
>the AIDS provision.

Further, has anyone else noticed a deafening silence on the subject of
a (supposedly) wished-for line-item veto power of presidents? It seems
to me that the Dornan and CDA-type provisions of huge bills are line-
items, aren't they?
JMR

Regards, Jim Ray  Boycott espionage-enabled software!

"Americans hate the IRS, and if the only way they can get rid of it
 is to elect somebody who is communicating directly with the Planet
 Xorgon, then so be it." -- Dave Barry [on Steve Forbes] 2/9/96.
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMR0yS21lp8bpvW01AQE23QP+OZJKOIBGQsRMTiD0cyy+8wreirn9TqAN
0m3RFIuP0P/2LHm9lLxMib23DyEWAGws4C5VfNLAZvPvsZz/WaOv/2+g0RdOwK0Y
LFplxhIHpFRVkDZhKTSqTKnbT3tK9OLDTKETfhnoq6KC1OJ2AuS33Xfd+Lay7FGT
lYuqjesg8BI=
=EHLF
-----END PGP SIGNATURE-----






From lmccarth at cs.umass.edu  Sat Feb 10 17:24:16 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 11 Feb 1996 09:24:16 +0800
Subject: Chinese/Indian censorship of alt.sex.* etc. (Was: China)
In-Reply-To: 
Message-ID: <199602110103.UAA05043@opine.cs.umass.edu>


Arun Mehta writes:
> A lot of noise is made about how Compuserve users do not have access to
> the sexusenet. Guess what -- in India, now China, we've *never* had such
> access. Why is that any more acceptable? 

I have always assumed that people on the net in India, China, etc. can use
the same free net.resources as everyone else to access locally blocked
material. For newsgroups, use something like 
	http://dana.ucc.nau.edu/~jwa/open-sites.html 

If the Indian or Chinese govt. forces all ISPs in its country to block
all known open NNTP servers, then that's a more serious situation. But I
haven't read anything indicating that.

The CompuServe incident caused a big ruckus because it involved a conflict
between the German govt. and many U.S. users, and (like it or not) users 
in the U.S. seem to be the most vocal group on the net.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lunaslide at loop.com  Sat Feb 10 18:21:47 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sun, 11 Feb 1996 10:21:47 +0800
Subject: Privacy Without Tears
Message-ID: 


>-----BEGIN PGP SIGNED MESSAGE-----
>
>Since it wouldn't do me any good to write code (I've _seen_ my code, it's not
>pretty), I'm writing in English instead. :-)
>
>I've started work on what I currently call Privacy Without Tears, a guide to
>PGP and related programs pitched specifically at a novice audience. I would
>appreciate comments, particularly in the fact-checking line (more on this in
>a  moment). I'd also appreciate anyone who feels like it passing the URL I'll
>give in a moment on to crypto newbies and seeing if they can follow the
>instructions and get good results.



>The URL (for the moment):
>
>http://www.aracnet.com/~bruce/privacy/privacy.html

I've already talked to Bruce through private email and told him I would
start working on a peice for Mac users.  We are on a quest to get people to
use PGP, and it does not have anything to do with platform wars.  If you
have comments, take it to me in private emails.

The point of posting this is a) to let Mac readers of this list know that
they can refer to their Mac friends to the link for info and b)because I
had an idea after talking to Bruce of a great way to get the word spread
even further...

If everyone not only has a link to these pages in text, but also has their
"PGP secured!", or similar little graphic on their pages, linked to these
sites as well, it would save a lot of people a lot of redundant explaining
and it would help spread the word about PGP like wildfire to the masses.
You could also put a "Click for more info on Pretty Good Privacy(tm)" right
next to it to get more people to look.  _This_ is the way to get widespread
attention to and usage of PGP.  The pages on PGP would be linked to each
other and to pages on freedom of speech and privacy and the word would go
far.  By placing a link on your page to the PGP page through the graphic,
you will be placing a link to dozens, eventually hundreds, of pages
detailing PGP as well as sources dedicated to freedom and privacy.

Someone on the list made a comment a bit ago about just having regular old
text on the site to say "PGP secures", but people respond to the graphics
more than anything on web pages.  They want to be able to click everything.
This would be the key.  In the early days of Christianity in Rome,
Christians would sometimes communicate to each other by the use of the
small simple "fish" illustration that you see on cars everywhere.  This
will be our symbols power as well, the communication of a message.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From bruce at aracnet.com  Sat Feb 10 18:35:15 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sun, 11 Feb 1996 10:35:15 +0800
Subject: Privacy Without Tears
Message-ID: <2.2.32.19960211020543.006a107c@mail.aracnet.com>


>Excellent.  This is much-needed.  Please see
>"http://www.c2.org/~bryce/WhatIsPGP.html", and consider
>cross-linking with me.

Will do - URL squirreled away for when I do the References pages.

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From jimbell at pacifier.com  Sat Feb 10 19:08:33 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 11 Feb 1996 11:08:33 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 



At 08:13 PM 2/6/96 -0600, Jim Choate wrote:
>
>Forwarded message:

>> A few months ago, I had a truly and quite literally "revolutionary"
>> idea, and I jokingly called it "Assassination Politics": I speculated on
>> the question of whether an organization could be set up to _legally_
>> announce either that it would be awarding a cash prize to somebody who
>> correctly "predicted" the death of one of a list of violators of
>> rights, usually either government employees, officeholders, or
>> appointees.  It could ask for anonymous contributions from the public,
>> and individuals would be able send those contributions using digital
>> cash.
>> 
>
>If the intent is to motivate others to kill or otherwise harm others simply
>because you don't agree with them or their actions is reprehensible and
>moraly or ethicaly undefensible.

That's a misleading statement:  You said, "simply because..."    As should 
be abundantly clear from my other arguments, I wouldn't wish to see anyone 
killed "simply because"  of the fact I "don't agree with them."  It is their 
ACTIONS that I feel violate my rights; that is what  justifies my seeking 
their deaths, should I choose to do so.


>> On the contrary; my speculation assumed that the "victim" is a
>> government employee, presumably one who is not merely taking a paycheck
>> of stolen tax dollars, but also is guilty of extra violations of rights
>> beyond this. (Government agents responsible for the Ruby Ridge incident
>> and Waco come to mind.)  In receiving such money and in his various
>> acts, he violates the "Non-aggression Principle" (NAP) and thus,
>> presumably, any acts against him are not the initiation of force under
>> libertarian principles.
>> 
>
>Every citizen of this country is a 'government employee' in one sense or
>another.

That's about the weakest argument I've heard in a long time.  I'm amazed 
that you weren't too embarrassed to post it to the list.  While I don't know 
precisely what your definition of the phrase "government employee" really 
is, I "every citizen" is a "governement employee" then you must have a 
REALLY weird definition of that.

Somehow, I think that this is where  your argument fails, and it fails 
miserably.


>By resorting to violence you are no better than the ones you proport to
>protect us against.

Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
total non-violence principle, but it turns out that very few people actually 
believe in that.  Most people seem to think that they are entitled to 
protect themselves from violations of rights.  The fact that these 
violations of rights may be done by "government employees" is at most 
irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
use violence against a burglar, rapist, or murderer is correct; attempting 
to deny me the right to protect my property from GOVERNMENT people is, in 
itself, a violation of my rights.

Are you a statist?






From jf_avon at citenet.net  Sat Feb 10 19:14:38 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 11 Feb 1996 11:14:38 +0800
Subject: "Rights"
Message-ID: <9602110216.AB04631@cti02.citenet.net>


Ed.Carp at linux.org, ecarp at netcom.com wrote:

>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Easy! Either you do not get on the net or you start your own ISP service.

It might cost money. i.e. requires work, but it is feasible.

No one, neither company nor individual, owes you to provide you with a link simply
because you *wish* it.  If it were otherwise, anybody with the ability to produce would
become slaves to the ones who don't.  Enslavement of Ables for the sole benefit of the
Not-Able.  It would be punishment for being good.

Principles must take precedence over a temporary wish.

JFA
Selfishness is a virtue!
 






From cp at proust.suba.com  Sat Feb 10 19:18:08 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sun, 11 Feb 1996 11:18:08 +0800
Subject: China
In-Reply-To: 
Message-ID: <199602110219.UAA00502@proust.suba.com>


> However, that is not a reason for complacency. I think your warning is 
> timely, and discussion, perhaps even action, may be called for. If people 
> can mirror a web site so that Germans get access to it (an action I 
> entirely support) what is being done about the large numbers of 
> newsgroups that India and China have no access to? 

I recieved a few emails from people who tried to explain to me why the 
Chineese scheme isn't going to work.  I wouldn't go so far as to say I'm 
unconcered, but one point was sort of reassuring and probably ought to be 
brought out on the list.

The West isn't the Chineese government's main problem -- it's the 
Chineese people they have to worry about.  A firewall can't provide 
internal security -- all it can do, at best, is keep outsiders out.  Even 
assuming that they can pull that off -- and it's extremely unlikely that 
they can -- anything that lets Chineese people talk to each other and 
facilitates discussion is going to end up being far more subversive than 
any information we in the West can send into China.

(This point was made by Perry -- it probably lost something in the
translation.)

As for India and China -- what should be done?  We tend to focus on things
that are within our field of vision.  CompuServe is an American company,
and when they cut out usenet groups in response to events in Germany, it
brought that country to our attention.

I would like to think that privacy activists and civil libertarians in
other countries would find allies and support in the US and European
countries like Finland and the Netherlands.  (We here in the states may
begin leaning on Dutch servers soon if the recently passed decency act is
enforced.)  If you need space on a web server, nntp access, a show of
solidarity -- let us know, and we'll try to deliver what you need.






From bruce at aracnet.com  Sat Feb 10 19:20:39 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sun, 11 Feb 1996 11:20:39 +0800
Subject: Privacy Without Tears
Message-ID: <2.2.32.19960211021734.006b0ec0@mail.aracnet.com>


At 05:53 PM 2/10/96 -0800, Lunaslide wrote:

>If everyone not only has a link to these pages in text, but also has their
>"PGP secured!", or similar little graphic on their pages, linked to these
>sites as well, it would save a lot of people a lot of redundant explaining
>and it would help spread the word about PGP like wildfire to the masses.

I like that a lot! A nifty graphic would be the old-fashioned engraving of a
padlock on the O'Reilly book about PGP.

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From jf_avon at citenet.net  Sat Feb 10 19:23:41 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 11 Feb 1996 11:23:41 +0800
Subject: The Communications Decency Act
Message-ID: <9602110216.AA04631@cti02.citenet.net>


Deepthroat at alpha.c2.org wrote:

>Why The Communications Decency Act passed, or
>Follow the money
>
>	There's been a lot of commentary the last few days about this
>bill, this strange creature, seemingly of the 'Christian Right.'  Talk
>of how and why its unconstitutional, protests; web pages blackened.
>But, oddly, no one seems to have examined who pushed the bill through
>Congress, or why.

>But where
>does that leave the big guys?  ABC, NBC, CBS??  Can they survive in
>this brave new world which the net threatens to be?
>
>	By and large, they looked at themselves, and saw they could
>not.  

At last!  Somebody bringing up the topic!  I am quite recent on CPunks, 
but I've been trying to push that point on alt.security.pgp and alt.privacy
some time ago.

After several try at it, I dropped the subject.  I couldn't believe that nobody 
considered this explanation to the CDA.  The thought that many so-called 
"free speecher" were actually hired by the big media to create a big fuss
among net users over the "porn vs religious" issue just to act as a diversion 
even crossed my mind!


JFA






From mianigand at unique.outlook.net  Sat Feb 10 19:26:53 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Sun, 11 Feb 1996 11:26:53 +0800
Subject: Strange Sounds of Silence
Message-ID: <199602110225.UAA04931@unique.outlook.net>


-----BEGIN PGP SIGNED MESSAGE-----


> The Strange Sounds of Silence
> 
> Has anyone else out there noticed the strange sounds of silence
> emmanating from the american print and broadcast media concerning the
> rider attached to the Telecommunications Act recently signed by
> President Clinton known as the CDA (Communications Decency Act)?
> 

:Are you sure? The coverage has been wall to wall out here (Bay area); 
:front page above the fold, business pages, computer columns, editorials 
:and editorial cartoons. Apparently it's the same level of coverage back 
:in the RTP.

:What part of the country are you in? I guess the coverage is different 
:in the major geek zones like the bay area and RTP

It really does depend where you are at, all of the Metropolitin cities such as 
NY, LA, Chicago, etc are debating it.

If you live in a more braindead part of the country, well, as has been stated 
before, most  people think the internet is AOL, what do you expect?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRzi80UffSIjnthhAQFUzgQAv1+te1qXW4Vm6yODxJW7B1fIl67VBSB3
5ec23filS1N0mK+D2al7F/kzcFmyneypuGL8tq6HiBbuJTzP55cNyucQJwUQ3Ysk
jwxRA+GcrzntR3bWdkHNT9DCzrSjJj0DNy2BwAIo8vQlNiKLlUeXmd2wOVvWTHhy
qkk5QVeFY4c=
=DaB0
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From jcobb at ahcbsd1.ovnet.com  Sat Feb 10 19:35:32 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Sun, 11 Feb 1996 11:35:32 +0800
Subject: This is not "This-is-not-punks" either
In-Reply-To: 
Message-ID: 


 
 
  Tim, 
 
 
  On 02 10 96 you say: 
 
  Anyone who can't filter out messages, either directly or by deleting 
  them quickly, probably isn't in a position to "write code" anyway.... 
 
 
  Allen, you sure hit that nail on the head! 
 
 
  Cordially, 
 
  Jim 
 
 







From stend at grendel.texas.net  Sat Feb 10 19:54:18 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sun, 11 Feb 1996 11:54:18 +0800
Subject: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: <199602110307.VAA05228@grendel.texas.net>


Alan Pugh  said:

AP> AEN News Commentary by Alan M. Pugh 

AP> The Strange Sounds of Silence

AP> Has anyone else out there noticed the strange sounds of silence
AP> emmanating from the american print and broadcast media concerning
AP> the rider attached to the Telecommunications Act recently signed
AP> by President Clinton known as the CDA (Communications Decency
AP> Act)?

	Um, no.  I heard about it on CNN, NBC, and the San Antonio
Express-News (in a New York Times Service article), the only
non-online news sources I routinely check.  It appears to me that the
sounds of silence are the only ones you want to hear.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From small at nethole.com  Sat Feb 10 19:57:15 1996
From: small at nethole.com (Jim Small)
Date: Sun, 11 Feb 1996 11:57:15 +0800
Subject: glide.c??
Message-ID: <199602092027.UAA04128@ex500.saic.com>



DO you know where I can find glide.c , or (newer) to bruteforce
.pwl files?





From rah at shipwright.com  Sat Feb 10 19:57:21 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 11 Feb 1996 11:57:21 +0800
Subject: A Rant about Senator James Exon
Message-ID: 


At 11:15 PM 2/9/96, Timothy C. May wrote:

>P.S. As many of you may already know, a "rant generator" can be found at
>http://www-csag.cs.uiuc.edu/individual/pakin/complaint

Yes!

A Mass Rant-Spam!

I'm inspired!

Too bad we can't break the CDA in the process...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From perry at vishnu.alias.net  Sat Feb 10 19:57:54 1996
From: perry at vishnu.alias.net (John A. Perry)
Date: Sun, 11 Feb 1996 11:57:54 +0800
Subject: Updated type2.list/pubring.mix
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I just put up an updated type2.list/pubring.mix on 
vishnu.alias.net. I took armadillo out as it has not been responding to 
pings or to requests to the owner as to it's status. If I hear from the 
owner, I'll add it back.

 John Perry - KG5RG - perry at vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry at vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6b4, a Pine/PGP interface.

iQEVAwUBMRwRFKghiWHnUu4JAQEeAwf+N+3sIloKkhVXqb2TnjpVt6UsmVyUcL6H
ZkO2bck/9BsI8DBedr7hyxUni8ZUUOxN0SFZacoTbsvzOFeesYtRHNilApVq+qq/
ZaO3B2DOUyWbMMMtSRoMgjVDvzvmGmw6Z7Ayq6P1z6elWn9Jd+MqWSOjiv3qSSnu
SbJmSvnT69eokrXxNSsmIQMRGxdH+r4A5i5iKN6x/9cNxl7AK55i6x10bcxEI5Yo
BF2/3tsZiR664wIwrVRk2srdWfnOIAdvnsQbzJV3so57GvBfUid0JbBC96mThYHR
Fs5m6PH9A7g5TXveNyylIFQZFRFyD2cq6QBGtPos0DFyAKn/6bp4aQ==
=1hD1
-----END PGP SIGNATURE-----





From ravage at ssz.com  Sat Feb 10 20:04:14 1996
From: ravage at ssz.com (Jim Choate)
Date: Sun, 11 Feb 1996 12:04:14 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602110333.VAA00832@einstein.ssz.com>



Forwarded message:

> From jimbell at pacifier.com Sat Feb 10 20:31:23 1996
> Message-Id: 
> X-Sender: jimbell at pacifier.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Sat, 10 Feb 1996 17:41:30 -0800
> To: Jim Choate 
> From: jim bell 
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
> Cc: cypherpunks at toad.com
> 
> 
> At 08:13 PM 2/6/96 -0600, Jim Choate wrote:
> >
> >Forwarded message:
> 
> >If the intent is to motivate others to kill or otherwise harm others simply
> >because you don't agree with them or their actions is reprehensible and
> >moraly or ethicaly undefensible.
> 
> That's a misleading statement:  You said, "simply because..."    As should 
> be abundantly clear from my other arguments, I wouldn't wish to see anyone 
> killed "simply because"  of the fact I "don't agree with them."  It is their 
> ACTIONS that I feel violate my rights; that is what  justifies my seeking 
> their deaths, should I choose to do so.
> 

But it is not clear at all. Exactly how do their actions violate your
rights? Are these the rights that you believe that you possess or the ones
that are recognized? Do the actions have to effect you directly and
immediately or must you merely percieve a threat? All of these issues are
unclear in your presentation. And for the final one, doesn't your putting a
contract out on them violate their rights (life, liberty, the pursuit of
hapiness)? The only answer to this is 'yes', meaning that to be ethical you
must put a contract out on yourself. Because your own actions violate 
somebodies rights. This catch-22 situation regarding deadly force is why
anarchy does not work. A perhaps less different example might be: If you
dislike bigots then you are a bigot. In short, you can't help but become
what you hate the most. It pays not to hate or be quick to use violence
since they are so strongly related.

It is not yours, the governments, or anyone elses right to decide who lives
and dies. You have a double standard.

> 
> >Every citizen of this country is a 'government employee' in one sense or
> >another.
> 
> That's about the weakest argument I've heard in a long time.  I'm amazed 
> that you weren't too embarrassed to post it to the list.  While I don't know 
> precisely what your definition of the phrase "government employee" really 
> is, I "every citizen" is a "governement employee" then you must have a 
> REALLY weird definition of that.
> 

Then Lincoln had a equaly weird view: Government of the people, by the
people, for the people. Perhaps this failure to recognize a basic premise of
representative democracy explains your apparent dichotomy in the concepts of
rights. In effect, your rights and their rights. When in fact there is no
difference.

I would suggest you read the Declaration of Indipendance and the Gettysburg
Address (again) to get a better perspective on what and who is supposed to
run this government and how. We have had a basic inversion of how our
government is supposed to work. In short, if there is a question the federal
government is supposed to bow to the will of the people and the states.
Currently the states and people bow to the federal government.

Somehow, I think that this is where  your argument fails, and it fails 
> miserably.
> 
> 
> >By resorting to violence you are no better than the ones you proport to
> >protect us against.
> 
> Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
> total non-violence principle, but it turns out that very few people actually 
> believe in that.

Might does not make right. Ethical cohesion does not rest on numerical
values. In case you have missed my comments before. I am not non-violent. I
do not support the use of violence in any format except in direct and
immediate self-defence. In which case make the beggars eyes bleed, no defeat
and no surrender. This means that if you walk outside and see a person
breaking in your car that in and of itself is not sufficient motive for
deadly force unless they attack you. I do believe (contrary to yourself I
would guess) that if you were walking down the street and somebody suddenly
grabbed you that would be sufficient motive to kill them in self-defence. In
cases like this there simply isn't enough time to evaluate the extent of the
threat, it is clear there is an apparent threat though. In short if your
person is violated physicaly without your premeditated permission then deadly
force is justified. I also believe that you are ethicaly justified in
stopping a person from assaulting or killing a 3rd party for the simple
reason that it could be you next. However, once that immediate threat is
over (for example a 4th party knocks the gun out of the muggers hand and
knocks them on the ground) then use of deadly force is not justified.

> Most people seem to think that they are entitled to 
> protect themselves from violations of rights.  The fact that these 
> violations of rights may be done by "government employees" is at most 
> irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
> use violence against a burglar, rapist, or murderer is correct; attempting 
> to deny me the right to protect my property from GOVERNMENT people is, in 
> itself, a violation of my rights.
> 

Rights as you use them are only relevant between a government and a citizen.
I as an individual person am not forced to provide you with a forum for free
speech or any other rights guaranteed in the constitution. Apparently you,
as many people do, confuse the rights that are yours in regards the
government with privileges and contractual obligations which govern
interpersonal actions. The local grocery store is not mentioned in the
Constitution. They are under no obligation to provide protection for your
life, liberty, or pursuit of happiness. Your basic argument rests on a straw
man premise, namely that rights guaranteed you by government are guaranteed
you by any and every other possible entity. This is clearly wrong.

It is not ethical to kill another simply for being a burglar. How much must
they steal before you are ethicaly justified in killing them? A $1,000
dollar stereo? Perhaps a $.20 pencil off your desk? Does this not justify
your employer killing you for using their machines for your own use,it is
theft of services after all (and you are on their property). If you have
sufficient force detain them. The legal system will take them from there
(assuming of course we revamp it with the other laws we discuss so heatedly
on here). What I propose is a simple and humane system. If a person commits
a crime which leads to the death or injury another they spend the remainder
of their life in a solitary cell with no chance of parole. In other cases
what should occur is they must work a regular job and provide restitution
for an extended period (ie $100/mo. to you for 30 years). Should they fail
to abide by this or they commit another crime then off they go for 20 years
or so, again with no chance of parole. I also strongly object to plea
bargaining. The whole concept of sending somebody to jail for 2-3 years is
silly and counter-productive. It leads to nothing but professional criminals,
in effect state run training grounds for the criminaly inclined. While in
jail they should be forced to live in work camps and not prisons as we
currently know them (unless they fall into the above 'harm another'
category). What should occur is that they are forced to live a relatively
normal lifestyle. In short, they work 8 hours a day and must pay for their
housing, food, etc. from their earning. What needs to occur is to train
persons to make a living and gain some success at managing a day to day
lifestyle. Our currrent system treats criminals as animals, which does
nothing to prevent further violence on their part, it only increases any
sense of isolation they may have.

> Are you a statist?
> 

No, as I have said on many occassions, I am a strict Constitutionalist.


                                               Jim Choate
                                               
                                               





From stewarts at ix.netcom.com  Sat Feb 10 20:06:36 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sun, 11 Feb 1996 12:06:36 +0800
Subject: Psion organisers
Message-ID: <199602090618.WAA24341@ix13.ix.netcom.com>


At 05:45 PM 2/2/96 +0000, Dave Roberts wrote:
>I was wondering about a couple of things regarding the Psion Series 3a 
>personal organisers.  (According to the manual, you have them in the USA 
>as well! :)
Not just in the manual, but in real life!  I hadn't thought about
the problems of bringing it through customs, though - yuk!
(I've more thought about Penn Jillette's proposal for an application
that does a Countdown to Detonation when you start up the machine,
just for the airport security people who want to be sure it's a real machine -
you could include audio :-)

>Firstly, anyone know what kind of encryption is done on documents and 
>spreadsheets held on it's internal disk?   It only allows a 10 character 
>password, and claims to encrypt the whole file.

I assume it's minimal, and unfortunately the encryption software I've
seen on the FTP sites for it has also been minimal (calling Enigma "minimal"
has a nice ring to it :-)  Porting RC4 shouldn't be too hard,
once I get the C support documentation.

The one genuine security application I have used it for has been S/Key;
typing in the challenge is a bit annoying (would be nice if the
application let you store previous challenges), but it works well.

Unlike the cool infrared communications Newtons can do between each other,
Psions have an audio-based communication that lets them squawk at each other.
I don't know how fast it is, since my machine doesn't have anyone to talk to
:-),
so I don't know if using it for digicash would be even vaguely practical.
(If it's 1200 bps, maybe - if it's 75 bps Baudot, probably not...)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs






From lunaslide at loop.com  Sat Feb 10 20:10:21 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sun, 11 Feb 1996 12:10:21 +0800
Subject: Privacy Without Tears
Message-ID: 


>At 05:53 PM 2/10/96 -0800, Lunaslide wrote:
>
>>If everyone not only has a link to these pages in text, but also has their
>>"PGP secured!", or similar little graphic on their pages, linked to these
>>sites as well, it would save a lot of people a lot of redundant explaining
>>and it would help spread the word about PGP like wildfire to the masses.
>
>I like that a lot! A nifty graphic would be the old-fashioned engraving of a
>padlock on the O'Reilly book about PGP.

There have also been graphics handily prepared by a member of this list.
Regretfully, I forget the URL and who it was from.  Anybody got that for us
again please?

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From tcmay at got.net  Sat Feb 10 20:16:59 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 12:16:59 +0800
Subject: A Rant about Senator James Exon
Message-ID: 


At 1:57 AM 2/10/96, Mark Allyn (206) 860-9454 wrote:
>Allright. That does it.
>
>I am going to volunteer to try to make a perl script that
>I will make available that will automatically email every
>congressman that has an email address. I will include a pre
>pared text of the email message. All you would have to do is
>to sign it and it would send the same message to all of them
>with email addresses automatically. I can even have it have
>several prepaired texts so that they are all slightly different
>so that any funky gatekeepers at the congress email sites that
>attempt to keep out spams could be defeated.
>
>What do you think? Is this worth it?


Here's something I did about Senator James Exon:

My complaint about James Exon

I would like to take a moment to comment on James Exon's statements. What
follows is a set of observations I have made about inane zombies. I truly
suspect that his opinion is a lazy cop-out. If he gets his way, I might
very well kill somebody. This is explicitly or implicitly expressed or
presupposed in most of the material I plan to present. To Exon, terrorism
is a kind of religion. This is not the first time we've had trouble with
unreasonable goofy-types, and it certainly won't be the last. His claims
are a cesspool of alarmism.

If you need proof that he is off his rocker, then just take a look at him.
Exon has a driving need to reduce human beings and many other living
organisms to engineered products and mere cogs in the social machine.
Ostensibly, he does not intend to insult my intelligence, but in fact,
insipid porn stars like him tend to conveniently ignore the key issues of
this or any other situation. Speaking of insincere megalomaniacs, it would
be downright ungrateful for him to censor any incomplicitous principles.
It's a sad world where fickle worthless-types have the power to feed us a
diet of robbery, murder, violence, and all other manner of trials and
tribulations. After all, I myself unequivocally maintain that Exon should
take more responsibility for his actions. To put it another way, he likes
to have difficult social issues presented to him in simple, black-and-white
terms.

I don't see how he can be so abusive. That doesn't necessarily mean that he
is intentionally being stupid. Rather, it means that his attempts to turn
the trickle of alcoholism into a tidal wave are just a game to him.
Although Exon has tremendous popular appeal, Exon has come very, very close
to making me defend my rights. He should just quit whining about
everything. He feels he has not only a right, but also a duty, to toy with
our opinions. His idea of a good time is to torture jealous radical
hedonists. An inner voice tells me that Exon's claims are pure tripe. To
sum it all up, pesky deranged moviegoers like James Exon often think they
have the right to flush all my hopes and dreams down the toilet.


-Tim May

P.S. As many of you may already know, a "rant generator" can be found at
http://www-csag.cs.uiuc.edu/individual/pakin/complaint

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From rjc at clark.net  Sat Feb 10 20:42:24 1996
From: rjc at clark.net (Ray Cromwell)
Date: Sun, 11 Feb 1996 12:42:24 +0800
Subject: The Decense Project
Message-ID: <199602110410.XAA20161@clark.net>




The Decense Project

  A few days ago I was reading Clarinet Newsbytes Top news. It read
like something right out of 1984. "Germany cracks down on AOL and
Compuserve", "Japan busts Japanese porn web site", "French bans web
sites with banned book", "China issues internet regulations", and
"Clinton signs Telecom bill" The other shoe is starting to drop. The
ante has been raised as governments around the world are trying to
control the content of the Internet. But the politicians writing this
type of legislation have no clue what they are really dealing
with. They are are part of a centralized organization with a
centralized philosophy trying to cope with something inherently
decentralized, non-physical, and constantly evolving. We all know the
genie is out of the bottle. Let's write some code to keep it that
way.

Enough of the rhetoric.

Decense is the name of what I hope to be, a family of software protocols
designed to "decensor" the net. I'm contributing the first, and I hope,
most useful piece. I hope others will join me in developing this software,
making it more robust, and distributing it across the net.


What is Decense?

The first piece of the Decense software is designed to provide "penet" like
double-blind anonymous transactions for the http protocol. It is written
as a cgi-bin script which provides a seamless mapping between anonymous
ids and remote web servers. Servers running Decense can be chained like
anonymous remailers to increase site level security.


Decense works as follows.

The server maintains a database mapping anonymous ids to url directories.
For instance 'foo' -> 'www.c2.org' as an example. The anonymous ids are
stored as md5 hashes so that if the site is ever compromised, the db
cannot be used to get a complete listing of all anonids<->sites. The
attacker is forced to hash and compare each one he is looking for. 
[yes, he still gets a listing of all the urls, but chaining takes care of
that to some extent. In the future, I want to use the unhashed 'anonid' as 
a key to a symmetric cipher to encrypt/encrypt each url field of the database.
The db would be stored as (hashed(anonid), DES/IDEA(anonurl)
                               ^ key            ^ value       ]


A url is constructed as follows

http:////decense//

Decense will lookup the anonid in the database, and map it to a url, such
as "http://foo.bar", it will then append the relative url portion yielding
"http://foo.bar/"

It will proceed to fetch the document at that URL. If the document is
an html or text file, it will scan the file replacing any references to
the remote server with the decense url.

Example:

Let's say I am running decense at http://foo.bar with an anonid of 
'c2' which maps to www.c2.org.

If I then request http://foo.bar/cgi-bin/decense/c2/index.html
and index.html contains the following URL



the URL will be changed to 

 

in the returned document.


Future plans for Decense

  I am heavily loaded down with work right now. But future versions of
Decense should have

1) the ability to filter out mailto: and instead, substitute in a url
pointing to a post/mail cgi-script which sends mail to the real recipient
through an anonymous remailer chain.

2) the ability to proxy through SSL servers for encryption

3) the ability to handle authenticated urls properly

4) the ability to handle a document being located on multiple sites, with
optional shamir sharing, so that a site is a) either picked at random
to retrieve a document or b) a portion of the sites are picked, and the
document is fetched and reassembled via a sharing protocol from those
sites.    



I will release source code in about a day, I'm now alpha testing it.

If you would like to contribute to Decense, send mail to 
   rcromw1 at gl.umbc.edu

-Ray
rjc at clark.net





 





 























From PADGETT at hobbes.orl.mmc.com  Sat Feb 10 20:42:38 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Sun, 11 Feb 1996 12:42:38 +0800
Subject: Choices
Message-ID: <960210230549.20217184@hobbes.orl.mmc.com>


>Well there you have it. Many of the poor clearly are not buying new sets
>that have closed-captioning. Meanwhile, we all pay for it when we buy new
>sets and VCRs. 

High added cost does not follow. We (actually my wife as a Christmas present)
bought the cc box because none of our sets were new enough. I suspect that
the cc decode capability could be integrated into the existing video 
decoder chips at no additional cost (other than what is needed to turn
it on and off & that is done electronically) - suspect that if you look
at trade (e.g. hotel/motel) set prices before cc was added and after that 
you will will see little difference (any body here know ? I have not followed
this.

V-chip could be similarly integrated just by having the signal cause the 
video to lose sync. 

>A hidden tax, that does not benefit those in need. 

Depends on the quanta. I suspect that like cc, in the long run it will have
little or no effect on set prices. BTW, anyone know under what juristiction
the regulation requiring cc devices was issued ? ADA ? - if so would not
work for V-chip.

>ObCypherpunks: A truly surprising number of people on this list are on the
>one hand lambasting the government for thievery, incompetence, corruption,
>and violation of their rights, while on the other hand explaining why they
>think some particular intrusion is justified. 

Think I have been consistant - am FOR things which add to my choices and
AGAINST those which reduce the choices available. In general I do not
mind paying a delta for increased choice so long as it is small

>People need to think about the powerful implications of strong crypto, and
>decide if they are _for_ access to strong crypto by citizens, or _against_
>it. All things follow from this decision.

Am FOR choices. Citizens *have* access to strong crypto. Do not believe
use of crypto in this country can be regulated between two citizens or on
public networks. (Note, I say *public*. On *private* networks, the owner
can enforce any rules he/she/it/other likes.) Gov has right to define
communications with and between itself.

Gov does have the right (in fact the duty) to regulate communications 
between citizens and non-citizens/sites in other lands (and if you do not 
think communications with sites such as anon.penet.fi are inside the charter 
of the NSA, I have this prime Florida land - we're in the dry season now 8*).

					Warmly,
						Padgett





From allyn at allyn.com  Sat Feb 10 20:44:01 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sun, 11 Feb 1996 12:44:01 +0800
Subject: Tell me whats wrong with this
In-Reply-To: 
Message-ID: <199602100136.RAA25981@mark.allyn.com>


This V Chip Stuff: 

How do you think this will be used in relation with just
plain wierd stuff. Not violent stuff, but just pleasently
weard.

By what I mean weard, check out http://clearplastic.com





From cactus at hks.net  Sat Feb 10 20:44:09 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Sun, 11 Feb 1996 12:44:09 +0800
Subject: Regarding employee rights on company equipment
Message-ID: <199602100034.TAA06923@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

> From Edupage Feb 8, 1996,
> 
> INTERNET USAGE POLICIES
> Neal J. Friedman, a specialist in online computer law, says that "employees
> are under the misapprehension that the First Amendment applies in the
> workplace --  it doesn't. 

Friedman is only pseudo-right: IE, his arguement makes sense but courts have not
always followed this reasoning, though: if you're really interested in this topic,
investigate rulings where an employer has read an employee's voicemail.

The key concept is "reasonable expectation of privacy."
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRvoHSoZzwIn1bdtAQGA5AF+NLNypUxQ1E5/X6smpiY215d2R1O0A/Y0
n0hlXF9lpZNg6y+qlLWR5qZc00PZ5HpX
=NI4R
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Sat Feb 10 20:50:13 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sun, 11 Feb 1996 12:50:13 +0800
Subject: No Subject
Message-ID: 




On Wed, 7 Feb 1996, Jordan Hayes wrote:

> 	> it _is_ anonymous ...
> 
> And then:
> 
> 	> can be refilled at ATMs
> 
> You make a deposit or something?  How does the transaction clear?
> When they finally look in the envelope, they credit the card?
> 
> Or do you mean just 'anonymous' between the user and the merchant?
> 
> /jordan
> 

sorry i wasn't clear: it is anonymous between the user and the merchant, 
and between the user and the card distributer (in this case Visa). 
"Refilling" at ATMs is essentially a download of "cash" from your bank 
account into the card.





From owner-cypherpunks at toad.com  Sat Feb 10 20:53:09 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Sun, 11 Feb 1996 12:53:09 +0800
Subject: No Subject
Message-ID: 


On Fri, 9 Feb 1996, Jim Small wrote:

> DO you know where I can find glide.c , or (newer) to bruteforce
> .pwl files?

http://www.c2.org/hackmsoft/

There will also be a utility for extracting and decrypting file sharing
(Win95 as server) passwords as soon as the code is refined and the ReadMe 
is written.

-rich





From ddt at lsd.com  Sat Feb 10 21:13:34 1996
From: ddt at lsd.com (Dave Del Torto)
Date: Sun, 11 Feb 1996 13:13:34 +0800
Subject: Req. for soundbites
In-Reply-To: <2.2.32.19960210050116.006a6880@via.net>
Message-ID: 


At 9:01 PM 2/9/96, Joe Zychik wrote:
[elided]
>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

I don't have soundbites per se, but since Senator #3 (Larry Pressler)
described in the Bottom Ten Congresspeople post below is a leading CDA
Goose, this might be worth a gander...

   dave

................................. cut here .................................

The Ten Most Dimwitted Members of Congress

BY  KEN SILVERSTEIN  (As published in The Progressive)

H.L. Mencken once wrote that since elections produced such dreadful
results, citizens should stop wasting their time voting and simply pick
their representatives at random from the phone book.  Mencken's barb has
even more sting these days since the quality of political leadership seems
to have dropped precipitously, as a few random hours watching C-Span
quickly reveals.

     Identifying the ten most dimwitted members of Congress was a
difficult task.  To do so, I canvassed several dozen sources-- liberal
and conservative, Democrat and Republican-- on Capitol Hill. Seven
freshmen and one sophomore won a place on the list. Thanks to the sheer
brute stupidity of these newcomers, world-class contenders like New York
Senator Alfonse D'Amato and California Representative Bob Dornan didn't
even come close to making the final cut.

     Before turning to the roll call, a few caveats.

     First, I intended to create a bipartisan list, but was unable to come
up with any suitable Democratic candidates. This in no way reflects the
high intellectual caliber of the party, which has its fair share of
nitwits.  However, I found that while Democrats were eager to point to
Republicans, the opposite was not the case: Republicans fingered their
own.  "That's the luxury you have when you're in the majority," one
Democratic staffer complained bitterly.

     Second, while most of the members here come from the GOP's right wing,
it would be a mistake to conclude, as many liberals do, that conservatives
are generally dumb: Newt Gingrich and Jesse Helms are anything but stupid.

     Finally, while the distinguished members of the list may enrich the
nation's political folklore, their foolishness is dangerous.

     That said, the winners are:


No. 10 - Representative Martin Hoke - Ohio (first elected in 1992)

     Hoke, a millionaire businessman, was a political unknown when he
defeated Representative Mary Rose Oakar in 1992.  He's accomplished
little in Washington and would likely still be unknown if it weren't for
his frequent blunders.

     After President Clinton's 1994 State of the Union address, Hoke and a
Democratic colleague, Eric Fingerhut, were asked for comment by a local
network affiliate.  The pair was wired up by producer Lisa Dwyer.  As she
walked away, Hoke-- unaware that his observations were being recorded by an
open microphone-- exclaimed in a mock accent, "She has the beeeeeg breasts."
The day after this slip, Hoke expressed a certain relief when an escaped
Ohio convict went on a murder spree, suggesting to a reporter that the
killings might knock his remark about Dwyer off the front pages of local
newspapers.

     This was not Hoke's only slip in the area of gender politics.
Interviewed by The New York Times's Maureen Dowd about the life of the
single man on Capitol Hill, Hoke, a divorcee, replied, "I could date Maria
Cantwell or Blanche Lambert- they're hot."  Cantwell and Lambert, fellow
members of Congress, were not amused.

     Hoke fervently attacks "big government," but sometimes seems unfamiliar
with his target.  In 1992, he was demanding urgent reform at the Federal
Savings and Loan Insurance Corporation, an agency abolished three years
earlier.

     When Hoke defeated Oakar he had the band at his victory party play,
"Ding Dong, the Witch Is Dead."  Commenting on Hoke's D.C. exploits, Oakar
has suggested that the Congressman should change the tune to another song
from The Wizard of Oz: "If I Only Had a Brain."


No. 9 - Representative Don Young - Alaska (1973)

     The new head of the House Resources Committee, Young is best known for
his rabid attacks on ecologists.  Animal-rights advocate Mary Tyler Moore
once read a poem about the cruelty of steel-jaw leg-hold traps before the
Merchant Marine subcommittee, where Young previously served.  Accompanying
Moore was Cleveland Amory, who periodically inserted a pencil in a trap,
causing it to snap shut.

     The moment was highly charged and Young, as a hunter and trapper,
realized dramatic action was required to turn the tide.  His solution
was to place his hand into a trap he had brought along to the hearing, and
then begin to calmly question a witness as though nothing unusual had
happened.  "I never told a anyone, but it hurt like hell," Young later
confided to a Congressional staffer.

     Young also made use of a visual aid at a 1994 hearing.  Young waved an
18-inch oosik-- the penis bone of the walrus-- at Mollie Beattie, director
of the U.S. Fish and Wildlife Service.  Beattie had suggested that Alaskan
Natives should be able to sell oosiks only as handicrafts, not uncarved, a
proposal Young derided.  The incident was especially embarrassing because
Beattie is the first woman to head the Service, and the hearing marked her
debut on the Hill.

     Earlier this year, a group of students in Fairbanks invited the Alaskan
wild man to speak about the GOP's "Contract with America."  Young expounded
on a number of his favorite topics, including the need to slash federal
funding of the arts.  The government, Young said, has funded "photographs
of people doing offensive things" and "things that are absolutely
ridiculous."  One student asked Young what sort of things he had in mind.
"Buttfucking," the Congressman replied (a reference to a 1990 exhibit of
Robert Mapplethorpe photographs in Cincinnati supported by the National
Endowment for the Arts).  Young defended his remarks, saying he was merely
"trying to educate" the inquisitive youngsters.


No. 8 - Representative Sonny Bono - California (1994)

     Sonny Bono, the new Representative of California's forty-fourth
district, is best known in his post-Cher incarnation for his four guest
appearances on Love Boat.  He didn't enter politics because of any keen
desire to better the world.  He was simply mad about how long it took to
get a permit to open a restaurant in Palm Springs.

     Bono's mental shortcomings have long made him a subject of scorn among
California politicians.  During his run for Congress last year, Palm Desert
councilman Walt Snyder called Bono a "laughingstock," and Representative Al
McCandless charged that he took "pride in not having studied [the] issues
until just a few months ago."  Snyder and McCandless, incidentally, are both
Republicans, and they both supported Bono in his race against Democrat Steve
Clute.

     Bono served as mayor of Palm Springs between 1988 and 1992.  His
public-relations director, Marilyn Baker, later revealed to the Los Angeles
Times that she had to rewrite the mayor's agendas into script form so Bono
could conduct official business. "For call to order, I wrote,  'Sit.'  For
salute the flag, I wrote, 'Stand up, face flag, mouth words.'  For roll
call, I wrote, 'When you hear your name, say yes,"' recalled Baker, who quit
after three depressing months of service.

     Bono's current legislative director, Curt Hollman, is charged with the
Herculean task of summarizing complex issues in short, simple memos that
Bono can comprehend.  Unfortunately, Hollman can't watch during all of his
assignments.  At one Judiciary Committee hearing, Bono complained, "Boy,
it's been flying in this room like I can't believe today.  We have a very
simple and concise bill here, and I think it would be to everyone's pleasure
if we would just pass this thing."  This prompted New York's Charles E.
Schumer to dryly reply, "We're making laws here, not sausages."

     On another occasion, Bono complained that his colleagues were becoming
needlessly bogged down in "technical" matters and legalese.  This about the
Judiciary Committee, which writes laws and deals with trifling matters such
as constitutional protections.


No. 7 - Representative Jack Metcalf - Washington (1994)

     Metcalf describes himself as "a guy willing to take some kamikaze
runs," a statement reflected in some of his policy stances.  He has
advocated, for example, a return to the gold standard and the abolition of
paper money.  Even The Wall Street Journal once mocked Metcalf for keeping
company with "gold bugs, tax protesters, and conspiracy theorists," and
noted with concern that he had secretly buried in the woods thousands of
dollars in silver coins in expectation that "a cataclysm of some sort [will]
engulf the nation."

     Metcalf frequently adopts positions that don't square with his actions.
He is an ardent champion of term limits, yet he has served for twenty-four
years in the Washington state legislature.  During the 1994 campaign, he
pounded his Democratic opponent, Harriet Spanel, with charges that she
opposed the death penalty and was generally indulgent of the criminal
element.  Then, during the final days of the race, the Metcalf camp covertly
contracted prisoners at the Washington State Reformatory to conduct its
telemarketing operation.

     The sixty-seven-year-old Metcalf is an old-fashioned sort, as seen in
his views on curbing teen pregnancies.  As he told interviewers from
Republican Beat-- a fictitious youth magazine dreamed up by Spy-- people
under sixteen "need to be closely chaperoned by their parents.  They won't
like that, but what causes teenage pregnancies all over that we're worried
about is unchaperoned kids. Period."

     Despite his lack of brain power, the courtly Metcalf is popular in
Congress, where he is seen as a well-meaning simpleton.  "Jack wants to do
the right thing," says one House staffer.  "He just doesn't have a clue as
to what the right thing is."


No. 6 - Representative J.D. Hayworth - Arizona (1994)

     A former TV sportscaster and football player, Hayworth, like Gerald
Ford, appears to have forgotten his helmet one too many times.  At a
recent convention of People for the West!, a group linked to the Wise Use
movement, Hayworth said that logging was a particularly beneficial activity
because forests are a fire hazard.

     Hayworth's entire political philosophy can be boiled down to "Big
government, bad; less government, good."  The Arizona Republic has said that
"substance has never been a strong suit of Hayworth's (even by sportscasting
standards)," and that he even has "to read his cliches from a script."

     Hayworth's major activity since coming to Washington-- and one that
invariably sets off waves of anguished head-slapping on the floor-- is his
daily one-minute statement.  His attempts at humor elicit groans, as when
he suggested to the opposition party that it "lure Freddy Krueger as the
new liberal Democrat spokesman" and "set up a new political-action
committee, the 'Whine Producers.' "

     Though decidedly dumb, Hayworth is also smooth and relentless.  "You
can't have a real debate with Hayworth," says one Democratic staffer.  "He
talks as passionately about his need to take a No. 1 as he does about the
need to cut government spending."


No. 5 - Representative John Hostettler - Indiana (1994)

     Hostettler's dumb roots run deep.  He's an enthusiast of Dan "Potatoe"
Quayle, who campaigned on Hostettler's behalf.  And he has Quayle's penchant
for putting his foot in his mouth.

     In opposing gun control to a group of high-school students, he
suggested that the Second Amendment allowed for the private ownership of
nuclear weapons as well as handguns.  He alienated Jewish voters when, at
a candidates' forum he made reference to the people "who killed Jesus
Christ."

     Hostettler sometimes cites historical precedent in pushing the Contract
with America, though his grasp of the subject is shaky at best.  He blithely
supported slashing government spending, including deep cuts in social
programs, saying in a speech on the House floor on March 16 that "American
society can and will take better care of its needy without the interference
of the federal government."  To back this assertion, he referred to the
progressive era, when "local charitable agencies" looked after the poor.

     (Never mind progressive-era books, like Lincoln Steffens's The Shame
of the Cities and Upton Sinclair's The Jungle, that detailed the urban
misery that private charities failed to dent.)  "The signature notion of
the progressive era was the demand for government regulation to ameliorate
society's injustices," says Josh Brown, a historian and media director of
Hunter College's American Society History Project, "Hostettler's got his
history all wrong."


No. 4 - Representative Frank Cremeans - Ohio (1994)

     "The Greeks and the Romans were homosexuals.  Their civilizations did
not stand.  Did they come in contact with a social disease like AIDS? I
don't know the answer.  But I wonder."  This was Frank Cremeans pondering
the enigmas of history during the 1994 campaign against Democrat Ted
Strickland.  Comments like this prompted the Dayton Daily News to call
Cremeans "a bad joke" whose election would constitute "a mockery of
democracy."

     Cremeans has continued to make bizarre statements since taking up
residence in the Capitol.  He once declared his opposition to sex before
marriage, saying that "marriage is a very sanctimonious commitment."  In an
interview with a radio station in Marietta, Ohio, during which he discussed
Congress's first 100 days under Newt Gingrich, Cremeans excitedly declared
to the show's host, "Just think about it, Mike, we're advancing backwards!"

     Cremeans might have ranked lower here but, unlike some of his
competitors, he is smart enough to know he's dumb.  He wisely refuses
to answer any substantive questions from the press or public, referring all
such inquiries to his chief of staff, Barry Bennett, a prominent Ohio
Republican who is viewed in Washington as Cremeans's babysitter-- "His
handlers can tell him anything and he'll simply repeat it over and over,"
says one committee staffer familiar with Cremeans.  "He takes direction well
but when he tries to think on his feet he quickly gets into trouble."


No. 3 - Senator Larry Pressler - South Dakota (1978)

	Most recently noted for his attacks on public broadcasting,
Pressler, the only Senator to make the list, is considered to be a
hopeless nitwit by virtually all of his colleagues.  Ted Kennedy once asked
a former Senatorial colleague of Pressler, "Has he had a lobotomy?"  South
Dakota's other senator, Thomas Daschle, said of Pressler, "A Senate seat is
a terrible thing to waste."

     Pressler has had repeated difficulties with closets.  On one occasion
he fell asleep in one and arrived late to an important hearing.  In
another incident he rose from a meeting with colleagues in the Commerce
Committee and mistook a closet door for the exit.  He realized his mistake
but apparently thought the best strategy would be to wait to emerge until
everyone else left the room, a tactic that failed when his companions
decided to wait him out.

     Pressler has sponsored virtually no important legislation during his
two decades in Washington, a fact he seeks to obscure by issuing
frequent press releases touting his meager achievements.  One example: "New
York Times Carries Pressler Drought Letter."

     Parliamentary procedure has never been one of Pressler's strong points.
During the recent mark-up of the Omnibus Telecommunications Bill, lobbyists
assisting the proceedings on TV from a Commerce Committee anteroom roared
with laughter as Chairman Pressler mangled the hearings.  To keep him from
participating in committee affairs, Republican staffers distract Pressler
with a constant stream of unimportant memos.


No. 2 - Representative Helen Chenoweth - Idaho (1994)

     Chenoweth-- an ultraconservative who prefers to be called Congressman--
is a close political and philosophical ally of the loonier sectors of the
militia movement.  Earlier this year she claimed that federal agents
enforcing the Endangered Species Act were landing black helicopters on
ranchers' properties in western states.

     On the campaign trail last year, Chenoweth held fundraisers where she
sold baked Sockeye Salmon, an endangered species.  Asked if she believed
the Sockeye were truly threatened, she said, "How can I, when you can go in
and you can buy a can of salmon off the shelf in Albertson's?"  According
to Chenoweth, "It's the white Anglo-Saxon male that's endangered today."

     To one group of scientists who testified before the resources
committee, Chenoweth said, "I want to thank you for all being here and
I condemn the panel."  At a field hearing on the Endangered Species Act in
New Bern, North Carolina, she apologized to a witness, saying, "I didn't
understand everything you said.  You all talk so funny down here."  On the
House floor, she once protested, "Excuse me, but can someone please explain
what an ecosystem is?"

     Chenoweth blindly attacks any proposal emanating from the White House.
She once arrived badly late to an energy subcommittee hearing, and quickly
began attacking Administration officials who were testifying about a
proposed bill that she opposed.  The acting chair, John Doolittle of
California, finally cut Chenoweth off to inform her that the officials
shared her position.


No. 1 - Representative Jon Christensen - Nebraska (1994)

     Unquestionably the dumbest man to serve in the 104th Congress,
Christensen rails against the "liberal elite," whom he claims is out of
touch with the daily struggles of common folk.  Christensen himself has no
achievements to speak of, and, prior to his election, lived off the interest
income of his wife, Meredith, who springs from a rich Texas clan.

     After graduating from law school, Christensen twice failed the Nebraska
bar exam, finally squeaking through on his third attempt.  No law firm would
hire him (except for clerking duties), so Christensen was forced to sell
insurance.  He supplemented his income by peddling lawn fertilizer out of
his garage.  In a brazen display of resume inflation, Christensen now
describes his past positions as "Insurance Marketing Director" and
"Fertilizer Holding Company Executive."

     During the 1994 campaign, Christensen held a question-and-answer
session at Omaha's Westside High School.  Apparently fearful that their man
would wither under pressure, Christensen's aides prepared questions in
advance and handed them out to students who were volunteers for his
campaign, telling them to clutch their pens in their  hand so the candidate
would know who to call on.  Other students learned of the fix, and foiled
Christensen's plot by holding pens in their hands when asking questions.
"If he can't stand up to a roomful of seventeen-year-olds, how is he going
to stand up to the U.S. Congress?" Westside senior Joey Hornstein asked the
local press.

     During a radio interview in Nebraska, Christensen vigorously attacked
welfare recipients, saying he favored cutting all government "hand-outs and
subsidies" to "eliminate people's reliance on government."  When the host
pointed out that Christensen had outstanding student loans of between
$30,000 and $100,000, the Congressman feebly replied, "Well, I wouldn't have
been able to go to school if I didn't have a student loan."

     In another staggering display of imbecility, Christensen once called
a press conference to announce his personal deficit-reduction plan, which
called for cuts in government spending of $1.5 trillion.  When informed by
a reporter that $1.5 trillion was the entire budget, a bewildered
Christensen hastily changed topics.







From um at c2.org  Sat Feb 10 21:50:38 1996
From: um at c2.org (Ulf Moeller)
Date: Sun, 11 Feb 1996 13:50:38 +0800
Subject: DSN
Message-ID: 


Bill Stewart  wrote:

>>[RSA in 5 lines of Scheme, deleted.]
>Got any short prime-number generators?

I am writing some more Scheme code (not optimized for size, though).
Have a look at http://www.thur.de/ulf/crypt.scm

-- 
Ulf M�ller   *   E-Mail:    *   WWW: http://www.c2.org/~um/





From vince at offshore.com.ai  Sat Feb 10 22:28:48 1996
From: vince at offshore.com.ai (Vincent Cate)
Date: Sun, 11 Feb 1996 14:28:48 +0800
Subject: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <0l7GNu200bk=4YzNJr@andrew.cmu.edu>
Message-ID: 



> Thanks, but no thanks. I don't need a shell account at $1,200 a year.

It is clearly not for everyone.  However, someone running a
business over the net should really think about how much they pay
in taxes to see if forming an offshore corporation and getting an
offshore web-site makes sense. 

Basically if a net business is paying more in taxes than the extra
costs to operate an offshore corporation it can pay to relocate. 
The operating costs are the web-site/email $1,200/year and about
$500/year to maintain a corporation (~$1,000 first year).  So even
a small business can justify the move.

   --  Vince





From jimbell at pacifier.com  Sat Feb 10 23:24:50 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 11 Feb 1996 15:24:50 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


At 05:01 PM 2/9/96 EDT, E. ALLEN SMITH wrote:
>	Whoops. I didn't mean to send that one to the list (re: ethics of
>assasination). Sorry. I am still trying to decide on whether other discussions
>of the non-Crypto aspects of Assasination Politics are appropriate; I would
>appreciate mail back from Perry in response to my email to him.
>	Sorry again,
>	-Allen

If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
he should demonstrate this by writing notes which are focussing on the
crypto aspects, rather than just complaining.

Jim Bell






From tcmay at got.net  Sat Feb 10 23:44:15 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 15:44:15 +0800
Subject: Choices
Message-ID: 


At 4:05 AM 2/11/96, "A. Padgett Peterson P.E. Information Security"
>Think I have been consistant - am FOR things which add to my choices and
>AGAINST those which reduce the choices available. In general I do not
>mind paying a delta for increased choice so long as it is small

No, I don't think you're consistent. "Tim's Fine Televison Sets" does not
like the idea of having to put CC (and, soon, V-Chips) in its t.v.s. Men
with guns are telling him he must comply, or else.

Your "am FOR things which add to my choices" ignores the fact that
mandatory closed-caption hardware is an infringement on the basic property
rights of someone who offers products for sale.

Those who want CC devices, or V-chip devices, or automatic text-to-speech
converters are of course free to buy them, if someone is selling them. They
are not free to demand that my widget include them.

--Tim

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From nobody at REPLAY.COM  Sat Feb 10 23:45:35 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sun, 11 Feb 1996 15:45:35 +0800
Subject: Building in Big Brother
Message-ID: <199602110459.FAA28262@utopia.hacktic.nl>



   Building in Big Brother:
   The Cryptographic Policy Debate
   Edited by Lance J. Hoffman
   Springer Verlag Publishers
   Copyright: March 1995
   Price:$29.95
   ISBN 0-387-94441-9
     
_________________________________________________________________


   
   "If you ever wondered how a particular computer technology 
could attract the interest of the directors of three 
intelligence agencies, the heavyweights in the computer 
industry, a gang of programmers turned freedom fighters, and 
the President of the United States, you need look no farther 
than Building in Big Brother. This book outlines the next civil 
liberties battle in the United States."

   - Marc Rotenberg, Electronic Privacy Information Center

   
   "One-stop-shopping for even the most sophisticated analyst 
of the policy wars over cryptography."

   - A. Michael Froomkin, Associate Professor of Law, 
University of Miami Law School

   
   "Lance Hoffman has compiled an extraordinarily useful and 
well balanced collection of materials on cryptography and its 
applications. This book will instantly become a definitive 
compendium."

   - Peter G. Neumann

   
   "Though Lance Hoffman is a dedicated opponent of current 
government policy, he has assembled a volume that should be -- 
and will be -- on the desk of every cryptographic policymaker 
in Washington. He has accurately recorded the many voices in a 
debate that will profoundly affect our future, for good or ill, 

well into the twenty-first century. This book is an important 
contribution to the history of encryption. It is an even more 
important contribution to those who are struggling to shape 
that history."

   - Stewart Baker, Steptoe & Johnson (formerly General Counsel 
to the National Security Agency)


   "An authoritative source of political writings by the major 
players in the crypto revolution."

   - Philip Zimmermann, Creator of PGP

_________________________________________________________________



   Includes Steven Levy's peerless "Cypherpunks vs Uncle Sam" 
and other Shortstop-proof cpunx ammunitions.












From master at internexus.net  Sat Feb 10 23:55:46 1996
From: master at internexus.net (Laszlo Vecsey)
Date: Sun, 11 Feb 1996 15:55:46 +0800
Subject: The Decense Project
In-Reply-To: <199602110410.XAA20161@clark.net>
Message-ID: 


> The first piece of the Decense software is designed to provide "penet" like
> double-blind anonymous transactions for the http protocol. It is written
> as a cgi-bin script which provides a seamless mapping between anonymous
> ids and remote web servers. Servers running Decense can be chained like
> anonymous remailers to increase site level security.

How is it possible to have an anonymous <-> anonymous transaction. The
only way I see this can be done is to have the http data (c2.jpg for
example) actually pass through your cgi-bin script so that the original
identity (location) of the image is not revealed. This may be ok for some
text files and documents, but who would set up this program on their
server knowing that all their bandwidth is going to be gobbled up? 

Perhaps if the files were spread out across many servers (fragmented) in
some way none of the individual pieces could be linked to any other, but
as a whole the file could be accessed.

If you decide to go ahead with the chaining method that you described
above, maybe it would be best to have the cgi-bin program mail the file to
your E-Mail account. If there is going to be any delay at all, you might
as well make it go through some more anonymous servers (more secure) and
have it show up a little bit later in your mailbox. 






From don at cs.byu.edu  Sun Feb 11 00:03:24 1996
From: don at cs.byu.edu (don at cs.byu.edu)
Date: Sun, 11 Feb 1996 16:03:24 +0800
Subject: Anonymity
Message-ID: <199602110547.WAA00255@wero.cs.byu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

In a project relating to the need for anonymous remailers, I would like
to find out about someone in particular. (I would like to do so without the
resulting information getting circulated any more than it probably already
is.) Specifically, I have a full name and an email and am curious how much
information can be collected. (whoever has those US-population CD's, that's
the kind of thing I'm looking for) Preferrably I would like to go from
the email address only to a SSN or address or something unique, but I will 
make the two of them my starting point if necessary. 

The point being, of course, that anonymous remailers are the only thing
that keeps many email addresses from becoming a life history.

Anyone who can help me research please send PGP encrypted (key 0x994b8f39)
mail.

Thanks

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR2C0cLa+QKZS485AQFGNgL/XIOSJqabFsiHa9xtwWb1kltGbjcMnLZ4
appMShASZNBUULl9dj7qwyhSxVosgaaKIHPMd9H4DiywRG47WYXxqbKDI1dBSA+l
f7Wy68QYA0RVtL9oci6z+w6UGpwfRbnV
=rP7B
-----END PGP SIGNATURE-----





From vznuri at netcom.com  Sun Feb 11 00:07:37 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Sun, 11 Feb 1996 16:07:37 +0800
Subject: "internet underground" magazine
Message-ID: <199602110544.VAA17183@netcom5.netcom.com>



just went to Barnes&Noble to check out magazine titles on the
Internet/cyberspace, and walked away with 10 separate titles!!

anyway, there is a new one that will be especially appealing to 
cpunks here. I haven't seen it mentioned here:

"internet underground".

issue #3 has interesting articles on
- web transaction tracking, by S.Garfinkel
- "my secret life with Phil Zimmerman", S.Garfinkel
- how to send anonymous email. mentions cpunk remailers. by
editor S.Ellerman

plenty of other fluff.

maybe some people here may want to contribute. often when magazines
start out they are hungry for writers and getting into them is not
as hard.

I suspect "internet underground" may end up covering cpunk topics 
regularly with or without anyone's help from here.

(oh, the spooks are rolling in their coffins. heh.)





From rjc at clark.net  Sun Feb 11 00:08:54 1996
From: rjc at clark.net (Ray Cromwell)
Date: Sun, 11 Feb 1996 16:08:54 +0800
Subject: The Decense Project
In-Reply-To: 
Message-ID: <199602110548.AAA19738@clark.net>



> 
> > The first piece of the Decense software is designed to provide "penet" like
> > double-blind anonymous transactions for the http protocol. It is written
> > as a cgi-bin script which provides a seamless mapping between anonymous
> > ids and remote web servers. Servers running Decense can be chained like
> > anonymous remailers to increase site level security.
> 
> How is it possible to have an anonymous <-> anonymous transaction. The
> only way I see this can be done is to have the http data (c2.jpg for
> example) actually pass through your cgi-bin script so that the original
> identity (location) of the image is not revealed. This may be ok for some
> text files and documents, but who would set up this program on their
> server knowing that all their bandwidth is going to be gobbled up? 

   The same people who are running the anonymous http proxies. If you've
got a T1, it's not much of a problem. And for some people, privacy is
a selling point, like Sameer's c2 system.  Also, let's say NOW
wants to put up a site with abortion information. They could pay a set of
anonymous proxy servers for the "service" of providing a anonymous mapping
service for them. And of course, all the various CyberPorn companies,
many of whom may have their business illegalized, will want to pay for 
such a service. Especially, if the proxies are offshore.

   I'm not really concerned about who will want to provide the service.
I think there are many individuals who would. I'm concerned about making
the software available. Inline images could always be turned off in the
script if need be.

-Ray












From attila at primenet.com  Sun Feb 11 00:16:45 1996
From: attila at primenet.com (attila)
Date: Sun, 11 Feb 1996 16:16:45 +0800
Subject: "feudal" states and national destiny
In-Reply-To: 
Message-ID: 



	I don't wish to get this one going on c-punks, but you will see
    shortly just how quickly the "feudal" national powers are going to 
    be able to erect national firewalls. 

	We are entirely dependent on AT&T, Sprint, MCI, British Telcom,
    and so on for nation to nation or region to region communications
    --and they in turn are entriely dependent on the various national
    governments for the _franchise_ to "enter" or operate within the 
    country. 

	telephone lines are a trickle of information --the old uucp
    when I complained when the daily _total_ traffic exceed 2 megabyte
    and the heydey of TrailBlazers.  today it's 154 Mb/sec trunks, and
    they are bogging down. the governments regulate these lines and 
    outside the U.S. most governments own these lines.

	satellites are another perfect example; the governments control
    the franchises for the up and down links and the allocation of 
    frequencies. and, who controls the satellite launches? Even the 
    European consortium is controlled --forget the Chinese and the 
    Russians!

	Is the government doing something illegal vis a vis 
    communications policy (other than the obliteration of free speech with
    CDA)?  No, but it is obvious they will, since the CDA or whatever is
    their intent and they have the power to enforce their intent --if
    nothing else by invoking FEMA, which a cornered Clinton might do. 

	the extremists are almost always ignored. we are certainly viewed 
    as extremists. nobody took the Libertarian party seriously until
    Howard Stern ran for governor of NY --and that was the circus of Will
    Rogers, not a political platform. Years of cooperative political 
    graft (the interest in the status quo) has made the two party system
    the only __succeedable__ political system in the U.S.

	eventually, only violent revolution of the masses succeeds --men
    of rational thoughts and wise counsel are easily suppressed, if not
    eliminated.

        As for the dreamers who believe the government is or will NOT
    do (be doing) something illegal, the line forms to the right for 
    reeducation.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.








From cp at proust.suba.com  Sun Feb 11 00:48:11 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sun, 11 Feb 1996 16:48:11 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: 
Message-ID: <199602110817.CAA01909@proust.suba.com>


> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
> he should demonstrate this by writing notes which are focussing on the
> crypto aspects, rather than just complaining.

What's the proper procedure for complaining about the assasination part 
of "AsPol"?

In general, it doesn't bother me when the list goes "off topic" -- I don't
read the stuff that doesn't interest me.  But when you start talking about
violence, you have to expect that people are going to react negatively. 
We have to say, "that's nuts" -- otherwise people will think that we're
unbalanced sociopaths. 

How much weight is Lotus going to give the opinions of a bunch of
unbalanced sociopaths when they're thinking about making deal to gak those
extra 24 bits?  Not much, I'll bet.  And what would happen if a murderous
thug held a press conference after cracking an exportable key?  Those
myopic journalists, rotten sons of bitches that they are, probably
wouldn't talk about the crypto at all.  "Why aren't you in jail?" --
that's the sort of thing you'd have to expect.  You could complain, but it
wouldn't do any good. 

"Listen.  I'm a working cryptographer, and I have a family to support.  In
order to take care of my kids, I have to get a job, and in order to get a
job I have to make my reputation.  How can I make my reputation if I can't
publicize my demonstration?  Everyone else is getting rich -- David
Sternlight and Dorothy Denning both have new condos, and Freeh just got
back from a luxury vacation at Disney World.  I don't want to get rich, I
just want to make a living.  So can we forget about the people I
assasinated and talk about the problems with these 40 bit keys?"

Deaf ears, that's what your words would fall on.  It would be like OJ and
his video all over again. 

I apologize in advance for not getting the joke if "AsPol", like Blacknet,
is tongue in cheek.  I haven't been following the topic closely.

I hope you're not serious.





From jimbell at pacifier.com  Sun Feb 11 01:36:57 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 11 Feb 1996 17:36:57 +0800
Subject: Choices
Message-ID: 


At 11:05 PM 2/10/96 -0500, A. Padgett Peterson P.E. Information Security wrote:

>Gov does have the right (in fact the duty) to regulate communications 
>between citizens and non-citizens/sites in other lands (and if you do not 
>think communications with sites such as anon.penet.fi are inside the charter 
>of the NSA, I have this prime Florida land - we're in the dry season now 8*).

Needless to say, I disagree.  Government does not possess ANY "rights."
Merely powers.  Secondly, the Constitution says NOTHING about the authority
of the Federal government to "regulate" (or, for that matter, even merely
MONITOR) communications cross-border.  Sounds to me like you're arguing the
statist line.

Jim Bell

Klaatu Burada Nikto.






From jimbell at pacifier.com  Sun Feb 11 01:38:55 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 11 Feb 1996 17:38:55 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


At 09:33 PM 2/10/96 -0600, Jim Choate wrote:

>> >If the intent is to motivate others to kill or otherwise harm others simply
>> >because you don't agree with them or their actions is reprehensible and
>> >moraly or ethicaly undefensible.
>> 
>> That's a misleading statement:  You said, "simply because..."    As should 
>> be abundantly clear from my other arguments, I wouldn't wish to see anyone 
>> killed "simply because"  of the fact I "don't agree with them."  It is 
their 
>> ACTIONS that I feel violate my rights; that is what  justifies my seeking 
>> their deaths, should I choose to do so.
>> 
>
>But it is not clear at all.

I think it is, to most people who read my words.


> Exactly how do their actions violate your rights? 

How specific do you want me to be?  I think the examples I gave in my essay 
made it clear what I believe.

>Are these the rights that you believe that you possess or the ones
>that are recognized? 

"recognized"?  Usta be, "free speech" wasn't "recognized" in many 
jurisdictions.  Are you suggesting that because it wasn't "recognized" that 
it wasn't a right?

Or what, exactly, WERE you suggesting?

>Do the actions have to effect you directly and
>immediately or must you merely percieve a threat? All of these issues are
>unclear in your presentation.

Ultimately, your questions are more philosophical than is appropriate for CP. 

>And for the final one, doesn't your putting a
>contract out on them violate their rights (life, liberty, the pursuit of
>hapiness)?

The answer to that depends dramatically on that someone else's actions, now 
doesn't it?!?

> The only answer to this is 'yes',

Already contradicted above.


> meaning that to be ethical you
>must put a contract out on yourself. Because your own actions violate 
>somebodies rights. This catch-22 situation regarding deadly force is why
>anarchy does not work.

I'm afraid your "logic" is a more than a bit faulty.  This reasoning would 
deny anyone the right to self-defense.

> A perhaps less different example might be: If you
>dislike bigots then you are a bigot.

Perhaps, but bigotry isn't a crime, nor a violation of someone else's rights.

> In short, you can't help but become what you hate the most

I _don't_ hate the use of self-defense.

>. It pays not to hate or be quick to use violence
>since they are so strongly related.



>
>It is not yours, the governments, or anyone elses right to decide who lives
>and dies. You have a double standard.
>
>> 
>> >Every citizen of this country is a 'government employee' in one sense or
>> >another.
>> 
>> That's about the weakest argument I've heard in a long time.  I'm amazed 
>> that you weren't too embarrassed to post it to the list.  While I don't 
know 
>> precisely what your definition of the phrase "government employee" really 
>> is, I "every citizen" is a "governement employee" then you must have a 
>> REALLY weird definition of that.
>> 
>
>Then Lincoln had a equaly weird view: Government of the people, by the
>people, for the people.

Voting in an election does not make a citizen a "government employee."


> Perhaps this failure to recognize a basic premise of
>representative democracy explains your apparent dichotomy in the concepts of
>rights. In effect, your rights and their rights. When in fact there is no
>difference.

Perhaps your weird view of the world explains your opinions.


>I would suggest you read the Declaration of Indipendance and the Gettysburg
>Address (again) to get a better perspective on what and who is supposed to
>run this government and how. 

I am not particularly concerned with "this government."  I don't consider 
"this government" to be somehow "special" from a rights standpoint.


>> >By resorting to violence you are no better than the ones you proport to
>> >protect us against.
>> 
>> Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
>> total non-violence principle, but it turns out that very few people 
actually 
>> believe in that.
>
>Might does not make right. 

On the other hand, exercise of self-defense is not generally considered 
"wrong," either.  I merely am advocating a new type of self-defense, one 
that can be exercised anonymously.  In doing so, it can be a vastly more 
powerful weapon against government tyranny.


>Ethical cohesion does not rest on numerical
>values.

So what's your point?

> In case you have missed my comments before. I am not non-violent. I
>do not support the use of violence in any format except in direct and
>immediate self-defence. 

Aha!  So what this means is, anybody who can assemble a sufficiently large 
force (governments, usually) can use the threat of use of that force to keep 
people from resisting, without hope of ever winning.

Classic statist position.

>In which case make the beggars eyes bleed, no defeat
>and no surrender.

Have you been smoking something?

> This means that if you walk outside and see a person
>breaking in your car that in and of itself is not sufficient motive for
>deadly force unless they attack you.

Who says?  Agents of the government punish criminals every day that do 
things to OTHER citizens.  Do you find that to be wrong?  If not, your 
problem is clear:  You have a double-standard about rights. 

> I do believe (contrary to yourself I
>would guess) that if you were walking down the street and somebody suddenly
>grabbed you that would be sufficient motive to kill them in self-defence.




> In
>cases like this there simply isn't enough time to evaluate the extent of the
>threat, it is clear there is an apparent threat though. In short if your
>person is violated physicaly without your premeditated permission then deadly
>force is justified. I also believe that you are ethicaly justified in
>stopping a person from assaulting or killing a 3rd party for the simple
>reason that it could be you next. However, once that immediate threat is
>over (for example a 4th party knocks the gun out of the muggers hand and
>knocks them on the ground) then use of deadly force is not justified.

But the big problem with this position is that the government specializes in 
NON-IMMEDIATE threats.  The cop says "come with me", and if you don't comply 
he pulls a gun.  If you pull one back, he shoots at you.  If you're holed 
up, he brings in reinforcements.  Etc. Etc. Etc.

In effect, you have defined "self-defense" quite carefully in order to ALLOW 
the use of threats and violence by GOVERNMENT people, without the right of 
the citizen to fight back.  As long as those threats and that violence is 
overwhelming and "legally justified," you'll give the citizens no right to 
resist.

Sorry, but I won't play your little tyrannical games.


>> Most people seem to think that they are entitled to 
>> protect themselves from violations of rights.  The fact that these 
>> violations of rights may be done by "government employees" is at most 
>> irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
>> use violence against a burglar, rapist, or murderer is correct; attempting 
>> to deny me the right to protect my property from GOVERNMENT people is, in 
>> itself, a violation of my rights.
>> 
>
>Rights as you use them are only relevant between a government and a citizen.

What exactly do you mean by that?


>I as an individual person am not forced to provide you with a forum for free
>speech or any other rights guaranteed in the constitution. Apparently you,
>as many people do, confuse the rights that are yours in regards the
>government with privileges and contractual obligations which govern
>interpersonal actions.

Apparently you are simply confused.

> The local grocery store is not mentioned in the
>Constitution. They are under no obligation to provide protection for your
>life, liberty, or pursuit of happiness. Your basic argument rests on a straw
>man premise, namely that rights guaranteed you by government are guaranteed
>you by any and every other possible entity. This is clearly wrong.

Apparently you are STILL simply confused.

>It is not ethical to kill another simply for being a burglar.

Justa sec.  In early 1800's England, nominally considered a "civilized 
country" many such crimes carried the death penalty on conviction.

Further, until about the 1960's, rape was a crime which was often punishable 
by death in the US.

Are you as ignorant as you sound, or have you forgotten that YOUR version of 
reality isn't the only one that has ever existed?


> How much must
>they steal before you are ethicaly justified in killing them? A $1,000
>dollar stereo? Perhaps a $.20 pencil off your desk?

Shouldn't the crime victim decide?  After all, it's HIS property, right?   
What makes you think YOU have the right to decide what crimes he should have 
to tolerate, huh?


>Does this not justify
>your employer killing you for using their machines for your own use,it is
>theft of services after all (and you are on their property).

If employers were to start doing this, they would have a VERY difficult time 
finding new employees to replace their former ones.

> If you have
>sufficient force detain them. The legal system will take them from there

Like most statists, you ascribe way too much legitimacy to "the legal system."


>(assuming of course we revamp it with the other laws we discuss so heatedly
>on here). What I propose is a simple and humane system.

So do I.  But we clearly differ.  Hmmmm.    How can this be?

> If a person commits
>a crime which leads to the death or injury another they spend the remainder
>of their life in a solitary cell with no chance of parole. In other cases
>what should occur is they must work a regular job and provide restitution
>for an extended period (ie $100/mo. to you for 30 years). Should they fail
>to abide by this or they commit another crime then off they go for 20 years
>or so, again with no chance of parole. I also strongly object to plea
>bargaining. The whole concept of sending somebody to jail for 2-3 years is
>silly and counter-productive. It leads to nothing but professional criminals,
>in effect state run training grounds for the criminaly inclined. While in
>jail they should be forced to live in work camps and not prisons as we
>currently know them (unless they fall into the above 'harm another'
>category). What should occur is that they are forced to live a relatively
>normal lifestyle. In short, they work 8 hours a day and must pay for their
>housing, food, etc. from their earning. What needs to occur is to train
>persons to make a living and gain some success at managing a day to day
>lifestyle. Our currrent system treats criminals as animals, which does
>nothing to prevent further violence on their part, it only increases any
>sense of isolation they may have.

The only reason I didn't delete the previous paragraph is that it makes 
absolutely clear that you believe in YOUR way of doing things, and that 
there cannot be any other way.  Sorry, I disagree.

>> Are you a statist?
>> 
>No, as I have said on many occassions, I am a strict Constitutionalist.

That's part of your problem.  It is probably more accurate to say that you 
are a "strict Establishmentarian."  You hide behind the Constitution as if 
it is some sort of "Gift From God."  It isn't.  

As the recent joke goes, "The Constitution may be bad government, but it's 
better than what we have now."

Because it's true.  The current government doesn't follow the Constitution.  
 Some of the people who call themselves "strict Constitutionalists" simply 
want to force a slightly modified version of tyranny on us all.

Jim Bell









From tcmay at got.net  Sun Feb 11 01:55:42 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 17:55:42 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
Message-ID: 


At 7:02 AM 2/11/96, lmccarth at cs.umass.edu wrote:
>Padgett writes:
>> Gov does have the right (in fact the duty) to regulate communications
>> between citizens and non-citizens/sites in other lands
>
>(not wishing to start a flamewar) Why do you think so ?

It isn't so. There are no restrictions, regulations, rules, or guidelines
about communicating with non-citizens/sites. None. No permits are needed,
no forms have to be filled out, no government offices have to be visited to
explain one's reasons for communicating with a non-citizen.

Just pick up the phone, or type a message in your computer, or whatever. We
citizens of the U.S. do it many times a day.

(There are two special cases, which hardly make Padgett's point: "Trading
with the Enemy Act" sorts of restrictions which limit commercial contacts
with Cuba, North Korea, and a few other countries. And the espionage laws.
That is, give nuclear weapons info to North Korean and you're in big
trouble. And there are various other kinds of minor rules, such as that no
citizen may engage in private diplomacy, bypassing the normal channels. I
don't believe these special cases are what Padgett could have meant when he
described the regulatory powers of government.]

--Tim May, who is even now communicating with foreigners without regulation

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From erc at dal1820.computek.net  Sun Feb 11 02:15:47 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 11 Feb 1996 18:15:47 +0800
Subject: A Rant about Senator James Exon
In-Reply-To: <8l7GaN600bk=8YzEFQ@andrew.cmu.edu>
Message-ID: 


On Sat, 10 Feb 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 9-Feb-96 A Rant about Senator James
> .. by Timothy C. May at got.net 
> > >What do you think? Is this worth it?
> >  
> > Here's something I did about Senator James Exon:
> 
> In my protest against the Hon. Jim Exon, I went to his office this week
> and dropped off a printout of indecent speech that I have on the Justice
> on Campus Project:
> 
>    http://joc.mit.edu/lawsuit/examples.html
> 
> I told the bewildered receptionist that his boss was to blame for making
> me a criminal.
> 
> I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
> Two articles on our lawsuit are at:
> 
>    http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
>    http://fight-censorship.dementia.org/fight-censorship/dl?num=1067

How does one join the lawsuit?
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From erc at dal1820.computek.net  Sun Feb 11 02:25:14 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 11 Feb 1996 18:25:14 +0800
Subject: Choices
In-Reply-To: 
Message-ID: 


On Sun, 11 Feb 1996, jim bell wrote:

> Needless to say, I disagree.  Government does not possess ANY "rights."
> Merely powers.  Secondly, the Constitution says NOTHING about the authority
> of the Federal government to "regulate" (or, for that matter, even merely
> MONITOR) communications cross-border.  Sounds to me like you're arguing the
> statist line.

The government has, for quite some time, attempted to control most things 
in our lives (and quite successfully) by evoking the "interstate commerce 
clause" incantation.  Only recently has the Supreme Court put its 
collective foot down (in the recently-decided "no guns within 1000 feet 
of a school" law, which the government LOST).  Let's hope it does it more 
often :)
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From stewarts at ix.netcom.com  Sun Feb 11 03:12:55 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sun, 11 Feb 1996 19:12:55 +0800
Subject: China
Message-ID: <199602111021.CAA21477@ix2.ix.netcom.com>


At 07:18 PM 2/10/96 +0530, you wrote:
> Remember that starting this year, satellites of Iridium and other 
>LEO satellite projects will start to go up, spreading bandwidth around 
>the world. How will the Chinese government build a firewall against 
>satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
>happen some day.

Remember that much of censorship, as with cryptography, is economics.
With Iridium satellite time at $3/minute, charged to the recipient,
it's well within the financial means of a Banned Pharmaceutical Wholesaler,
and well outside the financial means of an average Chinese university student,
partly because the Chinese economy has much lower price and wage structures
than the major Western economies do.

On the other hand, renting a few gigabytes per day of satellite broadcast time
to broadcast isn't out of the question, or at least renting a few tens of
megabytes per day wasn't out of the question a couple years ago :-)

On the other hand, as you say, if the Chinese government tries a Tien-an-men
in cyberspace, the students _will_ have better tanks.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Sun Feb 11 03:12:56 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sun, 11 Feb 1996 19:12:56 +0800
Subject: American Reporter on CDA 2/8/96 (fwd)
Message-ID: <199602111021.CAA21474@ix2.ix.netcom.com>


At 10:28 AM 2/10/96 +0000, Sean Gabb. wrote:
>What a splendid article!  I will keep it on disk forever.

Congratulations!  You're now an Unindicted Co-Conspirator!

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Sun Feb 11 03:13:13 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sun, 11 Feb 1996 19:13:13 +0800
Subject: Privacy Without Tears
Message-ID: <199602111021.CAA21485@ix2.ix.netcom.com>


>>If everyone not only has a link to these pages in text, but also has their
>>"PGP secured!", or similar little graphic on their pages, linked to these
>>sites as well, it would save a lot of people a lot of redundant explaining
>>and it would help spread the word about PGP like wildfire to the masses.
>
>I like that a lot! A nifty graphic would be the old-fashioned engraving of a
>padlock on the O'Reilly book about PGP.

ViaCrypt's PGP version for Windows has a more modern-looking padlock;
the icon I use for the Program Manager group I keep PGP, Private Idaho, etc. in
is the Safe icon that's one of Program Manager's builtins.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From proff at suburbia.net  Sun Feb 11 03:14:59 1996
From: proff at suburbia.net (Julian Assange)
Date: Sun, 11 Feb 1996 19:14:59 +0800
Subject: China
In-Reply-To: 
Message-ID: <199602101429.BAA22868@suburbia.net>


[...]
> bottle. Remember that starting this year, satellites of Iridium and other 
> LEO satellite projects will start to go up, spreading bandwidth around 
> the world. How will the Chinese government build a firewall against 
> satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
> happen some day.

Radio *reception* of non goverment approved frequences is illegal in a
number of countries, China included. Possesion of the equipment needed
to received these frequencies is also illegal in a number of countries
(including Australia). Sale of that equipment is illegal in still more
countries, including the USA.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From erc at dal1820.computek.net  Sun Feb 11 03:38:51 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 11 Feb 1996 19:38:51 +0800
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602090206.VAA09894@jekyll.piermont.com>
Message-ID: <199602090303.WAA00539@dal1820.computek.net>


> So, Ed Carp couldn't leave well enough alone. I killfiled him and
> apparently he had the bad taste to send me some mail about it, and

Actually, I hit 'g' instead of 'r', so the response seen here was posted 
also.  Perry distorts.

> when my robot replied to him informing him that I had no interest in
> whatever he might have had to say, he seems to have a desperate need
> to get in the last word by forwarding the message from my robot to the
> mailing list.

Actually, I thought it would be instructive as to the rather, err, unique 
wording of Perry's robot.  I've seen a lot funnier, though?

> Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
> ever see anything you have to say ever again.

Why, thank you, Perry!  I'll be sure to mention the fact that you think I 
have bad ... excuse me, "extremely bad taste" in my next performance 
review.  I'm sure it will affect the outcome immeasurably. ;)
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".







From wilcoxb at nag.cs.colorado.edu  Sun Feb 11 04:08:51 1996
From: wilcoxb at nag.cs.colorado.edu (Bryce)
Date: Sun, 11 Feb 1996 20:08:51 +0800
Subject: Privacy Without Tears
In-Reply-To: <199602102136.NAA11894@trapdoor.aracnet.com>
Message-ID: <199602102312.QAA00601@nag.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

> I've started work on what I currently call Privacy Without Tears, a guide to 
> PGP and related programs pitched specifically at a novice audience.


Excellent.  This is much-needed.  Please see
"http://www.c2.org/~bryce/WhatIsPGP.html", and consider
cross-linking with me.  I'd rather point people to your
novice guide than to Stale's International PGP pages.  


I wrote BAP for the same reason-- clueless newbies needed to
be able to use PGP.  My mother is able to successfully use
BAP, so I consider it a great success.  Unfortunately since
I am distributing it in return for electronic cash I have
limited myself to a higher-tech audience than the program
was actually intended for.  I'm still considering what to do
about this dilemma...


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMR0mW/WZSllhfG25AQFU1AQApQq4Bm2ncnzo8Sgq0T+MYJfvju00DbQD
+HJWI50pqFocMSLWFGiQO+l2RvGzX10akY8c/EDjA70uov6Rp/MFw3GsiG4tM1mJ
mxDtjn16xbrh/Xcr3aSJgPFbeh6Qtb0VDxVFBzQOq4xxrvzEMVm5v+MosKHKI29Q
h5TDCXbevvc=
=+DmR
-----END PGP SIGNATURE-----





From declan+ at CMU.EDU  Sun Feb 11 04:28:05 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 11 Feb 1996 20:28:05 +0800
Subject: A Rant about Senator James Exon
In-Reply-To: 
Message-ID: 


Excerpts from mail: 11-Feb-96 Re: A Rant about Senator Ja.. by Ed
Carp at dal1820.computek 
> > I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
> > Two articles on our lawsuit are at:
> > 
> >    http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
> >    http://fight-censorship.dementia.org/fight-censorship/dl?num=1067
>  
> How does one join the lawsuit?

I believe that ACLU/EFF/EPIC have found the necessary plaintiffs for the
court challenge, but they still may be interested in others. Send me
mail and I'll pass it along. (The original call for plaintiffs went out
last fall, and the lawsuit was filed last week.)

But generally, to be a plaintiff you have to have standing to sue. You
have to be specificially hurt or negatively affected by the law. The
plaintiffs include folks who run web sites, mailing lists, and offer
other public online resources that may happen to include indecent or
patently offensive speech.

Say, the hearing when we find out if we get an injunction preventing
enforcement of the CDA is going to be this Wednesday in Philadelphia.
Anyone else want to go?

-Declan






From proff at suburbia.net  Sun Feb 11 04:31:44 1996
From: proff at suburbia.net (Julian Assange)
Date: Sun, 11 Feb 1996 20:31:44 +0800
Subject: No Subject
Message-ID: <199602111200.XAA00164@suburbia.net>


>From proff Sat Feb 10 18:09:57 1996
Subject: new zip cracking code
To: cypherpunks at toad.com
Date: Sat, 10 Feb 1996 18:09:57 +1100 (EST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 3806      

Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+






From jya at pipeline.com  Sun Feb 11 06:41:14 1996
From: jya at pipeline.com (John Young)
Date: Sun, 11 Feb 1996 22:41:14 +0800
Subject: WIT_nes
Message-ID: <199602111423.JAA23244@pipe4.nyc.pipeline.com>


The NYT Web site does not seem to offer today's Sunday magazine 
article on the federal Witness Security Program, as revealed 
through one family's trauma of official death and rebirth:


WIT_nes  (38k in 2 parts)










From jya at pipeline.com  Sun Feb 11 07:20:58 1996
From: jya at pipeline.com (John Young)
Date: Sun, 11 Feb 1996 23:20:58 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602111454.JAA24610@pipe4.nyc.pipeline.com>


It's hard to tell the difference between "Assasination 
Politics" and government-sponsored provocateurism, a 
well-documented practice to stigmatize anarchical and 
anti-authoritarian ventures.


However, it takes guts and thick skin to advocate overthrow of 
authority, knowing that reasonable people will think you're a 
nut seeking celebrity martyrdom.


Happily for the careers of agent-and-anarchist back-stabbing 
back-scratchers, there is no easy way to know for sure which is 
which, or even if there's any difference when the media 
juggernauts are provocateuring both roles for melodramatic 
infotainment.












From lunaslide at loop.com  Sun Feb 11 07:34:57 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Sun, 11 Feb 1996 23:34:57 +0800
Subject: URLs for Anon remailers?
Message-ID: 


Anybody got some good URLs for info on anonymous remailers for novices and
experienced users alike?  I need to know which are which so I can hand them
out like candy to my .edu friends who aren't _as_ net savvy, but aren't
dumb as dirt clods either.  Much appreciated.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From dlv at bwalk.dm.com  Sun Feb 11 07:43:58 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 23:43:58 +0800
Subject: China
In-Reply-To: <199602111021.CAA21482@ix2.ix.netcom.com>
Message-ID: 


Bill Stewart  writes:

> At 01:54 PM 2/10/96 EST, you wrote:
> >It's not difficult to imagine that governments will seek to regulate the
> >possession of modems again. Some may recall that in the U.S. it used to be
> >technically illegal to connect a modem to the phone jack without a permissio
> >from AT&T.
>
> Actually, permission from the local phone companies, who owned the system,
> I assume?  (Though I don't actually remember which parts of The Phone Company
> were involved in the Carterphone decision.)

Nope.  I used modems back when the local phone company _was AT&T. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Feb 11 07:52:18 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 23:52:18 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: 
Message-ID: <41X5iD1w165w@bwalk.dm.com>


tcmay at got.net (Timothy C. May) writes:
> >> Gov does have the right (in fact the duty) to regulate communications
> >> between citizens and non-citizens/sites in other lands
> >
> >(not wishing to start a flamewar) Why do you think so ?
>
> It isn't so. There are no restrictions, regulations, rules, or guidelines
> about communicating with non-citizens/sites. None. No permits are needed,
> no forms have to be filled out, no government offices have to be visited to
> explain one's reasons for communicating with a non-citizen.
>
> Just pick up the phone, or type a message in your computer, or whatever. We
> citizens of the U.S. do it many times a day.
>...
[trading w/ the enemy act & espionage]

I strongly disagree.

Defense Trade Regulations, Section 120.10 - Export -- permanent and temporary.

 Export means:

 (4) Disclosing or transferring technical data to a foreign person, whether
 in the United States or abroad;

A foreign person is defined in S 120.11, and means anyone who's not a U.S.
citizen. Technical data is defined in S 120.33

 (d) Information, other than *software* as defined in 120.23(c), which is
 required for the design, development, ... maintenance or modification of
 defense articles. This includes, for example, information in the form of
 blueprints, drawings, photographs, plans, instructions and documentation.
 This also includes information that advances the state of the art of articles
 on the U.S. Munitions List. This definition does not include information
 concerning general scientific, mathematical or engineering principles
 commonly taught in schools, colleges and universities. It also does not
 include basic marketing information on function or purpose or general
 system description of desense articles.

And we all know that Part 121 - The United States Munitions List - has
Category XIII -- Auxiliary Military Equipment

 (b) Speech scramblers, privacy devices, cryptographic devices and software
 (encoding and decoding), and components specifically designed to be modofied
 therefore, ancillary equipment, and protective apparatus specifically
 designed or modofied for such devices, components, and equipment.

As I read it, a college professor might get busted for explaining his own new
crypto research to a class where some students happen not to be U.S. citizens.

Of course we all know this already. Just some U.S. people prefer to ignore the
mote in their own eye and to fight censorship in exotic remote developing
countries. Do you remember how U.S. Gov't tried to prevent the publications of
research papers on zero-knowledge proofs?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From adam at lighthouse.homeport.org  Sun Feb 11 08:11:12 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 12 Feb 1996 00:11:12 +0800
Subject: Strange Sounds of Silence
In-Reply-To: 
Message-ID: <199602110510.AAA13679@homeport.org>


Simon Spero wrote:

| Are you sure? The coverage has been wall to wall out here (Bay area); 
| front page above the fold, business pages, computer columns, editorials 
| and editorial cartoons. Apparently it's the same level of coverage back 
| in the RTP.

Almost nothing in Boston.  Today's Globe headlines:

Corruption probe shakes up Boston detective unit (Police stealing from
drug dealers.)
Forbes rails against rivals, religious right ("Cites anonymous
callers")
MWRA asks water rate increase.
Math curriculum teaches about gambling
Blast rocks london
'Sticking their necks out'-the fashion statements of neckties.

Theres nothing in the first section of the paper.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From jamesd at echeque.com  Sun Feb 11 08:11:17 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Mon, 12 Feb 1996 00:11:17 +0800
Subject: "Rights"
Message-ID: <199602110613.WAA27871@blob.best.net>


At 10:15 AM 2/10/96 -0600, Ed Carp wrote:
>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Then start your own business, as many of the people on this list have done
at one time or another.

And that is why, under real capitalism, unlike socialism, there will 
always be employers horrified by the idea of invading their employees privacy.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jcobb at ahcbsd1.ovnet.com  Sun Feb 11 08:11:51 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Mon, 12 Feb 1996 00:11:51 +0800
Subject: POINTERS:  02 08 96 Edupage
Message-ID: 



 
  Friend, 
 
 
  02 08 96 Edupage includes-- 
 
    COPYRIGHT IN THE DIGITAL AGE (European Film Companies Alliance: 
      "It's mine!")

    INTERNET USAGE POLICIES (Employees' rights: NOT!)


  Cordially, 
 
  Jim 
 
 
 
  NOTE.  Archives: http://www.educom.edu 

         Edupage dated 02 08 96 is archived under date 02 09 96. 
 
 






From djp at pobox.asc.upenn.edu  Sun Feb 11 08:46:40 1996
From: djp at pobox.asc.upenn.edu (David J. Phillips)
Date: Mon, 12 Feb 1996 00:46:40 +0800
Subject: cypherpunks, digital cash, and my doctoral research
Message-ID: <9602111614.AA15674@noc4.dccs.upenn.edu>


I'm a PhD student at the Annenberg School for Communication at the
University of Pennsylvania.  My research is on the ways that various groups
influence the development of "digital cash" systems.

I'd like to work with cypherpunks for part of this research.  Right now, I
expect this work to include reviewing the list's archives, participating in
the list and in physical meetings, and interviewing some people.

If you have any thoughts on this (or feelings: revulsion, intrigue, pique
perhaps), please drop me a line.

Thanks.

djp
David J. Phillips, Annenberg School, University of Pennsylvania

I'm researching cultural, economic, legal, and technical aspects of the
development of digital cash systems.  Let me know if you're interested.






From m5 at dev.tivoli.com  Sun Feb 11 08:47:05 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Mon, 12 Feb 1996 00:47:05 +0800
Subject: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: <9602111615.AA06435@alpha>



Alan Pugh writes:
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?

I always hear it referred to as "provisions which would ban
pornography on the Internet" or "new laws that prohibit sending
X-rated materials to children on the Internet".

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From erc at dal1820.computek.net  Sun Feb 11 08:54:03 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Mon, 12 Feb 1996 00:54:03 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <41X5iD1w165w@bwalk.dm.com>
Message-ID: 


On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:

>  Export means:
> 
>  (4) Disclosing or transferring technical data to a foreign person, whether
>  in the United States or abroad;
> 
> A foreign person is defined in S 120.11, and means anyone who's not a U.S.
> citizen. Technical data is defined in S 120.33

Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
of PGP?
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From wlkngowl at unix.asb.com  Sun Feb 11 09:20:31 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 01:20:31 +0800
Subject: PGP & Seamless Pegasus
Message-ID: <199602111642.LAA15731@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

JNPGP also has problems when you're encrypting to an address that isn't 
on the keyring.  It'll barf and send the plaintext message out.  A really 
bad flaw.

It'd be nice to see it or another utility incorporate support for 
anonymous remailers, etc.

IMO, all this will be made much easier when PGP 3.0 exists as a Windows 
or OS/2 DLL.  PGP will probably take off beautifully then.

Rob.

Tripp Hardy wrote:
> 
> Let's not celebrate just yet.  While it is a great improvement, it still =
> causes errors if you try to encrypt an attached file and conventional =
> encryption still doesn't work here.  The only one that is working all =
> around for me is Private Idaho.  We are moving in right direction =
> though.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4cbCoZzwIn1bdtAQGi0wF/X9JB0tJU5H0JNf141u+F7Zf1uDNSUnXx
H6STdM5urkwtWvvZCxM9v0lt03D+ro7r
=CSSL
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Sun Feb 11 09:23:22 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 01:23:22 +0800
Subject: Media: FV story makes ClariNet
Message-ID: <199602111647.LAA15759@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I caught the last few seconds of a CNN story on FVs FUD this morning. It 
followed with the RSA selling crypto to China story, where they clearly 
opted for soundbytes... the cut Phil Z's words short when he was talking 
about the benefits of crypto... they asked him something about why crypto 
is good for national security and you hear him say a few economic things 
but then he's cut off (probably before he can mention personal freedom as 
benefitting national security... but that's only a guess).


Joseph M. Reagle Jr. wrote:
> 
> >SAN DIEGO, CALIFORNIA, U.S.A., 1996 FEB 7 (NB) -- First Virtual Holdings,
> >a company offering an Internet commerce system, has demonstrated a
> >program which, it says, makes all existing software systems that
> >encrypt credit card numbers and transmit them over the Internet
> >vulnerable to security breaches.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4dqCoZzwIn1bdtAQGZjgGAgg71SCvlia7qcZ0aGGhURlsr3jLx9SDr
vezyWWts8apZ2QFVWw9rIuWPC5t9wMrr
=CRFm
-----END PGP SIGNATURE-----





From sandfort at crl.com  Sun Feb 11 09:26:56 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 12 Feb 1996 01:26:56 +0800
Subject: YOU SHOULDA BEEN THERE!
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I easily had 100+ people at my party last night.  Attendees on
this list are invited to share there impressions, but as far as
I could tell it was a resounding success for crypto-anarchy
solidarity.  

There will will be some great pictures on the Web site sometime
this week (http://www.c2.org/party/masquerade.html).  Amond them
will be a picture of Sameer dancing like a madman, Annette Haven,
the movie star I promised you (a legend of X-rated films) and 
your's truly, driving home a point about the CDA during an
discussion with Romana Machado, plus many others.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From wlkngowl at unix.asb.com  Sun Feb 11 09:31:33 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 01:31:33 +0800
Subject: Encryption and Backups
Message-ID: <199602111650.LAA15770@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

GNU-Zip (GZip) format has encryption defined, but (AFAIK) not yet 
implemented.  The probably won't use the vile PKZip method... and they 
probably will implement an unpatented method, if ever.

Mark C. Henderson wrote:
 > GNU tar is not the commercial backup solution many folks will be
> looking for, but it works, and has nice built-in hooks which are
> intended to call a compression program.
> 
> One can also use these options to call an encryption program, as long
> as the encryption program takes stdin as input, stdout as output,
> encrypts by default, and decrypts when given the -d option.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4ebyoZzwIn1bdtAQE9gwF/cDRa2Ke0i1LoezO68du4VnaR9oQmrRdS
qzAQ4mM3zNsiYVRDtDrz3yqlWwtUcse3
=DQKs
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Sun Feb 11 09:58:10 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 01:58:10 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602111709.MAA15846@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

The V-Chip is a political kluge, nothing more. It's a useless technology 
that at best will encourage lax parents to further surrender their kids 
to the neon-nanny.

And besides... why rate program just on violence?  Why not "quality" from 
a variety of orgs?  Other content ratings, from various organizations.  
And why limit it to ratings... why not a special subband of broadcast 
used for sending out schedule updates? Subtitles (in other languages, or 
English for foreign films...)? etc.? etc.? Chances are the V-Chip will 
interfere with any such expansions of TV capabilities in the future...

Then again, the heck with TV. I rarely watch it.  I prefer the radio 
myself... at least they didn't require V-Chips for that.  And with the 
Internet "expanding", chances are in a generation or two TV will be a 
dead technology.

Rob.




Timothy C. May wrote:
> ObCypherpunks: A truly surprising number of people on this list are on the
> one hand lambasting the government for thievery, incompetence, corruption,
> and violation of their rights, while on the other hand explaining why they
> think some particular intrusion is justified. We have people arguing for
> mandatory V-Chips, for Data Privacy Inspection Services, for
> anti-discrimination laws, and for government key signing services.
> 
> It's not a far jump from arguing any of these points to talking about the
> "legitimate" (their term) needs of the government to ensure that encryption
> is not used for criminal purposes, for kidnapping and extortion, for tax
> evasion, etc.
> 
> People need to think about the powerful implications of strong crypto, and
> decide if they are _for_ access to strong crypto by citizens, or _against_
> it. All things follow from this decision.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4ixSoZzwIn1bdtAQEEzgGAnj773pwYGJvLo3FYE7JnZ+1+sejbdvCc
ymgeXlua8+0KF46o0ylLCHyhAS/IhasI
=jzi4
-----END PGP SIGNATURE-----





From stephan.mohr at uni-tuebingen.de  Sun Feb 11 10:08:52 1996
From: stephan.mohr at uni-tuebingen.de (Stephan Mohr)
Date: Mon, 12 Feb 1996 02:08:52 +0800
Subject: A Cyberspace Independence Declaration
Message-ID: <2.2.16.19960211180749.54c7c5f4@mailserv.uni-tuebingen.de>


Hi,

I just put J.P. Barlow's 'A Cyberspace Independence Declaration' on my
homepage: http://www.uni-tuebingen.de/uni/sii/sm/indep.htm. There is a
little introduction by M.S. Bilk too.

Stephan






From merriman at arn.net  Sun Feb 11 10:32:55 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 12 Feb 1996 02:32:55 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <2.2.32.19960211053337.006aff04@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 10:24 AM 02/11/96 +0000, Ed Carp  wrote:
>On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:
>

... deletia ...

>
>Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
>of PGP?
>

Nah - Canada is America's 51st state :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR1idcVrTvyYOzAZAQFBDgP+MoIrY5OpRnLTBxpvsgTlHbkoEl5yHkYz
JbRr64DV/y0daD5iVI0uSOLDWXHVza+CBdgvZDzI4NF9ShDp3PGheEi/fa5uKD0O
SfkwWAv9vcqNC4fPUCP7A/+eUuVPPSZff8Iy29hnb/JzxHZLyqQiHaOZK7wtNVnw
XZha0gw6LYs=
=6Fh+
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From gimonca at skypoint.com  Sun Feb 11 10:35:45 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Mon, 12 Feb 1996 02:35:45 +0800
Subject: ...OR IF NOT, you shoulda been here.
Message-ID: 



While people in the Bay Area were taking part in Naked Jello Wrestling
and other dubious pursuits, the best 'n the brightest of Minnesota 
were pestering the waitstaff at an Applebee's franchise overlooking
frozen Lake Calhoun in Minneapolis, where yet another good time
(though maybe not as spicy a time) was had by all. If you want to
know more, you'll have to ask: we didn't have a hot tub, so none
of us expect a book deal anytime soon.






From tcmay at got.net  Sun Feb 11 10:40:16 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 02:40:16 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
Message-ID: 


At 1:01 PM 2/11/96, Dr. Dimitri Vulis wrote:

>As I read it, a college professor might get busted for explaining his own new
>crypto research to a class where some students happen not to be U.S. citizens.

Considering that most engineering and computer science classses are
approaching 50 percent non-U.S.-citizen, and considering that no such
professors have yet been busted, I'm inclined to think this is a
non-threat.

(Indeed, it's a _potential_ threat, and one we should bear in mind, but it
seems likely that no such prosecutions have occurred or will occur.)

What we talk about every day on this list and the non-prosecution of any of
us should be evidence about where the real emphasis is. (The investigation
of Zimmermann and Goen was related to the appearance on foreign shores of a
real chunk of code, PGP 1.0, and not simple communication with aliens.)


>Of course we all know this already. Just some U.S. people prefer to ignore the
>mote in their own eye and to fight censorship in exotic remote developing
>countries. Do you remember how U.S. Gov't tried to prevent the publications of
>research papers on zero-knowledge proofs?

No, could you provide some details? Who was pressured? Micali? Goldwasser?
Rackoff? Please share the details.

There has been an ineffective "voluntary review" process for academic
researchers, and perhaps this is what Dimitri is referring to. But this did
not stop the publication of the ZKIPS work a decade or so ago.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From merriman at arn.net  Sun Feb 11 10:42:45 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 12 Feb 1996 02:42:45 +0800
Subject: Public Key
Message-ID: <2.2.32.19960211053339.0068a884@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

I've gotten a couple of requests for my public key (which is also available via my CDA-violating home page), so thought I'd go ahead and post it here, as well.

My apologies for the loss of bandwidth :-)

Dave Merriman

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tCpEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AYXJuZXQuYXJuLm5ldD60KURh
dmlkIEsuIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAwUQLqwC
X5IDOImWiDcFAQHFfwP/Tm5v3zoijU9oYmAO1WVsw4+HamN0HdBKkDxPtuGeCmxN
uiDPsucVjqctMfbh1WzCfNEbNfZdg3YVdDNgsQqlu4k8XznrbQSoQm3t5ySQNKvQ
x0KisJnee0caVpEgQ4bwSfuv81TG08lJt4A0fIpXSllMnRkXenvXIBmgJTUklaiJ
AJUDBRAupxG0qWOYkEirxV0BAUUJBACJ0FYXTlR9ncd0tNnYGOGSLO1scgt8IxUD
MyQ2htEsfSNxD6jg303LuAA/Zset5p0JhACLLHbgtZlpYH4uQbjy9Ve9JrVm/6Sy
sSnX1TfSNF5NoMcxGDYgNDRLtP/5jKRZ/hzH8vjHSWXnnN9Pb1MdYdWql4DjDQ+d
IEm5sywbqIkAlQIFEC3uaE3Fa078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIx
VkIGu+ArYUEllR3GSBHVZ9Vh7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeD
Nr6x65z500LxfUvLK5bSuSiBVkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11Cde
szEX7DpXzRxLL92rEmO2
=nZak
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR1jecVrTvyYOzAZAQFRJAQAl+yTpIMFJ1hzUzpsIywNu6jHNEe/bTSi
6DXftJPJlHM/6Wjf28z54M0RswZUiS2g4B4Eg5qqTgpWPrk6XtCQzYVF+lDNm9/3
UEGOqIlS4cf3iY40dkHj1S2jN5/WYew1UM0rgL07fObCryaBsXHCe8uHhfDu+VAn
YGEB8L7yglI=
=mevq
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148







From tcmay at got.net  Sun Feb 11 10:45:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 02:45:31 +0800
Subject: Selling the Sizzle of Crypto
Message-ID: 


At 4:47 PM 2/11/96, Deranged Mutant wrote:

>I caught the last few seconds of a CNN story on FVs FUD this morning. It
>followed with the RSA selling crypto to China story, where they clearly
>opted for soundbytes... the cut Phil Z's words short when he was talking
>about the benefits of crypto... they asked him something about why crypto
>is good for national security and you hear him say a few economic things
>but then he's cut off (probably before he can mention personal freedom as
>benefitting national security... but that's only a guess).

I'm just about giving up on the "infotainment" media for ever getting the
facts straight. Just not enough time, and they go for the most provocative
statements to make the story "interesting."

Even a longer format such as on the Newshour with Jim Lehrer (formerly the
MacNeil-Lehrer Newshour) can barely get a coherent story on crypto and
cyberspace issues out. If they interview several people, then maybe Mike
Godwin will get 60 seconds, Kathy Cleaver will get 60 seconds, and then
some rebuttal. No way to get the key ideas across.

Ironically, there is some hope. I just got an "academic" paper to review,
and one of the main URLs cited was Steven Levy's "Crypto Rebels" piece (the
URL is http://www.hotwired.com/wired/1.2/features/crypto.rebels.html). I
may be biased about this article, but I still think it to be the best
introductory article on the crypto controversy.

Academics citing popular articles!

Well, Levy's article is a very good, and insightful, exposition of the
issues and the coming battle between the two opposing points of view. (And
it shows that popular-oriented articles need not be solely devoted to
flash, sizzle, and outrageous comments, that ideas can be explored and
positions contrasted.)

Just thought I'd say something positive about journalism.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From snakey at wam.umd.edu  Sun Feb 11 10:45:40 1996
From: snakey at wam.umd.edu (David R.)
Date: Mon, 12 Feb 1996 02:45:40 +0800
Subject: I decrypted Windows 95 share passwords...
Message-ID: <199602111738.MAA15947@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I just posted the following message to a few usenet groups.  I thought
it might be of interest here too.  Note: I know nothing about 
cryptography, and I didn't have to know anything about cryptography
in order to break this pitiful Microsoft 'code'.

David Ross
snakey at cs.umd.edu

Here's the message I posted:

I recently was fiddling around with my Windows 95 registry and decided to
see just how "encrypted" passwords for shared items _really_ are.  Well,
after some experimentation, I was able to break the code!  This was
rather surprising to me, considering I'm just a college student with
absolutely no background in encryption.  I have submitted my findings to
"Hack Microsoft" contest.  =)

The implications of this discovery are not extremely apparent.  It would
seem that anyone with access to your registry would already have access
to anything else on your computer.  Nevertheless, the flawed belief that
an encrypted password stored in your registry is actually encrypted to a
degree expected from a company such as Microsoft could lead to potential
security holes.  At least the fact that Microsoft _attempted_ to 
encrypt these passwords might indicate that they saw some reason
themselves to have them inaccessable.

The included C code (with a description of the Microsoft 'encryption'
included) will decode a password for a shared item from its byte code
in the registry.

David Ross
snakey at cs.umd.edu

Here's the program:

/* This program takes an 'encrypted' Windows 95 share password and decrypts it.
 * Look at:
 * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan
 * to find a machine's shares.  Within the data for each share are two
 * registry entries, Parm1enc and Parm2enc.  Parm1enc is the "Full access"
 * password.  Parm2enc is the "Read only" password.
 *
 * David Ross  2/9/96
 * snakey at cs.umd.edu
 *
 * Do not distribute this program for any commercial purpose without first
 * contacting me for permission.
 *
 * DO NOT USE THIS PROGRAM FOR ILLEGAL OR UNETHICAL PURPOSES!
 *
 * A technical description of the 'code' can be found later on in this
 * document. 
 *
 * Oh yeah...  a totally unsolicited self promotion here...  If anyone has
 * a job for a junior year Computer Science student for summer '96, please
 * let me know!  I'm familiar with Windows and Mac networking (especially 
 * involving TCP/IP), fluent in C and C++, and working on becoming a
 * proficient Windows programmer.
 *
 */

#include 
#include 

#define BUFFER 30

int DecodeCharOne(unsigned char *);
int DecodeCharTwo(unsigned char *);
int DecodeCharThree(unsigned char *);
int DecodeCharFour(unsigned char *);
int DecodeCharFive(unsigned char *);
int DecodeCharSix(unsigned char *);
int DecodeCharSeven(unsigned char *);
int DecodeCharEight(unsigned char *);

main() {

  int i;           /* Generic counter */
  int eocc = 0;    /* Records if there has been an error */

  /* The following structure stores the encoded bytes.  Decoded values
   * replace the encoded values as the decoding process moves along
   * The initial values show here are not used and are unimportant
   */
  unsigned char mybytes[] = { 0x15, 0xba, 0x6d, 0x86, 0x73, 0x89, 0xf4, 0x4a };
  unsigned short tempshort;   /* Used as a go-between from sscanf() to
				 mybytes[] so unaligned data accesses
				 don't occur */

  int goupto = 0;  /* Records how many characters there are to be decoded */
  
  /* The following code handles input */
  char inpt[BUFFER];
  char *inptptr;
  
  printf("Input the byte code in hex (ex: 76 d5 09 e3): ");
  fgets(inpt, BUFFER, stdin);
  
  inptptr = strtok(inpt, " ");
  if (inpt[0] != '\n')
    while ((inptptr != NULL) && (goupto < 8)) {
      sscanf(inptptr, "%hx", &tempshort);
      mybytes[goupto++] = tempshort;
      inptptr = strtok(NULL, " ");
    }
  
  /* Decode all the characters.  I could have made this stop immediately
   * after an error has been found, but it really doesn't matter
   */
  if (!DecodeCharOne(&mybytes[0])) eocc = 1;
  if (!DecodeCharTwo(&mybytes[1])) eocc = 1;
  if (!DecodeCharThree(&mybytes[2])) eocc = 1;
  if (!DecodeCharFour(&mybytes[3])) eocc = 1;
  if (!DecodeCharFive(&mybytes[4])) eocc = 1;
  if (!DecodeCharSix(&mybytes[5])) eocc = 1;
  if (!DecodeCharSeven(&mybytes[6])) eocc = 1;
  if (!DecodeCharEight(&mybytes[7])) eocc = 1;

  /* If the password could be decoded, print it */
  if (eocc) printf("The encrypted password is invalid.\n");
  else {
    printf("The decoded password is: \"");
    for (i = 0; i < goupto; i++) printf("%c",mybytes[i]);
    printf("\"\n");
  }
}  /* End of main() */

/*
 * I will document this function, but not the seven other functions
 * which decode the subsequent seven characters.  All of these functions
 * are essentially the same.  Multiple functions are necessary though
 * because each column of the password has a different set of encoding
 * patterns.
 *
 * The following section will attempt to explain the encoding scheme
 * for share passwords as stored in the Windows 95 registry.  I will
 * try to explain this as clearly as I can, however I really have no
 * background in encryption.  If you have any questions, please feel
 * free to send them to me at snakey at cs.umd.edu.
 *
 * First off, share passwords can be anywhere from one character to
 * eight.  "Read only" passwords and "Full access" passwords both use
 * the same encoding scheme, and so they both can be decoded by this
 * program.  There is a one-to-one relationship between the number of
 * characters in a password and the number of bytes in the encoded
 * password stored in the registry.  In fact, each encoded byte directly
 * corresponds to the letter in the corresponding column of the
 * unencoded password!  Ie: If I change a password "passwd" to "masswd",
 * only the first byte of the encrypted password will change.  Knowing
 * this, it is easy to see that all that needs to be done to decode
 * the password is to find a mapping from an encoded byte to a decoded
 * letter.  That's what this program does.  Unfortunately, things get
 * a little tricky because a letter in the first column of a password
 * is encoded using a slightly different algorithm than a letter
 * in the second column, and so on.
 *
 * There is another complexity which we do not really need to worry
 * about to a great extent, but we still need to be aware of.  Many
 * characters, when entered into a password, map to the same encoded
 * byte.  The best example of this is that both 'A' and 'a' are the
 * same as far as share passwords are concerned.  There are numerous
 * other examples of this, and this allows us to effectively limit the
 * range of characters we need to be able to decode.  The range of
 * ASCII values we will have to be able to decode turns out to be
 * from 32 to 159.  ASCII values higher than 159 tend to map to
 * encoded bytes which also represent more normal ASCII values.  So
 * if a user manages to create a password with high ASCII values
 * in it, that password will still be decoded by this program.
 * Although the decoded password won't look the same as the original,
 * it will work just as well.
 *
 * With all of the preliminaries out of the way, I can now move on
 * to describing the mapping from an encoded byte to it's corresponding
 * ASCII value.  I think the best way to describe this would be through
 * a picture of exactly how the characters from 32 to 63 are mapped
 * out in the code for the first letter in a password.  This table goes
 * beyond the 80 column format maintained in the rest of this document,
 * but it is really the best solution.  If the table below doesn't look
 * right, load this file up in a text editor that supports greater than
 * 80 columns.
 *
 *   Encoded byte (hex)    - 1F 1E 1D 1C 1B 1A 19 18 17 16 15 14 13 14 11 10 0F OE 0D 0C 0B 0A 09 08 07 06 05 04 03 02 01 00
 *   ASCII value (decimal) - 42 43 40 41 46 47 44 45 34 35 32 33 38 39 36 37 58 59 56 57 62 63 60 61 50 51 48 49 54 55 52 53
 *   Pair #                - |_6_| |_5_| |_8_| |_7_| |_2_| |_1_| |_4_| |_3_| |14_| |13_| |16_| |15_| |10_| |_9_| |12_| |11_|
 *   Quad #                - |__________2__________| |__________1__________| |__________3__________| |__________4__________|
 *   32 byte block #       - |______________________________________________1______________________________________________|
 *
 * The "Pair #", "Quad #", and "32 byte block #" rows each are there to
 * make the general ordering of the code more visible.  The first thing to
 * note is that the range of encoded byte values runs from 00 to 1f.  This
 * will not always be the case for the first set of 32 characters.  In
 * fact, the next set of 32 characters (ASCII 64 to ASCII 95) is not in
 * the range of 20 to 3f in encoded form.  I never concerned myself with
 * predicting exactly where each of the four 32 byte ranges are aligned
 * within the range of 0 to 256.  In my decoding scheme, I simply specify
 * the location of the first character in a 32 byte block (which I have
 * pre-determined via experimentation) and determine the locations of the
 * rest of the characters in the block relative to the inital value.  This
 * amounts to a total of four hand-decoded characters for the entire code.
 *
 * From a starting point which is given (in this case the fact that ASCII
 * 32 is encoded as 0x15), my decoding scheme follows a pattern that is
 * probably already apparent to you if you have examined the above table
 * closely.  First, if the encoded byte number is odd, it simple subtracts
 * one from this byte number to get the byte number of the encoded form of
 * the subsequent character.  This is much more simple than it sounds.
 * As an example, given that the code for ASCII 32 is 0x15, the program
 * knows that the code for ASCII 33 must be 0x14.  The tricky part is that
 * this is not always true for every code.  Recall that there is a different
 * coding scheme for each of the 8 columns in a password, and that the above
 * table only describes the coding scheme for the first column.  Other columns
 * reverse this relationship between the two ASCII values of a certain pair.
 *
 * Pairs are grouped into units of four, appearing in a predefined pattern.
 * In this case, the first pair (by first I mean the pair with the lowest
 * set of ASCII values) is put in the second slot of a quad (which contains
 * four pairs).  The second pair is put in the first slot, the third is put
 * in the fourth quad, and the fourth is put in the third quad.  This changes
 * depending on the specific code used (of the 8 possible).
 *
 * Quads also fill a block in the same manner, however the ordering is NOT
 * necessarily the same as the way pairs fit into quads!  As I described
 * above, there are four blocks, and they fit into the entire range of
 * 128 values just as pairs fit into quads and quads fit into blocks,
 * via a pattern determined by whoever invented this encoding scheme.  It
 * is important to realize that the range of 128 possible encoded
 * values can be anywhere within the range of 0 to 256.  Ie: One block can
 * be positioned from 0x00 to 0x1f, while another block in the same code
 * can be positioned from 0xa0 to 0xbf.
 *
 * I realize that the above description is a bit complex, and it doesn't
 * really cover much of _how_ my program decodes the the encoded values.
 * If you honestly can't understand a word I've said, just go back to
 * the table and really take a long look at it.  Print it out, put it
 * under your pillow when you go to sleep.  Sooner or later the order
 * of it all will dawn on you and you should be able to step through
 * my code and see how it derives its answer, at least for the
 * DecodeCharOne() routine.  Seven other tables (which I have rough
 * copies of here on notebook paper) were needed to come up with
 * the seven other decoders for the seven other character places.
 *
 */

int DecodeCharOne(unsigned char *mychar) {
  int i = 0;        /* Keeps track of the decoded character # minus 32 */
  int cletter = 1;  /* Sets the current letter of the 8 char quad */
  int blockl1 = 1;  /* Sets the current quad */
  int blockl2 = 1;  /* Sets the current 32 char block */
  int retval = 1;
  /* We are on this col of the table: */
  unsigned char code = 0x15;    /* The code for a space */
  
  /* This is the main loop.  It walks through each decoded character, finds
   * its corresponding encoded value, and looks to see if that's the same as
   * the encoded value we are looking for.  If it is, we have found our
   * decoded character!
   */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code -= 5;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code+=3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {    /* After we hit character number 8, we have */
      case 1:               /* to do a relative jump to the next quad */
	code += 11;
	blockl1++;
	break;
      case 2:
	code -= 21;
	blockl1++;
	break;
      case 3:
	code += 11;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {       /* After we hit the last quad, we have to */
	case 1:                  /* jump to the next 32 character block. */
	  code = 0x75;
	  blockl2++;
	  break;
	case 2:
	  code = 0x55;
	  blockl2++;
	  break;
	case 3:
	  code = 0xb5;
	  blockl2++;
	  break;
	case 4:
	  code = 0x15;
	  blockl2 = 1;
	  break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharOne() */

int DecodeCharTwo(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0xba;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code -= 3;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code += 5;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code -= 3;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
      	code -= 11;
	blockl1++;
	break;
      case 2:
	code -= 11;
	blockl1++;
	break;
      case 3:
	code -= 11;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
	  code = 0xda;
	  blockl2++;
	  break;
	case 2:
	  code = 0xfa;
	  blockl2++;
	  break;
	case 3:
	  code = 0x1a;
	  blockl2++;
	  break;
	case 4:
	  code = 0xba;
	  blockl2 = 1;
	  break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharTwo() */

int DecodeCharThree(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x6d;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code -= 5;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code += 3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code -= 5;
        blockl1++;
	break;
      case 2:
        code += 27;
        blockl1++;
        break;
      case 3:
        code -= 5;
        blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
	  code = 0x0d;
	  blockl2++;
	  break;
	case 2:
          code = 0x2d;
          blockl2++;
          break;
	case 3:
          code = 0xcd;
          blockl2++;
          break;
	case 4:
	  code = 0x6d;
	  blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharThree() */

int DecodeCharFour(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x86;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code -= 3;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code -= 3;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code -= 3;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 13;
        blockl1++;
	break;
      case 2:
        code += 13;
        blockl1++;
        break;
      case 3:
        code += 13;
        blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0xe6;
          blockl2++;
	  break;
	case 2:
          code = 0xc6;
          blockl2++;
          break;
	case 3:
          code = 0x26;
          blockl2++;
          break;
	case 4:
	  code = 0x86;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}   /* End of DecodeCharFour() */

int DecodeCharFive(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x73;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code--;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code += 7;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code--;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 7;
	blockl1++;
	break;
      case 2:
        code -= 25;
        blockl1++;
        break;
      case 3:
        code += 7;
	blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0x13;
          blockl2++;
	  break;
	case 2:
          code = 0x33;
          blockl2++;
          break;
	case 3:
          code = 0x23;
          blockl2++;
	  break;
	case 4:
	  code = 0x73;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}    /* End of DecodeCharFive() */

int DecodeCharSix(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x89;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code += 3;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code += 3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code -= 13;
	blockl1++;
	break;
      case 2:
	code += 19;
        blockl1++;
	break;
      case 3:
        code -= 13;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0xe9;
	  blockl2++;
	  break;
	case 2:
          code = 0xc9;
	  blockl2++;
	  break;
	case 3:
          code = 0x29;
	  blockl2++;
	  break;
	case 4:
	  code = 0x89;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}     /* End of DecodeCharSix() */

int DecodeCharSeven(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0xf4;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code++;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code -= 7;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code++;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 9;
	blockl1++;
	break;
      case 2:
	code -= 23;
        blockl1++;
	break;
      case 3:
        code += 9;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0x94;
	  blockl2++;
	  break;
	case 2:
          code = 0xb4;
	  blockl2++;
	  break;
	case 3:
          code = 0x54;
	  blockl2++;
	  break;
	case 4:
	  code = 0xf4;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}   /* End of DecodeCharSeven() */

int DecodeCharEight(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x4a;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
     switch (cletter) {
     case 1:
       code++;
       cletter++;
       break;
     case 2:
       code -= 3;
       cletter++;
       break;
     case 3:
       code++;
       cletter++;
       break;
     case 4:
       code += 5;
       cletter++;
       break;
     case 5:
       code++;
       cletter++;
       break;
     case 6:
       code -= 3;
       cletter++;
       break;
     case 7:
       code++;
       cletter++;
       break;
     case 8:
       cletter = 1;
       switch (blockl1) {
       case 1:
	 code -= 11;
	 blockl1++;
	 break;
       case 2:
	 code += 21;
	 blockl1++;
	 break;
       case 3:
	 code -= 11;
	 blockl1++;
	 break;
       case 4:
	 blockl1 = 1;
	 switch (blockl2) {
	 case 1:
	   code = 0x2a;
	   blockl2++;
	   break;
	 case 2:
	   code = 0x0a;
	   blockl2++;
	   break;
	 case 3:
	   code = 0xea;
	   blockl2++;
	   break;
	 case 4:
	   code = 0x4a;
	   blockl2 = 1;
	   break;
	 }
	 break;
       }
       break;
     }
     i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}    /* End of DecodeCharEight() */

/* End of program */


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4peyoZzwIn1bdtAQE0dQF9GzqfuxYsYp+x7nVKG0Kz3de74E4HBHxf
IleTsbVrWWQWkV09WU7AVkvVlsajnhsC
=r6cs
-----END PGP SIGNATURE-----





From jcobb at ahcbsd1.ovnet.com  Sun Feb 11 10:49:05 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Mon, 12 Feb 1996 02:49:05 +0800
Subject: Digital Rights...Management
Message-ID: 


 
 
  Friend, 
 
 
  You may download a copy of the 118-page report, "Digital Rights 
  Management Technologies," prepared for the Committee On New 
  Technologies of the International Federation of Reproduction 
  Rights Organizations at: 
 
                     http://www.ncri.com 
 
 
  Go to page 2 of home page. 
 
  Link to "Articles." 
 
  Go to p 3 of "Articles." 
 
  Voila! 
 
 
  Cordially, 
 
  Jim 
 
 






From jya at pipeline.com  Sun Feb 11 11:18:23 1996
From: jya at pipeline.com (John Young)
Date: Mon, 12 Feb 1996 03:18:23 +0800
Subject: NON_ice
Message-ID: <199602111842.NAA08358@pipe1.nyc.pipeline.com>


   Fueling Asia-phobia of techno-insurrection, The Wash Post
   today offers opposing views of Singapore:

   "City of the Future: What American Can Learn form Post-
   Liberal Singapore;" and,

   "Big Brother's Hometown: The Country is a Model, All Right
   -- of Dressed-Up Dictatorship."

   The first sets out the virtues of paternalism, and quotes
   eminently powerful Lee Kuan Yew, "The ideas of individual
   supremacy and the right to free expression, when carried to
   excess, have not worked. They have made it difficult to
   keep American society cohesive. Asia can see it is not
   working. ... The top 3 to 5 percent of a society can handle
   this free-for-all, this clash of ideas. If you do this with
   the whole mass, you'll have a mess. In this vein, I say,
   let them have the Internet."

   In the second, Lee's own OCAF Agincourt Project is detailed,
   "I would isolate the leaders, the trouble-makers, get them
   exposed, cut them down to size, ridicule them, so that
   everybody understands that it's not such a clever thing to
   do. Governing does not mean just being pleasant. If you
   want a pleasant result, just as with children, you cannot
   just be pleasant and nice."


   Then there is "Angry, White Rebels are Homeless by Choice,"
   a Page One jaw-dropper about "gutter punks," scion Okies of
   all America's families:

      Their appearance and their life-style seem like a
      nightmare to many of their parents and much of society,
      as if all the promise of youth in America had been
      turned inside out, producing these nihilistic, angry,
      ironic spawn all dressed in black, the end result --
      perhaps a bill coming due -- of decades of family
      disintegration, suburban boredom and national cynicism.

      Filth has stitched the anarchist patch into the palm of
      his hand. "Crusty punks" never bathe and say the police
      cannot make an arrest because of body odor. "I'm a paint
      head," said Riff Raff, inhaling spray paint. Becca said,
      "People are afraid of us, but we're not the ones who are
      scary." 

   Only for the beyond-Singapore, truly loving parent.


   NON_ice (for all)













From dlv at bwalk.dm.com  Sun Feb 11 12:02:27 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 12 Feb 1996 04:02:27 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: 
Message-ID: 


Ed Carp  writes:
> On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:
>
> >  Export means:
> >
> >  (4) Disclosing or transferring technical data to a foreign person, whether
> >  in the United States or abroad;
> >
> > A foreign person is defined in S 120.11, and means anyone who's not a U.S.
> > citizen. Technical data is defined in S 120.33
>
> Oh?  You mean that I can get busted for giving my Canadian spouse a copy
> of PGP?

Well, I'm not a lawyer. ;-) S 120.11 (Foreign person) goes like this:

 Foreign person means any natural person who is not a "citizen or intending
 citizen" of the United States within the meaning of 8 U.S.Code 1324 b(a)(3).
 It also means any foreign corporation... The term "intending citizen" means a
 person who has been lawfully admitted to the United States for permanent
 residence (and maintains such residence) under the Immigration and
 Naturalization Act (8 U.S.Code 101(a), 1101(a), 60 Stat. 163).

I don't have 8 U.S.Code here (I'm not a lawyer :-), but the "indenting citizen"
bit sounds to me like the INS form which affirms that one intends to stay here
permanently, and to become U.S. citizen once eligible, which those immigrants
who haven't been in the U.S. long enough to apply for citizenship are asked to
show when they apply for certain jobs, like the NYC Board of Ed.

So -- I think that if the climate in the U.S. reverts to what it was in the
'50's, a zelous prosecutor might tell a grand jury that you gave munitions to a
"forriner", and you might be indicted, and the onus would be on you to prove
that your wife was an "intending citizen".

All this smacks of Nazism.

P.S. Last time I taught an undergraduate computer security course, my floppy
disk handouts contained, inter alia, PGP, and I didn't ask which students were
U.S. citizens.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From lmccarth at cs.umass.edu  Sun Feb 11 12:05:59 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 12 Feb 1996 04:05:59 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <960210230549.20217184@hobbes.orl.mmc.com>
Message-ID: <199602110702.CAA05558@opine.cs.umass.edu>


Padgett writes:
> Gov does have the right (in fact the duty) to regulate communications 
> between citizens and non-citizens/sites in other lands

(not wishing to start a flamewar) Why do you think so ?

-Lewis





From bdavis at thepoint.net  Sun Feb 11 12:06:06 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Mon, 12 Feb 1996 04:06:06 +0800
Subject: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960209112844.0068f1a8@arn.net>
Message-ID: 


On Fri, 9 Feb 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 08:27 AM 02/9/96 -0800, Simon Spero  wrote:
> > The Administration has repeatedly stated its belief that those parts of 
> >the bill are unconsitutional, and does not intend to enforce them. 
> 
> So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.

The Administration did not include those provisions.  Ignorant Members of 
Congress did.

EBD





From jzychik at via.net  Sun Feb 11 12:23:04 1996
From: jzychik at via.net (Joe Zychik)
Date: Mon, 12 Feb 1996 04:23:04 +0800
Subject: American Reporter on CDA 2/8/96 (fwd)
Message-ID: <2.2.32.19960211195931.00f83980@via.net>


I set the article up with a dark red background and large, yellow lettering
- and posted it on my home page.

Underneath the article is a picture of Lenny Bruce, with the caption

"Lenny Bruce
A better protector of your freedoms than Pat Robertson."


http://www.via.net/~jzychik

Also on my page is a letter from a pot head who e-mailed every congress
person on the net and invited them to arrest him for smoking pot.



jz







From jrochkin at cs.oberlin.edu  Sun Feb 11 12:37:08 1996
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 12 Feb 1996 04:37:08 +0800
Subject: NON_ice
Message-ID: 


Thanks.







From tallpaul at pipeline.com  Sun Feb 11 12:41:01 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 12 Feb 1996 04:41:01 +0800
Subject: Strange Sounds of Silence
Message-ID: <199602111959.OAA19274@pipe6.nyc.pipeline.com>


 
> 
>Alan Pugh writes: 
>> Has anyone else out there noticed the strange sounds of silence 
>> emmanating from the american print and broadcast media concerning the 
>> rider attached to the Telecommunications Act recently signed by 
>> President Clinton known as the CDA (Communications Decency Act)? 
> 
 
No, actually I haven't. 
 
I do seem to observe strange sounds of silence from lib'bers on the
cypherpunks list about the legislative body who passed the law, although
they must know about the law since they blast the "libera;" to "socialist
statist" President who signed it. 
 
I seem to observe similar sounds of silence from people who get upset at
ostensibly liberal Tipper Gore's godlike powers to implement, as a single
individual, some form of record labels while remaining silent about the
conservative forces supporting Gingrich clustered around fundamentalist
christianity who were calling for censorhip. 
 
--tallpaul





From cactus at hks.net  Sun Feb 11 12:55:39 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Mon, 12 Feb 1996 04:55:39 +0800
Subject: Coderpunks archives on line
Message-ID: <199602112032.PAA16583@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----


I've placed the coderpunks archives up for viewing, reachable from the same
page as the cypherpunks archives ( http://www.hks.net/cpunks/ )
- --
Todd Masco     | "life without caution/ the only worth living / love for a man/
cactus at hks.net |  love for a woman/ love for the facts/ protectless" - A Rich
Cactus' Homepage
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR5SUioZzwIn1bdtAQEpLQF/e4UQxQv4+XGwCt/wNQuCLtyFhfiJLyTF
8+oIS/+B2Ntp43+8xKIB36wcMhvC0vTE
=y1HW
-----END PGP SIGNATURE-----





From tcmay at got.net  Sun Feb 11 13:06:53 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 05:06:53 +0800
Subject: Strange Sounds of Silence
Message-ID: 



I rarely understand the points "tallpaul" makes, but this one is especially
confusing to me:

At 7:59 PM 2/11/96, tallpaul wrote:

>I do seem to observe strange sounds of silence from lib'bers on the
>cypherpunks list about the legislative body who passed the law, although
>they must know about the law since they blast the "libera;" to "socialist
>statist" President who signed it.
>
>I seem to observe similar sounds of silence from people who get upset at
>ostensibly liberal Tipper Gore's godlike powers to implement, as a single
>individual, some form of record labels while remaining silent about the
>conservative forces supporting Gingrich clustered around fundamentalist
>christianity who were calling for censorhip.

As a card-carrying "lib'ber," it seems to me that I have written more than
enough articles denouncing the CDA, making fun of it and Congress, etc. And
so have numeous other "lib'bers" on this list, including (but not limited
to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort,
Vince Cate, and others too numerous to mention.

tallpaul must be reading a different list than I am reading if thinks those
he dismisses as "lib'bers" (in his other posts, and this one) are somehow
in league with the Christian Right in supporting censorship.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From strata at virtual.net  Sun Feb 11 13:21:41 1996
From: strata at virtual.net (strata at virtual.net)
Date: Mon, 12 Feb 1996 05:21:41 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 


Mr. Barlow, you've done many good things for cyberspace and individual
rights, and I respect you for that.  BUT...I have a major bone to pick
with this.  I'm not accusing you personally of anything, but I think
this document is going to cause more trouble than it's worth, and
large chunks of it are patently untrue.  Untrue documents that inspire
people to correct their mistakes can be uplifting, but this one
inspires a level of smug self-righteousness that's not going to make
the net a better place.  See details below.

>To: barlow at eff.org
>From: John Perry Barlow 
>Subject: A Cyberspace Independence Declaration

>It attempts to place more restrictive constraints on the conversation
>in Cyberspace than presently exist in the Senate cafeteria, where I
>have dined and heard colorful indecencies spoken by United States
>senators on every occasion I did.

Good call, by the way.   I hope the foreword re: hypocrisy also goes
into the book.

>Or, more to the point, let us now take our leave of them. They have
>declared war on Cyberspace. Let us show them how cunning, baffling,
>and powerful we can be in our own defense.

Let us show them how cunning, baffling, and powerful we can be as
armed federal marshals walk into a major ISP and shut down their
routers, as replays of Operation Sun Devil occur in people's houses,
as major idiocy of the sort that only a scared government in a country
which considers itself free can carry out.  I don't know which is more
disheartening, the actions themselves or the spirit of "we're doing
this for your own good" in which they are carried out.  But I
digress.  All the little-boy fantasies of the Powerful Internet don't
mean two beans when an officially sanctioned thug turns the switch
from 1 to 0 on your POP.  It'll happen.  Just watch.

>I have written something (with characteristic grandiosity) that I hope

Yes.

>You can leave my name
>off it if you like, because I don't care about the credit. I really
>don't.

I believe you.  It's one of the admirable qualities you have.

>But I do hope this cry will echo across Cyberspace, changing and
>growing and self-replicating, until it becomes a great shout equal to
>the idiocy they have just inflicted upon us.

Yes, that's what I'm afraid of.  See my opening remarks.

>A Declaration of the Independence of Cyberspace

>Governments of the Industrial World, you weary giants of flesh and
>steel, I come from Cyberspace, the new home of Mind. On behalf of the
>future, I ask you of the past to leave us alone. You are not welcome
>among us. You have no sovereignty where we gather.

Oh, let's start right off pretending that 
a) the net is an independently funded entity with no government
infrastructure and
b) independent of (non-electronic) world society and world government

While we're at it, let's press a monkey-brain hot button in any person
of political power by saying their power does/should not apply here.
This will not only make them receptive to the reasoning which we will
lay out in the rest of the document, it will impress them with our
real-world suavity, tact, and general with-it-ness.

>We have no elected government, nor are we likely to have one, so I

Nature abhors a vacuum.  I assume it surprises no one that much of the
major flack about the net began when it became widely known to
government that the net considered itself anarchic.

>address you with no greater authority than that with which liberty
>itself always speaks. I declare the global social space we are
>building to be naturally independent of the tyrannies you seek to
>impose on us. 

You must be talking about IPV6. Sorry, I couldn't resist.  But
certainly the TRA and various other things will be *much* easier to
implement in the IPV6 Internet.  Control structures exist to be used,
gang.

>You have no moral right to rule us 

Hello?  Are we laboring under the belief that even a scant majority of
governments truly believe in the morality of their rule?  Or, since a
government is a collection of individuals who tend to act with the
worst instincts of a mob when only a few are present, that the
individuals themselves feel that they are morally entitled to rule?

>						 nor do you possess
>any methods of enforcement we have true reason to fear.

Like walking into MAE-WEST and powering it down due to court orders.
Nope.  None at all.

>Governments derive their just powers from the consent of the governed.

Yes.  

>You have neither solicited nor received ours. We did not invite you.

We took a defense department network and ran with it, but since we've
been playing with it for over a decade, it's ours now.  Just like when
the neighbor kid loaned us his toy and we fixed it up, painted it, put
new wheels on it, and now he wants it back!  WAAAAAAHHHH!

>You do not know us, nor do  you know our world. Cyberspace does not
>lie within your borders. 

Yes, but.  Inasmuch as the culture of cyberspace grows from (as you
say below) the actions of individuals, it grows from the "real world"
(I hate that phrase, but need to use it to be clear).  We were all
raised in that world, that world provides many (perhaps most) of the
denizens of cyberspace with their livelihoods and access, and both
encourages and constrains their actions, from the engineer who
subscribes to a gay mailing list secretly for fear of losing his job
to the public policy advocate who openly posts pro-net/anti-censorship
material to com-priv in defiance of her government post.

>			  Do not think that you can build it, as though
>it were a public construction project. You cannot. 

Yes.  Though "building" is not quite what I'd call it.  More like
when they bulldoze a section of neighborhood which is actually a haven
for poor families and an extended culture simply because the buildings
and the cultural ways are deemed "unsightly"-- large families living
in small apartments and hanging out their washing, sitting out on the
stoop being neighborly, etc.  Townhouses come up and people don't know
their neighbors anymore, but it "looks nice" and thus must be
progress.  

>						   It is an act of
>nature and it grows itself through our collective actions.

Yes, but see "real world influence" above.


>You have not engaged in our great and gathering conversation, 

No comment.

>							       nor did
>you create the wealth of our marketplaces. 

You did not pour money down ratholes such as highspeed nets to carry
talk.bizarre, sf-lovers, and bandykin because the technical
administrators of the existing, government-funded networks knew that
cyberspace could emerge if DARPA were tricked into creating it.  "Our
links are already almost saturated!"  You did not provide countless
network pioneers a living from government grants nor complain when
they spent much of their research time writing network utilities
rather than doing AI or compilers or what they were actually being
paid to do.  You did not pay people to build the network.  You did not
provide free access and TACACS cards to anyone with the savvy to just
ask for them in the late 70's and early 80's, helping grow the core of
network culture.  You did not again and again provide equipment and
resources only to watch them become privatized by the core of
sysadmins and techies that you paid over the years, often in outright
blackmail ("we'll walk away unless you sell/give us the equipment and
facility").  And you certainly didn't do this only to see the same
people utterly denigrate the access to those resources and claim that
only their time, attention, and effort created the network and
cyberspace.  Clearly they could have done it without any money,
machines, or extant wiring, it was merely more efficient use of their
valuable time to do it at your expense.

>					    You do not know our
>culture, our ethics, or the unwritten codes that already provide our
>society more order than could be obtained by any of your impositions.

Yes, like "thou shalt not take home equipment from one's company,
university, or govt office without paying for it, even if it is older
or unused".  Or "thou shalt not steal computer time, long-distance
services, etc".

>You claim there are problems among us that you need to solve. You use
>this claim as an excuse to invade our precincts. Many of these
>problems don't exist. 

No argument here.  Dead on, as far as I'm concerned.

>Where there are real conflicts, where there are
>wrongs, we will identify them and address them by our means. 

Like use of copyrighted material, for instance.  We who forward things
from the "experimental" (but going for years) AP and NYT news wire
feeds, the Dave Barry mailing lists, the Calvin and Hobbes cartoon
daily web sites, we will identify them and address them by our means
if we ever decide there's a problem there that we actually care about.
Same with snuff stories about real people, harrassment of women,
minorities, or homo/bi/trans-sexuals online, etc.   Online advertising
actually bothers us, so we completely smite and try to drive out of
business people who are clueless enough to try spamming.  So what if
it's like executing someone for a traffic offense, they should have
read the manual before logging in.  In the "real world", few of us
bother to go to the post office and fill out a card saying "refuse all
mail to 'Resident'" because it's too much trouble, thus passively
acquiescing to the torrents of junkmail and flyers we get from our
neighborhood stores.  I wonder why they get the idea that direct mail
works?

>								We are
>forming our own Social Contract . This governance will arise according
>to the conditions of our world, not yours. Our world is different.

No kidding.  But more on that later, with both barrels.

>Cyberspace consists of transactions, relationships, and thought
>itself, arrayed like a standing wave in the web of our communications.
> Ours is a world that is both everywhere and nowhere, but it is not
>where bodies live.

Ooo, mystical.  My bones are shaking, help me!  Our bodies may not
live there, but our endocrine systems sure do...

>We are creating a world that all may enter without privilege or
>prejudice accorded by race, economic power, military force, or station
>of birth.

Right, only by ISP and spelling and punctuation ability.  This
paragraph is where I decided I finally had to come out and call
bullshit to this whole thing.  And how many of the people on the mailing lists
that claim to be full of internet liberators, free-speech advocates,
people who are "building cyberspace" etc look at something posted by,
say, an AOL account, with the same level of fair judgement as they do
a .stanford.edu or some well-known company name?   How many postings
with good ideas have been publicly ridiculed on any number of lists
and newsgroups because of spelling or punctuation errors?
How many posts with an obviously female account name have been
publicly denigrated with "wow, you must be PMS today"?

How about "we are creating a world that all may enter without
privilege or prejudice as long as they conform to certain literary
standards, have a gender-neutral account name, and don't take potshots
at any sacred net.religious institutions such as 'cancel poodles' (ah
those paragons of democratic free speech), flame wars, and the utterly
omniscient and fair judgement of the net.gods, who have proven
themselves in the majority of cases to have written prodigious network
utilities and made major technical contributions, and therefore must
be reasonable, impartial, and pure of heart."

>We are creating a world where anyone, anywhere may express his or her
>beliefs, no matter how singular, without fear of being coerced into
>silence or conformity.

I'm rolling on the floor, but I'm not sure if I'm laughing or crying.
WHAT PLANET ARE YOU FROM?   Can someone take an anonymous poll of the
Known Network and ask the following:  "I routinely refrain from
posting my opinions or beliefs to mailing lists and/or newsgroups for
fear of flaming, harrassment, or ridicule, even when I am confident of 
those beliefs or opinions  (strongly-disagree  disagree no-opinion agree
strongly-agree)"   Think about how many mailing list or newsgroup
communities are real communities, and how rare they are, and how they
go downhill because "too many people hear about it" and people stop
feeling that they can participate fully without fear of squelching.

Hell, look what the cypherpunk community did to Detweiler!  I've never
met the man, but I've read his papers and he doesn't seem like a total
nut case to me.  It's one thing to ostracize someone, but baiting them
is going a little far.  Similar things have happened in many online
communities.  "Yeah, there are some real nut cases out there, and
sooner or later a big enough community runs into them".  Even if we
accept that, does that mean we have to handle them with a complete
lack of compassion?  Do we have to be little boys with sticks
tormenting a wounded animal?  I don't think so.

>Your legal concepts of property, expression, identity, movement, and
>context do not apply to us. They are based on matter, There is no
>matter here.

Awesome.  Among other things, all those .sigs saying that the
Microsoft Network consents to such-and-such fees if they redist this
message, or that this message is copyright the Extropy Inc folks if it
appears on this list, etc are just hot air, and those folks won't mind
it.  For that matter, source code copyrights on the net are just a
quaint custom, and so are people's personal privacy expectations with
regard to their email and to their files.  I mean,
electronic privacy isn't a concept of property, identity, or
expression is it?  What's all this fuss about crypto?  Silly people,
those legal concepts don't apply here!!!  Now go read your users mail
like a good sysadmin and turn in heretics to the thought police.  Mr.
Barlow says it's okay, right here in this widely-forwarded document!

Now I understand why there is no fear of the plug being pulled-- so
what if this message is being read on a physical screen and is stored
on a physical disk, with a physical junction joining it to the network,
"there is no matter here".  The fact that the computer on which you
read this may belong to someone else, may be shut down without your
control, may be being misused according to their intent just by
transmitting this message, that is irrelevant!  OMMMMMMM-- are you
receiving this message?  OMMMMMMMM....

>Our identities have no bodies, so, unlike you, we cannot obtain order
>by physical coercion. 

The persons we have kicked off numerous online services, such as
Cantor & Seigel, email harrassers, stalkers, etc are not really "us",
so this statement is entirely self-consistent, Selah.


>		       We believe that from ethics, enlightened
>self-interest, and the commonweal, our governance will emerge . Our
>identities may be distributed across many of your jurisdictions. The
>only law that all our constituent cultures would generally recognize
>is the Golden Rule. 

Even if we don't apply it universally to ourselves, only to those
online bodiless entities who meet with our approval and are clearly
also members of the intellectual and anarchic elite!

>			We hope we will be able to build our particular
>solutions on that basis.  But we cannot accept the solutions you are
>attempting to impose.

Why yes.  Bad law on a bad situation does not make it right.  Again,
I agree here.

>In the United States, you have today created a law, the
>Telecommunications Reform Act, which repudiates your own Constitution
>and insults the dreams of Jefferson, Washington, Mill, Madison,
>DeToqueville, and Brandeis. These dreams must now be born anew in us.

Cool.  I wonder how much hate mail I will get for this commentary?
Perhaps I will be immediately dismissed as 
a) not a member of the technical elite of netdom or hackerdom, and
therefore clueless
b) an outsider, ditto (hey, I've only been on the net since 1981, I'm
just a pup; and I never became a netnews household word)
c) a woman, who is probably on the rag

>You are terrified of your own children, since they are natives in a
>world where you will always be immigrants. Because you fear them, you
>entrust your bureaucracies with the parental responsibilities you are
>too cowardly to confront yourselves. In our world, all the sentiments
>and expressions of humanity, from the debasing to the angelic, are
>parts of a seamless whole, the global conversation of bits. We cannot
>separate the air that chokes from the air upon which wings beat.

Set BOLE generators on HYPER, captain.  Aye aye!

Please.  This sort of thing is so riddled with inaccuracies,
hypocrisy, half-truths, and the occasional kernel of absolute
correctness that it ought to be taken out and shot.  Where are *our*
"parental responsibilities" to network newcomers, to AOL and the
Microsoft Network people (to name a few)?  How many of the self-avowed
denizens of cyberspace feel like "natives" in the "real world"?  How
many decent politicians do you think are out there trying to do their
job and being confronted with only a single tarbrush of shirking
spineless cowardice?  Yes, I should give up my political career and
the hope of building new housing in my district, getting more school
funding, etc for a bunch of twenty (or thirty)-something
non-constitutents who think of me as a pustulent gastropod.  I'll run
right out and vote against TRA!!

How much do you go out of your way for people who openly despise you
and publicly declare your stupidity with every other breath?


>In China, Germany, France, Russia, Singapore, Italy and the United
>States, you are trying to ward off the virus of liberty by erecting
>guard posts at the frontiers of Cyberspace. These may keep out the
>contagion for a small time, but they will not work in a world that
>will soon be blanketed in bit-bearing media.

PTHTHT.   Take a look at the hierarchic network structure.  Have you
made your BIND mods yet to allow alternate root-level nameservers?
Tsk tsk-- how will people find you after your domain name gets taken
out of the InterNIC servers and your ISP is forced to pull your
network number or get shut down?  Or rather, how will other people
besides your group of fellow net.elite peers find you?

>Your increasingly obsolete information industries would perpetuate
>themselves by proposing laws, in America and elsewhere, that claim to
>own speech itself throughout the world. These laws would declare ideas
>to be another industrial product, no more noble than pig iron. In our
>world, whatever the human mind may create can be reproduced and
>distributed infinitely at no cost. The global conveyance of thought no
>longer requires your factories to accomplish.

See copyright issues in various places above.  

And what the hell are you referring to by "ideas as an industrial
product"?  It sounds very noble, but it has little to do with freedom
of speech on the net!  As we have all seen, many industrial products
ranging from inflatable sheep to magazines as respectable as the "New
Yorker" don't have to conform to the provisions of the TRA.

And the "global conveyance of thought" hasn't needed factories ever.
Broadcast communications media have sufficed, ranging from newspapers
to radio to satellite TV.

>These increasingly hostile and colonial measures place us in the same
>position as those previous lovers of freedom and self-determination
>who had to reject the authorities of distant, uninformed powers. We
>must declare our virtual selves immune to your sovereignty, even as we
>continue to consent to your rule over our bodies. We will spread
>ourselves across the Planet so that no one can arrest our thoughts.

Isn't that special.  Not all of us can afford to go to Switzerland,
John.

>We will create a civilization of the Mind in Cyberspace. May it be
>more humane and fair than the world your governments have made before.

We've got a hell of a lot of work to do, then.  Let's start by not
flaming people at the drop of a hat.  Perhaps I myself am guilty of
this-- everyone who flames thinks they have a good enough reason.
But unlike some people, I've never claimed to be a superior being.

>Davos, Switzerland
>February 8, 1996

>John Perry Barlow, Cognitive Dissident

************

I don't know what the "right" things to do are to protect free speech
on the net.  I'm trying to figure that out, like many of you.  I do
know, or rather, passionately believe, that missives like this
Declaration are a major red herring.  Every person who takes his or
her five minutes to forward this to another mailing list or to his or
her congresscritter is wasting time and helping to promote an
impression of the net as a place full of immature, unrealistic people.

Find something original and concrete to do instead.  Spend the five 
minutes writing and *mailing* an original letter to your elected
official and mention you are in his or her district.   Write a
non-judgemental, helpful explanation of something to a net newcomer.
Install PGP on your roomate's machine and teach him/her how to use
it. Take an hour to write and post a refutation to a meme which 
you think will harm the net community.  Just go DO something.

It's a hard thing to face, that armed persons might come to your door
and shut down your livelihood and your main access to your chosen
community of friends, and possibly shoot you or your loved ones in 
the process.  The sooner we face and deal with that fear in ourselves,
and use that transformative power to direct our actions for individual
and collective freedom, the better.  Pretending we are ruling a
powerful invisible empire which is immune to violence is not the way
to get there.  Get real about the virtual.

2/11/96

M. Strata Rose
strata at virtual.net

Copyright 1996 M. Strata Rose.  This message may be forwarded in its
entirety as long as this notice is retained.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzDquVEAAAEDAJzWZyzHAO92FpvwUFrGNk3LCHRsTu4BT+scMw/3CdJtWoCB
9HGoj8N/4jLE0kjJH+2iNT0nvfHCjJbd7s1wXUbKcjoJBi6+mUJIe+mjyyjMxuyz
ulM1UdqyunAFqCBz1QAFEbQjTS4gU3RyYXRhIFJvc2UgPHN0cmF0YUB2aXJ0dWFs
Lm5ldD4=
=x64T
-----END PGP PUBLIC KEY BLOCK-----
*************************************************************************
M. Strata Rose                                  strata at virtual.net
VirtualNet Consulting                		408-534-3714
Unix & Internet Administration since 1983       http://www.virtual.net/
             ***   Better Business Bureau member ***
*************************************************************************





From vznuri at netcom.com  Sun Feb 11 13:41:01 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Mon, 12 Feb 1996 05:41:01 +0800
Subject: internet underground www address
Message-ID: <199602112120.NAA03191@netcom17.netcom.com>


my apologies-- I should have included this.

the web site for the internet underground magazine I mentioned
is 

http://www.nuke.com/underground.html







From rjc at clark.net  Sun Feb 11 13:42:57 1996
From: rjc at clark.net (Ray Cromwell)
Date: Mon, 12 Feb 1996 05:42:57 +0800
Subject: Decense v0.10 alpha available
Message-ID: <199602111126.GAA07364@clark.net>



I've made Decense v0.10 alpha available publically. There's a few
non-critical things to be fixed and plenty of features to be added.
I have other obligations at the moment, so I can't spare anymore time
right now to polish it up. If you're a perl hacker, take a look at it.


The Decense Project homepage is http://www.clark.net/pub/rjc/decense.html
You can retrieve the tarfile there.

Have fun, and Write Code!
-Ray






From alanh at infi.net  Sun Feb 11 14:08:18 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 12 Feb 1996 06:08:18 +0800
Subject: does NSA have jurisdiction over sound-eavesdropping?
Message-ID: <199602112141.QAA07184@larry.infi.net>


Some conversations can be intercepted as sound waves. Just build a 
sensitive and directional enough microphone. Does NSA have control over that 
mission?  I'm talking about outside the USA.





From kevin.berry at chrysalis.org  Sun Feb 11 14:34:07 1996
From: kevin.berry at chrysalis.org (kevin.berry at chrysalis.org)
Date: Mon, 12 Feb 1996 06:34:07 +0800
Subject: STRANGE SOUNDS OF SI
Message-ID: <9602111604.0ML4D03@chrysalis.org>



 * Carbons sent to: Ses at tipper.oit.unc.edu

CC: cypherpunks at toad.com
-=> Quoting Ses at tipper.oit.unc.edu to Kevin Berry <=-

 > The Strange Sounds of Silence
 > 
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?
 > 

 Se> Are you sure? The coverage has been wall to wall out here (Bay area); 
 Se> front page above the fold, business pages, computer columns,
 Se> editorials  and editorial cartoons. Apparently it's the same level of
 Se> coverage back  in the RTP.

 Se> What part of the country are you in? I guess the coverage is different
 Se> in the major geek zones like the bay area and RTP

I know that in the Dallas/Fort Worth, Texas area, there has been no coverage
whatsoever.

[Using PGPWave 1.22a Beta. This message written on 2/11/1996 at 14:34:56.]

... If it works, rip it apart and find out why!
___ Blue Wave/DOS v2.21 [NR]





From dlv at bwalk.dm.com  Sun Feb 11 15:00:02 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 12 Feb 1996 07:00:02 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: 
Message-ID: <0Hg6iD11w165w@bwalk.dm.com>


tcmay at got.net (Timothy C. May) writes:
> At 1:01 PM 2/11/96, Dr. Dimitri Vulis wrote:
>
> >As I read it, a college professor might get busted for explaining his own ne
> >crypto research to a class where some students happen not to be U.S. citizen
>
> Considering that most engineering and computer science classses are
> approaching 50 percent non-U.S.-citizen, and considering that no such
> professors have yet been busted, I'm inclined to think this is a
> non-threat.
>
> (Indeed, it's a _potential_ threat, and one we should bear in mind, but it
> seems likely that no such prosecutions have occurred or will occur.)

I have anecdotal evidence (which I don't want to share) that certain college
teachers are reluctant to discuss state-of-the art crypto research in class
because they feel they're not supposed to share it with foreign students. It
may not be a fear of prosecution as much as the belief that it's against the
intent of the laws.

> >Of course we all know this already. Just some U.S. people prefer to ignore t
> >mote in their own eye and to fight censorship in exotic remote developing
> >countries. Do you remember how U.S. Gov't tried to prevent the publications
> >research papers on zero-knowledge proofs?
>
> No, could you provide some details? Who was pressured? Micali? Goldwasser?
> Rackoff? Please share the details.
>
> There has been an ineffective "voluntary review" process for academic
> researchers, and perhaps this is what Dimitri is referring to. But this did
> not stop the publication of the ZKIPS work a decade or so ago.

I recall that the (in)voluntary review process did slow down the publication of
ZKP by a year or so. Rather than rely on my memory, I'll dig up the exact
details and will most definitely get back to you.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ravage at ssz.com  Sun Feb 11 15:18:20 1996
From: ravage at ssz.com (Jim Choate)
Date: Mon, 12 Feb 1996 07:18:20 +0800
Subject: Web MIA? (fwd)
Message-ID: <199602112310.RAA02473@einstein.ssz.com>


Forwarded message:
>From owner-advanced-sl at list.pitt.edu Sun Feb 11 16:38:21 1996
X-Authentication-Warning: list.srv.cis.pitt.edu: majordom set sender to owner-advanced-sl using -f
Date: Sun, 11 Feb 1996 15:07:53 -0700 (MST)
From: Hundsdorfer Timothy 
To: advanced-sl at list.pitt.edu
Subject: Re: Web MIA?
In-Reply-To: <01I134RUAVAQ000IVC at suvax1.stetson.edu>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-advanced-sl at list.pitt.edu
Precedence: bulk

Rusty and all:

The University has adopted an "academic pages only" policy, so the ASL 
page died a gravy-sucking death.

Both my page and Bahadir's page dying within a month!  It's a freaking 
consipiracy!






From lmccarth at cs.umass.edu  Sun Feb 11 15:36:57 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 12 Feb 1996 07:36:57 +0800
Subject: URLs for Anon remailers?
In-Reply-To: 
Message-ID: <199602112312.SAA07028@opine.cs.umass.edu>


lunaslide writes:
> Anybody got some good URLs for info on anonymous remailers for novices and
> experienced users alike?  I need to know which are which so I can hand them
> out like candy to my .edu friends who aren't _as_ net savvy, but aren't
> dumb as dirt clods either. 

My recommendation:

Coming from the experienced end, start at Raph Levien's
http://kiwi.cs.berkeley.edu/mixmaster-list.html

Coming from the inexperienced end, start at Galactus'
http://www.stack.urc.tue.nl/~galactus/remailers/index-anon.html

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From llurch at networking.stanford.edu  Sun Feb 11 15:42:53 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 12 Feb 1996 07:42:53 +0800
Subject: Lib'ber authentication
In-Reply-To: 
Message-ID: 


On Sun, 11 Feb 1996, Timothy C. May wrote:

> I rarely understand the points "tallpaul" makes, but this one is especially
> confusing to me:
> 
> At 7:59 PM 2/11/96, tallpaul wrote:
...
> >I seem to observe similar sounds of silence from people who get upset at
> >ostensibly liberal Tipper Gore's godlike powers to implement, as a single
> >individual, some form of record labels while remaining silent about the
> >conservative forces supporting Gingrich clustered around fundamentalist
> >christianity who were calling for censorhip.
> 
> As a card-carrying "lib'ber," it seems to me that I have written more than
> enough articles denouncing the CDA, making fun of it and Congress, etc. And
> so have numeous other "lib'bers" on this list, including (but not limited
> to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort,
                                              ^^^^^^^^^^^
Hey! I'm not a lib'ber! I'm a FUCKING STATIST, and (on other lists) maybe
even a CRYPTO-JEW! 

-rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."





From ses at tipper.oit.unc.edu  Sun Feb 11 16:28:49 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 12 Feb 1996 08:28:49 +0800
Subject: Strange Sounds of Silence
In-Reply-To: 
Message-ID: 


On Sun, 11 Feb 1996, Timothy C. May wrote:

> [tallpaul writes...]
> >I seem to observe similar sounds of silence from people who get upset at
> >ostensibly liberal Tipper Gore's godlike powers to implement, as a single

That's goddess-like.

> As a card-carrying "lib'ber," it seems to me that I have written more than


"lib'ber", eh?  Sounds like libber.a, a common name for libraries 
implementing the basic encoding rules, used in the PCKS and X.509 - 
can someone give me a pointer to where I can find a 
copy of v3 online?

Simon





From llurch at networking.stanford.edu  Sun Feb 11 16:51:00 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 12 Feb 1996 08:51:00 +0800
Subject: "Helping the clueless" on crypto-privacy: the Zundelhoaxers
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I seem to have introduced one of the leading white supremacist activists
to PGP and cypherpunk remailers recently, perhaps because of my promise to
archive their mailing list publicly and spoof messages from them if they
didn't. I'm so proud. I assume the ADL and allied organizations will be
learning more about PGP as well. 

  Type bits/keyID    Date       User ID
  pub  1024/C01741A1 1996/02/01 Don Black 
                     ^^^^^^^^^^
Tom Metzger  and Neo-Nazi straight woman Ingrid Rimland
 do not yet use PGP, but I'm working on it. 

The message below (Stormfront-L is Don's moderated mailing list for
"Aryan" activists, which can be quite entertaining -- subscription
instructions at tail) has a few technical misconceptions that should
probably be corrected, though of course it would be Bad to cross-pollinate
the lists. 

I've also created and propagated PGP keys for each of Don Black's other
email addresses as a way of teaching him about key identification,
propagation, and signing.

There was an earlier message on Stormfront-L from an alpha.c2.org nym who 
was having trouble. I assume Sameer helped him out.

So anyway, here's the message. I have a few more comments after the
included message. 

- ---------- Forwarded message ----------
Date: Sun, 11 Feb 1996 13:01:02 GMT
From: Stormfront-l 
To: llurch at networking.stanford.edu
Subject: Re: a message on Stormfront-L

NOTE: THIS MESSAGE WAS ORIGINALLY ADDRESSED TO DON BLACK

From: Secret Squirrel
Date: Sun, 11 Feb 96 13:01:02 GMT
Subject: Re: a message on Stormfront-L

BTW it is a good idea to sign your own key, as this helps defeat
fraudulent use of your pgp public key. (I don't know how it's done,
but read about the problem on alt.security.pgp). I've signed my key
twice, once with my 1024 and again with my 2048 bit key.

I saw a message on Stormfront-L saying that the 'international
version' was the best PGP system, however this is only for use outside
the USA. It might be best for nationalists in the US to note this in
order to avoid any problems. (It does have 2048 bit security, but
2.6.2 can generate 2047 bits, so it isn't that bad!) Also people
should use a _minimum_ of 1024 bits as smaller numbers have been
'cracked'.

In a message to Stormfront-L re: White Wolf, it was stated that there
was problems posting to that address. I can confirm that there is
interference with the remailers and pseudo-anonymous mailers. I
believe that neither of these systems is secure. In my case I found
that one could subscribe to your list, but the moment one posted to
it, the account was blocked. Further that anonymous messages sent to
the list via a remailer (no a/c) would get through on the first
attempt, but not afterwards. This suggests that the enemy inform the
sysops of the remailers, and subsequently posting is blocked from
those remailers. Further I suspect that the remailers keep 'message in
- - message out' ID logs, which means that (if they take sufficient
interest) a message could be subsquently traced back through a chain
of remailers.

There is a method of finding out where messages come from,
it is called (I believe) 'packet tracing'. It is possible that I've
experienced this with pseudo-anonymous posts to your list. I set up an
account with alpha.c2.org via remailers (they wouldn't know my real
address) however the messages were stripped from your list,
and large numbers of 'packets' of the same size were sent out, i.e. my
reply-block only. These packets can be traced through remailers to an
address (by people with sufficient computing power). Believe me the
enemy is so concerned with the white-nationalist movement, they want
to know exactly who is posting. If you search amongst the web sites
dealing with security, the details of tracing etc. are fully
documented (unfortunately I've lost the addresses due to problems with
my web browser cache).

The use of anon accounts is useful to the sender, however people who
reply will, no doubt, have there addresses recorded   at
alpha.c2.org etc. All mail sent by nationalists to their comrades
should be in PGP, so even if their adds. are recorded the contents
will be (mostly) hidden. Although the anon people may hit back by
blocking the a/c!

The anon server at anon.penet.fi is basically useless for posting to
the alt.nationalism group. All my messages have been returned
'unwanted group'. I've also found that the mail-to-news gateways
won't accept traffic to those groups either. Essentially the enemy has
denied people anonymous access to nationalist usenet groups.

For a short period my ISP blocked direct posting to
alt.politics.nationalism.white, but for some reason this has been
restored.

I hope the above has been of interest to you, and if you wish to
forward the info. to the list etc., please anonymize it.

Regards,

- ------------------------------------------------------------------------
To: Multiple recipients of the Stormfront-L Mailing List
Host: Don Black  Finger for PGP public key.
To unsubscribe, send e-mail to 'listserv at stormfront.org' with the
line 'unsubscribe Stormfront-L' in the message BODY, not the subject.
- ------------------------------------------------------------------------

- -----
Processed with Listserv v2.83 for Wildcat v4
- ---------- End Forwarded message ----------

I like Nazis and racists. I want to learn more about them. Where they
live, how they make their money, who they call, and so on. All completely
above-ground, of course. 

By the way, does anyone know of any security deficiencies in this Wildcat 
Listserv software that would allow someone to obtain the list membership?
They seem to be assuming that it's a secret, which IMO is a bad policy. 
They should all move to anonymous remailers or, better, carrier pigeons.
If you know of any sich problems, please send me encrypted mail, and Cc 
Don. Of course, you can't be absolutely sure which key is Don's... Maybe 
you should use the ultra-secure Enigma code instead of PGP.

"Eternal vigilance is the price of liberty."
"We hold these truths to be self-evident..."
"Fight hate speech with more speech."
"To the ends of the earth I will follow thee."
"The pen is mightier than the sword."

- -rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR6AzY3DXUbM57SdAQFPqgP/VUS9aydQjv6kmJc/fbg6exXQRl17RTKb
EaUNftVUZJyMYLpOYg0X/UFH19fpBPQnbw1FFOiOMqSyc3pXtINUMpJZ1mmLI8Ro
ZopVLS01d15cx+nZfVTjVF68eGthDgjKKAPZ/FXsn8/8tQtfq6jZsaDNBldWPjAX
hlWEctOfdKo=
=hck9
-----END PGP SIGNATURE-----





From WlkngOwl at UNiX.asb.com  Sun Feb 11 17:27:17 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 09:27:17 +0800
Subject: LI Newsday OpEd: Criminal Justice System
Message-ID: <199602120047.TAA02205@UNiX.asb.com>


Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"

Some highlights:

  American Jails are more packed with criminals than ever in history.
  We know this for sure because every time we count them, it keeps 
showing the percentage of the population that is in jail has 
quadrupled in 25 years, is higher than any other civilized nation...

[...]

  It is something of a mystery how so many people got in jail because 
we have it on the testimony of some leading politicians that knavish 
judges are freeing criminals in record numbers. Pat Buchanan babbles 
to anybody who'll listen that federal judges are "an unelected 
elite," solititous of "criminals, atheists, homosexuals, flag 
burners, illegal aliens, convicts and pornographers." I don't know 
why he left out gun molls, blood suckers, snake charmers, pig 
rustlers, serial blackguards, pyromaniacs, and mailbox vandals...

[...]

...There is something more to the point, though, than the disposition 
of politicians to bay moronically at the moon.  If we want a more 
predictable system in which judicial descisions never surprise us, 
then we have perfectly good functioning models from which to choose 
from. Take your pick: China, Cuba, North Korea, Iraq. Any one will 
do.

--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From lunaslide at loop.com  Sun Feb 11 17:27:36 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Mon, 12 Feb 1996 09:27:36 +0800
Subject: Strange Sounds of Silence
Message-ID: 


>Alan Pugh writes:
> > Has anyone else out there noticed the strange sounds of silence
> > emmanating from the american print and broadcast media concerning the
> > rider attached to the Telecommunications Act recently signed by
> > President Clinton known as the CDA (Communications Decency Act)?
>
>I always hear it referred to as "provisions which would ban
>pornography on the Internet" or "new laws that prohibit sending
>X-rated materials to children on the Internet".

Same here.  The only dissenting voice was ABC and even then it wasn't the
expose that we would hope for.  I live in Southern California.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From PADGETT at hobbes.orl.mmc.com  Sun Feb 11 17:53:23 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Mon, 12 Feb 1996 09:53:23 +0800
Subject: Regulation of citizen-alien communications
Message-ID: <960211203035.2021bd9f@hobbes.orl.mmc.com>


>> Gov does have the right (in fact the duty) to regulate communications 
>> between citizens and non-citizens/sites in other lands

>(not wishing to start a flamewar) Why do you think so ?

"...provide for the common defense"
"To regulate Commerce with foreign nations..."
"...or in adhering to their enemies, giving them Aid and Comfort."

There are the bytes - try reading them in context.

						Warmly,
							Padgett





From wlkngowl at unix.asb.com  Sun Feb 11 17:59:07 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 09:59:07 +0800
Subject: Deafening silence [was Re: Need a "warning" graphic...]
Message-ID: <199602120129.UAA17517@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Jim Ray wrote:
> Further, has anyone else noticed a deafening silence on the subject of
> a (supposedly) wished-for line-item veto power of presidents? It seems
> to me that the Dornan and CDA-type provisions of huge bills are line-
> items, aren't they?

No. Line-items refer to budgetary allocations.  If it were part of a 
budget bill that allocated monies, then a line-item veto could zap it.

Those folks really *don't* want a line-item veto now that a different 
party could use it.  I doubt it would ever be more than a rhetorical tool 
since it would limit the allocated pork... even be used as a form of 
political blackmail.

ObCrypto: None.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR6YDSoZzwIn1bdtAQGJNQGAnu5thLwYKNLS/jowaZSwIzQltUCSbgg7
H7D2XDVIJuf/gvpt/cV3R/6VcwE4tvCb
=TtYy
-----END PGP SIGNATURE-----





From medea at alpha.c2.org  Sun Feb 11 18:14:53 1996
From: medea at alpha.c2.org (Medea)
Date: Mon, 12 Feb 1996 10:14:53 +0800
Subject: Encryption software
Message-ID: <199602120118.RAA22586@infinity.c2.org>


  I was telling a friend that I was going to buy a program similar to PC Anywhere to be able to communicate between my computer at home and the one at the office.  He suggested trying to find a similar program which includes encryption.
  Anyone know of such a program?
  Thanks.

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++










From stewarts at ix.netcom.com  Sun Feb 11 18:43:54 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Mon, 12 Feb 1996 10:43:54 +0800
Subject: "Rights"
Message-ID: <199602120213.SAA04548@ix5.ix.netcom.com>


At 09:12 PM 2/10/96 -0500, jf_avon at citenet.net (Jean-Francois Avon (JFA
Technologies, QC, Canada)) wrote:
>Ed.Carp at linux.org, ecarp at netcom.com wrote:
>
>>What happens when there *is* no remedy, when there are no other sites to 
>>go to, when there are no employers who would refrain from violating an 
>>employee's privacy?  What then?
>
>Easy! Either you do not get on the net or you start your own ISP service.
>It might cost money. i.e. requires work, but it is feasible.

Of course, in a market environment, you can do better than that.
Because there are almost always other people who want what you want,
and barring major government interference, there are ways to find them
and usually people interested in offering you and your fellow-travellers 
the service you want.  Most of the time, there are economies of scale
that make it cheaper to get the service together rather than each doing
it yourself, and you can decide whether to do it as a cooperative
or buy it from the vendor who's supporting the bunch of you.

ObCrypto: Even _with_ major government interference, there will be ways
to find your fellow-travellers.  Anonymously.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From rsalz at osf.org  Sun Feb 11 20:05:37 1996
From: rsalz at osf.org (Rich Salz)
Date: Mon, 12 Feb 1996 12:05:37 +0800
Subject: Strange Sounds of Silence
Message-ID: <9602120339.AA11984@sulphur.osf.org>



>implementing the basic encoding rules, used in the PCKS and X.509 - 
>can someone give me a pointer to where I can find a 
>copy of v3 online?

It's not available online.  ISO specs are hardcopy (and hard currency :)
only.
	/r$





From frantz at netcom.com  Sun Feb 11 20:52:30 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 12 Feb 1996 12:52:30 +0800
Subject: Strange Sounds of Silence
Message-ID: <199602120410.UAA15745@netcom7.netcom.com>


Alan Pugh writes:
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?

There seems to be a wide difference in the way the major media is reporting
this story.  For example, the editorial cartoon in today's (Sunday) San
Jose (California) Mercury News:

Picture: A man dressed in the style of the American Revolution sitting at a
computer.  In the background are a two pictures in ovel frames.  Next to
him on the table are a can of Pepsi and a candle stick.  He is typing at
the keyboard.  The thought baloon above the keyboard says (I substutite
XXXXXX for the areas that are drawn as a censor's block blackout):

"Dear Congressman --

You XXXXXX XXXXXX have really done it this time!  This XXXXXX XXXXXXX
telecommunications bill with its XXXXXX XXXXXXX indecency provision is a
XXXXXX attack on free speech!  You should have your XXXXXXX XXXX dipped in
tar and feathered!
                        tjefferson at aol.com"

Of course the Mercury News a couple of weeks ago announced that it was
going to try to provide first class coverage of cyberspace issues.  I give
it at least a B+ between its coverage of the CDA and the front page
interview with Rich Graves and discussion of the alternate sites to get
around the German censorship of Webcom.

Bill







From frantz at netcom.com  Sun Feb 11 21:02:03 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 12 Feb 1996 13:02:03 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602120410.UAA15701@netcom7.netcom.com>


The Dranged Mutand is far from deranged when he writes:

At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
...

>And besides... why rate program just on violence?  Why not "quality" from 
>a variety of orgs?  Other content ratings, from various organizations.  

...

One thing the V-Chip gives us is the argument:  Now that parents have the
ability to control what their children watch, the government should turn
responsibility over to them and butt out.

Bill







From tomservo at access.digex.net  Sun Feb 11 21:15:37 1996
From: tomservo at access.digex.net (Scott Fabbri)
Date: Mon, 12 Feb 1996 13:15:37 +0800
Subject: Regulation of citizen-alien communications
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Note: my references to the Constitution are from
http://atl46.atl.msu.edu/atl/reh/battle/u.s.con.html

"A. Padgett Peterson P.E. Information Security" writes:
>>> Gov does have the right (in fact the duty) to regulate communications
>>> between citizens and non-citizens/sites in other lands

lmccarth at cs.umass.edu replies:
>>(not wishing to start a flamewar) Why do you think so ?

"A. Padgett Peterson P.E. Information Security" replies:

>"...provide for the common defense"

(From the Preamble) So, if it isn't related to the "common defense," this
doesn't apply.

>"To regulate Commerce with foreign nations..."

(Article I, Section 8) My dictionary claims "commerce" is  "the buying or
selling of goods, esp. when done on a large scale between cities, states,
or nations" (primary definition, anyway). If you can convince someone that
"social intercourse" (secondary definition) is what the Founding Fathers
really meant, your argument carries more weight.

>"...or in adhering to their enemies, giving them Aid and Comfort."

(Article III, Section 3, clause 1)

Doesn't say anything about them being foreign or domestic. Theoretically
everyone who participated in the Confederate cause during the War Between
The States :^) committed treason -- but that's another argument.

>There are the bytes - try reading them in context.

Hmm. I did, but wasn't edified. It seems to me that Tim May's commentary is
dead on. Maybe a more appropriate statement would be:

     "The government has the power (_not_ the right) to regulate
     communications between citizens and non-citizens / sites in other
     lands under narrowly defined circumstances."

If you're not engaging in espionage, trading with countries like Libya or
Iraq, or committing treason, it doesn't sound like there's any reason for
the government to regulate your communications with non-citizens (at least
from a Constitutional point of view). That may not stop them from trying to
vacuum them up off the Internet, though. :-)

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR7Aq+vEnOI8TfM9AQH+vQMAjL/+IGDKKz9M1WB6LdeswpEVUWmLq+4i
qTrPH4pci8gkU3fH1O893xmWMCHbVCYywazk4tF69wyLV6WvWlNSOyYRW1S7xiq1
24PFoBpD7yLpDguTB2UEU1b9HxwZ017y
=Wus/
-----END PGP SIGNATURE-----







From jf_avon at citenet.net  Sun Feb 11 21:46:06 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Mon, 12 Feb 1996 13:46:06 +0800
Subject: Regulation of citizen-alien communications
Message-ID: <9602120445.AB24132@cti02.citenet.net>


Somebody wrote:

>>> Gov does have the right (in fact the duty) to regulate communications 
>>> between citizens and non-citizens/sites in other lands
>
>>(not wishing to start a flamewar) Why do you think so ?

and Padgett replied:

>"...provide for the common defense"
>"To regulate Commerce with foreign nations..."
>"...or in adhering to their enemies, giving them Aid and Comfort."

I agree with the first point.
My english is not sufficient to understand point three.

Govts have no powers on other govts.
So why in the hell would it be the job of govt to regulate commerce with foreign 
nations?

They might help their citizens (seing that their rights and terms of any contract are 
respected, but calling what they do "regulating commerce btwn nations" is an euphemism
for holding international businessman on a leash!


Regards to all Cyphering Punks

JFA

And personnal comment to Padgett:
Backward, you said?  Nahhh...  :)
Regards!







From tallpaul at pipeline.com  Sun Feb 11 22:03:39 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 12 Feb 1996 14:03:39 +0800
Subject: Strange Sounds of Silence
Message-ID: <199602120501.AAA22558@pipe11.nyc.pipeline.com>


On Feb 11, 1996 14:06:45, 'tcmay at got.net (Timothy C. May)' wrote (among
other things): 
 
 
> 
>I rarely understand the points "tallpaul" makes, but this one is
especially 
>confusing to me: 
> 
 
I'll close on this point. 
 
>At 7:59 PM 2/11/96, tallpaul wrote: 
> 
>>I do seem to observe strange sounds of silence from lib'bers on the 
>>cypherpunks list about the legislative body who passed the law, although 
>>they must know about the law since they blast the "libera;" to "socialist

>>statist" President who signed it. 
>> 
>>I seem to observe similar sounds of silence from people who get upset at 
>>ostensibly liberal Tipper Gore's godlike powers to implement, as a single

>>individual, some form of record labels while remaining silent about the 
>>conservative forces supporting Gingrich clustered around fundamentalist 
>>christianity who were calling for censorhip. 
> 
>As a card-carrying "lib'ber," it seems to me that I have written more than

>enough articles denouncing the CDA, making fun of it and Congress, etc.
And 
>so have numeous other "lib'bers" on this list, including (but not limited 
>to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort, 
>Vince Cate, and others too numerous to mention. 
> 
>tallpaul must be reading a different list than I am reading if thinks
those 
>he dismisses as "lib'bers" (in his other posts, and this one) are somehow 
>in league with the Christian Right in supporting censorship. 
> 
 
I suspect that T.C. May and I are reading the same list just as I suspect
that Alan Pugh and I are living in the same country with the same shared
press corp. 
 
But I do not dismiss people as "lib'bers;" I merely call them that. I have
noticed that a large number of libertarians are fans of Rush Limbaugh and
chuckle a lot when Rush refers to women like Andrea Dworkin and her
supporters as lib'bers. I also find that the people opposed to Drowkin &
Co. are upset at her use of demagogic language, private dictionaries, and
the like. So am I, and 	 started long before Rush got his TV shows. I am,
however, equally (if not more upset) by what I perceive as similar
demagogic etc. behavior by many libertarians. 
 
In short, I do not seek "to dismiss" libertarians as "lib'bers." I am not a
magician and do not believe that complex issues go away through magical
chants (around which T.C. May has correctly written.) But I do call them
"lib'bers" much as Ruch Limbaugh uses the term in other areas. 
 
Do some people not like this? I imagine so. 
 
Do they have the right to complain? Absolutely, and I support their right
to so complain. 
 
Do they really have a right not to be styled "lib'bers?" No, I do not think
they have that right. 
 
Put another way, what is sauce for the goose cannot be slander for the
gander. 
 
I do not believe that all lib'bers are in league with the Christian right;
I am distrubed, however, by the large numbers of lib'bers who strangely
never mention the existence of the fundamentalists in the
ultra-conservative ultra-private-property camp. 
 
I am equally concerned with some leftists who consider every example of
authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
who argues for social responsibility as a "socialst statist." One
difference I see is that I am willing to criticize both groups while many
(but not all) lib'bers are again strangely silent at least the "statist"
side of the equation. 
 
I am sorry that T.C. May frequently has problems understanding my posts. 
 
Both of us frequently use sarcasm and rhetorical hyperbole to make our
points. Witness his excellent _reductio ad absurdum_ post on warning labels
for every group around the orld who believes that his or her personal
folkways and mores are deserving of unique consideration. 
 
However, this in itself does not reduce the confusion. 
 
Let me then offer a possible compromise to reduce the confusion. 
 
If T.C. May makes a special effort to better identify sarcasm when people
such as myself use it and rhetorical hyperbole, I in turn will make a
special effort to be more sarcastic and more hyperbolic in posts containing
both. 
 
--tallpaul 
Internet sports fan: Go Big Red! Smash State! 





From jimbell at pacifier.com  Sun Feb 11 23:00:52 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 12 Feb 1996 15:00:52 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:54 AM 2/11/96 -0500, John Young wrote:
>It's hard to tell the difference between "Assasination 
>Politics" and government-sponsored provocateurism, a 
>well-documented practice to stigmatize anarchical and 
>anti-authoritarian ventures.

I deeply appreciate your quandary.

Needless to say, _I_ know which I am, and what my motivations are.  But 
there are a few clues which might assist you:

1.  Most "government sponsored provocateurism" is given substantially more 
publicity than the meager amount I've managed to acquire on FIDOnet, USENET, 
and CP.  You can well imagine that if the government were trying to use an 
"Assassination Politics"-type scenario to drum up support for Clipper-type 
and FBI-wiretap ideas, they'd do a better job getting the word out.

2.  I think I've tried to make it clear that I believe that this idea is 
technically inevitable; it will occur REGARDLESS of the efforts which 
attempt to resist it.  If this were "government-sponsored provocateurism,"  
I would have added something to the effect that "This is going to happen 
unless [fill in the blank with something the government wants to do to 
us...]". 

3.  "Watch this space"   If you still have any residual doubts, and think I 
might be in league with the government on this, wait a few months.  You'll 
be astonished.


>However, it takes guts and thick skin to advocate overthrow of 
>authority, knowing that reasonable people will think you're a 
>nut seeking celebrity martyrdom.

Well, it's not like I'm SEEKING martyrdom, but the possibilities have 
certainly crossed my mind. Some people have suggested, and only partially in 
jest, that I may be one of the system's first victims.  They may be right.  
Nevertheless, I was undeterred, as evidenced by the fact that I published 
the essay anyway.


>Happily for the careers of agent-and-anarchist back-stabbing 
>back-scratchers, there is no easy way to know for sure which is 
>which, or even if there's any difference when the media 
>juggernauts are provocateuring both roles for melodramatic 
>infotainment.

My idea has already resulted in an article in the Asahi Evening News 
newspaper, an English-language newspaper for residents of Japan.  A copy of 
this article was mailed to me a couple days ago.  It may also result in a (I 
hope positive) screenplay.  FAR more exciting that "The Net."

Jim Bell

Klaatu Burada Nikto

Something is going to happen.       Something...Wonderful!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR6EVfqHVDBboB2dAQH6IgP+MjeXW5l7MxBJxjjFN35Rc6xBS+l924Re
byW467mj3BQ1Iz9g/UBVnleMUBzx+6mseBFZ+aYqjdrzFOMAo/F8Qys9HgD96I1o
TLJ+dziKzpNPj4GmrYhliFaF8sifZgbatEIfnu4WFz1jT6rqxwbkTh49xxz2crjC
JKSskpxXoMA=
=XPh3
-----END PGP SIGNATURE-----






From tcmay at got.net  Sun Feb 11 23:14:11 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 15:14:11 +0800
Subject: Attitudes toward the government...
Message-ID: 


Jim Ray wrote:

>"Americans hate the IRS, and if the only way they can get rid of it
> is to elect somebody who is communicating directly with the Planet
> Xorgon, then so be it." -- Dave Barry [on Steve Forbes]. 2/9/96

Not just this, but another data point about the current sentiment about
Washington: In a movie theater today there was a preview of the upcoming
movie "Independence Day," showing a flying saucer hovering over the White
House, then destroying it. The audience cheered and clapped.

I'm not sure this would've happened in, say, the early 1950s.

(However, like the early 1950s, the producers of this upatriotic drivel may
have to answer to the House Un-American Activities Committee, to explain
their Indecent portrayal.)

--Tim May

(P.S. "Broken Arrow" was a fun flick. Sort of like "Fail Safe " on "Speed.")

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From alano at teleport.com  Sun Feb 11 23:21:16 1996
From: alano at teleport.com (Alan Olsen)
Date: Mon, 12 Feb 1996 15:21:16 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960212061802.00915f98@mail.teleport.com>


At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
>The Dranged Mutand is far from deranged when he writes:
>
>At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
>...
>
>>And besides... why rate program just on violence?  Why not "quality" from 
>>a variety of orgs?  Other content ratings, from various organizations.  
>
>...
>
>One thing the V-Chip gives us is the argument:  Now that parents have the
>ability to control what their children watch, the government should turn
>responsibility over to them and butt out.

Parents had that ability before.  Cable boxes have a "perental control key"
on the side that enables them to lock out "offensive" channels.  It works
quite well and is fairly hard for the kidlets to defeat.  (I used it to
lockout the religious stations and home shopping channels.)

The "V-Chip" debate is a mirror of the one that occured when the cable
channels were starting to become popular.  There was a big hue and cry about
kids getting to the "naughty" channels without parent concent.  Seems most
people do not even learn how the lockouts work.  (And are too lazy to learn.)

You have to remember that most of the people arguing for TV filters are
looking for a way to make the "offensive" stuff go away for good.  (Either
from some sort of rating system or a heavy handed FCC regulation or two.)
And don't believe that the V-Chip will let you choose the rating service.
It will be one centrally produced rating from some faceless and nameless
entity.  I am willing to bet that we will see some pretty absurd examples of
ratings (mild things getting heavy ratings above and beyond the call of
sanity) in the future.

The v-chip will be less than useful as a real filter tool for those of us
who have a different worldview than the censors.

Remember: "Future events like these will happen to you in the future!"
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From lmccarth at cs.umass.edu  Sun Feb 11 23:27:59 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 12 Feb 1996 15:27:59 +0800
Subject: Regulation of citizen-alien communications
In-Reply-To: <960211203035.2021bd9f@hobbes.orl.mmc.com>
Message-ID: <199602120621.BAA00541@thor.cs.umass.edu>


Padgett writes:
> Gov does have the right (in fact the duty) to regulate communications 
> between citizens and non-citizens/sites in other lands
[...and later...]
> "...provide for the common defense"
> "To regulate Commerce with foreign nations..."
> "...or in adhering to their enemies, giving them Aid and Comfort."
> 
> There are the bytes - try reading them in context.

Familiar phrases indeed. Now, it seems to me that the Commerce Clause and
other Constitutional portions you cited could apply as well to 
communications between two U.S. citizens inside the U.S. as they do to the
citizen-alien communications you mentioned. Yet if I read you correctly
earlier, you don't think the USG has the right to regulate those
communications. Why the distinction ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From die at pig.die.com  Sun Feb 11 23:50:25 1996
From: die at pig.die.com (Dave Emery)
Date: Mon, 12 Feb 1996 15:50:25 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: <9602120707.AA08292@pig.die.com>


	Congratulations.,.  most of the polemics about the overweaning
power of the net, particularly in such communities as cypherpunks are
touchingly nieve tripe.   You have spoken the truth - and the hard words
need to be heard and  understood before it is too late.

	A lot of people forget the basic truth that the net is based
almost entirely on physical communications facilities owned for the most
part by huge corperations that have deeply incestuous relationships with
the political power structure and very little interest in preserving the
self important dreams of a few members of a self selected net "elite".  
If ordered to pull the plug they will, and cyberspace as we know it will
evaporate overnight.

	And there is essentially no possibility of practical alternative
communications facilities becoming available - aside from the titanic
capital costs of creating such, most of the resources required such as
radio spectrum, orbital slots and rights of way are tightly controlled by
the entrenched corperations that operate the present facilities. 

	And the communications network infrastructure in the US has long
since outgrown its earlier days of comparative electronic anonymity - if
the government decides it has to control and or eliminate a network or
host it does not like it will be damned hard to construct one that
cannot be detected, mapped  and tracked down to physical people typing
on physical keyboards at the end of physical wires and fibers.  Crypto
may help until it is so regulated and controlled that the mere act of
possessing uncontrolled crypto software or hardware, or sending,
receiving or even just storing on disk a message that the government
cannot read is ipso facto justification for a long mandatory jail term -
(and that day is  coming). Remailers may help until anonymous
forwarding of electronic messages of any kind to third parties for the
purpose of concealing the sender or recipients true identity is a
serious crime except for certain very narrowly defined exceptions such
as otherwise legal anonymous political speech and such things as
legitimate anonymous self help groups. International sites may help
until the government decides that international traffic to rogue states
is something that it historically has had control of and can regulate
(witness the embargo for many years on telephone traffic to Cuba),
But it seems very clear as long as the government  has ultimate
control of the communications facilities used to send the messages the
government can and will control their passage if it feels it has to.

	Unfettered, uncontrolled, uncensored  net access to anything
like  the current wide cross section of the great washed, upper income,
upper education sector of the population reached by the current
Internet is a short term historical accident - there are too many
powerful groups challenged and threatened by such for this period of 100
flowers to last. 

	And, alas, the overbroad controls put in place by scared
politicians in response to the "excesses" of this period of freedom  may
well have the effect of making it completely impossible to create
another academic, fringe, elite, intellectual, anarchic  Internet ... it
may well become seriously illegal to operate any free electronic forum
of wide scope without rigorous pre-publication mechanisms in place to
eliminate illegal information, pornography, stolen intellectual
property, improper racist, sexist, or nationalistic sentiments,
blasphemy, seditious speech, profantity, concealment of true traceable
identity, impersonation of another, and quite possibly anything that
could be construed as defaming the character of a person or institution.

	I'm enough of a coward to believe that perhaps we should concede
the greater public Internet to the commercial interests that seek to
turn it into a vast shopping mall and let them control speech, regulate
content and license speakers provided that it still is possible for
private, academic, fringe, full free speech electronic networks to exist
for at least some of the intelligensia. And I'm afraid that may be the
real bargain we face....

						A defeated pessimist,
 						die at die.com






From jamesd at echeque.com  Sun Feb 11 23:54:26 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Mon, 12 Feb 1996 15:54:26 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602120645.WAA16681@shell1.best.com>


At 12:54 PM 2/11/96 PST, strata at virtual.net wrote:
>Oh, let's start right off pretending that 
>a) the net is an independently funded entity with no government
>infrastructure 

No pretence.  It is, and it has been for some time.

Your other arguments casually dismiss the very real power that large numbers 
of able people with good communications can exercise, have just exercised
very recently.

Nation states are a new creation.  In the past many different 
kings ruled many different bits of one nation, and one king often 
ruled parts of more than one nation.

Today nation states are almost universal, and people can no longer 
imagine what a nation is, other than a nation state.  But the net 
is a nation, and is not a state, and nationalism is a force that 
governments usually cannot withstand.

What makes a government strong is its cohesion, but the state cannot
create its own cohesion.  When states attempted to confront nationalism, 
they often lost cohesion and vanished altogether, like a string of sand. 

The "Nation state" is in essence a tactic for avoiding this hazard.
 
Governments are acutely aware of this problem, and act very cautiously 
in the face of such threats.  Many people seem to imagine that a 
government innately and naturally has cohesion, that it is naturally 
one thing, naturaly capable of acting coherently and cohesively as 
an individual can.  On the contrary, governments maintain their 
cohesion with difficulty, and continually act, or refrain from acting,
in fear that they might lose it.

In an all out knock down battle between a particular government and the
internet, in a state where a substantial proportion of the middle class
was on the internet, the government would be in serious danger of evaporating 
like a jellyfish in the sunshine.

The government can get away with a substantial amount of harassment and 
restraint, but has only limited power to act without itself being acted 
on, to change the world without itself suffering change.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jimbell at pacifier.com  Mon Feb 12 01:05:12 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 12 Feb 1996 17:05:12 +0800
Subject: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: 


At 11:59 PM 2/11/96 -0500, tallpaul wrote:
>I want to write on the theme posted to the list in the message below where
>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
>what justifies my seeking their deaths, should I choose to do so." 
> 
>First, one thing that marks the sane adult from the child and the floridly
>psychotic adult is the sane adult's knowledge that "feelings" and "facts"
>are two different things. 
> 
>It is one thing to "feel," as J. Bell or all of us might, that our rights
>have been violated. 
> 
>It is another thing to maintain, as J. Bell uniquely appears to do, that
>the "feeling" gives him the right to seek another person's death. 

You're clearly confused. I was responding to an accusation that I was
defending seeking somebody's death simply because of a disagreement of
OPINION.  My comment was intended to remind the reader that it is the
ACTIONS of a person which justify the self-defense; not simply the
disagreement.  

You falsely imply that a person can't be correct in his assessment that his
rights were, indeed, violated.


> 
>This and other posts by J. Bell and other lib'bers lead me to believe that
>their claimed interest in human freedom for everyone is little more than a
>cover for a set of authoritarian expectations that they can do whatever
>they want, free from any control, responsibility, or accountability. 

Since you just got through misrepresenting my position, probably
intentionally, it's pretty hard to take the rest of your opinions seriously.


>The argued centrality of J. Bell's "feelings" over other people's lives is
>something that puts him in the god category. (Thankfully J. Bell is not one
>of the dreaded tax collectors or "socialist statists.") 

You're wrong yet again.  Let's see, tallpaul needs a logic lesson:

Let's suppose I _believe_ my rights are being violated.  While that, in
itself, does not guarantee that this is CORRECT, on the other hand it
doesn't mean that it is INCORRECT, either.  You're falsely implying that I
was ignoring the issue of correctness; I wasn't.






From jimbell at pacifier.com  Mon Feb 12 01:21:16 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 12 Feb 1996 17:21:16 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:17 AM 2/11/96 -0600, Alex Strasheim wrote:
>> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
>> he should demonstrate this by writing notes which are focussing on the
>> crypto aspects, rather than just complaining.
>
>What's the proper procedure for complaining about the assasination part 
>of "AsPol"?

You could start out by saying something like, 

"I don't believe in the idea of self-defense:  People shouldn't defend 
themselves when they are attacked."


Is this what you really believe?

>In general, it doesn't bother me when the list goes "off topic" -- I don't
>read the stuff that doesn't interest me.  But when you start talking about
>violence, you have to expect that people are going to react negatively. 

Except that most of the people who would complain seem to make a convenient 
distinction about violence done by individuals in self-defense, and the 
threat of violence by government agencies.  In other words, statists don't 
want us to defend ourselves against government action.


>We have to say, "that's nuts" -- otherwise people will think that we're
>unbalanced sociopaths. 

Is it "nuts" to want to defend our own property?!?

>
>How much weight is Lotus going to give the opinions of a bunch of
>unbalanced sociopaths when they're thinking about making deal to gak those
>extra 24 bits?  Not much, I'll bet. 

If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
bits."

Lotus should announce that they have heard of this new idea on CP, called 
"Assassination Politics," and have assigned a couple dozen programmers to 
implement it by July 1996.  They'd back (guarantee) the prizes for the first 
such organization, and they'd sell the software to others.  At that point, I 
think the resignations from government office would skyrocket.  


>I apologize in advance for not getting the joke if "AsPol", like Blacknet,
>is tongue in cheek.  I haven't been following the topic closely.
>I hope you're not serious.


You're obviously not very perceptive.  First, it's DEADLY SERIOUS.  But, 
moreover, I believe it's INEVITABLE.  It didn't even matter that a person 
named "Jim Bell" happened to write the essay; the system was coming no 
matter what happens.  Depending on how you look at it, I didn't "invent" 
anything; I merely "discovered" a reality that was on the way. I need do 
nothing to see the system implemented; it'll happen somewhere, sometime, and 
it'll spread inexorably throughout the world.  

Jim Bell

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR71pfqHVDBboB2dAQGu0AP+KPFdgwOBRbovQNMji2XSEEPabAIVwFPs
mBtGNK3f+PEdVHQAWYwoFw+o9Wjd3nqWW1KZcN4/BHRa5X5s4EOe56tTmpHVbh4G
2a4V3zJrSOm5ocs9fNkYUOxc8ekwxCS9LeJ2dUke0QkfQ5s1GELW4zxB3I0eBVnC
GXV/Gv6b6kE=
=0HHg
-----END PGP SIGNATURE-----






From lmccarth at cs.umass.edu  Mon Feb 12 03:50:53 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 12 Feb 1996 19:50:53 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602121136.GAA08106@opine.cs.umass.edu>


(I agree with nearly everything in Strata's "Refutation" essay. In 
particular, I find his comments on the net.pundits' hypocrisy about net.bias
and prejudice to be extremely accurate.)

James Donald writes:
[...various points about "cohesion"...]
> In an all out knock down battle between a particular government and the
> internet, in a state where a substantial proportion of the middle class
> was on the internet, the government would be in serious danger of 
> evaporating like a jellyfish in the sunshine.

I'm afraid I'm not willing to take this on faith. Strata made some good
observations about the tangible vulnerability of the net-as-we-know-it to
government intervention. If you'd like to try to rebut some of his arguments
a bit more specifically, I'd be very interested in reading about it.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From WlkngOwl at UNiX.asb.com  Mon Feb 12 05:00:03 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 21:00:03 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602121222.HAA26127@UNiX.asb.com>


> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)

When I was a kid some friends down the street knew how to unlock the 
Channel 100 XXX movies with a paper clip.  A V-chip would hopefully 
be more sophisticated, but then again, so are today's kids...

> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)

You should check out your nearest H/P BBS or ftp-site...

> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
[..]

A very good point.  One that makes me wary of V-Chips...

 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From ab411 at detroit.freenet.org  Mon Feb 12 05:05:31 1996
From: ab411 at detroit.freenet.org (David R. Conrad)
Date: Mon, 12 Feb 1996 21:05:31 +0800
Subject: Odd rounds in Blowfish
Message-ID: <199602121225.HAA09222@detroit.freenet.org>




[ This is an article that I just posted to sci.crypt ]

In describing Blowfish Bruce Schneier mentioned that it achieves avalanche
after the 3rd round, and after each two subsequent rounds (5, 7, 9, ...).
(I understand 'avalanche' to mean that each bit of the key has affected
each bit of the data being encrypted.  Do I understand correctly?)

He also mentioned the possibility of decreasing the number of rounds in
Blowfish from the current 16, in order to improve the speed.  My question
is, would it be sensible to do it with an odd number of rounds?  If 10
rounds were a consideration, then why not go on to 11 to get the 5th
complete avalanche?  Or perhaps it would suffice to stop after 9 rounds,
after the 4th complete avalanche?

Is a whole number of avalanches a desirable feature?  Would an odd number
of rounds throw a spanner into the key schedule?

Also, how would this relate to the modified algorithm, Blowfish-SK?

I think I have now made my lack of expertise amply apparent.  :-)

[ ObNoise: does it take Nukes to end the jim bell/Alan Olsen flamewar? ]
[ ObRating: this post is rated G because it does not contain the words
  shit, piss, fuck, cunt, cocksucker, motherfucker, or tits. ]

Hoping these are not stupid questions,

--
David R. Conrad, conrad at detroit.freenet.org, http://www.grfn.org/~conrad
Hardware & Software Committee : finger -l conrad at grfn.org for public key
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.





From WlkngOwl at UNiX.asb.com  Mon Feb 12 05:14:48 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 21:14:48 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602121222.HAA26137@UNiX.asb.com>


> One thing the V-Chip gives us is the argument:  Now that parents have the
> ability to control what their children watch, the government should turn
> responsibility over to them and butt out.

We should turn the argument into something about how the V-Chip is a 
crappy idea and go from there to a system of filtering which can be 
used negatively (to filter out offensive or lame programming, 
commercials even) and positively (notify when a program comes on).

 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From nobody at REPLAY.COM  Mon Feb 12 05:15:55 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 12 Feb 1996 21:15:55 +0800
Subject: No Subject
Message-ID: <199602121240.NAA22530@utopia.hacktic.nl>


merriman at arn.net ("David K. Merriman") asks:

>At 10:27 AM 02/11/96 GMT, postmaster at warehouse.mn.org (Postmaster) wrote:
>>The user this message was addressed to does not exist at this
site.  Please
>>verify the name and domain in the original message that
follows.
>>Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
>>

>Anybody besides me getting these things?

Thanks to SMTP not anymore I'd hope.

Noise will be noise.

Cheerio...







From WlkngOwl at UNiX.asb.com  Mon Feb 12 05:34:47 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 21:34:47 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602121313.IAA26828@UNiX.asb.com>


Know your enemies:

There's an op-ed in LI Newsday by Cathleen A. Cleaver ("directory of 
legal studies at the Family Research Council..." in LI Newsday today.

Serious pro-CDA spin here. Justifies the bust of Amateur Action BBS, 
ignoring that they were set up by the gov't, and then insists the CDA 
only prohibits making porn accessible to kids. Calls anti-CDA folx 
"free-speech zealots" and "friends of the porn industry", claims the 
courts can determine merit on a per-case basis, and claims objections 
to CDA are really from "arrogance and greed... Most Americans do not 
have access to the Internet. The on-line elite would like to keep it 
that way..."






From perry at piermont.com  Mon Feb 12 06:25:54 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Mon, 12 Feb 1996 22:25:54 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: 
Message-ID: <199602121333.IAA18580@jekyll.piermont.com>



jim bell writes:
> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
> he should demonstrate this by writing notes which are focussing on the
> crypto aspects, rather than just complaining.

Frankly, Jim, the only reason I haven't torn apart all the utterly
ennervated simulacra of arguments you have posted to support your
"concepts" is that they are *all* off topic and I do not participated
in the discussion of off topic postings.

That does not, however, mean that I don't agree with the people who
think you are a loon, which is apparently a nearly universal
opinion.

Consider what I'm about to do kinder than using bets to encourage
someone to put a bullet in your brain, which is apparently your way of
solving all the world's problems.

PLONK.

Perry





From brianh at u163.wi.vp.com  Mon Feb 12 06:32:13 1996
From: brianh at u163.wi.vp.com (Brian Hills)
Date: Mon, 12 Feb 1996 22:32:13 +0800
Subject: Mail at the office
Message-ID: 


Hello;

I would like to know if there is anyway to keep a record of what is
happening on my machine at work.  I have had all my personal e-mail
deleted twice now over the weekend.  My employer has no problems with
the employees recieving non work related e-mail.  

I'm on a unix enviroment.  I have written a simple program to let me
know who logins on my machine, but it doesn't provide enough
information anymore.  I have talked with the sys.admin but he doesn't
know what to do either.  I have tried to find a sniffer thats already
compiled for i can not compile anything here, but have had no success.

Any help or pointers would be Greatly Apreciated
please reply by private e-mail so the noise level doesn't increase on
my account.

Sincerly,
Brian
brianh at u163.wi.vp.com

-- 
UNTIL WE MEET AGAIN :-)







From merriman at arn.net  Mon Feb 12 06:37:24 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 12 Feb 1996 22:37:24 +0800
Subject: Unknown address
Message-ID: <2.2.32.19960211150843.00686434@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 10:27 AM 02/11/96 GMT, postmaster at warehouse.mn.org
(Postmaster) wrote:
>The user this message was addressed to does not exist at this
site.  Please
>verify the name and domain in the original message that
follows.
>Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
>

Anybody besides me getting these things?




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR3p3sVrTvyYOzAZAQFvogQAmgrbguXgm3WLe9cWrcLVS3MSi5lG7ixP
2QOTmHzJULZOlbsaNQiPfclPpZzCEkamSXqgf6rA/+gJ0ENIZ1RH3ffUZOCGCHci
+HzM8gcK6itFchYacV5+q4dg53QReSKblVB3TSS5wqLBvUkoLAgEtJhcm4kcLzYp
w3fWBTC0QFc=
=UHEO
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From wlkngowl at unix.asb.com  Mon Feb 12 06:38:35 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Mon, 12 Feb 1996 22:38:35 +0800
Subject: Yeah, Yeah But what are we gonna do!
Message-ID: <199602120138.UAA17547@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Richard Harris wrote:
> 
> It may just be me but ...
> 
> i)      This in-fighting and bickering doesn't seem very productive

Agrrreed.
> 
> ii)     What are we gonna do about the CDA?

Does the phrase "Cypherpunks write code" sound familiar....?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR6aJCoZzwIn1bdtAQGpcgF/SiecyUgW49ll3vqo8G7FPQ2gkVa+6S+D
DBgE2qAdam0lUjJ0WKr+h93APxJUbeSP
=O1UN
-----END PGP SIGNATURE-----





From otto at cc.jyu.fi  Mon Feb 12 06:42:54 1996
From: otto at cc.jyu.fi (Otto J. Makela)
Date: Mon, 12 Feb 1996 22:42:54 +0800
Subject: ShowView?
Message-ID: 


I was told by someone on the list that ShowView (the GemStar-made European
equivalent of VCR+) had been cracked.  Unfortunately, he didn't remember
any details, and I couldn't find anything with the standard ftp/www search
tools.  Pointers, anyone?
-- 
   /* * * Otto J. Makela   * * * * * * * * * * * * * * * * */
  /* Phone: +358 41 613 847, BBS: +358 41 211 562 (V.32bis/USR-HST,24h/d) */
 /* Mail: Cygn.k.7 E 46/FIN-40100 Jyvaskyla/Finland, ICBM: 62.14N 25.44E */
/* * * Computers Rule 01001111 01001011 * * * * * * * * * * * * * * * * */





From bruen at wizard.mit.edu  Mon Feb 12 06:55:21 1996
From: bruen at wizard.mit.edu (bob bruen)
Date: Mon, 12 Feb 1996 22:55:21 +0800
Subject: Req. for soundbites
In-Reply-To: <2.2.32.19960209130800.00688be4@arn.net>
Message-ID: 



   For what it's worth department:

   The four letter words that are considered indecent are an anachronism
   from the days when the French/Normans ruled England, (~1066-1300's).
   A quick look at the words and their acceptable counterparts will make
   clear the issue. The four letter word are all of English derivation and
   the socially acceptable ones are of French (sometimes Latin) derivation.
   Even the term "four-letter" is a derogatory term for the English language
   in general, because the French considered English second rate because the
   words tended to be short, unlike French. Anyone who supports the suppression 
   of these words is merely enforcing the old French repression of the English 
   and the English language from over 500 years ago. Why think for yourself 
   when tradition can do it for you?

    eg:
      to piss  - to urinate
      to shit  - to deficate
      to fuck  - to copulate
      cunt     - vagina 
 
        etc.

     All of them, folks, all of them and easily checked out.


----------------
Bob Bruen
MIT 
Lab for Nuclear Science
77 Massachusetts Ave.
Cambridge MA 02139
voice: 617.253.6065
fax: 617.258.6591
-----------------------------------------------
On Fri, 9 Feb 1996, David K. Merriman wrote:
> A local TV station has asked me for an interview, after I sent a graphic 
of a mono-digital hand gesture with the phrase "censor this!" to the Prez, 
Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
station), accompanied by a 'confession' and demand for swift prosecution.
> Anyone got any nifty sound bites I can try to toss in?
> 
> Dave Merriman





From fc at symbolic.pr.it  Mon Feb 12 07:15:51 1996
From: fc at symbolic.pr.it (fc at symbolic.pr.it)
Date: Mon, 12 Feb 1996 23:15:51 +0800
Subject: Applied Cryptography, 2nd Edition --  Errata version 1.2
In-Reply-To: <199602090149.TAA00796@parka>
Message-ID: <311F0353.49E1@symbolic.pr.it>


Bruce Schneier wrote:
> 
>                 APPLIED CRYPTOGRAPHY, Second Edition
> 
>                               ERRATA
>                    Version 1.2 - 1 February 1996
> 
> This errata includes all errors I have found in the book, including minor
> spelling and grammatical errors.  Please distribute this errata sheet to
> anyone else who owns a copy of the book.Could it be possible to have ISBN of the book, so that I can order it? I am 
definitely very interested.
Bye,

Fabrizio Cassoni





From raph at CS.Berkeley.EDU  Mon Feb 12 07:30:53 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 12 Feb 1996 23:30:53 +0800
Subject: List of reliable remailers
Message-ID: <199602121450.GAA09500@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = " cpunk pgp special";
$remailer{"portal"} = " cpunk pgp hash";
$remailer{"alumni"} = " cpunk pgp hash";
$remailer{"bsu-cs"} = " cpunk hash ksub";
$remailer{"c2"} = " eric pgp hash reord";
$remailer{"penet"} = " penet post";
$remailer{"ideath"} = " cpunk hash ksub reord";
$remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = " cpunk pgp hash filter";
$remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = " cpunk pgp hash ksub ek";
$remailer{"hroller"} = " cpunk pgp hash latent ek";
$remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = " cpunk hash mix";
$remailer{"replay"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = " mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = " cpunk mix";
$remailer{"wmono"} = " cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = " cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = " cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = " cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = " cpunk pgp hash latent cut ?";
$remailer{'alpha'} = ' alpha pgp';
$remailer{'gondonym'} = ' alpha pgp';
$remailer{'nymrod'} = ' alpha pgp';
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 12 Feb 96 6:49:07 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
portal   hfinney at shell.portal.com         ######*#*###      :31  99.98%
alumni   hal at alumni.caltech.edu           --*###*#-###     9:13  99.96%
gondolin mix at remail.gondolin.org          ----..--__.  18:30:36  99.53%
gondonym alias at nym.gondolin.org            *--..--__-  19:44:38  99.50%
mix      mixmaster at remail.obscura.com     ----+-+..--   3:57:36  99.47%
nymrod   nymrod at nym.alias.net              ***+****#*      7:14  99.46%
c2       remail at c2.org                    ** ****+***     17:56  99.41%
flame    remailer at flame.alias.net          -++-++++++     56:24  98.99%
hroller  hroller at c2.org                   ##-##** #.#      7:26  98.64%
alpha    alias at alpha.c2.org               **-*******       6:39  98.64%
vishnu   mixmaster at vishnu.alias.net       *--+----***     31:13  98.32%
pamphlet pamphlet at idiom.com                ++++++++++     42:53  98.25%
ecafe    cpunk at remail.ecafe.org            ##*###*###       :36  97.66%
hacktic  remailer at utopia.hacktic.nl        **********      7:57  95.59%
extropia remail at extropia.wimsey.com       ---_..--.    20:05:32  93.23%
replay   remailer at replay.com              ****  *+***      7:00  93.03%
rahul    homer at rahul.net                  ***#+# ***##     1:58  99.76%
penet    anon at anon.penet.fi                __.-_  . *  30:35:19  87.17%
shinobi  remailer at shinobi.alias.net        *#-#   ##*   1:22:28  86.88%
ford     remailer at bi-node.zerberus.de     +..-+-+       4:33:06  57.50%
tjava    remailer at tjava.com                                2:46  -3.30%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From willer at carolian.com  Mon Feb 12 08:18:12 1996
From: willer at carolian.com (Steve Willer)
Date: Tue, 13 Feb 1996 00:18:12 +0800
Subject: Free end-to-end encryption code?
Message-ID: <311f5807.109332@saturn>


As a side project, to support remote mail and news pickup through the
Internet to my company's servers (through a firewall), I've been
slowly writing an end-to-end encryption program. Essentially, the idea
is that the client program (say, a mail program) connects to a client
"reflector", which lives on the same person's machine. The client
reflector connects to a server reflector, which perhaps lives on the
firewall. The client and server talk to each other, the client is
authenticated, and the session key is agreed upon. Then the server
reflector connects to the server process (say, smtpd, probably on some
machine inside the company's net), and an encypted session is
obtained. This doesn't protect against the machine's memory being
watched or anything like that, but it does provide a good amount of
security for packets over the Internet, just like the end-to-end type
of encryption software described in Applied Cryptography.

Now, this is my first code with any real encryption in it, and I'm
trying to tackle key negotiation protocols and so on, while at the
same time utilizing RSA, IDEA and MD5. In my research, I found that a
number of firewall vendors have such a system available, either
implemented in hardware or software. What I want to know is: Is there
any code like this available somewhere on the net that does this
stuff? I would hate to have to reinvent the wheel if I don't have to,
given my limited amount of spare time.





From jf_avon at citenet.net  Mon Feb 12 09:05:42 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Tue, 13 Feb 1996 01:05:42 +0800
Subject: Unknown address
Message-ID: <9602120448.AA24390@cti02.citenet.net>



>>Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
>>
>
>Anybody besides me getting these things?


Yes!  I got that too!

JFA






From deepthroat at alpha.c2.org  Mon Feb 12 09:09:05 1996
From: deepthroat at alpha.c2.org (deepthroat at alpha.c2.org)
Date: Tue, 13 Feb 1996 01:09:05 +0800
Subject: X509 (was: Strange Sounds of Silence)
Message-ID: <199602120519.VAA28144@infinity.c2.org>


>>implementing the basic encoding rules, used in the PCKS and X.509 - 
>>can someone give me a pointer to where I can find a 
>>copy of v3 online?
>
>It's not available online.  ISO specs are hardcopy (and hard currency :)
>only.
>

If you listen closely, you can hear pages of an ISO standard being
scanned.

DT





From twcook at cts.com  Mon Feb 12 09:10:38 1996
From: twcook at cts.com (Tim Cook)
Date: Tue, 13 Feb 1996 01:10:38 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

There is nothing to add. But in summary I warn the net community not 
to be caught acting like the teenager that has decided that mom & 
dad know nothing and it doesn't matter that they cared for us all 
these years.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR7ZqnZBD5a0GJkxAQHNKQP+O6rAisJgDHYMQW+t5DmEuLO5xjoOIq3Z
D2pteLa/9bsgvs9e5nKRLTGYD0AJWrX2uQGqeMmYFNIykchqp6zD52z5IkDi/slk
L8Ip4MFc6F17kmbx1I+yq9TeTUSn2SKY4p7fIa1yY4UKI2zD+hCG6xur5D+DIovH
kVD3RxXVsRw=
=WxNL
-----END PGP SIGNATURE-----





From dlv at bwalk.dm.com  Mon Feb 12 09:11:54 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 13 Feb 1996 01:11:54 +0800
Subject: China
In-Reply-To: <199602120410.UAA15696@netcom7.netcom.com>
Message-ID: 


frantz at netcom.com (Bill Frantz) writes:
> Back in the really dark ages, we used acoustic couplers (300 b/s max) which
> held a telephone handset, so there was no direct connection to the
> telephone lines.  The phone company asserted that they were also illegal,
> but their argument was kind of weak!

I used acoustic couplers. My first modem was 110 bps, and when we got 300 bps,
it seems so fast in comparison... And then 1200 bps seemed even faster.
Acoustic couplers are still useful if you travel to places where there are
no rj11 connectors.
I recall that AT&T's argument against connecting any kind of user equipment to
their lines was that it might electrocute one of their workers.
I recall that recently in Germany one could not have a modem without some
kind of licence from DT - has it changed?
Personal computers, modems, and phone lines are ubiquitous in the U.S. and
most other developed countries. I suspect that modems may be rare enough in
China for the government to regulate their possession, using any silly excuse.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at mockingbird.alias.net  Mon Feb 12 09:12:18 1996
From: nobody at mockingbird.alias.net (Anonymous)
Date: Tue, 13 Feb 1996 01:12:18 +0800
Subject: Encryption software
In-Reply-To: <199602120118.RAA22586@infinity.c2.org>
Message-ID: <199602120440.UAA02416@myriad>


medea at alpha.c2.org (Medea) wrote:

>  I was telling a friend that I was going to buy a program similar to PC
>Anywhere to be able to communicate between my computer at home and the one
>at the office.  He suggested trying to find a similar program which includes
>encryption.
>  Anyone know of such a program?


I'd use: Linux + ssh + dosemu

You can run your text-based messy-dos programs remotely; I do it all the
time.

If your work computer is not on a tcp/ip network already, then you'll need
to use slip/ppp over the modem, which isn't hard.  Just read the dip manual
and/or pppd man page, it tells you how to set up a slip/ppp account.  Ssh
takes care of all the encryption for your logins and file transfers (scp).





From declan+ at CMU.EDU  Mon Feb 12 09:12:58 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Tue, 13 Feb 1996 01:12:58 +0800
Subject: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: 
Message-ID: <8l7hYdG00YUvF3yaIP@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 10-Feb-96 Re: [NOISY] Re: New
Interne.. by Vincent Cate at offshore.co 
> It is clearly not for everyone.  However, someone running a
> business over the net should really think about how much they pay
> in taxes to see if forming an offshore corporation and getting an
> offshore web-site makes sense. 
>  
> Basically if a net business is paying more in taxes than the extra
> costs to operate an offshore corporation it can pay to relocate. 
> The operating costs are the web-site/email $1,200/year and about
> $500/year to maintain a corporation (~$1,000 first year).  So even
> a small business can justify the move.

Thanks, Vincent, for a well-reasoned reply.

While I'm not likely to sign up in the near future -- unless the
situation here worsens dramatically -- I wish you well with your
attempts to solicit businesses as customers. Good luck!

-Declan






From hal9001 at panix.com  Mon Feb 12 09:13:11 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Tue, 13 Feb 1996 01:13:11 +0800
Subject: Chinese/Indian censorship of alt.sex.* etc. (Was: China)
Message-ID: 


At 20:03 2/10/96, lmccarth at cs.umass.edu wrote:

>The CompuServe incident caused a big ruckus because it involved a conflict
>between the German govt. and many U.S. users, and (like it or not) users
>in the U.S. seem to be the most vocal group on the net.

The ruckus was also due to CIS's ignoring the need to be able to suppress
access to newsgroups based on the user's Gateway node. If this ability had
been designed into the code before it was released, then the German users
could have been isolated [without affecting non-German Users] just as fast
as the newsgroups were flagged as "Invisible" for display to German
Gateways (the current CIS support requires the user to select from a CIS
Generated and Supplied list so the list could not display certain NG's
names [given the support for this capability]). This need to suppress
access to German Users did not suddenly become a requirement with this
incident since CIS was on notice for at least 2 years that the German
Government felt they were entitled to censor what was supplied by CIS to
German Users (that time it was due to a game that used the Swastika). Given
this precedence, it would seem to be obvious that there would be the need
to tailor the listings based on "Community Standards" (since the German
Government is touchy about access to certain types of material such as
Revisionism and the Holocaust). In fact, given their laws and mindset, I
find it odd that neither of the following were on their list of newsgroups
that wanted blocked (I'm sure that I could find more if I scanned the list
of newsgroups ):

alt.revisionism
soc.culture.jewish.holocaust







From tallpaul at pipeline.com  Mon Feb 12 09:13:51 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Tue, 13 Feb 1996 01:13:51 +0800
Subject: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: <199602120459.XAA22195@pipe11.nyc.pipeline.com>


I want to write on the theme posted to the list in the message below where
J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
what justifies my seeking their deaths, should I choose to do so." 
 
First, one thing that marks the sane adult from the child and the floridly
psychotic adult is the sane adult's knowledge that "feelings" and "facts"
are two different things. 
 
It is one thing to "feel," as J. Bell or all of us might, that our rights
have been violated. 
 
It is another thing to maintain, as J. Bell uniquely appears to do, that
the "feeling" gives him the right to seek another person's death. 
 
This and other posts by J. Bell and other lib'bers lead me to believe that
their claimed interest in human freedom for everyone is little more than a
cover for a set of authoritarian expectations that they can do whatever
they want, free from any control, responsibility, or accountability. 
 
The argued centrality of J. Bell's "feelings" over other people's lives is
something that puts him in the god category. (Thankfully J. Bell is not one
of the dreaded tax collectors or "socialist statists.") 
 
Should J. Bell act on his "feelings" as he seems to think he has the right
to do, he may find that his "right" is little more than another "feeling"
not reflective of reality. 
 
He might also "feel" his rights are violated when a dreaded tax-collecting
socialist-statist called a cop detains him, another dreaded lawyer called a
prosecutor says nasty things about him in a court, a jury says "guilty,"
and another dreaded socialist-statist chowing-down-on-tax-money figure
called a judge says "death." This is also likely to produce an even greater
"feeling" that rights are violated immediately before another figure living
on tax money called an executioner pulls the switch. 
 
Death is sometimes Nature's way of telling us that our "feelings" were out
of sync with reality. 
 
But by then it is too late to do much about it. 
 
--tallpaul 
 
 
 
On Feb 10, 1996 17:41:30, 'jim bell ' wrote: 
 
> 
>At 08:13 PM 2/6/96 -0600, Jim Choate wrote: 
>> 
>>Forwarded message: 
> 
>>> A few months ago, I had a truly and quite literally "revolutionary" 
>>> idea, and I jokingly called it "Assassination Politics": I speculated
on 
>>> the question of whether an organization could be set up to _legally_ 
>>> announce either that it would be awarding a cash prize to somebody who 
>>> correctly "predicted" the death of one of a list of violators of 
>>> rights, usually either government employees, officeholders, or 
>>> appointees.  It could ask for anonymous contributions from the public, 
>>> and individuals would be able send those contributions using digital 
>>> cash. 
>>>  
>> 
>>If the intent is to motivate others to kill or otherwise harm others
simply 
>>because you don't agree with them or their actions is reprehensible and 
>>moraly or ethicaly undefensible. 
> 
>That's a misleading statement:  You said, "simply because..."    As should
 
>be abundantly clear from my other arguments, I wouldn't wish to see anyone
 
>killed "simply because"  of the fact I "don't agree with them."  It is
their  
>ACTIONS that I feel violate my rights; that is what  justifies my seeking 

>their deaths, should I choose to do so. 
> 
> 
>>> On the contrary; my speculation assumed that the "victim" is a 
>>> government employee, presumably one who is not merely taking a paycheck

>>> of stolen tax dollars, but also is guilty of extra violations of rights

>>> beyond this. (Government agents responsible for the Ruby Ridge incident

>>> and Waco come to mind.)  In receiving such money and in his various 
>>> acts, he violates the "Non-aggression Principle" (NAP) and thus, 
>>> presumably, any acts against him are not the initiation of force under 
>>> libertarian principles. 
>>>  
>> 
>>Every citizen of this country is a 'government employee' in one sense or 
>>another. 
> 
>That's about the weakest argument I've heard in a long time.  I'm amazed  
>that you weren't too embarrassed to post it to the list.  While I don't
know  
>precisely what your definition of the phrase "government employee" really 

>is, I "every citizen" is a "governement employee" then you must have a  
>REALLY weird definition of that. 
> 
>Somehow, I think that this is where  your argument fails, and it fails  
>miserably. 
> 
> 
>>By resorting to violence you are no better than the ones you proport to 
>>protect us against. 
> 
>Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type"
 
>total non-violence principle, but it turns out that very few people
actually  
>believe in that.  Most people seem to think that they are entitled to  
>protect themselves from violations of rights.  The fact that these  
>violations of rights may be done by "government employees" is at most  
>irrelevant, in that this doesn't justify it.  Anybody who feels entitled
to  
>use violence against a burglar, rapist, or murderer is correct; attempting
 
>to deny me the right to protect my property from GOVERNMENT people is, in 

>itself, a violation of my rights. 
> 
>Are you a statist? 
> 
>





From erc at dal1820.computek.net  Mon Feb 12 09:50:31 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 13 Feb 1996 01:50:31 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: <9602120707.AA08292@pig.die.com>
Message-ID: 


On Mon, 12 Feb 1996, Dave Emery wrote:

> 	A lot of people forget the basic truth that the net is based
> almost entirely on physical communications facilities owned for the most
> part by huge corperations that have deeply incestuous relationships with
> the political power structure and very little interest in preserving the
> self important dreams of a few members of a self selected net "elite".  
> If ordered to pull the plug they will, and cyberspace as we know it will
> evaporate overnight.
> 
> 	And there is essentially no possibility of practical alternative
> communications facilities becoming available - aside from the titanic
> capital costs of creating such, most of the resources required such as
> radio spectrum, orbital slots and rights of way are tightly controlled by
> the entrenched corperations that operate the present facilities. 

> 	Unfettered, uncontrolled, uncensored  net access to anything
> like  the current wide cross section of the great washed, upper income,
> upper education sector of the population reached by the current
> Internet is a short term historical accident - there are too many
> powerful groups challenged and threatened by such for this period of 100
> flowers to last. 

Well, that's the way the net is *now* - but it wasn't always so.  I 
remember the days when the net was composed of a *lot* of point-to-point 
UUCP connections eventually winding up at the backbone.  People could be 
many hops away from the backbone and still have email and news access.  
True, there was no such thing as the web, nor TCP/IP, but we *did* have 
connectivity and communications.  If the Feds pulled the plug on the 
backbone, I can see that there are a lot of people who would drag UUCP 
and pathalias out of the closet, and the UUCP Mapping Project would live 
again (hams have their own backbone are would be not as severely affected 
by the backbone going away).

Not that it wouldn't be hard - but it's doable.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From vince at offshore.com.ai  Mon Feb 12 09:59:03 1996
From: vince at offshore.com.ai (Vincent Cate)
Date: Tue, 13 Feb 1996 01:59:03 +0800
Subject: Lower Prices - Was Re: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <8l7hYdG00YUvF3yaIP@andrew.cmu.edu>
Message-ID: 



I have decided to offer a $50/month Unix/Web/POP account that is
good for 50 MB/month of traffic.  After that it is $1/MB of
traffic.  To open the account an initial account balance of $300 is
required (from which monthly and traffic charges will be deducted). 

See http://online.offshore.com.ai/  for more info and to open
an account.

   --  Vince






From maldrich at grctechs.va.grci.com  Mon Feb 12 10:00:38 1996
From: maldrich at grctechs.va.grci.com (Mark Aldrich)
Date: Tue, 13 Feb 1996 02:00:38 +0800
Subject: Availability of high-speed DES chips.
Message-ID: 


I've got a networking application upon which I'm working that requires 
high-speed DES capability that can be clocked up to around 20 
megabytes/second.  We're going to have to do circuit board level design, 
so I can't plug a stand-alone box on the ass-end of the network device - 
it's got to be planted into our network controller.  This thing is going 
to provide ATM/SONET communications.

Does anyone know of any chip sets that can run at this speed?  Input 
regarding either commercial or R&D sources would be appreciated.  I know 
that two years ago at the Internet Security meeting in San Diego we saw a 
parallel processor configuration of DES chips, but I can't remember which 
University in North Carolina was working on this.  If anyone knows if 
this research went anywhere, I'd appreciate hearing about that as well.

Thanks for the help!

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich at grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich at dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From pete at loshin.com  Mon Feb 12 10:45:11 1996
From: pete at loshin.com (Pete Loshin)
Date: Tue, 13 Feb 1996 02:45:11 +0800
Subject: Encryption software
Message-ID: <01BAF936.EF39C200@ploshin.tiac.net>


Medea writes:

>  I was telling a friend that I was going to buy a program similar to PC Anywhere to be able to >communicate between my computer at home and the one at the office.  He suggested trying to find a >similar program which includes encryption.
>  Anyone know of such a program?

Norton pcANYWHERE and Stac ReachOut both claim to use encryption
though I don't have any details of what that encryption is.

However, if you use a direct telephone link to communicate, your need
for encryption would mostly be in the event that your telephone lines
were being tapped (though these products can also be used over most
network protocols including IP and IPX).

btw:

In general, when I speak with PC software vendors (product managers)
they almost always talk about how secure their products are but never
have the details (either, "oh, that's proprietary" or else "I'm not sure, I'll
have to get back to you on that...")

-Pete Loshin
 pete at loshin.com





From erc at dal1820.computek.net  Mon Feb 12 10:45:22 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 13 Feb 1996 02:45:22 +0800
Subject: Free end-to-end encryption code?
In-Reply-To: <311f5807.109332@saturn>
Message-ID: 


On Mon, 12 Feb 1996, Steve Willer wrote:

> As a side project, to support remote mail and news pickup through the
> Internet to my company's servers (through a firewall), I've been
> slowly writing an end-to-end encryption program. Essentially, the idea

Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
myself...
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From sandfort at crl.com  Mon Feb 12 11:13:00 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 13 Feb 1996 03:13:00 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 11 Feb 1996, Tim Cook wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> . . . I warn the net community not 
> to be caught acting like the teenager that has decided that mom & 
> dad know nothing and it doesn't matter that they cared for us all 
> these years.

I haven't followed this thread since the initial posting of
the Declaration, but this particular piece of shallow thinking
jumped out of the computer at me.

On sum, the people on the Net are the brightest, most 
sophisticated segment of our society.  Politicians, by 
contrast, are--on sum--the most venal of humans.  To liken
them to "parents" and the rest of us to teenage ingrates is
truly insulting.  An apology is in order from Mr. Cook.

Even assuming agruendo that the analogy applies, then the 
Declaration is still on the right track.  It's time to grow
up, leave our parents' house and move beyond their smothering
"care."  Grow up Tim Cook.  You've parked your feet under Mom
and Dad's table too long.  It's time to deal with your peers
and the rest of the world on your own, two, independent feet.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From PADGETT at hobbes.orl.mmc.com  Mon Feb 12 12:17:26 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Tue, 13 Feb 1996 04:17:26 +0800
Subject: V-chips
Message-ID: <960212111330.20218f63@hobbes.orl.mmc.com>


Bill rote:
>One thing the V-Chip gives us is the argument:  Now that parents have the
>ability to control what their children watch, the government should turn
>responsibility over to them and butt out.

Hmmm, thought - network TV is declining badly (I like AMC & Discovery 
channel myself). FCC rules are somewhat limiting and 5-year-old mentalities
rarely have much disposable income.

Cable is taking off because FCC restrictions do not apply. Would the
V-chip free the networks to allow *more* S&V^H^H^H"adult content" ? Where 
is the lobbying/money coming from ?
						Warmly,
							Padgett

ps still suspect that both the V-chip and CC are simple chip design changes 
   that do not need to add any cost.





From jya at pipeline.com  Mon Feb 12 12:17:48 1996
From: jya at pipeline.com (John Young)
Date: Tue, 13 Feb 1996 04:17:48 +0800
Subject: COO_kie
Message-ID: <199602121615.LAA21849@pipe4.nyc.pipeline.com>


   2-12-96. FinTim:

   "This bug in your PC is a smart cookie."

      Netscape Navigator contains a little-known wrinkle that
      increases the power of companies to find out who their
      customers are and what they are up to. It allows
      companies to track which Web pages an individual looks
      at, when, for how long, and in what order. The
      information is stored on the customer's computer as
      "persistent client-state hypertext transfer protocol
      cookies".

   2-12-96. WSJ:

   "Consumer Privacy on Internet Goes Public."

      The advertising industry's response to the volatile
      issue of consumer privacy is drawing howls of protest
      from consumer advocates. The battle is over what should
      marketers be allowed to do with personal information
      they gather from consumers visiting Web sites. Marketers
      "want to have dossiers on people with incredible detail
      so they can pick and choose what they send to you."

   "Invention Machine's Software Wins Orders for Picking
   Brains of Inventors."

      A software program is being snapped up by a growing
      number of America's biggest companies to provide
      inventing partners for their engineers. The program
      codifies the invention principles behind some two
      million international patents and the inventive
      techniques of some of the world's greatest inventors.
      Mr. Tsourikov said the product grew out of his early
      studies under Genrich Altshuller, who posited that
      invention isn't a random process but has a certain
      algorithm which drives it.


   COO_kie











From jlasser at rwd.goucher.edu  Mon Feb 12 12:38:27 1996
From: jlasser at rwd.goucher.edu (Jon Lasser)
Date: Tue, 13 Feb 1996 04:38:27 +0800
Subject: Strange Sounds of Silence
In-Reply-To: <199602110307.VAA05228@grendel.texas.net>
Message-ID: 


On Sat, 10 Feb 1996, Sten Drescher wrote:

> AP> Has anyone else out there noticed the strange sounds of silence
> AP> emmanating from the american print and broadcast media concerning
> AP> the rider attached to the Telecommunications Act recently signed
> AP> by President Clinton known as the CDA (Communications Decency
> AP> Act)?
> 
> 	Um, no.  I heard about it on CNN, NBC, and the San Antonio
> Express-News (in a New York Times Service article), the only
> non-online news sources I routinely check.  It appears to me that the
> sounds of silence are the only ones you want to hear.

Well, in the Washington Post story on the communications bill, (large 
though I don't remember how large... front page, more in the back), there 
were an entire two sentances about the Exon/CDA provisions.

Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.






From twcook at cts.com  Mon Feb 12 12:44:09 1996
From: twcook at cts.com (Tim Cook)
Date: Tue, 13 Feb 1996 04:44:09 +0800
Subject: Unknown address
Message-ID: 


> >The user this message was addressed to does not exist at this
> site.  Please
> >verify the name and domain in the original message that
> follows.
> >Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
> >
> 
> Anybody besides me getting these things?
> 
Seems he does exist. I got one too.

Another "Logical Conclusion" by:
Tim Cook 
Support THE US Constitution...
Vote Alexander in '96 and '00!





From frantz at netcom.com  Mon Feb 12 12:45:45 1996
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 13 Feb 1996 04:45:45 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602120753.XAA04763@netcom7.netcom.com>


At 10:18 PM 2/11/96 -0800, Alan Olsen wrote:
...
>You have to remember that most of the people arguing for TV filters are
>looking for a way to make the "offensive" stuff go away for good.

Absolutely!  But the technology that lets individuals make the choice
weakens their argument that the government must take a hand.


>The v-chip will be less than useful as a real filter tool for those of us
>who have a different worldview than the censors.

Again, absolutely.  Hell, I can't even devise a filter that will let me
filter out Jim Bell's rants while letting me see his reasoned arguments on
anonymous assassination.  (I would love to have him address the Salman
Rushdie issue, a man who is still alive despite a considerable announced
price for his head.  There appear to be limits to who can be subject to
assassination for pay.)

Bill







From jimbell at pacifier.com  Mon Feb 12 12:45:52 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 1996 04:45:52 +0800
Subject: Regulation of citizen-alien communications
Message-ID: 


At 01:21 AM 2/12/96 -0500, lmccarth at cs.umass.edu wrote:
>Padgett writes:
>> Gov does have the right (in fact the duty) to regulate communications 
>> between citizens and non-citizens/sites in other lands
>[...and later...]
>> "...provide for the common defense"
>> "To regulate Commerce with foreign nations..."
>> "...or in adhering to their enemies, giving them Aid and Comfort."
>> 
>> There are the bytes - try reading them in context.
>
>Familiar phrases indeed. Now, it seems to me that the Commerce Clause and
>other Constitutional portions you cited could apply as well to 
>communications between two U.S. citizens inside the U.S. as they do to the
>citizen-alien communications you mentioned. Yet if I read you correctly
>earlier, you don't think the USG has the right to regulate those
>communications. Why the distinction ?


I suspect that Padgett's entire view of reality is built on quicksand.






From alano at teleport.com  Mon Feb 12 12:49:42 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 13 Feb 1996 04:49:42 +0800
Subject: Attitudes toward the government...
Message-ID: <2.2.32.19960212083541.0090ee90@mail.teleport.com>


At 11:43 PM 2/11/96 -0800, Timothy C. May wrote:
>Jim Ray wrote:
>
>>"Americans hate the IRS, and if the only way they can get rid of it
>> is to elect somebody who is communicating directly with the Planet
>> Xorgon, then so be it." -- Dave Barry [on Steve Forbes]. 2/9/96
>
>Not just this, but another data point about the current sentiment about
>Washington: In a movie theater today there was a preview of the upcoming
>movie "Independence Day," showing a flying saucer hovering over the White
>House, then destroying it. The audience cheered and clapped.
>
>I'm not sure this would've happened in, say, the early 1950s.

I have seen similar responses when watching Washington D.C. get partially
destroyed in _Earth V.S. the Flying Saucers_.  Watching Ray Harryhousen
destroy the capitol and the washington monument is the best part of the movie.

>(However, like the early 1950s, the producers of this upatriotic drivel may
>have to answer to the House Un-American Activities Committee, to explain
>their Indecent portrayal.)

I expect it to be an "US V.S. Them" movie.  Lots of patriotism and the like
will be there.  (The title says alot about the film.)  It will hype the need
to be prepared for a "menace".  The message will be reinforced with a heavy
dosage of special effects and jingoism.  Standard hollywood fare.  I doubt
if we will see anything approching mild subversion form Hollywood anytime soon.

>(P.S. "Broken Arrow" was a fun flick. Sort of like "Fail Safe " on "Speed.")

Sounds like you spent your day doing the same thing i did...  It was quite
worthwhile.  (But then, John Woo films usually are.)  I also found
_Hardboiled_ subtitled and letterboxed a few days ago.  Another great Woo film.

OBCypherpunks noise:  I am amazed I have not yet seen a mention of the
animated Spy V.S. Spy cartoons running on Mad TV.  One of the best parts of
the show.  (Except for the Triple XXX files from the last episode.)


---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From perry at piermont.com  Mon Feb 12 12:59:44 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 13 Feb 1996 04:59:44 +0800
Subject: LI Newsday OpEd: Criminal Justice System
In-Reply-To: <199602120047.TAA02205@UNiX.asb.com>
Message-ID: <199602121616.LAA18717@jekyll.piermont.com>



"Deranged Mutant" writes:
> Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
> by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"

I personally find stuff like this interesting, but I prefer read about
it in places like libernet or the like. Cypherpunks is for
cryptography.

.pm





From sunder at dorsai.dorsai.org  Mon Feb 12 13:40:28 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Tue, 13 Feb 1996 05:40:28 +0800
Subject: Put the Protest where your money is.
Message-ID: 


Here's an idea that come up while I and a good friend were in a well 
intoxicated and creative mood...

Every dollar you spend, be it a 1, 5, 10, 20, 50, or 100 denomination 
bill, write in a speech bubble to the president dude in the center, 
which says "I oppose the CDA.  Exon sucks.  Exon fornicates with 
male farm animals.  CDA Is unconstitutional, I roll in my grave over 
the CDA, etc."

Be creative; use the memo field in any checks you write to do the same.  
Money is the one element that travels from hand to hand to hand to hand.  
It is a network as extensitve as the internet itself, and even more so.

Let your money speak for you!  Put your url on the bill, or the url to 
the eff (http://mirrors.yahoo.com/eff/speech.html) or the Voter's Telecom 
Watch (http://www.vtw.org/)

Leave your pages black until this damnable blemish on our rights is 
repealed!

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 








From frissell at panix.com  Mon Feb 12 13:40:43 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 13 Feb 1996 05:40:43 +0800
Subject: "Rights"
Message-ID: <2.2.32.19960212041306.008201e0@panix.com>


At 10:15 AM 2/10/96 -0600, Ed Carp wrote:
>> Remedy exists. If you do not like the rules at one site, choose another. In
>
>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Ed, there are hardly likely to be much of a reduction in ISPs from the
current 7K.  Hard for an employer to track your use if you switch to a radio
modem after booting your machine without the network drivers to cut off
eavesdropping.

DCF






From frantz at netcom.com  Mon Feb 12 13:43:17 1996
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 13 Feb 1996 05:43:17 +0800
Subject: China
Message-ID: <199602120410.UAA15696@netcom7.netcom.com>


At  8:29 AM 2/11/96 -0500, Dr. Dimitri Vulis wrote:
>Bill Stewart  writes:
>
>> At 01:54 PM 2/10/96 EST, you wrote:
>> >It's not difficult to imagine that governments will seek to regulate the
>> >possession of modems again. Some may recall that in the U.S. it used to be
>> >technically illegal to connect a modem to the phone jack without a permissio
>> >from AT&T.
>>
>> Actually, permission from the local phone companies, who owned the system,
>> I assume?  (Though I don't actually remember which parts of The Phone Company
>> were involved in the Carterphone decision.)
>
>Nope.  I used modems back when the local phone company _was AT&T. :-)

Back in the really dark ages, we used acoustic couplers (300 b/s max) which
held a telephone handset, so there was no direct connection to the
telephone lines.  The phone company asserted that they were also illegal,
but their argument was kind of weak!








From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 12 14:57:46 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 13 Feb 1996 06:57:46 +0800
Subject: Edupage Extract - Employees & Email
Message-ID: <01I14KD89LN4A0UZOC@mbcl.rutgers.edu>


	Somehow, I can understand how sending it to a _supervisor_ would break
privacy protections...
	Crypto relevance? Anonymous remailers can be used for complaints &
whistle-blowing. The latter may be unfortunate, depending on the law being
enforced.
	-Allen

From:	IN%"educom at elanor.oit.unc.edu" 11-FEB-1996 21:53:17.72
Subj:	Edupage, 11 February 1996

*****************************************************************
Edupage, 11 February 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

JUDGE RULES AGAINST EMPLOYEE IN E-MAIL SNOOPING CASE
A federal judge in Philadelphia has ruled against a former employee of the
Pillsbury Co. who filed a suit claiming invasion of privacy after his e-mail
messages threatening to "kill the backstabbing bastards" and referring to an
upcoming party as the "Jim Jones Koolaid affair" were deemed to be
inappropriate, unprofessional and offensive, leading to his firing in
October 1994.  The company had repeatedly assured its employees that all
e-mail communications would be kept confidential, but the court found that,
"Once plaintiff communicated the alleged unprofessional comments to a second
person (his supervisor) over an e-mail system which was apparently utilized
by the entire company, any reasonable expectation of privacy was lost." (BNA
Daily Labor Report 6 Feb 96 AA1)





From PADGETT at hobbes.orl.mmc.com  Mon Feb 12 15:20:55 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Tue, 13 Feb 1996 07:20:55 +0800
Subject: Flying Sorcerers
Message-ID: <960212125445.2021ab25@hobbes.orl.mmc.com>



>Not just this, but another data point about the current sentiment about
>Washington: In a movie theater today there was a preview of the upcoming
>movie "Independence Day," showing a flying saucer hovering over the White
>House, then destroying it. The audience cheered and clapped.

"To serve man" no doubt.
						P.fla





From lunaslide at loop.com  Mon Feb 12 15:58:35 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 1996 07:58:35 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 



}        A lot of people forget the basic truth that the net is based
}almost entirely on physical communications facilities owned for the most
}part by huge corperations that have deeply incestuous relationships with
}the political power structure and very little interest in preserving the
}self important dreams of a few members of a self selected net "elite".
}If ordered to pull the plug they will, and cyberspace as we know it will
}evaporate overnight.

Why should businesses cooperate with and help protect a govt that it's
needs would be better met without their existance?  Eve in the near future
during which busniesses will play by _most_ of the rules, those businesses
that own most of the net will not shut it down because it conflicts with
their business interests in a _major_ way.  Shutting down the internet for
even a day would loose these people so much money and time that if the govt
were to ask them to shut it down, they would seriously believe that they
are joking.  They would laugh, and the govt wouldn't be able to do shit
about it.

The net is something that has grown like ivy in an ivy-league school; it
can never be eradicated.  Too many people rely on it, it is too big an
income for big business and none of those businessed could shut it down
completely.  Routing errors, misplaced domains, sure, but the net would
survive and it would heal it's own wounds.



}
}                                                A defeated pessimist,
}                                                die at die.com

I believe that most of us on this group are here because we have principles
that compel us to fight for our freedom and privacy.  For me, those
principles are strong enough that if to die fighting for them is my fate,
than that is how I will give my life.  To lay down my arms, to give up
before I'm dead or the war is over is to bring shame and dishonor upon
myself that I could not bear to live with.  I would never be able to look
my unborn children in the eyes again because I would know that I did not do
my part in the fight; I did not stand my ground.

BTW, I just turned 22 years old in January and if I hear anyone ,
especially anyone on this list, call my generation a bunch of slackers
again, I will seek you out, tie you to a chair and force you to watch every
episode of Guiligan's Island and The Brady Bunch five times each.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From jamesd at echeque.com  Mon Feb 12 16:20:17 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Tue, 13 Feb 1996 08:20:17 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602121635.IAA11515@shell1.best.com>


At 06:36 AM 2/12/96 -0500, lmccarth at cs.umass.edu wrote:
> I'm afraid I'm not willing to take [vulnerability of the state] on faith. 

You delete my arguments, and then say:  "I am not willing to take this on
faith", implying that I made no arguments.

> Strata made some good
> observations about the tangible vulnerability of the net-as-we-know-it to
> government intervention.

During the American revolution, the British troops could go where they
pleased, and destroy whatever they wished, but they could not obtain
political control by so doing.

Yes, we are vulnerable, and so are they.  If they used the measures
proposed by Strata, the measures proposed by Jim Bell would gather 
wide support.

Ob Crypto:

They cannot obtain political control by mere acts of destruction, because 
they cannot be sufficiently selective in who they silence.

For destruction to be effective, you must not only harm those who oppose
you, you must refrain from harming those who do not oppose you.  The
destructive acts proposed by Strata conspicuously fail to do this.

Under the extreme conditions that Strata envisages, the measures proposed 
by Jim Bell would be effective in obtaining politically desired consequences,
because they are selective and targeted, and the measures that Strata fears
would be ineffective in obtaining the politically desired consequences, 
because they are unselective and untargeted.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From lunaslide at loop.com  Mon Feb 12 16:27:22 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 1996 08:27:22 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 




}Your other arguments casually dismiss the very real power that large numbers
}of able people with good communications can exercise, have just exercised
}very recently.
}
}Nation states are a new creation.  In the past many different
}kings ruled many different bits of one nation, and one king often
}ruled parts of more than one nation.
}
}Today nation states are almost universal, and people can no longer
}imagine what a nation is, other than a nation state.  But the net
}is a nation, and is not a state, and nationalism is a force that
}governments usually cannot withstand.


I'll just come out admit right now that I read Wired.  Yeah, sue me.  But
my point is that there was an article in 4.01 (January) on page 86 titled
"Is Government Obsolete?  Is the free market all we need to build a robust
and democratic political economy for the 21st century?"

I think the govt sees the beginning of the end.  They will not be
completely done away with, but they will lose the vast amount of power that
they now have and be reduced in size till they are functioning as a
mediator of disputes between this country and others, a regulator of some
laws involving ecology, labor laws, and so on.  But they will have lost
control over the direction of the nation.  Will the nation be able to be
cohesive without them?  I don't even think our concept of what a nation is
will be the same when that time eventually does come.

One think does stand to reason though, when govt gets in the way of
business, govt eventually gets run over.  Regulating the net in content
brings them one step closer to obsolescence.  The govt is not yet in it's
death throwes, but it has seen it's own fate.  The net regulation is one
more feeble attempt at avoiding destiny.  King Laius will not avoid his
fate by sending his son away this time, just like he didn't the first time.

"...We hold these truths to be self-evident, that all men are created
equal, that they are endowed by their Creator with certain unalienable
Rights, that among these are Life, Liberty and the pursuit of
Happiness.---That to secure these rights, Governments are instituted among
Men, deriving their just powers from the consent of the governed, ---That
whenever any Form of government becomes destructive to those ends, it os
the Right of the People to alter or abolish it, and to institute new
Government, laying it's foundation on such priciples and organizing it's
powers in such form, as to them shall seem most likely to effect their
Safety and Happiness.  Prudence, indeed,  will dictate that Governments
long established should not be changed for light and transient causes; and
accordingly all experience hath shown, that mankind are more disposed to
suffer, while evils are sufferable, than to right themselves by abolishing
the forms to which they are accostomed.  But when a long train of abuses
and usurpations, pursuing invariably the same Object evinces a design to
reduce them under absolute Despotism, it is their right, it is their duty,
to throw off such Government, and to provide new Guards for their future
security."

>From the Declaration of Independence, July 4, 1776.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From ylo at cs.hut.fi  Mon Feb 12 17:17:00 1996
From: ylo at cs.hut.fi (Tatu Ylonen)
Date: Tue, 13 Feb 1996 09:17:00 +0800
Subject: Free end-to-end encryption code?
In-Reply-To: <311f5807.109332@saturn>
Message-ID: <199602121637.SAA05691@trance.olari.clinet.fi>


> As a side project, to support remote mail and news pickup through the
> Internet to my company's servers (through a firewall), I've been
> slowly writing an end-to-end encryption program. Essentially, the idea

Sounds like something that could be directly done with ssh
[http://www.cs.hut.fi/ssh] using TCP/IP forwarding.  I've myself used
it to encrypt the connection to the smtp port on a remote server.
I configured sendmail to use "localhost" as the major relay host,
disabled the sendmail daemon, and ran sendmail from cron to process
the queue every now and then.  Incoming mail was fetched via ssh from
a remote file server using a couple of small scripts.

    Tatu





From declan+ at CMU.EDU  Mon Feb 12 17:59:46 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Tue, 13 Feb 1996 09:59:46 +0800
Subject: Censorship and Snooping at Winthrop University
Message-ID: 


Following are portions of a message I sent to Winthrop University
administrators. They're considering a heinous new policy that says:

"No information should be exchanged through E-mail that is not official 
University business.  No personal or confidential information should be 
exchanged and all communications are subject to periodic and/or random
audit by the Office of Information Technology to ensure compliance with
this policy."

-Declan

---------- Forwarded message begins here ----------

From: Declan McCullagh
To: feldern at winthrop.edu, broachg at winthrop.edu, rosenj at winthrop.edu,
        moressiw at winthrop.edu, jonesr at winthrop.edu, cormierp at winthrop.edu
cc: wellsj at winthrop.edu, harrisoc at lurch.winthrop.edu, browne at winthrop.edu,
        duboisp at winthrop.edu, margare946 at aol.com,
        fight-censorship+ at andrew.cmu.edu
Subject: Censorship at Winthrop University

February 12, 1996

Dear Winthrop University Administrators:

I was disturbed to read a recent Associated Press article reporting that
Winthrop University has censored the web pages of two of your students and
suspended the students from classes after one of them placed nude
photographs online. I was even more dimayed to read that your school's
proposed computing policy allows university officials to snoop through
your students' electronic mailboxes at will.

For shame! The American Library Association's draft policy recommendation
on electronic services and networks says, on student computer accounts:

    No user should be restricted or denied access for expressing or
    receiving constitutionally protected speech. No user's access
    should be changed without due process, including, but not limited
    to, notice and a means of appeal.

The American Association of University Professors endorsed this statement
on academic freedom, published in the July-August 1992 _Academe_, which
says in part:
 
    On a campus that is free and open, no idea can be banned or
    forbidden... Free speech is not simply an aspect of the educational
    enterprise to be weighed against other desirable ends. It is the very
    precondition of the academic enterprise itself.

Regarding your plans to look at student email, more information is
available at ftp://ftp.eff.org/pub/CAF/faq/email.privacy, which says:

    According to Mike Godwin, legal services counsel for the Electronic
    Frontier Foundation (EFF), the U.S.'s Electronic Communications
    Privacy Act (ECPA) could be reasonably construed to protect university
    email. This is also the reported opinion of the U. of Michigan's
    lawyers. Also, the U.S.'s Family Educational Rights and Privacy Act
    gives students at all public and most private schools some privacy
    rights. 

According to the AAUP statement and according to the fundamental
principles of academic freedom, universities must protect controversial
speech on their campuses. If Winthrop University does not, it is violating
its historic commitments to free speech and turning its pledges to uphold
academic freedom and freedom of expression into broken promises. 

I've copied this message to the fight-censorship mailing list, which has
among its subscribers roughly 50 journalists interested in online
censorship issues, including writers from TIME, Newsweek, The New York
Times, The Washington Post, Internet World, WIRED, and many others. I
invite you to clarify your university's position and respond directly to
the mailing list. Cyberspace is developing quickly, and I feel confident
that Winthrop University would not want to be known as an online leader in
repression, censorship, and Orwellian thought-policing. 

I trust that a school such as Winthrop University, with such a
distinguished College of Education, will not neglect the fundamental
principles upon which your university was founded. I hope that you
understand that voiceless speech and inkless press must receive the same
protections as voiced speech and inked press. I urge you to reconsider 
your policies. I look forward to your reply. 

Very truly yours,

Declan McCullagh


PS: I'm attaching a file from Carl Kadie's Computers and Academic Freedom
archive, at http://www.eff.org/CAF/. More information is also available 
at the Justice on Campus project, at http://joc.mit.edu/.


---------------------------------------------------------------------



February 11, 1996

  	  				 
	ROCK HILL, S.C. (AP) -- Winthrop students Brian Walker and Josh  
Campbell have had their university Internet accounts pulled after 
officials said they violated school policy. 
	Walker created a web page soliciting money and Campbell created  
one including a nude woman. While the two admitted they crossed the 
line, the Feb. 2 suspension has risen free speech debates and 
computer policy review through the school. 
	Both students deleted their web pages, and their two-week  
suspension was reduced to one. 
	Nathaniel Felder, Winthrop's associate vice president for  
information technology, said work on amending the computer policy 
has been ongoing. School officials planned to submit the proposals 
Friday to Winthrop's board of trustees. 
	But Internet users, particularly professors and students,  
thought the new policy included language that infringed on their 
rights and violated their freedom of speech. So, the policy will be 
forwarded to a computer committee for further review. 
	Professors and students opposed language in the policy that said  
e-mail be used only for official university business. The policy 
also allows officials to randomly audit e-mail for compliance. 
	``It could be a violation of the principles of the free change  
of ideas at the university,'' political science professor Glen 
Broach said. 
	But Bob Thompson, Winthrop's board chairman, said Internet  
policy is to protect the users and Winthrop from liability. 



=============== ftp://ftp.eff.org/pub/CAF/faq/computer-porn ===============
q: Should universities create a rule banning "porn" on university
computers?

a: In my opinion, no. Such a rule would be unnecessary and too broad.

[Disclaimers: I'm not a lawyer. This answer is based on the situation
in the U.S.]

A computer porn ban is too broad because "pornography" is not a
well-defined term. For many people, "pornography" means any nude or
sexually suggestive material. While you may intend only to stop
computer-science students from looking at _Playboy_ centerfolds in your
computer labs, your rule may also stop liberal-arts students from
viewing the growing number of fine art collections on the Net.

For example, 2,800 images are on-line at the Australian National University
    ANU.
Among these images is a print of Manet's "Olympia"
    Olympia.
When this now famous nude was unveiled in 1863, it caused an outrage
because of its blatant sexuality. Hundreds of images are also
available at the WebMuseum
    The WebMuseum.
Among these images is Salvador Dali's shocking "Young Virgin
Autosodomised by her own Chastity"
    Virgin
.

Either of these images could be used to sexually harass someone, but
so could many noncomputer images on your campus such as art on the
University's walls and the _Playboy_ centerfolds that are likely in
your university library.

A rule banning computer porn is unnecessary because university
computer facilities can (and should) be treated as ny other university
facility. That means banning the act of harassment, not the materials
that can be used to harass but that can also be used without harassing
anyone. Similar reasoning was used by a federal district judge in June
1994. In the widely reported case, he said that "quiet reading" of a
_Playboy_ magazine by a firefighter does not create a sexually
harassing atmosphere.

At least in the U.S., virtually every university has a sexual
harassment policy that not only covers harassment via computers but
that also dictates the exact procedure for handling sexual harassment
complaints. (Having a procedure is important because the line between
constitutionally protected expression and unprotected expression is
dim and uncertain.) Computer sites should publicize the university's
sexual harassment rules; they should not try to preempt them. See the
referenced U. of Illinois report on the Status of Women for concrete
suggestions on publicizing your existing sexual harassment rules.

So what about material that may be illegal in your jurisdiction, for
example libel, threats, obscenity-in-the-legal-sense, copyright
violations, etc.? Many university computer policies include the "Law
Law", that is, the rule that says that it is forbidden to violate the
law. This is not quite as redundant as it may seem because it
authorizes the University to handle infractions itself via its
established due process procedure.

- Carl Kadie

ANNOTATED REFERENCES

(All these documents are available on-line. Access information follows.)

=================
faq/censorship-and-harassment
=================
* Censorship And Harassment
 
q: Must/should universities ban material that some find offensive
(from Netnews facilities, email, libraries, and student publications,
etc) in order to comply with antiharassment laws?
 
a: No. U.S. federal courts have said that harassing speech is
...

=================
law/quiet-reading
=================
* Expression -- Harassment -- Quiet Reading of _Playboy_

Excerpts from a newspaper report that a federal district judge has
said that "quiet reading" of a _Playboy_ magazine by a firefighter
does not create a sexually harassing atmosphere. [Editorial comment: I
think this supports the idea that rather banning "porn" from a general
academic computer, it is more appropriate to ban harassment.]

=================
academic/women-in-eng.uiuc.txt
=================
ASCII (plain text version) of "Final Report of the Committee on the
Status of Women Graduate Students and Faculty in the College of
Engineering" at the University of Illinois at Urbana-Champaign. (Also
available in TeX and Postscript form.)

=================
academic/artistic.freedom.aaup
=================
* Artistic Freedom (AAUP)

Academic Freedom and Artistic Expression - An official statement of
the American Association of University Professors (AAUP)

It says in part: "In our judgment academic freedom in the creation and
presentation of works in the visual and performing arts, by ensuring
greater opportunity for imaginative exploration and expression, best
serves the public and the academy."

=================
library/challenged-materials.ala
=================
* Challenged Materials (ALA)

An interpretation by the American Library Association of the "Library
Bill of Rights". It says in part "The Constitution requires a
procedure designed to focus searchingly on challenged expression
before it can be suppressed.  An adversary hearing is a part of this
procedure."

=================
law/miller
=================
* Expression -- Obscenity -- Law -- Miller

The Supreme Court's definition of obscenity (the so-called _Miller_
test)

=================
=================

If you have gopher, you can browse the CAF archive with the command
   gopher gopher.eff.org

These document(s) are also available by anonymous ftp (the preferred
method) and by email. To get the file(s) via ftp, do an anonymous ftp
to ftp.eff.org, and then:

  cd  /pub/CAF/faq
  get censorship-and-harassment
  cd  /pub/CAF/law
  get quiet-reading
  cd  /pub/CAF/academic
  get women-in-eng.uiuc.txt
  cd  /pub/CAF/academic
  get artistic.freedom.aaup
  cd  /pub/CAF/library
  get challenged-materials.ala
  cd  /pub/CAF/law
  get miller

To get the file(s) by email, send email to ftpmail at decwrl.dec.com
Include the line(s):

  connect ftp.eff.org
  cd  /pub/CAF/faq
  get censorship-and-harassment
  cd  /pub/CAF/law
  get quiet-reading
  cd  /pub/CAF/academic
  get women-in-eng.uiuc.txt
  cd  /pub/CAF/academic
  get artistic.freedom.aaup
  cd  /pub/CAF/library
  get challenged-materials.ala
  cd  /pub/CAF/law
  get miller








From alano at teleport.com  Mon Feb 12 18:25:31 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 13 Feb 1996 10:25:31 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960212203533.0090a244@mail.teleport.com>


At 07:20 AM 2/12/96 +0000, Deranged Mutant wrote:
>> Parents had that ability before.  Cable boxes have a "perental control key"
>> on the side that enables them to lock out "offensive" channels.  It works
>> quite well and is fairly hard for the kidlets to defeat.  (I used it to
>> lockout the religious stations and home shopping channels.)
>
>When I was a kid some friends down the street knew how to unlock the 
>Channel 100 XXX movies with a paper clip.  A V-chip would hopefully 
>be more sophisticated, but then again, so are today's kids...

Sshhh!  You are not supposed to tell them that!

>> The "V-Chip" debate is a mirror of the one that occured when the cable
>> channels were starting to become popular.  There was a big hue and cry about
>> kids getting to the "naughty" channels without parent concent.  Seems most
>> people do not even learn how the lockouts work.  (And are too lazy to learn.)
>
>You should check out your nearest H/P BBS or ftp-site...

Yeah, I know it can be hacked.  I also know that if they are that interested
in sex, NOTHING I do is going to stop them.  (Which is as it should be.  If
they have no exposure to any sexual material as a youth, some rather nasty
problems tend to crop up as adults. (Take a look at the studies of sexual
predators.) But that is a point avoided by the moralists...)

>> You have to remember that most of the people arguing for TV filters are
>> looking for a way to make the "offensive" stuff go away for good.  (Either
>[..]
>
>A very good point.  One that makes me wary of V-Chips...

It makes me very wary of them.  What gets me are all the people here who
talk about them as if they will have useful features.  They will be about as
useful as the ratings on video games.  ("Hey, theres a cool one!  This one
has flying mangled bodies!  Its OK though.  No sex!")

---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From sunder at amanda.dorsai.org  Mon Feb 12 18:29:39 1996
From: sunder at amanda.dorsai.org (Ray Arachelian)
Date: Tue, 13 Feb 1996 10:29:39 +0800
Subject: LI Newsday OpEd: Criminal Justice System
In-Reply-To: <199602121616.LAA18717@jekyll.piermont.com>
Message-ID: 


On Mon, 12 Feb 1996, Perry E. Metzger wrote:

> 
> "Deranged Mutant" writes:
> > Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
> > by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"
> 
> I personally find stuff like this interesting, but I prefer read about
> it in places like libernet or the like. Cypherpunks is for
> cryptography.


I personally like reviews of messages that are posted regarding other 
people's posts, however I prefer to read them in email.  Cypherpunks 
isn't for "this doesn't belong here" messages. :)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From sophi at best.com  Mon Feb 12 18:30:33 1996
From: sophi at best.com (Greg Kucharo)
Date: Tue, 13 Feb 1996 10:30:33 +0800
Subject: Firewall USA to Firewall China
Message-ID: 


 At the meeting on saturday the idea of a Firewall USA was discussed.
Here's a quote from Jim Clark CEO of Netscape on the idea of a Firewall
China, just for comparison.

Q: The Chinese government has declared its intention to filter out
  what it considers to be objectionable material from the Internet. If
  you were a consultant for the Chinese government, what technology
  would you recommend that they use to do that?

  A: A lot of people think that's not possible. It's difficult to enforce,
  but it's certainly possible. A corporation has a so-called fire wall -- a
  single point of entry into the corporate net. You can have a country
  that has a single point of entry into its "country net." It's doable. All
  you need, though, is one breach of security, and there's a leak.

  A fire wall is a filter -- it filters and doesn't let certain people come in.
  You can only come in if you have the right permission. So you could
  easily set that up so that it would filter out your objectionable
  material.

this is a temp .sig







From bruce at aracnet.com  Mon Feb 12 18:31:35 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 13 Feb 1996 10:31:35 +0800
Subject: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: <2.2.32.19960212211715.00695b2c@mail.aracnet.com>


This is off-topic; anyone wanting to follow up on it, e-mail me on the side.

At 11:59 PM 2/11/96 -0500, tallpaul at pipeline.com (tallpaul) wrote:

>This and other posts by J. Bell and other lib'bers 

Jim Bell is pretty much exactly as relevant to libertarian thought as Lyndon
LaRouche is to Democratic thought - that is, he's a crank, whom we prefer to
ignore where possible. I, for one, filter his messages straight to Eudora's
Trash mailbox.

If you want to sample a different variety of libertarianism, check out the
URL in my sig file and look at the Christlib list. Or, for that matter,
simply leaf through REASON and LIBERTY magazine, and note the variety of
folks actually _doing_ things that promote "human freedom for everyone" as
well as talking about it.

It's not as much fun as ad hominem, I admit, but in the long run I think
it's more useful.

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From sperkins at andromeda.rutgers.edu  Mon Feb 12 18:59:22 1996
From: sperkins at andromeda.rutgers.edu (Steven C. Perkins)
Date: Tue, 13 Feb 1996 10:59:22 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <1.5.4b11.32.19960212220754.009939cc@andromeda.rutgers.edu>


Cyber-Anarchists aren't the only ones who can use the Net.

>--- Forwarded message follows ---
>From: zakat at dircon.co.uk (Sohail Mohammed)
>Subject: Online Zakat Payment
>Date: 1 Feb 1996 11:15:34 GMT
>
>Welcome to the Zakat homepage at http://www.ummah.org.uk/zakat/
>which has been setup by the Bait al-Mal al-Islami (BMI).
>
>Bait al-Mal is the public treasury of the Islamic political system (state 
>or nonstate). BMI acts as the finance department function of an Islamic 
>political authority (IPA).  This BMI in the UK operates under the 
>authority of the Muslim Parliament (the IPA in this case).
>
>An IPA may or may not be directly responsible for the management of 
>Mosque(s). The IPA may or may not be directly responsible for relief 
>work. These activities may be carried out indirectly by other agencies 
>operating under the authority of the IPA or supported by it.
>BMI does welfare work in UK and externally.
>
>Zakat collection and distribution is the responsibility of the IPA (which 
>may be a Khalifate or in its absence a regional entity in your part of 
>the world).
>
>Zakat collection and distribution is not a free-enterprise do-it-yourself 
>project. Khalifa AbuBakr (RA) went to war against those people who did 
>not want to pay Zakat to the central authority and who instead wanted to 
>do it 'their-way'.
>
>Any one can setup a registered charitable organization; anyone can't 
>setup a religion or Deen and do it 'their-way'.
>
>The Zakat page is at http://www.ummah.org.uk/zakat/
>
>The online Zakat payment facility is at:
>http://www.ummah.org.uk/zakat/pay.htm
>
>The long term strategy is that we Muslims need a major presence in
>cyberspace. This would include intelligent agents (robots, sheriffs,)
>roaming cyberspace collecting Zakat funds and Jihad funds and doing other
>things we can't yet imagaine. Islamic Gateway http://www.ummah.org.uk
>(and affiliated net entities) is only a primitive foundation for future
>workers to take further. If you want to help realise the dream or want
>free webspace for public service projects contact info at zakat.org.uk
>
>If you are running a BMI function in your part of the world and you wish 
>to co-operate or obtain further information on the UK BMI then contact:
>
>Dr Muhammad Ghayasuddin MMP (*),
>Secretary/Trustee,
>Bait al-Mal al-Islami,
>109 Fulham Palace Road,
>London W6 8JA, UK
>Tel +44 181 563 1995 or 1994 (fax 1993)
>
>WHY is BMI/MP doing this: policy questions to Mohtashim Shaikh MMP, BMI 
>trustee responsible for the online Zakat service at:
>mohtash at ummah.org.uk
>
>Technical questions to the IG chief designer, Brother Ibrahim at:
>query at eurolink.co.uk
>
>(*) MMP = Member of Muslim Parliament
>
>Flames to Mohtashim before Feb 9, afterwards to info at zakat.org.uk
>
>MP as an IPA raises both Zakat funds (using BMI's charitable status in 
>the UK) and also Jihad Funds (NOT using BMI - Jihad is NOT covered as a 
>charitable activity in western law!). Only an IPA can do BOTH Zakat and 
>Jihad fund raising. Let any 'Charity' org try and do that.
>
>Just as a personal aside: a major UK Muslim charity is a part of the 
>Saudi lobby (accountability to Mr Fahd?) whilst another Islamic charity 
>is about to get U.N. affiliation (accountability to Boutrous Boutrous 
>Ghali?). BMI on the other hand is accountable to the Muslim Community and 
>its leadership.
>
>
>
>
*****************************************************************************
Steven C. Perkins                             sperkins at andromeda.rutgers.edu
User Services Coordinator, Rutgers School of Law at Newark
15 Washington Street					 Newark, NJ  07102
VOX: 201-648-5965                                        FAX:  201-648-1356
                 http://www.rutgers.edu/RUSLN/rulnindx.html
                     http://www.rutgers.edu/lawschool.html
"Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
*****************************************************************************






From jimbell at pacifier.com  Tue Feb 13 12:02:26 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 96 12:02:26 PST
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:55 AM 2/13/96 -0800, Bill Frantz wrote:

>>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>>idea.   Quite the contrary; I think it actually supports me.
>>
>>How so?, you ask?  Well, let's consider any potential assassin who might be 
>>interested in this "contract."  Aside from the obvious moral issues involved 
>>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>>is that such a potential assassin would see a number of problems that would 
>>strongly dissuade him from attempting to kill Rushdie.
>>
>>1.  There is no way he could be assured that he could collect the award 
>>anonymously.  His name would certainly "get out," and then he would be 
>>subject not merely to "the law," but also anybody who wanted revenge for 
>>Rushdie's death.
>>
>>2.   There is no way he could be assured that he would actually receive the 
>>award.  (How would he prove HE did it?)
>>
>>3.  That's because there is no way he would enforce this "contract" should 
>>the offerer refuse to pay.
>
>These points would not affect a devout Iranian Muslem.  To him the death
>warent has already been issued by legitimate authority.  It is not even
>clear that money would be his princple motivator.

Which simply proves my point;  money is not the limiting factor, here.

>I must respectifully disagree with Jim in this case.  I believe that
>Rushdie has not been hit because the protection he enjoys is sufficent to
>repel the potential assassins.  Note that he has an advantage over the US
>president (who probably has as many potential assassins) in that he does
>not need to make public appearences.

But remember, Rushdie is merely ONE PERSON.  And keeping him safe has 
consumed a lot of resources.  You don't think the government could protect 
each of their most publically hated employees to a similar level if a reward 
of, say, $20,000 were put on each of their heads.  How much could we collect 
to "get" Lon Horiuchi, for example?  Or the hundred or so agents immediately 
participating in the initial Waco incident, or the dozen or so decision 
makers immediately above them?   Etc.

The Rushdie incident is simply so far removed from "Assassination Politics" 
that it can't possibly be used to refute it; I still believe it actually 
demonstrates how much effort somebody has to go to, to protect a targeted 
person.  One targeted person is easy to protect.  10,000 would be FAR 
harder.  And the moment a few of those guys got "whacked," the rest would 
want to resign their jobs and hope they would be allowed to retire in peace.


>Adding money to the pot will attract rational (and amoral) people who will
>then make a determination based on (1) profit, and (2) risk, which includes
>getting caught or killed.  It seems to me that Secret Service levels of
>protection can protect a public figure against even Assassination Politics.

In a sense, qualitatively you absolutely correct, but (quantitatively) 
you're wrong.  

I think the problem is that when most people hear the term "Assassination", 
they think of only the highest-level targets.  Quite the contrary; I think 
this system will get the medium and even the lower-level people FIRST, 
de-populating the government primarily by hurried resignations of worried 
people.  The remaining  people would be terrified to actually make anybody 
angry, and they wouldn't have a paycheck because they couldn't collect any 
taxes.  The whole system would collapse in a heap.

Jim Bell

Klaatu Burada Nikto

Something is going to happen.   Something...Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDmO/qHVDBboB2dAQFeOgP/bpXFbTfw1R/iTRsWOrEZJI22N4nFPWX3
XBN2dx106jTdx/eoYz1rhjiaeZt/FzB83DABj34HuVPkws1OPEQ2e6Dneva5RjHK
QJFN4Po9SN03fb+7l3yp5Axr/1P4j4eiao4t0oAF+NPNk2FzU2LvHEMpbIawme0B
AC6Uv4nR8hc=
=9lr1
-----END PGP SIGNATURE-----






From tcmay at got.net  Tue Feb 13 12:05:49 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 13 Feb 96 12:05:49 PST
Subject: Response to Perrygram
Message-ID: 


At 6:33 PM 2/13/96, Perry E. Metzger wrote:

>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>available in which to do it.
>

Perry once again resorts to insults. Constantly belittling the efforts of
others suggests deepseated psychological doubts about his own
contributions.

Shows you the reaction I get for even responding to him. My mistake.

Perry should learn how to use mail filters, then he can simply filter out
all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
in whatever reader he is using...surely typing "D" 20 or 30 times a day
takes far less time than writing one of his perrygrams?

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From blancw at microsoft.com  Tue Feb 13 12:36:28 1996
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 13 Feb 96 12:36:28 PST
Subject: LI Newsday OpEd: Criminal Justice System
Message-ID: 


>From: 	Perry E. Metzger
>
>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
>available in which to do it.
.......................................................................

That's right:  crytpo-anarchy is a time-consuming business, and there isn't
much time in which to prepare for the New Cyberspatial Millenium.

Everybody get Back To WORK !!

                     :>) 

   ..
>Blanc
>





From sunder at amanda.dorsai.org  Tue Feb 13 12:53:13 1996
From: sunder at amanda.dorsai.org (Ray Arachelian)
Date: Tue, 13 Feb 96 12:53:13 PST
Subject: META: Filtering/Posting advice
In-Reply-To: <199602131802.NAA22343@jafar.sware.com>
Message-ID: 


On Tue, 13 Feb 1996, Jeff Barber wrote:

> Ray Arachelian writes:
> 
> > So there are options for those who want less noise.  I do not beleive it 
> > is anyone's place to banish anyone from posting to the list, nor grading 
> > a person's worth based on past posts.
> 
> Every one of us "[grades] a person's worth based on past posts" and
> this is as it should be.  That's why my finger hovers only nanometers
> above the 'd' key when I see a post from, say, Vlad the Imposter.

I'm not talking about from a personal point of view, delete the stuff in 
your mailbox at will, I'm talking about NOT filtering messages that are 
sent to all from toad.com.  :)  There is a difference between deleting 
stuff you don't like for yourself, and deleting stuff you don't like for 
everyone.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From WlkngOwl at UNiX.asb.com  Tue Feb 13 13:19:02 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Tue, 13 Feb 96 13:19:02 PST
Subject: Netscrape's Cookies
Message-ID: <199602132121.QAA16259@UNiX.asb.com>


Ready the article about the COOKIE.TXT file that Netscape creates.  
Apparently my copy has yet to modify it since it was installed... so 
much for 'hacking' it (I decided to try and leave it write-protected 
for now).

I'm curious if anyone knows which sites use/modify it.

Also wondering why Netscape seems to touch/modify the certification 
key files every time it runs.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From ashfaq at corp.cirrus.com  Mon Feb 12 21:27:20 1996
From: ashfaq at corp.cirrus.com (Ashfaq Rasheed)
Date: Tue, 13 Feb 1996 13:27:20 +0800
Subject: To find the clock speed of a sun workstation
Message-ID: <199602130016.AA10339@sunstorm.corp.cirrus.com>


Hi

Is there anyway of finding the clock speed of the CPU on a Sun workstation?
As far as i know it can be found only by rebooting the machine and using
module-info? And I believe that the module-info does a no-op loop for a
a known number of times and calculates the time taken.

I would like to know if there is anyother way to finding it.

Thanks!

Ashfaq





From pmonta at qualcomm.com  Mon Feb 12 21:43:04 1996
From: pmonta at qualcomm.com (Peter Monta)
Date: Tue, 13 Feb 1996 13:43:04 +0800
Subject: Firewall USA to Firewall China
In-Reply-To: 
Message-ID: <199602130139.RAA11162@mage.qualcomm.com>


> [ Jim Clark, "Firewall China" ]
>
>   A: A lot of people think that's not possible. It's difficult to enforce,
>   but it's certainly possible. A corporation has a so-called fire wall -- a
>   single point of entry into the corporate net. You can have a country
>   that has a single point of entry into its "country net." It's doable. All
>   you need, though, is one breach of security, and there's a leak.
> 
>   A fire wall is a filter -- it filters and doesn't let certain people come in.
>   You can only come in if you have the right permission. So you could
>   easily set that up so that it would filter out your objectionable
>   material.

He seems to be confusing network security with the propagation of content.
A firewall is going to have a lot more trouble filtering dangerous
thoughts than UDP port 1234, unless there are humans in the loop.

Peter Monta   pmonta at qualcomm.com
Qualcomm, Inc./Globalstar







From PADGETT at hobbes.orl.mmc.com  Mon Feb 12 22:04:11 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Tue, 13 Feb 1996 14:04:11 +0800
Subject: No Subject
Message-ID: <960212134104.2021ab25@hobbes.orl.mmc.com>



>Yet if I read you correctly earlier, you don't think the USG has the right 
>to regulate those communications. Why the distinction ?

Okay, obviously I need to drop down a gear & explain *my* feelings:

Part of the definition of a "sovereign nation" is to define and carry
out both high and low justice over it's domain - the absolute right
of a sovereign. Is not mentioned in the US constitution because it 
was a given. Further, the purpose of the US Constitution is to:
a) define what the sovereign was (three branches - rock, scissors, & paper)
b) set forth certain limitations on that sovereign ("Congress shall make
   no law...")
c) define certain duties of the sovereign (regulation of foreign commerce...)

(am simplifying so please bear with me)

There are some things which for which the rationale is not apparent since
the times have changed ("corruption of blood" is a "Congress shall not"
that related back to English law of the time). What "Attainder" was
is not mentioned since it was well understood.

No this gets us back to the question: to me, "regulation of foreign commerce"
has two elements - one is to prevent illegal commerce or traffic in goods 
that are contrary to "the public good". The other is to promote American
trade and intrests overseas. The two go together and is the point I made
at the NIST gathering in December. Quid pro quo.

"Free speech" means that a citizen is free to speak (communicate) anthing,
anytime, anywhere. This is the right guarenteed by the first amendment. This
does not relieve the individual from being liable for the consequences of 
the exercise of "free speech".

However, the government is under no obligation (though in the silly seventies
it seemed that we were going that way) to aid or abet in the exercise of
free speech. If it were properly and legally decided that communications 
with anon.penet.fi is against "national interest" then the sovereign has 
not only the "right" but the *duty* to block/monitor such communications.

Now as to the second part of the question, I have never said that the 
conditions mentioned above could not legally exist (though I have my
doubts about legality internally and between citizens - is part of the
reasons American Corporations have never had a problem getting a license
for use with foreign offices). What I said was that any such regulation
would be impossible to enforce for two reasons:

1) While current crypto advertises its presence, crypto exists which
   is indestinguishable from random noise and would be impossible to
   prove was used. Further it would be necessary to specify what was
   not crypto (and the law frowns on negatives). Navaho, Basque, PKZIP,
   and EBCDIC are examples that fall readily to mind.

2) The second objection is more obscure but should be considered in places
   that lack our constitutional protections: given a message, any message,
   I can demonstrate a OTP or algorithm that will turn that into any
   message desired. Therefore just the existance of a message and a
   decrypt would be insufficient to prove the "chain" that one led from/to
   the other.

Thus in the one case, I referring to the obligations/limitations that our 
constitution places on the US government (is what it is really about). In
the other I was referring to what it is *possible* for the government to 
do without considering legality (if they can't, does not matter if legal). 
Does this clear up the confusion ?

						Warmly,
							Padgett

ps just to add some more wood "any law that can not be demonstrated to be
   universally enforceable with the resources allocated should be repealed".





From strata at virtual.net  Mon Feb 12 22:11:07 1996
From: strata at virtual.net (strata at virtual.net)
Date: Tue, 13 Feb 1996 14:11:07 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 



Oh, hey, no problem.

You're not the only one, despite the explicit reference in the document.
Whether I like it or not, this industry is largely centered around and
run by men.  I always got a kick out of people's assumptions that my
resume and my writing must "naturally" belong to a guy.  Apparently
the dominant paradigm thinks I'm holding my own in the rat race.

I learned to take it as a compliment years ago; the same thing
happened in 3 out of 5 phone screenings for job interviews.  
What's really been entertaining is where we did email prescreening and
I showed up for an interview and got to watch someone's mental
transmission popping its syncromesh for a moment.    They always
recover quickly and continue the shift into "interview mode", and I
get that nice warm glow of having broadened someone's horizons. 

Cheers,
_Strata






From tcmay at got.net  Mon Feb 12 22:20:02 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 13 Feb 1996 14:20:02 +0800
Subject: LI Newsday OpEd: Criminal Justice System
Message-ID: 


At 4:16 PM 2/12/96, Perry E. Metzger wrote:
>"Deranged Mutant" writes:
>> Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
>> by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"
>
>I personally find stuff like this interesting, but I prefer read about
>it in places like libernet or the like. Cypherpunks is for
>cryptography.

Au contraire. Those interested in pure cryptography and coding are over in
Coderpunks, the new gated community for such folks.

The rest of us, stuck here in the ghetto of Cypherpunks, will talk about
what we want to talk about.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From declan+ at CMU.EDU  Mon Feb 12 22:23:41 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Tue, 13 Feb 1996 14:23:41 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: 


Alan writes:
>No surprises here.  Except for the "on-line elite" shot in the dark, the
>anti-sex censors have been talking this way for decades.
> 
>What's interesting is that your report of this spokesperson's tone makes
>it sound *defensive* -- like a reaction to an onslaught rather than a
>celebration of victory.

Exactly. Catharine MacKinnon, for instance, has called the EFF and other
Rimm-debunkers part of the "pro-pornography power block" which
represents the "howling fury of the pornographers protecting their
penises and their wallets."

The Family Research Council, which wrote today's Newsday today, has
launched similar attacks. The FRC is run by Gary Bauer, a former policy
assistant to Reagan and a former undersecretary at the Department of
Education. Now he heads the FRC, the DC-based lobbying extension of
James Dobson's "Focus on the Family." Dobson's history includes serving
on the Attorney General's Commission on Pornography (the Meese
Commission). Bauer also embraced Marty Rimm's cyberporn study as gospel,
calling the ACLU and EFF "porn industry apologists" who are "taking
cheap shots at this comprehensive study."

Thanks to Rob, the Newsday op-ed is at:
   http://fight-censorship.dementia.org/fight-censorship/dl?num=1153

Related articles about the FRC are at:
   http://fight-censorship.dementia.org/fight-censorship/dl?num=247
   http://fight-censorship.dementia.org/fight-censorship/dl?num=839

ObCrypto: Yes, Know Your Enemies and work with the natural enemies of
the religious right, such as groups like the ACLU and the FEN. The
theocratic push to outlaw nonescrowed crypto is next.

-Declan






From boykin at pobox.com  Mon Feb 12 22:23:59 1996
From: boykin at pobox.com (Oscar Boykin)
Date: Tue, 13 Feb 1996 14:23:59 +0800
Subject: cypherpunks t shirts, anymore?
Message-ID: <2.2.32.19960213032248.008efd40@fitten95.residence.gatech.edu>


I know someone that got bought a black sypherpunks t shirt with warning
strong crypto on it.

Are there any more of these?  I would like to purchase a large.

Please contact me if you know anything.

oscar boykin
mailto:boykin at pobox.com
http://pobox.com/~boykin
home: 404-206-0477






From froomkin at law.miami.edu  Tue Feb 13 14:26:13 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Tue, 13 Feb 96 14:26:13 PST
Subject: MS CryptoAPI (fwd)
Message-ID: 


http://www.microsoft.com/intdev/inttech/cryptapi.htm    

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warmish here.








From stend at grendel.texas.net  Tue Feb 13 14:36:40 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Tue, 13 Feb 96 14:36:40 PST
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <199602132153.PAA10522@grendel.texas.net>


"Declan B. McCullagh"  said:

DBM> ObCrypto: Yes, Know Your Enemies and work with the natural
DBM> enemies of the religious right, such as groups like the ACLU and
DBM> the FEN. The theocratic push to outlaw nonescrowed crypto is
DBM> next.

	As someone who would prolly be considered part of the
'religious right' (why don't we ever hear of the 'religious left', who
are prolly just as much in support of banning porn?), I have to take
exception to this.  I'm appalled by the CDA, and, if you start
pointing out to religious supporters of the CDA that it has already
resulted in the King James version of the Bible being removed from (at
least) one web site, I'm sure that some of them will be as well,
especially the fundamentalists for whom the spread of the Gospel is,
well, gospel.  Be sure to point out that the same courts who the blame
for 'removing prayer from our schools' would be ruling on the indency
of the Bible.  As for supporting GAK/banning non-GAK, I don't think
that you would dispute that the 700 Club is strongly dominated by the
religious right, and it came out firmly AGAINST the entire notion of
GAK during the Clipper debate.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From perry at piermont.com  Tue Feb 13 14:45:51 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 13 Feb 96 14:45:51 PST
Subject: NRL IPv6 code
Message-ID: <199602132245.RAA21719@jekyll.piermont.com>



I've just mailed off to Sameer Parekh the January '96 release of the
NRL IPv6 sources.  For those not in the know, this code implements the
IPsec protocol for both IPv4 and IPv6. IPsec is a cryptographic
protocol for securing IP datagrams -- it is now an IETF Proposed
Standard, defined in RFCs 1825-1829.

The code probably could use some work, but its not bad and a
reasonable start for all sorts of work.  This is a new version that
reportedly has lots of bug fixes -- I'm also given the impression it
may be the last NRL release of this code because the people doing the
work have left there -- if it gets adopted by the BSD community, it
will probably end up integrated into future NetBSD, BSDI and FreeBSDs,
which would be where to look for future releases.

The code should drop into BSDI almost out of the box -- it requires
more work for NetBSD and FreeBSD.


Perry

PS Sorry to interrupt the discussion of the sex life of the Aloe Vera
plant with something as irrelevant as cryptography. I can't resist
sometimes.





From nobody at REPLAY.COM  Mon Feb 12 22:46:23 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Tue, 13 Feb 1996 14:46:23 +0800
Subject: DEA
Message-ID: <199602130154.CAA23267@utopia.hacktic.nl>


Column by Jim Dykes 
in the Knoxville Journal (423-584-9606), 2/8/96.


(...) I had a call the other day.  About the DEA.  Try to keep
all these damn acronyms straight:  DEA is Drug Enforcement
Agency.

Call was from an old cowboy - well, former Air America pilot, to
be more precise, CIA.  (There should be a federal agency to
control us old men better.)

To make a long, long story short, I have some names and phone
numbers of people around the country - Customs, Immigration &
Naturalization, maybe even some DEA, who can discuss rather
interesting money ripoff techniques by DEA agents involving Title
18, Title 21, and Title 19 of the Federal Code.  There was a time
when I would have busted a gut - and a phone budget - trying to
snare some bent government agents.  But, now ...

Let me make it perfectly clear that this old persimmon really
doesn't give a damn.  I am long past being shocked at venality
and corruption in public servants.  But, if anybody wants to be a
hotshot investigative reporter (and run up a helluva phone bill
for his or her employer) just give me a call.  (That lets a lot
of you out, since it would have to be somebody I know and trust.)






From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 12 22:50:33 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 13 Feb 1996 14:50:33 +0800
Subject: Smartcard report from Nando.Net
Message-ID: <01I14P8XSUYOA0UZOC@mbcl.rutgers.edu>


	Anyone know anything else about this? Like any privacy protections (I
doubt it), counterfeiting protections, etcetera?
	Thanks,
	-Allen


      Copyright © 1996 Nando.net
      Copyright © 1996 Bloomberg
      
   
   
   LONDON (Feb 12, 1996 11:23 a.m. EST) -- Motorola Inc. said it won two
   contracts to supply microchips for smart cards that will be used by
   the governments of Spain and the Czech Republic to administer benefit
   programs.
   
   The cards are credit-card sized devices incorporating
   specially-designed memory chips, called microcontrollers. They have a
   growing number of applications and can be used instead of cash in
   stores, at telephone booths, for pay-television and computer-shopping.
   
   The largest demand, though, will come from government agencies, like
   Spain's Social Security Administration and the Czech Republic's
   Healthcare Ministry. China, with a population of 1.2 billion, is
   considering a national identification card using this technology, said
   Waqar Qureshi, Motorola worldwide marketing manager for smart-card
   chips.
   

[...]

   Spain has ordered 7 million microprocessors, valued at more than $10
   million, from Motorola in the first phase of a nationwide program that
   could grow to 40 million cards. The chips will store the digitized
   description of the holders' fingerprints, which should help to reduce
   fraud.
   
   "The smart cards will enable multiple transactions with the Social
   Security to be carried out in a more secure manner and their use can
   easily be extended to other services," said a spokesman for the
   Spanish Social Security Ministry, quoted in a Motorola statement.
   
   In the Czech Republic, Motorola is supplying 10,000 chips for a pilot
   health-insurance program in the Litomerice region. A countrywide
   health-card project for 10 million people is planned for introduction
   starting in 1997.
   
[...]

   "These two contracts, valued at tens of millions of dollars, are prime
   examples of the growing trend among governments across the world to
   look at smartcard solutions in the administration of public social
   services and benefits," said Allan Hughes, Motorola's worldwide
   smartcard manager.
   
   Visa Spain said in December it would launch smart cards to replace the
   use of cash for transactions as small as buying a pack of cigarettes.
   
   With software written in Spanish that already is being used in Miami,
   Colombia and Argentina, Visa Spain said it intends to place as many as
   3 million "Visa Cash" cards a year in circulation in Spain this year.





From erc at dal1820.computek.net  Mon Feb 12 22:59:30 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 13 Feb 1996 14:59:30 +0800
Subject: Free end-to-end encryption code?
In-Reply-To: <311f61c8.2606869@saturn>
Message-ID: 


On Mon, 12 Feb 1996, Steve Willer wrote:

> On Mon, 12 Feb 1996 09:46:29 +0000, you wrote:
> 
> >On Mon, 12 Feb 1996, Steve Willer wrote:
> >
> >> As a side project, to support remote mail and news pickup through the
> >> Internet to my company's servers (through a firewall), I've been
> >> slowly writing an end-to-end encryption program. Essentially, the idea
> >
> >Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
> >myself...
> 
> Okay...well...here's another problem. You see, most of the clients are
> going to be Windows people. I can't use a Unix-only solution.

There exists at least one ssh Windows client.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From wlkngowl at unix.asb.com  Mon Feb 12 23:00:10 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Tue, 13 Feb 1996 15:00:10 +0800
Subject: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602130143.UAA23096@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

rngaugp at alpha.c2.org wrote in the c'punks list:
> Subject: Using /dev/random for PGP key generation? Be Wary
> 
> I have created a modified version of pgpi for use with a hardware random
> number generators. Recently, there has been some confusion because
> people have assumed that I wished people to use this version with
> NOISE.SYS or an RNG that gathers entropy from timing events called
> /dev/random.

My concern, since there is a DOS version available according to your 
announcement (and this applies to OS/2 and Linux compilations as well) is 
that your version assumes /dev/random produces a continuous stream rather 
than bursts of data limited to how much entropy is gathered.  A poor 
implementation even with a good driver is disasterous.

[..]
> Be assured that I originally planed the modification to be used with a
> real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
> and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
> RNG810.ZIP available at ftp.cdrom.com.

Hmmm... I'll have to check that out.

[..]

> I am unsure about using my modification, together with these drivers
> that are not connected to a real hardware RNG. In what way would the use
> of these drivers' methods of gathering entropy be superior to PGP's
> method of getting entropy from keyboard timing? If you choose to do
> something like this, you should think carefully and make a careful study
> of the code.

I'm curious as to what method you tyest the hardware RNG's entropy?

[..]

> made to work. But careful thought an careful design should be done
> first.

Yep.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR/s2yoZzwIn1bdtAQEdeAF/XFFki97J+phJv76eMZXcMyHt1ChjN3FD
PsMvsq03g/QHYfAMhb25qoSp5H6F5HFZ
=2l/3
-----END PGP SIGNATURE-----





From tcmay at got.net  Mon Feb 12 23:10:01 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 13 Feb 1996 15:10:01 +0800
Subject: Dave Winer, MORE, and Outline Processors
Message-ID: 


At 9:21 PM 2/12/96, William Knowles wrote:
>Found this in my mail this morning.

>---------------------------------------
>Amusing Rants from Dave Winer's Desktop
>Released on 2/12/96; 5:59:40 AM PST
...
>  The first huge blast of cyberpsace puffery and a historic rejection
>  of the US Constitution, on the same day.

Some will say this has nothing to do with cryptography, but I want to share
something about Dave Winer.

Dave Winer wrote "MORE." the outline processor I wrote my Cyphernomicon FAQ
in (and many other things over the years). Winer originally wrote "Think
Tank," which I also had on my original IBM PC, circa 1983-4, and then
"MORE," for the Macintosh. These were the preeminent outline processors, a
market niche which has, sadly, almost vanished. (The outliner in Microsoft
Word is primitive and cumbersome by comparison. FrameMaker, an otherwise
extremely powerful writing tool, lacks an outline mode altogether. Hence I
seldom use it.)

Winer and his partners (not sure who they were) sole their company, Living
Videotext, to Symantec. Symantec supported MORE for a couple of upgrades,
then let it fade out. (MORE 3.1 still runs flawlessly on my Macintosh
7100av, with System 7.1.2, but will likely eventually stop working with
some version of the System.)

I've seen new-in-the-box copies of MORE 3.1 for $75 at Weird Stuff
Warehouse, in Sunnyvale, CA. I highly recommend MORE for any of you Mac
users out there.

(In case anyone is wondering, no, I don't use MORE to write my things for
this list. Conventional text editing is sufficient for these relatively
short items. I don't even use a spulling checker anymore.)

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tbyfield at panix.com  Mon Feb 12 23:10:18 1996
From: tbyfield at panix.com (t byfield)
Date: Tue, 13 Feb 1996 15:10:18 +0800
Subject: fwd: Meeks on telcos sharing local call info
Message-ID: 


>This is forwarded from:
>
>Date: Tue, 6 Feb 1996 20:17:43 -0800
>From: "Brock N. Meeks" 
>To: cwd-l at cyberwerks.com
>Subject: CWD--We're Not in Kansas Anymore Sender: owner-cwd-l at cyberwerks.com
>
>CyberWire Dispatch // Copyright (c) 1996 //
>
>Jacking in from the "Abandon All Hope" Port:
>
>Washington, DC --
>Howard Stern's Private Parts
>==========================
>
>Although Howard Stern's privacy (is this an oxymoron?) isn't in question
>here, your privacy is.
>
>The bill basically allows the telephone companies to use the data they have
>on you in any way they see fit, with one caveat: They must provide the same
>access to that information to competitors, if asked. As long as they don't
>hog all your private data, such as how many times
>you call Domino's Pizza or whether you're an avid QVC network shopper, they
>can sell your data to just about anyone and use it internal in ways that
>should make your skin crawl.
>
>This is all laid out in admittedly banal Congress speak: "A local exchange
>carrier (that's your local phone company) may use, disclose, or permit
>access to aggregate customer information... only if it provides such
>aggregate information to other carriers or persons on reasonable and
>nondiscriminatory terms and conditions up reasonable request therefore."
>
>In other words, bend over and kiss your sweet aggregate good-bye.
>
>Meeks out...
>--- end forwarded text







From printing at explicit.com  Mon Feb 12 23:11:22 1996
From: printing at explicit.com (William Knowles)
Date: Tue, 13 Feb 1996 15:11:22 +0800
Subject: 24 hours of Democracy
Message-ID: 


Found this in my mail this morning.

-William Knowles
  printing at explicit.com

--(Fwd)--

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/12/96; 5:59:40 AM PST
---------------------------------------

  ***Good Morning!

  Here's an idea that I'm floating.

  Check it out.

  What do you think?

  Can you help?

  Thanks!

  ***The net has been redefined

  On 2/8/96 cyberspace was redefined by the US government.

  If you doubt me, visit . Click on the
  calendar icon next to What's New. Check out their coverage of the
  Telecom Act, their celebration of 24 Hours in Cyberspace. I think
  this trip should be required reading for every freedom-loving
  webmaster, webwriter and web user.

  The first huge blast of cyberpsace puffery and a historic rejection
  of the US Constitution, on the same day.

  A coincidence? An accident of history? Hmmmm.

  I was educated as a mathematician and then as an engineer.

  I've spent 20+ years debugging software.

  I've learned that when I want to really understand what's going on,
  don't look to an Act of God as the explanation, when it's more likely
  just an error in logic.

  The truth: the media people have learned how to use the net and to
  combine it with TV, radio and print media.

  They're transferring the power structures in their world to the web
  world.

  If we want real change, now is the time to make an investment in
  democracy on the Internet.

  Every voice can be heard. Our ideas speak for us. We can persuade,
  cajole, taunt, seduce, use logic, examine all aspects of a problem,
  learn, be angry, be scared, and then find the most eloquent
  statement, the one that resonates deepest within all of us.

  And then we march.

  It's an exciting time to be a webwriter!

  I get to write about the biggest issue of them all -- freedom.

  And, please read on -- you do too.

  ***It's our turn

  Another truth: the media people liked the blackout campaign. It
  worked. The day after 24 Hours in Cyberspace, the big news on TV was the
  blackout. It demos well. It was an appropriate protest. Good job!

  Now, let's go the next step.

  Here's my proposal.

  Wednesday.

  Start time: 12:01AM, Pacific, 2/14/96.

  End time: 11:59PM, Pacific, 2/14/96.

  24 Hours of Democracy.

  They defined cyberspace.

  We define democracy.

  ***Write an essay

  What does freedom mean to you?

  What does democracy mean to you?

  What are your hopes and dreams for the Internet?

  Have you ever experienced grace or nobility on the net?

  Do you have children? Are you a child? What do you think?

  How does the Internet help make things right?

  Be angry! That's cool. And be respectful. It's Valentine's Day!

  Write a love letter to the Internet.

  ***How it works

  Spend a couple of days writing your essay.

  Talk about it with your friends. Share ideas. Listen.

  When you're ready, post your essay to the web. If you don't have a
  website, check out the Sponsors page at the 24 Hours website. I'm
  enlisting the help of service providers. We may have an easy way for
  people who don't have sites to get their essays posted to the web.

  Shortly after the start time I'll mail a DaveNet piece telling you
  where to send the URL for your page.

  The styling of the page is entirely up to you. There's a Template page
  on the 24 Hours site, the URL is at the bottom of this email. I suggest
  using a white background for easy reading, and to contrast the black
  backgrounds of last week. Use animated GIFs. RealAudio. Java
  applets. Shockwave parts. JavaScript banners. Near the bottom of
  the page, put some keywords about yourself, where you are
  geographically, your email address. Web crawlers will be able to
  extract this information and index it. Follow the example in the
  template if possible.

  At the top of your page, create three links, Next, Prev and Index.
  After the 24 Hours database is compiled, a few days after the end time,
  we'll send you a mail message containing the addresses to fill into
  each of these pointers. Next and Prev will point to essays written by
  other 24 Hours participants. The Index link will point to a home page
  for the whole project.

  Essays will not be judged or reviewed. You own your own words, and are
  responsible for what you write.

  ***Who can help

  Moms & Dads: Ask your kids how they feel about the Internet. Have they
  made new friends? What have they learned? Did the Internet ever scare
  them? Make some quiet time. Listen.

  Teachers: This would make a great homework assignment for your
  students.

  Webmasters: You have to seduce people into caring about this stuff.
  Convey your excitement to people you work with. It's not just about
  pornography, it's about freedom. Point them to "Netscape"'s home
  page. Ask them to read your essay. Create a page of pointers to their
  essays.

  Computer users: Be a visionary! What kind of software would you like
  to see coming from the software industry over the next few years?

  Graphic artists: We need colorful schemes, a simple message, low
  bandwidth art with commercial appeal.

  Celebrities, political leaders: Do you have something to say?

  Editorial organizations: Can you review essays and choose the most
  compelling ones or the most interesting ones?

  Online companies: We need mail, web and database servers; search
  engines. Can you make it easier for your users to get a single page up on
  your server? Can you assist them in registering their pages on
  Wednesday? Can you give them a discount, or provide free storage for
  their essays? Bandwidth, support and free service to participants
  is what counts.

  Everyone: Have fun! That's what this is about. Be creative. As soon as
  it stops being fun we stop growing, and that's the end. Be positive!

  ***Only 42 hours left

  That's about it.

  I've committed the next few weeks to making this happen.

  I want to work with people, where possible, but by design it's a very
  distributed Internet sort of thing.

  I plan to write my own 24 Hours essay, and have lots of ideas for the
  sponsors.

  There are only 42 hours till the essays start rolling in.

  Let's have fun!

  Dave Winer

  PS: People have said there's not enough time. I think there is. I've
  been getting lots of long emails from people in response to the
  DaveNet pieces I've been running. We'll get something done on
  2/14/96 and then if it works, we'll do it again in a few weeks.

  PPS: Please watch  for
  project and sponsorship news and other information.

  PPPS: Remember, if you want to participate the legal system, it's
  *very* important that if you're old enough, that you vote. Think
  about who you can support. 1996 is an election year in the US. Be part of
  the system. If you're a voter, please vote!

  PPPPS: Please pass this essay on! The 24 Hours project is worldwide.
  It's open to everyone, of all nationalities.

---------------------------------------------------------------
It's your turn to speak: 








From frissell at panix.com  Mon Feb 12 23:21:15 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 13 Feb 1996 15:21:15 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960212202324.006e8ee8@panix.com>


strata at virtual.net wrote:

>Let us show them how cunning, baffling, and powerful we can be as
>armed federal marshals walk into a major ISP and shut down their
>routers, as replays of Operation Sun Devil occur in people's houses,

Operation Sun Devil happened in 1990.  A couple of BBS' were shut down.  It
hasn't been repeated much since.  There are currently more than 7,000
commercial ISPs in the world.  At one or two shutdowns per decade, it will
take a while.  Note too that an ISP is more like a carrier (common or not)
than like a publisher.  Legal difficulties for the Feds.  Even harder in the
future when 100 million households worldwide have full-time net access
running on real multitasking workstations.

>as major idiocy of the sort that only a scared government in a country
>which considers itself free can carry out.

>digress. All the little-boy fantasies of the Powerful Internet don't
>mean two beans when an officially sanctioned thug turns the switch
>from 1 to 0 on your POP. It'll happen. Just watch.

I'm waiting.  Then I'll have to call all the way to Montreal to log on.
They will have a lot of fun trying to *find* all the ISPs though.  There are
quite a few and that still leaves company, academic, government, and private
TCP/IP servers up.

>Oh, let's start right off pretending that 
>a) the net is an independently funded entity with no government
>infrastructure and

There's not much government infrastructure left on the Net.  The backbone
went private the weekend after the OKC Federal building was blown up.

>While we're at it, let's press a monkey-brain hot button in any person
>of political power by saying their power does/should not apply here.
>This will not only make them receptive to the reasoning which we will
>lay out in the rest of the document, it will impress them with our
>real-world suavity, tact, and general with-it-ness.

Defeat is a process that occurs in the mind of the enemy.  If you can
convince them not to fight, you and they are better off.  In any case, you
don't get anywhere by failing to assert your strength.  A declaration of
independence doesn't mean you are independent it is the opening shot in a
conflict by which you win (prove) your independence.

>Nature abhors a vacuum. I assume it surprises no one that much of the
>major flack about the net began when it became widely known to
>government that the net considered itself anarchic.

It doesn't consider itself anarchic -- it is.  The IETF reaches decisions by
consensus and the software that becomes part of what we call "the Net"
becomes a part of the Net only when a large enough number of individual
servers decide to run it.

>We took a defense department network and ran with it, but since we've
>been playing with it for over a decade, it's ours now. Just like when
>the neighbor kid loaned us his toy and we fixed it up, painted it, put
>new wheels on it, and now he wants it back! WAAAAAAHHHH!

Neither Arpanet nor the Internet were Defense Department networks.  They
were (for a while) academic networks funded (in part) by DOD and many other
sources.  Certainly when the Internet went international (when exactly did
that happen?)  the DOD became an insignificant player.

>network culture. You did not again and again provide equipment and
>resources only to watch them become privatized by the core of
>sysadmins and techies that you paid over the years, often in outright
>blackmail ("we'll walk away unless you sell/give us the equipment and
>facility"). 

These sorts of informal negotiations of the terms of employment are quite
common in life.  Anyone could have been fired at anytime if their
supervisors didn't like what they were doing.  It is blackmail to threaten
to quit only if you are a slave who is not "allowed" to do so.  Here, we can
quit a job any time for any (or no) reason.  Certainly employers both public
and private have benefitted from the development of networking technology.

>Like use of copyrighted material, for instance. We who forward things
>from the "experimental" (but going for years) AP and NYT news wire
>feeds, the Dave Barry mailing lists, the Calvin and Hobbes cartoon
>daily web sites, we will identify them and address them by our means
>if we ever decide there's a problem there that we actually care about.

Fair use (private distribution) or published on the net by the copyright
holders themselves.

>Same with snuff stories about real people

You mean like novels about the Kennedy assassination.

>harrassment of women, minorities, or homo/bi/trans-sexuals online, etc.

Well *somebody* has to do it.  Women, minorities and the differently sexed
certainly harass other people.  I thought we all had equal rights.

>Online advertising actually bothers us, so we completely smite and try to 
>drive out of business people who are clueless enough to try spamming.

This obviously hasn't worked.  There's an awful lot of advertizing on the
net these days.

>Right, only by ISP and spelling and punctuation ability. This
>paragraph is where I decided I finally had to come out and call
>bullshit to this whole thing. And how many of the people on the mailing lists
>that claim to be full of internet liberators, free-speech advocates,
>people who are "building cyberspace" etc look at something posted by,
>say, an AOL account, with the same level of fair judgement as they do



When one goes out into the marketplace, one encounters many different people
and many challenges.  You must win acceptance from some of the other
participants you find there.  There are mores.  You have to learn some of
them or find others of your ilk who already share you mores.  It is not
hard.  It is called life. 

>I'm rolling on the floor, but I'm not sure if I'm laughing or crying.
>WHAT PLANET ARE YOU FROM? Can someone take an anonymous poll of the
>Known Network and ask the following: "I routinely refrain from
>posting my opinions or beliefs to mailing lists and/or newsgroups for
>fear of flaming, harrassment, or ridicule, even when I am confident of 
>those beliefs or opinions (strongly-disagree disagree no-opinion agree
>strongly-agree)" 

I've never been bothered.  Tim has had the cops called on him.  We still
post at will.  A short survey of the Feed suggests that many other people
continue to post at will.  Probably too many.  In fact, they obviously feel
freer to do so on the net than in real life.

>Hell, look what the cypherpunk community did to Detweiler! I've never
>met the man, but I've read his papers and he doesn't seem like a total
>nut case to me. 

Opinions differ.

>does that mean we have to handle them with a complete
>lack of compassion? Do we have to be little boys with sticks
>tormenting a wounded animal? I don't think so.

This is not a therapy group.  Compassion is a personal matter.  Certainly LD
is not noted for his compassion.

>it. For that matter, source code copyrights on the net are just a
>quaint custom, and so are people's personal privacy expectations with
>regard to their email and to their files. I mean,
>electronic privacy isn't a concept of property, identity, or
>expression is it? What's all this fuss about crypto? Silly people,
>those legal concepts don't apply here!!! Now go read your users mail
>like a good sysadmin and turn in heretics to the thought police. Mr.
>Barlow says it's okay, right here in this widely-forwarded document!

I hadn't noticed much advocacy of reading private email or turning people in
to the thought police anywhere on the Net.  Perhaps you read some unusual
mailing lists.

>Now I understand why there is no fear of the plug being pulled-- so
>what if this message is being read on a physical screen and is stored
>on a physical disk, with a physical junction joining it to the network,
>"there is no matter here". The fact that the computer on which you
>read this may belong to someone else, may be shut down without your
>control, may be being misused according to their intent just by
>transmitting this message, that is irrelevant! OMMMMMMM-- are you
>receiving this message? OMMMMMMMM....

In modern capitalist societies like the US, it is possible to actually own
fairly powerful computers yourself.  In fact, I understand that even the
peasantry in America can put together the $200 for a used 386sx and the $39
for a 14.4K modem and run a free copy of Linux and have a powerful TCP/IP
server of their own.  The dialup connection is not permanent of course.  It
can be bought from many local, national, and overseas providers.  Encrypted
TCP/IP to out-country ISPs will make things a bit harder to track.

>The persons we have kicked off numerous online services, such as
>Cantor & Seigel, email harrassers, stalkers, etc are not really "us",
>so this statement is entirely self-consistent, Selah.

Severing a contractual relationship with someone (under the terms of that
contract) is not physical coercion and bears no resemblance to physical
coercion.  Those who are "disfellowshipped" by lists or ISPs can find others
who will accept them.

>Even if we don't apply it universally to ourselves, only to those
>online bodiless entities who meet with our approval and are clearly
>also members of the intellectual and anarchic elite!

Actually, the ability to control group inclusion and exclusion is the
definition of one sort of a society.  You are arguing that the Net has
become a grouping of various societies and subcultures.  I agree.

>Yes, I should give up my political career and
>the hope of building new housing in my district, getting more school
>funding, etc for a bunch of twenty (or thirty)-something
>non-constitutents who think of me as a pustulent gastropod. I'll run
>right out and vote against TRA!!

We (some of we) don't want the housing or the school funding either.  I
certainly consider slave schools to be the most common form of child abuse
in the world today.

>How much do you go out of your way for people who openly despise you
>and publicly declare your stupidity with every other breath?

Don't go out of your way.  Just stay out of our way.  Play golf instead.  

>Tsk tsk-- how will people find you after your domain name gets taken
>out of the InterNIC servers and your ISP is forced to pull your
>network number or get shut down? Or rather, how will other people
>besides your group of fellow net.elite peers find you?

Use another domain name.  Internic doesn't even have a monopoly of domain
name assignment within the US.  If it casually screws around with too many
people, it will guarantee further loss in market share.  How, exactly, is
there going to be a massive pulling of IP addresses.  That sounds like an
awful lot of expensive litigation to me.  Court orders don't come cheap even
if the Feds do buy them wholesale.  They'll lose that predator hunt energy
balance equation as long as it costs me virtually nothing so set up a new
net presence somewhere else but it costs them $thousands per "takedown."

>We've got a hell of a lot of work to do, then. Let's start by not
>flaming people at the drop of a hat. Perhaps I myself am guilty of
>this-- everyone who flames thinks they have a good enough reason.
>But unlike some people, I've never claimed to be a superior being.

In this century alone, the governments of the world have murdered more than
160 million people.  The Net has very few murders to its (dis)credit.  If
flaming is the worst we ever do...

>Declaration are a major red herring. Every person who takes his or
>her five minutes to forward this to another mailing list or to his or
>her congresscritter is wasting time and helping to promote an
>impression of the net as a place full of immature, unrealistic people.

I've found JPB to be reasonably realistic for one "of the left."  This
debate is *about* who is the most "realistic" the regulators or the
anti-regulators.  So far, the regulators haven't done too well.  Time will
tell.  In any case, it's way too early to declare the game over.  As for
"realism."  One may be permitted to doubt the realism of those who expect
massive physical raids to shut down the net.  That sort of thing worked (for
a while) in commie countries but it's never even been tried here.  If they
are going to do it, they'd better do it soon before the net triples in size
again.  

>Find something original and concrete to do instead. Spend the five 
>minutes writing and *mailing* an original letter to your elected
>official and mention you are in his or her district. 

This is *original*?

>Write a
>non-judgemental, helpful explanation of something to a net newcomer.
>Install PGP on your roomate's machine and teach him/her how to use
>it. Take an hour to write and post a refutation to a meme which 
>you think will harm the net community. Just go DO something.

This happens to be how Barlow spends most of this time.  Many of us as well.

>It's a hard thing to face, that armed persons might come to your door
>and shut down your livelihood and your main access to your chosen
>community of friends, and possibly shoot you or your loved ones in 
>the process. 

Now there's a *real* breach of netiquette.  Remind me not to give my real
address to my ISP.  Too bad their prisons are sort of maxed out with drug
dealers or they might lock up the lot of us (though one wonders on what
charges).

>The sooner we face and deal with that fear in ourselves,
>and use that transformative power to direct our actions for individual
>and collective freedom, the better. 

I thought that that was what you were objecting to.

>Pretending we are ruling a
>powerful invisible empire which is immune to violence is not the way
>to get there. Get real about the virtual.

Not an empire an anarchy and not ruling it either.

DCF






From rsalz at osf.org  Tue Feb 13 15:28:10 1996
From: rsalz at osf.org (Rich Salz)
Date: Tue, 13 Feb 96 15:28:10 PST
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <9602132326.AA27949@sulphur.osf.org>


>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 

You're a loon.  s/Rushdie/Khomeni/





From lunaslide at loop.com  Tue Feb 13 15:30:14 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 96 15:30:14 PST
Subject: Smart cards
Message-ID: 


}        The headline in the Toronto Star this morning is "'SMART CARD'
}HERE WITHIN YEAR"
}        The idea is to have everyone in Ontario have a 'smart card' that
}will "keep track of everything from mammograms to speeding tickets". This
}card will "replace the existing health card, drivers's licence, social
}assistance identification, drug card, and senior identification".

Very convienient.  Why don't they just put bar codes on our foreheads at
birth and get it over with?

Seriously, what I want to know is how they plan to make one set of
information (drivers licence, soc security number) inaccessable to other
institutions like health and pharmacy.  This is even more of a concern if
the card becomes a method of payment.  Would each have it's own secret key
that would unlock only the relavent info?  That would be a big keyring.
Access time for a key and keeping the keys up to date in all the databases
around the country would have to be done.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From Greg_Rose at sydney.sterling.com  Tue Feb 13 15:47:30 1996
From: Greg_Rose at sydney.sterling.com (Greg Rose)
Date: Tue, 13 Feb 96 15:47:30 PST
Subject: NSA Mouse pad
Message-ID: 


I got a mouse pad in the mail today, mailed in
Maryland, but otherwise in a plain brown envelope.
It has nice, understated gold seal announcing it
is from the National Security Agency's Information
Systems Security Organization.

Obviously it wasn't export controlled.

I met these people at the recent USENIX
conference; there was an Air Force related trade
show in the center next door to the San Diego
Marriott. I was looking for people to submit
papers to the upcoming USENIX Unix and Network
Security Conference in San Jose in July. The
deadline for extended abstracts is one month away
(hint, hint).

Greg.

-- 
Greg Rose               INTERNET: greg_rose at sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.





From mch at squirrel.com  Tue Feb 13 00:09:19 1996
From: mch at squirrel.com (Mark C. Henderson)
Date: Tue, 13 Feb 1996 16:09:19 +0800
Subject: To find the clock speed of a sun workstation
Message-ID: <199602130513.VAA23145@squirrel.com>


On Feb 12, 16:16, Ashfaq Rasheed wrote:
} Subject: To find the clock speed of a sun workstation
} Hi
} 
} Is there anyway of finding the clock speed of the CPU on a Sun workstation?
} As far as i know it can be found only by rebooting the machine and using
} module-info? And I believe that the module-info does a no-op loop for a
} a known number of times and calculates the time taken.
} 
} I would like to know if there is anyother way to finding it.

If you run /usr/etc/devinfo -vp (Sun OS 4.1.x), or /usr/sbin/prtconf -vp
(Solaris 2.x) you'll get a line which looks like

clock-frequency:  02625a00

This is the clock frequency in hexadecimal in Hz.

The above example is from an IPX (40 MHz).

Another example. On an SS1000E with two 60 MHz processors, you'll
get output indicating two CPU devices each starting with

        Node 0xffd8e6ac
            clock-frequency:  03938700
            device_type:  'cpu'

again 0x03938700 == 60000000 

On an Ultra 170E one gets
    Node 0xf006ea64
        manufacturer#:  00000017
        implementation#:  00000010
        mask#:  00000022
        sparc-version:  00000009
        ecache-associativity:  00000001
        ecache-line-size:  00000040
        ecache-size:  00080000
        #dtlb-entries:  00000040
        dcache-associativity:  00000001
        dcache-line-size:  00000020
        dcache-size:  00004000
        #itlb-entries:  00000040
        icache-associativity:  00000002
        icache-line-size:  00000020
        icache-size:  00004000
        upa-portid:  00000000
        clock-frequency:  09f437c0
        reg:  000001c0.00000000.00000000.00000008
        device_type:  'cpu'
        name:  'SUNW,UltraSPARC'


and 0x09f437c0 == 167000000

Watch out for other lines labelled, clock-frequency, these are for 
other devices. You want the one for the CPU device(s) (i.e. node with 
device type 'cpu'). 


-- 
Mark Henderson -- markh at wimsey.bc.ca, henderso at netcom.com, mch at squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.2.tar.gz





From lmccarth at cs.umass.edu  Tue Feb 13 00:22:58 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 13 Feb 1996 16:22:58 +0800
Subject: Cypherpunks vs. Coderpunks [CORRECTION]
Message-ID: <199602130515.AAA13890@opine.cs.umass.edu>


-----BEGIN PGP SIGNED MESSAGE-----

I wrote:
> If you want to join coderpunks, my life is made slightly easier if you
> mailto:coderpunks-request at toad.com rather than sending directly to me.

  the coderpunks-request address will work, but 
mailto:coderpunks-approval at toad.com is actually the address that prompts
Majordomo to send me a nicely formatted subscription template, and makes my
life a little easier. Sorry about the blather. I plead sleep deprivation. 

Futplex 		(Volunteer) Coderpunks Bouncer

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSAeNinaAKQPVHDZAQEYawf9HbnbJLfd9HnCp7hoYHoW6pMAm8fTgcmk
0SkAHoeUsh7neNwEtYAt+KTCv65fS3/YY5Tt8JmQ8D19q5tjjfggYuEfEdqC71FK
16WAKbDN66ucpQmdNkfWExafr4Cw+7jhW3VpJIByDIRdS9opLfK5VNwVETaRHstR
bBal9Cr397siQ9WsXYWfw7w3tLxg54T3NP/sXcyNHQ+C6ZJSxUXB1YEFossKCduf
cJp3KWfi2IKcD65fy05W164DQmtcL42iwkgHUQoCwilZYE+PEuAOTMqu26dfeTqu
iil9dLIEd7lEkHxlFU2ufHDCoSj89zO515FRV1/B+33T8bqzJt3OdA==
=a85O
-----END PGP SIGNATURE-----





From joseph at genome.wi.mit.edu  Tue Feb 13 00:34:00 1996
From: joseph at genome.wi.mit.edu (Joseph Sokol-Margolis)
Date: Tue, 13 Feb 1996 16:34:00 +0800
Subject: CyberAngels
Message-ID: <9602130546.AA22659@karlo>


not sure if this is the right place.
I agree with allen, about the issues of 'nym. But looking at other aspects
of these cyberangels I'm unsure how to feel. On one hand they seem resonable,
protecting only the children. "Acts bewteen consenting adults are okay" say 
they. But the protect the children was what the CDA hid under.

--Joseph





From jcobb at ahcbsd1.ovnet.com  Tue Feb 13 00:36:49 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Tue, 13 Feb 1996 16:36:49 +0800
Subject: Working Very Carefully
Message-ID: 


 
 
  Friend, 
 
 
      A 02 11 96 Bloomberg newsstory from Cannes, headlined 
      ----------------------------------------------------- 
 
              EUROPE'S ONLINE INDUSTRY TAKES SHAPE, 
                     COMPETITION HEATS UP 
 
  reports: 
 
   Even as they increase their subscriptions in Europe, online 
   services are beginning to work on the legal and social aspects 
   of the services they are providing. 
 
 
  How very thoughtful! 
 
  But what do they have in mind? 
 
  Jack Davies, president of AOL International, has the answer: 
 
   The issues involved are "bigger than a prosecutor in Ger- 
   many, bigger than just Germany, it's a global issue.  It in- 
   volves a legal structure that may not have kept up with the 
   technology and I think as an industry we have to work very 
   carefully through this issue." 
 
 
  Expanding from the Reich to the globe, what does Hans have in 
  mind? 
  
                   DEUTSCHLAND UBER ALLES! 
 
 
  But when it comes to contracting,...Jack's in charge. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename: 
 
                       info12_8583.html
 
         This critical essay was composed 02 12 96. 
 

 






From lull at acm.org  Tue Feb 13 00:37:13 1996
From: lull at acm.org (John Lull)
Date: Tue, 13 Feb 1996 16:37:13 +0800
Subject: 
In-Reply-To: <960212134104.2021ab25@hobbes.orl.mmc.com>
Message-ID: <312026a9.495564@smtp.ix.netcom.com>


On Mon, 12 Feb 1996 13:41:04 -0500 (EST), Padgett wrote:

> If it were properly and legally decided that communications 
> with anon.penet.fi is against "national interest" then the sovereign has 
> not only the "right" but the *duty* to block/monitor such communications.

Bullpuckey.  One could just as legitimately say:

  "If it were properly and legally decided that publication of the
  Los Angeles Times is against "national interest" then the sovereign
  has not only the "right" but the *duty* to block such publication."






From jf_avon at citenet.net  Tue Feb 13 16:51:26 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Tue, 13 Feb 96 16:51:26 PST
Subject: Stewart Baker's web site & OECD international crypto policy
Message-ID: <9602140047.AB19351@cti02.citenet.net>


John Gilmore  reported:


>My favorite was his summary report on the OECD meeting in December,
>~steptoe/286908.htm, at which the US tried to parade some of the
>fruits of its behind-the-scenes efforts to convince other governments
>to become as authoritarian as the US government on crypto policy.

Why help "potential enemies"?  Why a govt risks it's cherished 
'national security'?


>If the US government can quietly convince other countries to support
>Clipper-like systems (including "mandatory key escrow" and "trusted
     It probably means that they already cracked the code... :)

Definitely, they are insane beyond the safety level...

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From lunaslide at loop.com  Tue Feb 13 01:00:49 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 1996 17:00:49 +0800
Subject: 
Message-ID: 


}>Yet if I read you correctly earlier, you don't think the USG has the right
}>to regulate those communications. Why the distinction ?
}
}Okay, obviously I need to drop down a gear & explain *my* feelings:
}
}Part of the definition of a "sovereign nation" is to define and carry
}out both high and low justice over it's domain - the absolute right
}of a sovereign. Is not mentioned in the US constitution because it
}was a given. <-------No offense, but what the fuck kind of logic is that?
}It is not a given.  It was not put in because that is not the type of
}government the founders endevored to erect.  Read on please, I'll explain
}myself.

}Further, the purpose of the US Constitution is to:
}a) define what the sovereign was (three branches - rock, scissors, & paper)
}b) set forth certain limitations on that sovereign ("Congress shall make
}   no law...")
}c) define certain duties of the sovereign (regulation of foreign commerce...)



I cut the rest of your post because the main premise is not correct.  The
goal was not to create a sovereign government.  It clearly states in the
Declaration of Independence that the power belongs entirely to the people
and that the government is a group of officials who are elected to do the
bidding of the people.  They have what power we give to them
(theoretically, of course.  They don't seem to listen much, do they?).

sovereign n. 1. A person, governing body, etc., in whom the >supreme power
or authority is vested.<  adj. 1. Exercising or possessing supreme
authority or jurisdiction.  2. Independent, and free from external
authority or influence: a sovereign state.

This is not what our government is.  They are liable to us and the ultimate
power lies with us.  They are not independent and free from our influence.
The opening statements of the Declaration of Independence, before they get
to the complaints, outlines the the founding fasthers intentions in forming
a government of their own.  I have already quoted it in another post.
"...to institute new Government, laying it's foundation on such principles
and organizing it's powers in such form, as to them shall seem most likely
to effect their Safty and Happiness."  The government seems more intent on
_affecting_ our safty and happiness.

It's been said before and it will continue to remain true, the govt scares
up a new boogyman to frighten the public into giving it more power until
finally the people do not have enough power to take back the power thwy
gave to the govt.  Democracy becomes facism through fear.  What really
confuses me is how most people in this country do not understand the logic
behind this.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From lunaslide at loop.com  Tue Feb 13 01:01:14 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 1996 17:01:14 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: 


}At 07:20 AM 2/12/96 +0000, Deranged Mutant wrote:
}>> Parents had that ability before.  Cable boxes have a "perental control key"
}>> on the side that enables them to lock out "offensive" channels.  It works
}>> quite well and is fairly hard for the kidlets to defeat.  (I used it to
}>> lockout the religious stations and home shopping channels.)
}>
}>When I was a kid some friends down the street knew how to unlock the
}>Channel 100 XXX movies with a paper clip.  A V-chip would hopefully
}>be more sophisticated, but then again, so are today's kids...
}
}Sshhh!  You are not supposed to tell them that!


}
}Yeah, I know it can be hacked.  I also know that if they are that interested
}in sex, NOTHING I do is going to stop them.  (Which is as it should be.  If
}they have no exposure to any sexual material as a youth, some rather nasty
}problems tend to crop up as adults. (Take a look at the studies of sexual
}predators.) But that is a point avoided by the moralists...)



What's really funny here is that the harder you make it for kids to get
into something, the more they learn in order for them to get into it.
Parents who impose restrictions on their children using all sorts of
methods (hiding stuff, using the channel lock out deal, blah blah blah) are
challenging their children to use deduction and reasoning to get at what
they want.  In the case of the v-chip, channel lockout, site blocking
software, etc., the parents are turning their children into the most
horrendous creatures of all...OH!  Cypherpunks!

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 13 01:04:08 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 13 Feb 1996 17:04:08 +0800
Subject: Assasination Politics
Message-ID: <01I14MTH8YDGA0UZOC@mbcl.rutgers.edu>


From:	IN%"jimbell at pacifier.com"  "jim bell" 12-FEB-1996 04:18:43.34

>>How much weight is Lotus going to give the opinions of a bunch of
>>unbalanced sociopaths when they're thinking about making deal to gak those
>>extra 24 bits?  Not much, I'll bet. 

>If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
>bits."

>Lotus should announce that they have heard of this new idea on CP, called 
>"Assassination Politics," and have assigned a couple dozen programmers to 
>implement it by July 1996.  They'd back (guarantee) the prizes for the first 
>such organization, and they'd sell the software to others.  At that point, I 
>think the resignations from government office would skyrocket.  

	It seems likely that any overt organization operating an Assasination
Politics scheme will be outlawed... even though the most logical reading of
current laws says that it isn't illegal (except for the gambling part). An
anonymously constructed one seems a lot more likely - which Lotus could then
anonymously patronize. I do have some ideas for making such possible, but I'm
waiting on a defense of three points before I'll release them. These points
are:

	A. My previously mentioned problem with a limited but non-libertarian
organization.
	B. I don't trust the average person to look ahead enough to make this
(or other Anarcho-Capitalist) schemes work. In other words, the average person
has to be able to see that a non-limited organization is a danger to them,
etcetera. Moreover, Jim Bell is ignoring the other sources of propaganda than
government in convincing the average person that someone is doing something
wrong (when, by my ethics at least, they aren't) - such as religion and
various organizations like the PFDA. Admittedly, as I've stated before, the
requirement for some money would help, at least to the degree that our economy
is meritocratic. (A growing tendency, fortunately.) If most people are on a
subsistence wage (the result of free trade & automation with varying human
abilities), they can't afford enough money for Assasination Politics. (Yes,
I'm an intellectual Elitist. Deal with it.)
	C. While I may not like dealing with the average person very much (see
above), I don't want to see them starving in the streets. I can see
governmental welfare as being necessary for this, although the private form
is definitely preferable. (And yes, I can justify this as being a libertarian -
if not Libertarian Party - viewpoint. If I recall correctly, I had a debate
with Perry on this on Libernet, in which he tried to dismiss me as "just a
Democrat." I was posting under the name ALLENS at YANG.EARLHAM.EDU at the time).
	-Allen





From tcmay at got.net  Tue Feb 13 17:23:33 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 13 Feb 96 17:23:33 PST
Subject: Response to Perrygram
Message-ID: 


At 10:16 PM 2/13/96, Perry E. Metzger wrote:

>I will repeat, Tim. You have no job and do nothing for a living. For
>you it is probably hard to understand that some of us prefer to get
>our mail segregated by topic so that we don't have to spend more time

The issue of what I do with my time is a red herring. As it happens, many
folks in the "cyberspace activism" spend as much time or more as I do on
the Net. In any case, who cares how I spend my time?

I also note that for several years Perry was clearly spending a whole lot
more time than even I am now on the Net, making the "Top Ten Usenet
Posters," or somesuch.

I am sure that when Perry was a Shearson-Lehman, or Lehman Brothers, or
whatever it was called, and was posting several articles an hour on
Extropians, Cypherpunks, Libernet, Usenet, etc., that he would have roughly
the same reaction I am now having to someone writing: "Perry, you are
writing too much--some of us are trying to get some work done!" He would
likely have dismissed their complaints as irrelevant, that no one is forced
to read his articles.

Likewise today. No one is forced to read my posts, Perry's posts, or anyone
else's posts. This is what filters are for. As it happens, I do *not* read
all of the posts here. In fact, I delete about 90% of them after scanning
the first paragraph, the subject, and the author. Takes me about 15
seconds, tops, to do this, and sometimes I'm even faster. (Do the math: I
can "dispose of" about 50 or 60 messages a day in 10-15 minutes...and this
is about the best that can be hoped for, even if Perry were the moderator
and the 10 or so messages a day that are truly off the wall were screened
out...it just wouldn't change the basic time to screen all that much.)

>than needed reading our email. However, for some of us, time is
>money. I have failed to directly answer your comments on this sort of
>thing out of deference to your "elder statesman" status around here,

Spare me, Perry. As I mentioned, you certainly used to write a truly vast
number of rants to Extropians, Libernet, and, yes, even Cypherpunks. A
check of the archives will show this clearly.

It is well and good that you apparently are now very busy and cannot write
your customary number of articles. But spare us the insinuations (in
several of your perrygrams) that because you are too busy to write you are
doing critical work and because some of us use our time to write we are
slackers.

I write because setting down my thoughts and exploring ideas is far more
important to me than just about anything else I can imagine doing,
including writing C programs. If you don't like this, learn how to use
filters and filter me out, or leave the Cypherpunks list. Seems simple
enough to me.

--Tim May




>but this is getting silly. If you want to post about libertarianism,
>libernet, so far as I know, still takes postings. If you want to read
>about the habits of migrating birds, there are interest groups for
>that. We don't have a lot of good places to discuss specifically
>cryptography and its impact, and this group was set up *for that*.
>
>I mean, why not just have one mailing list for all topics of all sorts
>if "filtering" and "hitting the 'd' key" are supposed to be the only
>way we deal with this stuff, hmm?
>
>Perry

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From rngaugp at alpha.c2.org  Tue Feb 13 01:53:54 1996
From: rngaugp at alpha.c2.org (rngaugp at alpha.c2.org)
Date: Tue, 13 Feb 1996 17:53:54 +0800
Subject: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602121556.KAA00211@miron.vip.best.com>



-----BEGIN PGP SIGNED MESSAGE-----

Subject: Using /dev/random for PGP key generation? Be Wary

I have created a modified version of pgpi for use with a hardware random
number generators. Recently, there has been some confusion because
people have assumed that I wished people to use this version with
NOISE.SYS or an RNG that gathers entropy from timing events called
/dev/random.

I did indeed mention /dev/random in the readme file, but I did this only
because I thought /dev/random would be a likely path for a hardware RNG
on a unix system. ( I have never tested this software under unix, but I
see no reason why the "RNGDRIVER" feature of the modified PGPI would not
work under unix.)

Be assured that I originally planed the modification to be used with a
real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
RNG810.ZIP available at ftp.cdrom.com.

You may be able to compile and run it under other OSes as well. I see no
reason why not.


It is my understanding that NOISE.SYS gathers entropy from timing
certain events. I have recently learned that a /dev/random works under
Linux also by gathering entropy from timing.

I am unsure about using my modification, together with these drivers
that are not connected to a real hardware RNG. In what way would the use
of these drivers' methods of gathering entropy be superior to PGP's
method of getting entropy from keyboard timing? If you choose to do
something like this, you should think carefully and make a careful study
of the code.


One thought for the future: It would be nice if BBS'es that run
unattended could have a version of pgp that they could run without
worrying about running out of entropy! (Because no one is there to type
on the keyboard.) Perhaps something like NOISE.SYS (that would get
entropy from the COM ports) put together with my mod to pgpi could be
made to work. But careful thought an careful design should be done
first.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMR63hs29s2mG+tTVAQFyKwP+Mh95ZNwwrBF+UjEKlEcfaiWY5ab8NthC
b3j4cmv9PUXLrCM4DUH2iXtY2f9YNN9GsWT1S1Eu2b0368VBkQTm1+eWcKiDVmlB
DumNmt4rZPhYam7wc/5gyGdIyzhGJBeJ0ZOP1kd4w0TfLsDprwKGOD1a0N7T3Ycz
gFqBX34x59s=
=MDXi
-----END PGP SIGNATURE-----





From warlord at MIT.EDU  Tue Feb 13 18:09:34 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 13 Feb 96 18:09:34 PST
Subject: Stealth PGP work
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140209.VAA03693@toxicwaste.media.mit.edu>


> It seems that there a market demand for a stealth-capable product.
> Many peoples here seems to discuss it.  And for the time being, AFAIK,
> this type of products are used by a specific class of peoples, most of
> which knows what 'stealth' means.
> 
> So why is it that they design a program that would not permit the use
> of a feature considered desirable by it's customer base?

The big question I have for you is, what do you mean by "stealth" PGP?
Do you want a PGP message which doesn't say to whom it is encrypted?
Or do you want a PGP message which does not even acknowledge that it
is a PGP message?  If what you want is the former, then that can fit
under the PGP API fairly well.  If you want the latter, it will not.

The reason is that PGP, by definition, is a self-describing packet
format.  Without that description there is no general way for the PGP
library to discover what kind of message it is parsing order to
perform the proper operation to open the message.  OTOH, if just the
keyID is missing, the library will happily try all the keys on your
secret keyring until one succeeds or they all fail (I'm not sure if
this is implemented, but it fits quite nicely under the API).

The other question I have is: who do you think the "customers" of PGP
are?  If you think the majority of PGP's customers are the
crypto-privacy activitst types, you are highly mistaken.  PGP has hit
the main stream, and is being used by many non-crypto-aware people.
Probably more of them than there are of us.

If you want to discuss this more, let's take it to private email,
please.

-derek





From adam at sub.rosa.com  Tue Feb 13 02:28:40 1996
From: adam at sub.rosa.com (Adam philipp)
Date: Tue, 13 Feb 1996 18:28:40 +0800
Subject: Free end-to-end encryption code?
Message-ID: <10141420300269@compuvar.com>


At 06:48 PM 2/12/96 +0000, you wrote:
>> Okay...well...here's another problem. You see, most of the clients are
>> going to be Windows people. I can't use a Unix-only solution.
>
>There exists at least one ssh Windows client.

Which was a beta that expired February 9th 1996...

There is another in the works...REAL SOON NOW(tm).


   Adam, Esq.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|PGP key available on my home page|Unauthorized interception violates |
|    http://www.rosa.com/~adam    |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/






From perry at piermont.com  Tue Feb 13 18:35:29 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 13 Feb 96 18:35:29 PST
Subject: [off-topic] how to access the net from a sailboat in the pacific?
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140235.VAA22298@jekyll.piermont.com>



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Q3: how to make that connexion [from mid ocean] *secure*?

Ah, that part is easy. End to end encryption. IPsec or things like
it. I hope I don't sound like a preacher, but IPsec is a good thing(TM).

Perry





From jimbell at pacifier.com  Tue Feb 13 02:44:48 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 1996 18:44:48 +0800
Subject: Portland, OR, Key-Signing+
Message-ID: 


At 08:45 PM 2/12/96 -0800, Bruce Baugh wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>ANNOUNCING:
>THE SECOND QUASI-MONTHLY PORTLAND CYPHERPUNKS SOIREE AND KEY-SIGNING

>I really hate to add this particular paragraph (and it isn't in the
>version that'll get posted to newsgroups), but...one person won't be
>welcome. Jim Bell's conduct at the last meeting and on the list are
>such as to make it quite clear that I don't want him in my home.

Bullshit, Bruce!  My "conduct" at the last meeting was quite acceptable 
(nobody else complained, BTW) ; the source of the entire dispute that ensued 
was completely the irresponsible conduct of Alan Olsen in flaming me on the 
national cypherpunks list, and my only "crime" was objecting to his flames.  
I was, quite frankly, shocked that Alan Olsen would behave as badly AFTER
the meeting as 
he did.  NOTHING that happened AT THE MEETING prepared me for his later abuse.

It turns out, however, that he later incriminated himself by admitting to 
sending some anonymous flames on Cypherpunks to me; if anything you should 
be objecting to HIS behavior for this.  The fact that you are not is QUITE 
REVEALING.  (Clearly, Olsen was massively (and, at least on the record, at 
that time, secretly) strongly objecting to my political philosophy and ideas 
LONG BEFORE the meeting, yet he didn't have the guts to confront me before the 
meeting.)

Even you apparently admit this to be true, by virtue of remembering (now!) 
to carefully point out that material discussed at the meeting is "fair game" 
for future discussion on lists.  You're obviously trying to cover Olsen's 
ass on this matter by retroactively making it look like what Olsen did was 
somehow "acceptable".  For the record, I object:  Kow-towing to a few people 
by prohibiting cameras, yet flaming others (anonymously, no less!) for 
non-hostile commentary made at the first meeting makes Olsen look terrible, 
and defending him makes you look pretty bad.

Olsen's setting up a local Cypherpunks area, adding my name to the list, 
then removing my name when things got a bit too embarrassing is clearly his 
standard (mis)behavior; you appear to be adopting his policies and practices.

If you REALLY were well meaning, you would not tried to flaunt your 
rejection of me in a public message; you would have kept that part private.  
What you want to be able to do is to pretend that it is I who was at fault 
for Olsen's transgressions; you don't know newer attendees to hear both 
sides of the story.

How does it feel to be a sleazy character, Bruce?

Jim Bell

Klaatu Burada Nikto







From tallpaul at pipeline.com  Tue Feb 13 18:55:28 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Tue, 13 Feb 96 18:55:28 PST
Subject: CyberAngels
Message-ID: <199602140254.VAA14288@pipe4.nyc.pipeline.com>


On Feb 12, 1996 23:23:59, 'ethridge at Onramp.NET (Allen B. Ethridge)' wrote: 
 
 
> 
>The Guardian Angels have decided to enter cyberspace and make it safe for 
>us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

>.  How is this relevant to cypherpunks?  From their FAQ: 
> 
> 
>"9) What kinds of changes would the Guardian Angels / CyberAngels like to
see? 
> 
>a) We would like to see an improvement in User identification. User ID is 
>impossible to verify or trace back. The very anonymity of Users is itself 
>causing an increase in rudeness, sexual abuse, flaming, and crimes like 
>pedophile activity. We the Net Users must take responsibility for the 
>problem ourselves. One of our demands is for more accountable User IDs on 
>the Net. When people are anonymous they are also free to be criminals. In
a 
>riot you see rioters wearing masks to disguise their true identity. The 
>same thing is happening online. We would like to see User ID much more 
>thoroughly checked by Internet Service Providers." 
> 
 
See: 
 
_Computer underground Digest_, "CyberAngels in Cyberspace," #8.04, 01/13/96

          (my original piece on the CyberAngels) 
_Computer underground Digest_, "CYBERANGELS," #8.06, 01/21/96 
          (the CyberAnels official response) 
_Computer underground Digest_.  [ENTIRE ISSUE]. #8.13, 02/06/96 
          (the readership responds) 
 
CuD is available as a Usenet newsgroup: comp.society.cu-digest 
 
Also, I have been corresponding with folks at _Wired_ who are picking up
the story, for their March issue I believe. 
 
On Feb 13, 1996 00:46:05, 'joseph at genome.wi.mit.edu (Joseph
Sokol-Margolis)' wrote: 
 
>not sure if this is the right place. 
>I agree with allen, about the issues of 'nym. But looking at other aspects

>of these cyberangels I'm unsure how to feel. On one hand they seem
resonable, 
>protecting only the children. ... 
 
The CyberAngels want to do *far* more than "protect only children." 
 
--tallpaul





From adam at homeport.org  Tue Feb 13 18:58:54 1996
From: adam at homeport.org (Adam Shostack)
Date: Tue, 13 Feb 96 18:58:54 PST
Subject: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <2.2.32.19960213203230.00af30dc@mail.teleport.com>
Message-ID: <199602140303.WAA23346@homeport.org>


	IP addresses are a scarce resource today.  Try getting a /16
allocation (what used to be a class B).  There are politics in the
process already.

	Addresses will not be easily 'transferable.'  The IETF is
discussing a 'Best Current Practices' document that talks about
address portability.  Basically, it can't happen, because the routers
only have so much memory, and the routers at the core of the internet
can't keep in memory how to reach every one; there needs to be
aggregation.  The only feasible aggregation seems to be provider
based, ie, MCI, Alternet, and other large ISPs get blocks of
addresses.  They give them to smaller companies, like got.net, which
gives them to customers.  The result?  The core routers have a few
more years.

	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
address space, and (hopefully) much more efficient allocation, as well
as such useful things as hooks for automatic renumbering of address space.

Adam


Alan Olsen wrote:
| >Markets for IP Addresses
| >
| >The 32-bit numbers used for Internet addressing and routing are a
| >limited resource. As this resource becomes scarcer, political
| >considerations are likely to creep into allocation decisions made
| >through existing administrative processes, leading to suboptimal
| >allocations. By granting transferable property rights to addresses,
| >allocation decisions can be removed from the political realm into the
| >economic realm, so that addresses are allocated to those who value them
| >most. This project seeks to develop consensus in the Internet community
| >for a move to market-based allocation, and investigates alternative
| >designs for an electronic market to coordinate the exchange of IP
| >addresses.
| 
| This proposal bothers me. I do not see any positive results from this
| proposal. (Or at least the negatives will far outweigh the positive.)
| 
| Here is what I see as the results of such a plan...
| 
| Getting an IP address will become prohibitivly expensive except for the
| largest megacorps.  Instead of solving the limitations of the current
| system, this plan will cause people to "invest" in IP addresses in the hope
| that the price will go up.  IP addresses will become part of a corporation's
| invenstment portfolio.  This will result in less usage of IP addresses, not


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From gnu at toad.com  Tue Feb 13 03:32:36 1996
From: gnu at toad.com (John Gilmore)
Date: Tue, 13 Feb 1996 19:32:36 +0800
Subject: Stewart Baker's web site & OECD international crypto policy
Message-ID: <9602131116.AA09688@toad.com>


Stewart used to be General Counsel for NSA.  He retired to move into
private law practice with Steptoe & Johnson.  He has a variety of
short papers on encryption, network law & policy available on his
law firm's web site, http://www.us.net/~steptoe/.

My favorite was his summary report on the OECD meeting in December,
~steptoe/286908.htm, at which the US tried to parade some of the
fruits of its behind-the-scenes efforts to convince other governments
to become as authoritarian as the US government on crypto policy.

If the US government can quietly convince other countries to support
Clipper-like systems (including "mandatory key escrow" and "trusted
third parties") then they can say, "See, this is a real problem -- all
these other countries are having to deal with it too."  Of course, if
their covert US efforts to stir these people up become widely known, the
technique will have less impact.

The US government's efforts have failed to convince citizens and
industry that there's a problem, when they won't tell us what the
problem is but assure us that it's a really big problem.  Our own
government is now colluding with other governments -- against us and
their own citizens -- in a joint attempt to attempt to rob the
ordinary people of the world of our rights to privacy, free speech,
and free assembly.

It would be interesting to see notes from other participants in the
same OECD meeting(s).  Another 1-hour meeting was scheduled in
Canberra on Feb 9.  Anyone know what happened there?

	John Gilmore
--
Love your country but never trust its government.
		     -- from a hand-painted road sign in central Pennsylvania





From frissell at panix.com  Tue Feb 13 03:45:09 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 13 Feb 1996 19:45:09 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960213112518.0082d1c8@panix.com>


At 07:57 PM 2/12/96 +0000, Deranged Mutant wrote:

>"The word to kill ain't dirty
> I used it in the last line
> but use a short word for lovin'
> and you wind up doin' time..."

But has anyone done time yet (recently) for "indecency."  I don't think so.
The radio stations were fined and/or threatened with license pulling but no
one was put in stir.  And since net access is not licensed, there's nothing
to pull.

DCF






From roy at sendai.cybrspc.mn.org  Tue Feb 13 20:04:25 1996
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 13 Feb 96 20:04:25 PST
Subject: Put the Protest where your money is.
In-Reply-To: 
Message-ID: <960213.212846.8b1.rnr.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sunder at dorsai.dorsai.org writes:

>
> On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:
>
>> What do you mean by a speech bubble?
>> 
>> "write in a speech bubble to the president dude"
>> 
>> Does this mean a transparent plastic bubble over his head??
>
> Like in comic books.  i.e:

I got a dollar bill yesterday with a rubber-stamped speech baloon saying
"I Grew Hemp" next to George's head.  First one I'd seen, so the
transmission layer isn't too crowded.
- -- 
           Roy M. Silvernail     [ ]      roy at cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey at cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSFXjxvikii9febJAQHaDAP9HQ/Iqw0CLNmSEBXcduwK9Wa0WaY6N026
bYU9fpvKMd16JBuRQ7wvQ6/l9QUwY9KF6J/LEnrbKC3bdEl3E09kqCg0VyL0QJYq
4y8b4QqvfzIt/yecOSVRyo4v3pCZXKeqaHvWq8wJnnYanzpMUXHGLmBL6FohJzi+
SvoHC5qlp9M=
=S05W
-----END PGP SIGNATURE-----





From jim at bilbo.suite.com  Tue Feb 13 04:31:55 1996
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 13 Feb 1996 20:31:55 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <9602122233.AA04770@bilbo.suite.com>




> Well, that's the way the net is *now* - but it wasn't always
> so.  I 
 remember the days when the net was composed of a
> *lot* of point-to-point 
 UUCP connections eventually
> winding up at the backbone.
> 


Don't forget FIDONet.

Jim_Miller at suite.com





From lmccarth at cs.umass.edu  Tue Feb 13 04:32:32 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 13 Feb 1996 20:32:32 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602122246.RAA13172@opine.cs.umass.edu>


I wrote:
> (I agree with nearly everything in Strata's "Refutation" essay. In 
> particular, I find his comments 
[...]

Someone pointed out to me that I made an incorrect (and worse, unsupported)
assumption about Strata's gender there. I'm sorry.

-Lewis





From qut at netcom.com  Tue Feb 13 20:32:38 1996
From: qut at netcom.com (Dave Harman)
Date: Tue, 13 Feb 96 20:32:38 PST
Subject: Strange Sounds of Silence
In-Reply-To: <01I14KX2XSX4A0UZOC@mbcl.rutgers.edu>
Message-ID: <199602140431.UAA23868@netcom6.netcom.com>


> 
> From:	IN%"tallpaul at pipeline.com" 12-FEB-1996 00:47:35.36
> 
> >But I do not dismiss people as "lib'bers;" I merely call them that. I have
> >noticed that a large number of libertarians are fans of Rush Limbaugh and
> >chuckle a lot when Rush refers to women like Andrea Dworkin and her
> >supporters as lib'bers. I also find that the people opposed to Drowkin &
> >Co. are upset at her use of demagogic language, private dictionaries, and
> >the like. So am I, and started long before Rush got his TV shows. I am,
> >however, equally (if not more upset) by what I perceive as similar
> >demagogic etc. behavior by many libertarians. 
> 
> 	Large number of libertarians are fans of Rush Limbaugh? The last time
> I checked, Rush Limbaugh was basically a conservative populist like Pat
> Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
> who want to restrict free speech on ridiculous grounds, and who believe
> nonsensical things like an inability to consent to sex), that doesn't mean
> we're fans of his. I like some of what Jefferson said, too, but that doesn't
> mean I agree with him on slave-holding (or on agrarianism).

Neither Rush Limbaugh or Pat Buchanan are populists.  Populists tend to
believe in strong government with strict regulation of business, an
actually progressive tax system, confiscation of businesses which break
the rules, government enterprise in competition with the private sector,
no secrecy in government of the type required in the private sector,
bias toward small businesses and sole proprietors, etc.
Letting business "do whatever they want", really doesn't qualify.
FWIU, Buchanan's only claim is opposition to "free trade"(forcing the US
to trade)

AFWIU, Jefferson didn't like slavery, and later freed his slaves,
but considered it necessary for business when he practiced it.
Have you worked at a job you didn't approve of?

> >Do they really have a right not to be styled "lib'bers?" No, I do not think
> >they have that right. 
> 
> 	Call us whatever you like. My problem with the term is that it's
> confusing. I doubt, for instance, that Rush Limbaugh is using it as an
> abbreviation for libertarian, although I'm not sure for what, if anything,
> it's a contraction.
> 
> >I do not believe that all lib'bers are in league with the Christian right;
> >I am distrubed, however, by the large numbers of lib'bers who strangely
> >never mention the existence of the fundamentalists in the
> >ultra-conservative ultra-private-property camp. 
> 
> 	Yes, the fundys are in there. Politics makes strange bedfellows; work
> with whoever you can on whatever you can agree on. It's sort of like both our
> and CPSR's opposition to the CDA - CPSR has entirely too many desires to
> regulate private property (free net access et al), but we can still work with
> them on what we agree on.
> 
> >I am equally concerned with some leftists who consider every example of
> >authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
> >who argues for social responsibility as a "socialst statist." One
> >difference I see is that I am willing to criticize both groups while many
> >(but not all) lib'bers are again strangely silent at least the "statist"
> >side of the equation. 
>  
> 	Well, about 25% or so of libertarians are anarcho-capitalists, so far
> as I can tell. So of course they're going to find anyone who's advocating state
> control a "statist." They've agreed to disagree with people like me who aren't
> anarchists, but that's because we've got most other things in common.  
> 	-Allen
> 








From decius at montag33.residence.gatech.edu  Tue Feb 13 04:35:24 1996
From: decius at montag33.residence.gatech.edu (Decius)
Date: Tue, 13 Feb 1996 20:35:24 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: <199602122202.RAA26619@montag33.residence.gatech.edu>


> > 	And there is essentially no possibility of practical alternative
> > communications facilities becoming available - aside from the titanic
> > capital costs of creating such, most of the resources required such as
> > radio spectrum, orbital slots and rights of way are tightly controlled by
> > the entrenched corperations that operate the present facilities. 
>
> Well, that's the way the net is *now* - but it wasn't always so.  I 
> remember the days when the net was composed of a *lot* of point-to-point 
> UUCP connections eventually winding up at the backbone.  People could be 
> many hops away from the backbone and still have email and news access.  
>
VERY true. People who are getting on the net now assume it is a corporate 
medium created by government grants... but the INTERNET is not nearly the
extent of decentralized communications. Man, when I was in high-school 
NOBODY had legit internet access. If you wanted to reach out and touch 
systems on the other side of the planet you had to BREAK INTO a network 
to do it. Thats one of the most important reasons that hackers "cracked" 
into systems. It was an incredible rush to be able to use computers that
are on the other side of the globe and run by big corporations. So 
apparently out of reach for an American teenage slacker. We could see 
where this stuff was going, but the discourse wasn't on the net, at least 
for us, it was on BULLETIN BOARD SYSTEMS. Look at FIDOnet. Although a lot 
of FIDOnet sysops are the most anal people in the world, the network 
itself is truely an amazing thing. Any 13 year old kid can set up a 
BBS with a 286 and a cheapo modem. They can join the network and talk to 
people on the other side of the planet. They can't shut it down because 
there IS NO CENTRAL CONTROL AT ALL. Anyone can set up a system for $500 
and people can talk. They can network. The government can never shut down 
every BBS. They cannot possibly be aware of whats out there and noone is 
in control. They cannot stop people from setting up FIDO style networks 
unless they outlaw computers. Maybe not even then. They cannot control 
the free spread of information. Even if you don't like FIDOnet you can 
start your own network. I did. It was called ASKi/Shadownet (later, 
Iniquity Net) and it spread all over the globe. We had people polling for 
mail from Australia! We were just a handful of kids from nashville who 
wanted to talk about computer stuff. We built an international network. 
Anyone can do it and it cannot be stopped. Even if the Internet gets 
overrun by corps and governments, and the WWW becomes the only service, 
the revolution is not over. The web is a transition. Once the Web gets 
all the TV heads on computer networks, they will slowley discover what 
networking REALLY is, what discourse REALLY is, what decentralization 
really is, what freedom of information really is. With BBSs and crypto 
technology, noone can stop the free spread of information. The Christian 
Riech has lost its war before it has even begun.     


-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius at montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----






From lunaslide at loop.com  Tue Feb 13 20:37:42 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Tue, 13 Feb 96 20:37:42 PST
Subject: True democracy the electronic way
Message-ID: 


}Is ok. I suspect that we are narrowing on a similar position. Would like
}to see a time when net communications make "representatives of the people"
}obsolete" since majority voting on any issue can be "anytime,anywhere".
}Doubt that it will happen soon.



I too would like to see a purely democratic process rather than a
representative one.  And I also agree that it won't happen soon.  The
question is, what do we keep of govt?

How would the group propose electronic voting on legislation should
proceed?  What sort of technical solution could be arrived at to allow
everyone in the country to vote on specific legislation and how would they
get access to that legislation?  I think _this_ is a cypherpunk topic for
sure.

}Take CDA (please) - obviously draconian and unconstitutional. Think how
}much more difficult it would be to overturn if worded more reasonably.
}Then ask if that was intentional 8*).

I have to believe that Exon truly meant to castrate the net, but in his own
zealous wording, made it easier to turn the law over.  I think it is
reasonable to hope that that will be the effect.  Our doing our part to
make enough noise about it will only help our cause.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From erc at dal1820.computek.net  Tue Feb 13 21:25:42 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 13 Feb 96 21:25:42 PST
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses (fwd)
Message-ID: 


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 22:28-0500
From: The White House 
To: Public-Distribution at CLINTON.AI.MIT.EDU
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses

 

                            THE WHITE HOUSE

                      Office of the Vice President

________________________________________________________________________
For Immediate Release                                  February 13, 1996


   VICE PRESIDENT UNVEILS NEWEST ON-LINE SERVICE FOR U.S. BUSINESSES
  Gore Says U.S. Business Advisor Key To Governing In Information Age


    Vice President Gore today (2/13) unveiled the a new and improved
"customer-designed" version of the U.S. Business Advisor.  The
"Advisor", which was first presented at the 1995 White House
Conference on Small Business, underwent a six-month redesign that
addressed the specific needs of the business community.  The improved
"Advisor" will provide users with one-stop electronic access to more
than 60 different federal organizations that assist or regulate
businesses.

	This on-line service, which directly links American businesses
with the federal government, was originally developed by the Vice
President's National Performance Review in cooperation with federal
agencies and the business community.

	Today, at the annual convention of the Armed Forces
Communications and Electronics Association (AFCEA) in Tyson's Corner,
VA, the Vice President officially placed the new Advisor on the World
Wide Web (http://www.business.gov).

	"By employing state-of-the-art information technology, the
Advisor is improving communication between American businesses and
their government," the Vice President said.  "Because this version was
developed with the support of the business community, the Advisor
serves our customers on their terms.  Both Fortune 500 companies and
start-up businesses will benefit from this improved service."

	The Advisor provides an interactive environment where
businesses can:  file documents electronically with the government;
retrieve documents, applications and other information; get answers to
commonly asked questions; obtain names and contact numbers of business
agencies; acquire news on specific business topics; and send feedback.

	The improved version of the U.S. Business Advisor was unveiled
today as the Vice President delivered the second of three speeches on
technology and the future of America.  The "Technology Trilogy" began
Monday (2/12), in Baltimore, MD, where the Vice President spoke to the
American Association for the Advancement of Science.  The final speech
is scheduled for tomorrow (2/14), in Philadelphia, PA, where the Vice
President will visit the first programmable computer, also known as the
ENIAC.







From cp at proust.suba.com  Tue Feb 13 21:40:08 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 13 Feb 96 21:40:08 PST
Subject: Firewall USA to Firewall China
In-Reply-To: <199602132225.RAA29121@bb.hks.net>
Message-ID: <199602140540.XAA09402@proust.suba.com>


> This would hose 93% of the subversive stuff on the 'net.

I guess I've gotten turned around on this -- last week I was arguing your 
position.

But:  China's problem is internal, not external, and it's political, not 
sexual.  Let's assume that they can build a successful firewall -- 
despite the fact that the people here on this list who design and install 
such firewalls for a living don't believe that the Chineese plan is 
feasible.  Let's assume that they can prevent people from grabbing photos 
from playboy.com.  So what?

Who's in a position to formulate devastating criticisms of China's
government?  Americans?  Or people who live under the system and
understand it?  And what's subversive, anyway?  Breasts enhanced with
silicon and airbrushing, or plain honest talk about liberty and
government? 

Any net that lets the Chineese people publish and talk to one another is 
going to create problems for the government.

On top of that, the firewall isn't even going to keep out foreign traffic. 
The firewall model doesn't work for internal security -- it assumes that
the people on the inside are trustworthy, and it focuses on protecting the
internal net from people on the outside.  The Chineese have to deal with 
people on the inside trying to subvert the wall by building illicit links 
via telephone lines or satellite channels.

Let's put it another way.  Suppose a company has a strong firewall 
installed by a first rate security consultant.  If an employee who has 
access to the internal net puts a modem on his machine and lets anyone 
who wants to dial in and connect to the internal net, what good does the 
firewall do?  You can't come in over the Internet, but you can come in 
over a pots line.  Either way, you've got your access.

For what it's worth, I have a friend who just got a job with Apple's
operation in China.  According to him, Hong Kong is fully wired, but
mainland China only has about 5,000 net accounts outside of government or
acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
connection to the outside world, which suggests that they're email only.





From jimbell at pacifier.com  Tue Feb 13 21:42:09 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 96 21:42:09 PST
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: 


At 07:36 PM 2/13/96 -0800, Bill Frantz wrote:
>At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:

>>That may well be true, but speaking as someone who's worked on U.S.
>>Presidential campaigns, that kind of protection is expensive,
>>time-consuming, intrusive, and unlikely to be extended.
>
>I assume that both Declan and Jim Bell agree that people high in the
>government will be immune because they already enjoy this level of
>protection (limitation one).  So the only people we can hit are the cannon
>fodder, not the ones who gave the orders.  It has always been this way with
>war.

Actually, I think the primary targets will be either the middle level 
manager types, or the ones who have attracted a substantial amount of bad 
publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
Weaver) for example, would be a excellent example of a person who'd try to 
claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
Eichmann.  

Once the tax collectors/enforcers were targeted, the rest of the government 
wouldn't be able to operate, and would collapse.


>If, after a couple of the Waco people had been hit, I was given the
>responsibility to protect them I would proceed as follews:
>
>(1) Gather them and their families onto some Army base and step up the
>patrols.  Now I have them safe.

And, of course, you've just ruined their lives.  Think about it.  By doing 
this, it is made absolutely, completely, and abundantly clear to them that 
THEY are considered "the enemy" and that their lives are forever put at 
risk.   Previously, government employees could hold their heads up high and 
be proud of their "public service."  Now, if they're discovered, they have 
to disappear.  Does this treatment sound familiar?  Their job description 
and circumstances will more closely resemble that of a Mafia enforcer than a 
proud public servant.  They'll have to teach their children to lie about 
what their parent does, rather than risk getting exposed.

Who, exactly, would want to work for the government under such 
circumstances?  Remember, we're not just talking about a tiny fraction of 
their number; if the most egregious ones were hidden the ones that were less 
secure would be killed in their place.

Remember, the only reason the government can even afford so many employees 
is because taxes are collected; what happens when literally every IRS agent 
resigns to avoid the bullet or bomb?  The remainder, the "less bad" ones, 
couldn't be paid.  At that point, government collapses.


>(2) Train and release them thru the witness protection program.  Cost
>$20,000/person (if I remember the article John Young posted a pointer to
>correctly.  (Thanks John))  This is probably about the same as the cost of
>their training, so it makes economic sense.

Except that you can't do this for every government employee, and who's going 
to want to work for the government if it is made clear to them that someday 
they'll either be killed, or discovered, or they will have to "go 
underground" to survive.  Not a very good prospect.  And what happens if 
they think there's a fairly good chance that my system will succeed?  Most 
people want to be able to retire with a pension; what's the prospect for 
collecting a pension from a demolished government?!?

>
>(3) Make sure that the names/faces of the cannon fodder in future actions
>are not available to make it harder to target the guilty.
>
>Bill

Then they'll target the "names," the ones who show their faces.  See how this 
works?  If the only way  you can maintain the government is to keep them all 
absolutely anonymous, then that government has FAILED.

Furthermore, this system's anonymity allows disgruntled public employees the 
chance to collect money by "turning in" their bosses to the public's ire; if 
the personnel list for the government is nominally a secret, it will "leak" 
eventually and those on the list will be followed, confirmed, and targeted.

I'm not a betting man, but if I were forced to place a bet, your position 
doesn't have a prayer.







From jamesd at echeque.com  Tue Feb 13 21:44:25 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Tue, 13 Feb 96 21:44:25 PST
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602140542.VAA18716@news1.best.com>


At 09:22 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>I do hope the religious right keeps fighting against GAK. However good
>their intentions may be on *that* issue, it is transcendently obvious to
>anyone who has been following the flux on Capitol Hill that they were
>behind the recent push to regulate the Internet.

Not obvious to me.

While the religious right clearly supported the push to regulate the
internet, the main push seemed to me to come from the existing mass
media, primarily the three big TV channels.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From rah at shipwright.com  Tue Feb 13 06:08:39 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 13 Feb 1996 22:08:39 +0800
Subject: More DaveMail: New Date: 2/22/96
Message-ID: 



--- begin forwarded text

Mime-Version: 1.0
Date: Mon, 12 Feb 1996 17:27:12 -0800
To: telstar at wired.com (Todd Lappin -- Wired), davenetworld at wired.com,
        eric.alderman at hmg.com, shabbir at vtw.org (Shabbir J. Safdar),
        sac88867 at saclink1.csus.edu (Allen Cole),
        nagel at applelink.apple.com (Dave Nagel -- Apple),
        apj7 at columbia.edu (Andrew Johnston), strindberg3 at applelink.apple.com,
        robg at prognet.com (Rob Glaser -- Progressive Networks),
        esp at montreal.com (David Kramer),
        ebelove at staff.ichange.com (Ed Belove -- AT&T Interchange)
From: dwiner at well.com (DaveNet email)
Subject: New Date: 2/22/96
Sender: owner-davenetworld at wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/12/96; 5:18:26 PM PST
---------------------------------------

  Rob Glaser, robg at prognet.com, was the first to question the choice
  of 2/12/96 for the 24 Hours of Democracy project.

  He said: "I think this is a very good idea overall. But I think it is
  unnecessarily (insanely?) ambitious to try to pull it off on
  Wednesday."

  Many more emails like that followed.

  As the day progressed, I realized that while I'm itching to get the
  ball rolling, it's taking longer than I thought it would for the
  pieces to come together.

  So we're pushing the date back.

  ***February 22, 1996

  The start time will be: 12:01AM, Pacific, 2/22/96.

  The end time will be: 11:59PM, Pacific, 2/22/96.

  February 22 is George Washington's Birthday. A national holiday in
  the United States. It's a bank holiday. The post office is closed.

  We celebrate the birth of our founding father. The leader in our war
  for independence. He was the first president of the United States.
  The man who, according to legend, could not tell a lie.

  So -- instead of writing a love letter to the Internet, tell the truth
  about democracy. The founding principles of the United States. The
  Declaration of Independence. The Constitution. The Bill of Rights.

  How would George Washington feel about the Internet?

  And even though 2/22/96 is not Valentine's Day, if you want to write a
  love letter to the Internet, that's probably OK too!

  Stay tuned to  for news on
  sponsorship, press information, free web posting via email, clip
  art, and information about how you can contribute to the success of 24
  Hours of Democracy.

  Thanks!

  Dave Winer

  PS: Remember Abraham Lincoln, whose birthday is today, and remember
  slavery, the Civil War, and then freedom. Can it happen here? It did!

-----------------------------------------------
2/22/96: 

--- end forwarded text


--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info at hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah at shipwright.com
for details...
-------------------------------------------------







From johnsonr at hoshi.colorado.edu  Tue Feb 13 06:11:29 1996
From: johnsonr at hoshi.colorado.edu (Richard Johnson)
Date: Tue, 13 Feb 1996 22:11:29 +0800
Subject: Pointer to pro-"compromise" analysis of Japanese Crypto Policy
Message-ID: 


Japanese encryption policy evidently has no room yet for key "compromise"
by the Japanese government.  However, Mr. Baker holds out hope that that
may change.

Forwarded-by: bostic at bsdi.com (Keith Bostic)
Forwarded-by: Phil Agre 

EMERGING JAPANESE ENCRYPTION POLICY
        by Stewart A. Baker
           Steptoe & Johnson
           sbaker at steptoe.com

http://www.us.net/~steptoe/276915.htm








From jimbell at pacifier.com  Tue Feb 13 22:33:20 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 96 22:33:20 PST
Subject: Assasination Politics
Message-ID: 


At 01:48 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>	I have changed the subject header (despite its destroying threading
>with the way my mailreader works) so that Perry et al can more easily filter
>this out. I have concluded that Assasination Politics, since it is a possible
>development of true anonymnity, etcetera, is a proper discussion topic for
>cypherpunks - while not cryptography in and of itself, it is a possible result
>of cryptography.

I'm glad some people see that.  This may, in fact, turn out to be one of the 
most important products of modern, public-key cryptography.


>From:	IN%"frantz at netcom.com" 12-FEB-1996 03:24:07.29
>
>>Again, absolutely.  Hell, I can't even devise a filter that will let me
>>filter out Jim Bell's rants while letting me see his reasoned arguments on
>>anonymous assassination.  (I would love to have him address the Salman
>>Rushdie issue, a man who is still alive despite a considerable announced
>>price for his head.  There appear to be limits to who can be subject to
>>assassination for pay.)
>
>	Actually, that's an argument for non-misusage of Assasination Politics.
>If the person hides, there's not much one can do about it. But a hiding
>law enforcement agent can't be out violating people's rights. 

Bingo!   That's why this system will be so effective; it will DETER bad 
behavior on the part of the government and its agents.


>(I will mention
>that whether a right is violated or not is essentially a matter of the
>perceiver - under any system, whether governmental or not. All ethical
>arguments assume either some degree of common ground that can be argued from,
>or the finding of logical inconsistency). Those who do so via the net can be
>taken care of via the other mechanisms discussed here. It's just that the
>physical part is a possible net weakness.
>	Moreover, just because _some_ rights-violaters (not that Rushdie was
>one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
>have to be 100% efficient to be effective.

Yup; it's interesting that Franz didn't see this... Maybe he just didn't
WANT to see it!


>	However, the Rushdie case does bring up one problem I have with
>Assasination Politics as currently constructed. While people are unlikely to
>patronize a general/non-discriminatory organization, a more particular but
>non-libertarian one is still possible. For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them - such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.
>	-Allen

Your question was actually a two-parter.  I will separate it below and 
comment on the pieces:


>For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them -

"Who needs leaders"?  Think about this, carefully.  The current political 
system is based on the idea that if you don't like the way things are being 
done, you have to publicize your unhappiness, to organize, and for that  you 
normally "need" leaders.  With "Assassination Politics," _leaders_ will not 
only not be necessary, they might be the prime targets for unhappy people!  
But this will work both ways:  "Christian Coalition" LEADERS will be targets 
themselves if they publicly advocate the killing of abortion doctors.


> such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? 

I wish there was some sort of "perfect, easy solution" to this dilemma, but 
it's possible there isn't.  Ultimately, anybody who does anything that 
angers enough people, ENOUGH, will be a potential target.  I don't think 
this is a major admission however; society has ALWAYS been this way.  In the 
early 1600's in Salem, women were killed simply due to false accusations 
that they engaged in 'witchcraft."  Governments have prosecuted (and 
persecuted) people for violation of what we now call victimless crimes.  In 
the pre-1960's South, being black was a de-facto "crime":  They could be 
arrested, tried, and convicted on a pretense.  Over 60% of prison cells are 
filled with people who sold chemicals (drugs) to willing buyers.

I think it's clear that there are ALREADY plenty of violations of rights 
going on; at most, you can claim that "Assassination Politics" is 
"imperfect" in the sense that it doesn't completely solve this problem.  But 
since I do genuinely believe it will eliminate war, militaries, governments, 
taxes, and other evils, I think we'll end up with a far better society than 
we have today.

>The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.

All is not lost, however.  I contend that society would likely IMPROVE to 
the point where the kind of behavior you want to avoid will not commonly 
happen.  Wishful thinking?  Well, consider a point which was driven home to 
me a week ago at a dinner with my parents, sister and brother in law, and my 
two nieces, ages 4 and 9.  We were eating spareribs, and my father (age 65) 
commented that such meat used to be considered trash meat, and "only the 
niggers bought it."  (BTW, my father was not and is not a bigot, quite the 
opposite; he used this terminology to relate the general opinion during the 
time frame he grew up in; he used this terminology to reflect on and deride 
that public opinion back then.) 

My older niece looked mystified, and said she hadn't even HEARD the term 
"nigger." (and she's substantially above average in vocabulary and 
intelligence for age 9, BTW)   While I am not going to claim that bigotry is 
dead in the younger generation, I think it's clear that it went out of style 
in the 1960's and progress has since been made in eradicating most of its 
more egregious effects. In short, in that issue, society has improved, if by 
no other method than waiting for the bigots to die off naturally and develop 
a new generation of more tolerant people.  Call this "political correctness" 
if you wish (and I'm about as much an opponent of "political correctness" as 
you'll find) but the fact is that things are getting better with regards to 
race relations.

Similarly, I think that once public advocacy for killing abortion doctors 
and others was deterred (by judicious use of Assassination Politics, for 
example, even if a given example of such use might be considered "wrong" 
because it was a violation of "free speech") 
pretty soon it would be hard to gather much enthusiasm for such bad acts.  
Few people would risk calling publicly for that; the next generation will 
"never" hear such a thing, etc. 

Is it unreasonable for me to suggest that over time, the faults you fear 
will tend to disappear?











From jimbell at pacifier.com  Tue Feb 13 22:33:28 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 13 Feb 96 22:33:28 PST
Subject: MS CryptoAPI (fwd)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 07:28 PM 2/13/96 -0500, Rich Salz wrote:
>Okay, so how the hell did Microsoft get export approval for this? I mean,
>this is the classic crypto-with-a-hole; a service-provider interface (SPI)
>with DLL's means "plug your crypto here".  This is usually considered an
>"anciliary" device in ITAR language, and therefore export controlled.  I
>mean, how long until you see MSWord with "full privacy" option?
>
>Word I've heard is that the office of Export Control has had a lot of
>turnover and "nobody knows anything" anymore. 

At the risk of blowing my usual horn, I would argue that one advantage in 
vocal, common, and loudly hostile talk against government is that they have 
begun to understand how unhappy we are with them.  To make an analogy with 
late-1700's France,  the sound of a guillotine being tested probably had a 
remarkable effect on the upper strata of their society; likewise, dicussions 
of how we can all chip in and bump off the whole lot of the bastards might 
remind a few of they key government players that they are not immune from 
eventual retribution.  Resulting in "a lot of turnover."

If we make a "reasonable assumption" that most of those government employees 
aren't stupid, and they discover that the prospect for Crypto-Anarchy 
(trademark owned by Tim May?) is good, it seems reasonable to assume that 
they'll want to avoid being around when THE END comes for their employer.

Jim Bell

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSF8vvqHVDBboB2dAQExXQP+JHO6P80VfXE1+x5JmstA14dg+wlmXBK2
+8UYUnD7IpK2QzIKoEbmot2/WfUK/9zzOiuRuXvzc6FxfscRm7xNzNO28vviTN5U
osVNgm72t/R2jZspMPr+cYE3GcxDIcQvTEOth5Tz9J9q7TfI4+NPl68fN7sqEOsG
m44PPIy6F2I=
=m3hQ
-----END PGP SIGNATURE-----






From accessnt at ozemail.com.au  Tue Feb 13 22:52:54 1996
From: accessnt at ozemail.com.au (Mark Neely)
Date: Tue, 13 Feb 96 22:52:54 PST
Subject: Off topic - research query
Message-ID: <199602140649.RAA14008@oznet02.ozemail.com.au>


Howdy from Australia.

I am in the process of doing some research for an
article on our present bandwidth difficulties in 
Oz.

As a side issue, I wanted to cover the "overhead"
factor inherent in the TCP/IP (v4?) protocol 
which I understand is reduced under the proposed IPv.6 protocol.

I'd also like to discuss the "unfriendly" manner in which
web browsers such as Netscape hog resources by sending multiple
port access requests.

Can anyone point me towards recent papers which deal with these
issues?

TIA

Mark
___
Mark Neely - accessnt at ozemail.com.au 
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt






From alano at teleport.com  Tue Feb 13 22:59:17 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 13 Feb 96 22:59:17 PST
Subject: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <2.2.32.19960214070150.00af2350@mail.teleport.com>


At 10:03 PM 2/13/96 -0500, Adam Shostack wrote:
>	IP addresses are a scarce resource today.  Try getting a /16
>allocation (what used to be a class B).  There are politics in the
>process already.

I know they are getting scarce.  I just find the "let's sell IP addresses on
the open market" do be a scary though.  it will make them less available.

>	Addresses will not be easily 'transferable.'  The IETF is
>discussing a 'Best Current Practices' document that talks about
>address portability.  Basically, it can't happen, because the routers
>only have so much memory, and the routers at the core of the internet
>can't keep in memory how to reach every one; there needs to be
>aggregation.  The only feasible aggregation seems to be provider
>based, ie, MCI, Alternet, and other large ISPs get blocks of
>addresses.  They give them to smaller companies, like got.net, which
>gives them to customers.  The result?  The core routers have a few
>more years.

A good point. Having parts of subnet shifting around could be pretty painful
from an admin point of view.

>	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
>address space, and (hopefully) much more efficient allocation, as well
>as such useful things as hooks for automatic renumbering of address space.

I just hope that the AT&T scheme does not get put into place.  Otherwise it
will be just viewed like a stock split.  ("Wow!  We have more addresses to
sell!")

The AT&T plan as described sounds like something dreamed up by a marketing
droid as a way to "Make Money Fast Off Of The Internet".

What is the timeline for implementation of IPv6?

---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From nobody at mockingbird.alias.net  Wed Feb 14 00:18:56 1996
From: nobody at mockingbird.alias.net (Anonymous)
Date: Wed, 14 Feb 96 00:18:56 PST
Subject: MS CryptoAPI (fwd)
In-Reply-To: <9602140028.AA28117@sulphur.osf.org>
Message-ID: <199602140812.AAA13162@myriad>


Rich Salz (rsalz at osf.org) wrote:
> Okay, so how the hell did Microsoft get export approval for this?

They didn't.





From nobody at REPLAY.COM  Wed Feb 14 00:40:17 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 14 Feb 96 00:40:17 PST
Subject: Why There Exists No Middle Ground in the Crypto-policy Debate
Message-ID: <199602140840.JAA12665@utopia.hacktic.nl>


-----BEGIN PGP SIGNED MESSAGE-----

Why There Exists No Middle Ground in the Crypto-policy Debate

[This message only appears to be posted anonymously, if you
 have the correct tools, you can learn my name and e-address.
 Take that auto-WWW indexers!]

Decius  recently presented an essay,
entitled ``Crypto-Absolutism,'' which described ``Why and how the
middle ground should be found in the crypto-policy debate.''  The
essay is clearly wrong in its assumptions and thus its conclusions.
Given the perceived flaws in the assumptions, his commentary must be
rebutted.

Within the context of this rebuttal, ``T-Camp Cypherpunks'' are those
``Cypherpunks'' (whatever they are :-) that follow a technology
evolution-based line of reasoning to arrive at the inevitable coming
of crypto-anarchy.  As well, ``A-Camp Cypherpunks'' are those that
advocate crypto-anarchy because they like the social and political
implications.  It is possible to be an A-Camp Cypherpunk or a T-Camp
Cypherpunk without being the other.  Of course, it is quite possible
to be both.  It has often been said on Cypherpunks, that ``we'' are
not a ``we''.  Decius falls into a trap by assuming that all
Cypherpunks are in the A-Camp.  This mistake colors the entire essay.

The main problem with Decius' essay is that it assumes that
Cypherpunks _merely_ advocate crypto-anarchy.  In fact, T-Camp
Cypherpunks do not stop at this puny point.  They observe that
crypto-anarchy is the _likely_ _outcome_ of the current technology
trend (this trend is discussed below).  Note that this observation of
fulfillment, if correct, is a far stronger statement than merely
advocating that crypto-anarchy should happen or would be a really good
idea.

A-Camp Cypherpunks also advocate that this trend should be exploited
to its conclusion, sooner rather than later, to preempt any massive
government crackdowns that would only prolong the transition pains.
The rationale being that these supposed government crackdowns have no
place in the natural evolution of a free society.  And that the
continuance of a free society is preferable to that of a move towards
a police state, which would be required to facilitate the useless ---
in the end --- crackdown on this information technology.

Decius is also wrong when he states that crypto-anarchy means people
will never again be accountable or recognized (pure A-Campers might
like this to be true, although I doubt it).  In the T-Camper's view,
crypto-anarchy means that people have the choice of when they wish to
be accountable and recognized for their statements and information
movement-related actions and when they wish otherwise.  People are not
forced under the crypto-anarchy model to be unaccountable or
unrecognizable.  Likewise, the crypto-anarchy model allows people to
ignore those that are unaccountable and unrecognizable, if they wish.
Decius fails to recognize that people could be recognized, and even
paid, for example, when operating under a pseudonym instead of
completely anonymously (this concept links two Cypherpunks favorites:
untraceable anonymous e-cash and anonymous reputations).

As primary counter-points to Decius on this issue:
- - The people who wrote the Federalists' Papers did so anonymously,
  yet I suspect that all were well-known and transacted business and
  other politics under their ``real names'' most of the time.
- - Individual articles are anonymously published in the _The Economist_
  yet I suspect that people are being paid to contribute information
  to this newspaper (at least, I know I am paying a lot per year, for
  a newspaper, to get the information :-).
- - The recently released ``Primary Colors'' book by Anonymous.  Yet
  this person, if the publisher is to be believed, is well-known to
  President Clinton (I think it may all just be a good marketing scam :-).

Back to the main point of unstoppable --- in a free society, at least
- --- technology trends.  Decius has not, but must, account for the
following change due to technology: Up until now, communication system
deployers (e.g. The Phone Companies) have been basically blackmailed
(through easily applied laws and licensing) into creating systems with
backdoors for government's use.  As system intelligence moves to the
end-user devices away from the internal network devices and encryption
moves to end-to-end encryption from link-based or non-existent
encryption, this form of blackmail will no longer work since there
will no longer be a small number of easily controlled entities
building and deploying the systems.  There will be open standards for
the interconnect itself [IPng or whatever].  And anyone will be able
to implement end-user devices that layer end-to-end encryption on top
of the raw interconnect services provided by the new network model.
In some ways, we have already arrived at the new interconnect model:
the Internet based upon IP.  In the form of today's computers, we also
have a rudimentary incarnation of the required intelligent end-user
device.

In sum, I am a T-Camp Cypherpunk not because I necessarily think
crypto-anarchy is a good idea but rather because the technology trend
will continue to make it happen.  I also happen to be an A-Camp
Cypherpunk but it is for the reason that I am a T-Camper alone that I
derive that there can be no compromise on the issue of crypto-policy.
Not only would it be a bad idea to compromise, but also any compromise
will fail due to continuing changes in technology that favor
intelligence in the end-user devices and end-to-end encryption over
intelligence in the internal network components and easily controlled
encryption.  It is better to see the technology trend and embrace it
to prepare for the new crypto-anarchy to come.  ~``Those that prepare
for the change will have a lot of success, while those that ignore the
technology trend in this area will be left behind.''~  Truer words have
never been spoken.

Regards,
Loren

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSGeTP8de8m5izJJAQFFrQP/ZQFu64mGC/u4YC7jAsnv22Cx3Eub+xVw
i3IYX7aHJopfG3g6IVifaGuEJmHxF6mZDHj+YSS/9fQfHUm7QZtoXmgmvxgWpP3s
KiUVLgYA3/cVfZn/6iOUHlQCehzj2N4IPdW2QGWbe2rbk1i1YaiGLpnB+RRXo4nW
r7mKrSVOjOQ=
=TIOb
-----END PGP SIGNATURE-----





From frissell at panix.com  Tue Feb 13 09:13:34 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 14 Feb 1996 01:13:34 +0800
Subject: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <2.2.32.19960212145316.00d93ccc@panix.com>


At 10:24 AM 2/11/96 +0000, Ed Carp wrote:

>> A foreign person is defined in S 120.11, and means anyone who's not a U.S.
>> citizen. Technical data is defined in S 120.33
>
>Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
>of PGP?

A US *permanent resident* who is not a US Citizen is still a "US Person" for
ITAR purposes.

DCF






From furballs at netcom.com  Wed Feb 14 01:48:06 1996
From: furballs at netcom.com (Paul S. Penrod)
Date: Wed, 14 Feb 96 01:48:06 PST
Subject: V-chips, CC, and Motorcycle Helmets
In-Reply-To: <2.2.32.19960212061802.00915f98@mail.teleport.com>
Message-ID: 



It's real simple folks. Turn the damn set off.

If parents wont accept the responsiblity to monitor what their kids 
watch, then they get what they get. If I don't want my kids watching 
television when I am gone, then I take the remote with me, as that is the 
only way my TV works.

The V-chip, like every other type of electronic lockbox devised to date, 
is nothing more than a band aid trying to cover the real problem - lack 
of attention paid to one's children and what they are doing. A 
govermental solution designed to regulate and legislate morality. History 
has demonstrated that every time a government makes attempts to enforce 
what is considered the basic tenants of civilized behavior then the game 
has already been lost. The people and the politics have become so 
corrupted that no form of democracy will survive for long - as it is 
dependant on the individual's willingness to abide by the principle of 
personal honesty.

On Sun, 11 Feb 1996, Alan Olsen wrote:

> At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
> >The Dranged Mutand is far from deranged when he writes:
> >
> >At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
> >...
> >
> >>And besides... why rate program just on violence?  Why not "quality" from 
> >>a variety of orgs?  Other content ratings, from various organizations.  
> >
> >...
> >
> >One thing the V-Chip gives us is the argument:  Now that parents have the
> >ability to control what their children watch, the government should turn
> >responsibility over to them and butt out.
> 
> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)
> 
> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)
> 
> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
> from some sort of rating system or a heavy handed FCC regulation or two.)
> And don't believe that the V-Chip will let you choose the rating service.
> It will be one centrally produced rating from some faceless and nameless
> entity.  I am willing to bet that we will see some pretty absurd examples of
> ratings (mild things getting heavy ratings above and beyond the call of
> sanity) in the future.
> 
> The v-chip will be less than useful as a real filter tool for those of us
> who have a different worldview than the censors.
> 
> Remember: "Future events like these will happen to you in the future!"
> ---
> Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
>         `finger -l alano at teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> "I, Caligula Clinton... In the name of the Senate and the people of Rome!"
>    - Bill Clinton signing the CDA with the First Amendment bent over.
> 
> 





From PADGETT at hobbes.orl.mmc.com  Tue Feb 13 09:59:53 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Wed, 14 Feb 1996 01:59:53 +0800
Subject: Smart cards
Message-ID: <960213091516.2021706c@hobbes.orl.mmc.com>


   
>   The largest demand, though, will come from government agencies, like
>   Spain's Social Security Administration and the Czech Republic's
>   Healthcare Ministry. China, with a population of 1.2 billion, is
>   considering a national identification card using this technology, said
>   Waqar Qureshi, Motorola worldwide marketing manager for smart-card
>   chips.
 
Been around for quite a while - expensive part is not the cards themselves
($1-$3) but the card *readers*.
						Warmly,
							Padgett





From PADGETT at hobbes.orl.mmc.com  Tue Feb 13 10:17:00 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Wed, 14 Feb 1996 02:17:00 +0800
Subject: Firewall USA to Firewall China
Message-ID: <960213083000.2021706c@hobbes.orl.mmc.com>



>Q: The Chinese government has declared its intention to filter out
>  what it considers to be objectionable material from the Internet. If
>  you were a consultant for the Chinese government, what technology
>  would you recommend that they use to do that?

Multiple layers would probably do it:

1) Acces only to/from sites with which they have a formal agreement
2) Using secure channels
3) With good application filters (could be created - that I do not know
   of anyone who has is irrevelant - MIMEsweeper is a start.)

Mostly it depends on how seriously they want to block certain kinds of
traffic and what of the I'net's capabilities they are willing to give up
to achieve that goal.

Now before I get flamed again, please understand that I separate what *can*
be done from what *should* be done. This is a "can" and is also considering
the fact that a sovereign nation has the *right* to do this unless it gives
up that right. A US company also has that right where it pertains to their
property unless again they give up that right (see: common carrier).

					Warmly,
						Padgett

ps wife informed me that when traffic backs up, it is ok to leave a hole for
   cross traffic to use but if you make any sort of gesture to indicate that
   is what you have done, *you* become liable for the cross traffic's actions.
   Absurd, no ?





From PADGETT at hobbes.orl.mmc.com  Tue Feb 13 12:23:34 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Wed, 14 Feb 1996 04:23:34 +0800
Subject: Communication
Message-ID: <960213100636.2021706c@hobbes.orl.mmc.com>


Jim rites:
>Logic lesson for Padgett:
>There are at least three categories here:
>1.  Government restricts communication.
>2.  Government neither assists nor restricts communication.
>3.  Government assists communication.  (through stolen tax dollars, BTW.)

Oh, now I see where you are confused. To me there are at least six
categories - the three you mention but in matrix form with two
columns: Wholly inside the USA and from the USA to/from "elsewhere".

(2) applies inside the USA and in some cases (3) - and tax dollars are not
necessarily "stolen", the Constitution specifies that taxes may be levied for
certain matters. (1) does not apply though through the rationale/excuse of
"maximising the use for all" some regulations have been enacted primarily
by the FCC. It is not improbable that the FCC's area of responsibility might
extend to the Internet once considered a "national resource". Not saying
right or wrong, just "could" & would not be surprised.

In the case of communications with "other" entities, I expect all three to
apply in different instances - what makes anon.penet.fi different from the
L. A. Times.

Now in the case of extra-National communications, I believe that in certain
cases the Nation-state has not only the sovereign right of control but the 
obligation to control. For example just to pick a popular example, France 
might negotiate a trade agreement with the USA that included an agreement to 
block all PGP communications between the two countries. That would be legal.

What the US does not really have is the *ability* to control communications.

							Warmly,
								Padgett





From jon at aggroup.com  Tue Feb 13 13:31:21 1996
From: jon at aggroup.com (Yanni)
Date: Wed, 14 Feb 1996 05:31:21 +0800
Subject: COO_kie
Message-ID: <9602122040.AA18721@jon>


> So, Folks, how does one manipulate the cookie in Netscape so that the
> user can control what Netscape sees???
>
> Michael E. Carboy
> carboy at hooked.net

Simple, read the cookie specs on the NetScape site. :)

http://home.netscape.com/

-jon

Jon S. Stevens         yanni at clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp at sparc.clearink.com for pgp pub key
My apologies for the loss of bandwidth. :-)





From WlkngOwl at UNiX.asb.com  Tue Feb 13 13:32:56 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Wed, 14 Feb 1996 05:32:56 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602130100.UAA12306@UNiX.asb.com>


> It makes me very wary of them.  What gets me are all the people here who
> talk about them as if they will have useful features.  They will be about as
> useful as the ratings on video games.  ("Hey, theres a cool one!  This one
> has flying mangled bodies!  Its OK though.  No sex!")

What's the line in the song "Father Bruce"?

"The word to kill ain't dirty
 I used it in the last line
 but use a short word for lovin'
 and you wind up doin' time..."


 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From frantz at netcom.com  Tue Feb 13 13:33:08 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 05:33:08 +0800
Subject: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602130446.UAA15045@netcom7.netcom.com>


At 10:56 AM 2/12/96 -0500, rngaugp at alpha.c2.org wrote:
>...
>I am unsure about using my modification, together with these drivers
>that are not connected to a real hardware RNG. In what way would the use
>of these drivers' methods of gathering entropy be superior to PGP's
>method of getting entropy from keyboard timing? If you choose to do
>something like this, you should think carefully and make a careful study
>of the code.

If there are no common-mode sources, xoring two streams will not reduce the
entropy.  If you use PGP's keyboard timings for one stream, and (e.g.) disk
drive randomness for the other, the output of the xor of the two streams
should have at least as much entropy as the best of the two.

However, I would be worried if /dev/random and PGP were both using keyboard
timings to generate entropy.

Bill







From adam at lighthouse.homeport.org  Tue Feb 13 13:33:17 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Wed, 14 Feb 1996 05:33:17 +0800
Subject: To find the clock speed of a sun workstation
In-Reply-To: <199602130016.AA10339@sunstorm.corp.cirrus.com>
Message-ID: <199602130440.XAA19930@homeport.org>


The sysinfo program does this.  Don't recall how.  get a version later
than 2.2; earlier ones have bugs when installed setuid.

Ashfaq Rasheed wrote:

| Is there anyway of finding the clock speed of the CPU on a Sun workstation?
| As far as i know it can be found only by rebooting the machine and using
| module-info? And I believe that the module-info does a no-op loop for a
| a known number of times and calculates the time taken.
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From bruce at aracnet.com  Tue Feb 13 13:38:32 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Wed, 14 Feb 1996 05:38:32 +0800
Subject: Portland, OR, Key-Signing+
Message-ID: <2.2.32.19960213044547.0069d4a8@mail.aracnet.com>


-----BEGIN PGP SIGNED MESSAGE-----

ANNOUNCING:
THE SECOND QUASI-MONTHLY PORTLAND CYPHERPUNKS SOIREE AND KEY-SIGNING

Yes, it's that time again.

When:   Saturday, February 26, 1996
        come 4:30-5 pm to join those of us watching the new 
        episode of MYSTERY SCIENCE THEATER 3000, or
        come 7:30-8 pm to avoid it

Where:  my apartment, in SE Portland
        e-mail me for directions

This meeting is about to be announced in a bunch of local and
regional newsgroups; I hope to get a crop of novices as well 
as the more experienced folks. A keysigning will take place, 
with instructions for it mailed out later in the week.

I have a PC running Windows 95, and it'll be available for use in
key verification and the like. If anyone has a portable computer
with another OS to bring, please do.

Proposed topics:

1) Alan Olsen is working on an e-mail client with PGP integration.
Let's talk interface.

2) I'm working on a guide for crypto newbies. Come and tell me what
works or doesn't.

3) So, just how lame is the Communications Decency Act, anyway? :-)

4) Whatever of crypto relevance is on your mind.

Since there was confusion last time about expectations, let me spell
out of a few things up.

1) Since some participants have expressed the desire not to be
photographed, no cameras.

2) Insofar as others have other concerns, e-mail me. No guarantees
on what we can do or not, but I'd like as many people as possible 
to be as comfortable as possible.

3) What's discussed during the soiree _will_ be fair game for
comment later. Interesting insights, dramatic news, stunning
rhetoric, the whole deal, may all be continued on the net later.

There are, alas, some restrictions on partying tools, imposed by 
my chronic immune problems. If you smoke, a) please hold off if
possible or b) take it outside and away from my door. (I have a 
nice back patio suitable for this purpose, since I never use it 
for anything.) I will have quite a variety of drinks on hand, 
but please, leave the alcohol at home. Ditto for any scents or 
perfumes you might usually wear. This way I get to have fun, too. 
:-)

I really hate to add this particular paragraph (and it isn't in the
version that'll get posted to newsgroups), but...one person won't be
welcome. Jim Bell's conduct at the last meeting and on the list are
such as to make it quite clear that I don't want him in my home. I
won't send him directions. I ask that nobody else do so. If he
shows, he will not be allowed in. I have no interest in hosting a
get-together dominated by the perpetuation of an increasingly dull
flamewar. (And if he can stop grinding the usual axes in the next
two weeks, I'd be delighted to drop this.) The time and energy I,
and other participants, have are too valuable to waste that way. 
(And if he thinks I'm being unreasonable, he is of course free to 
organize his own gathering.) [Note: I will not pursue this matter
further on Cypherpunks. I needed to announce it; I don't need to
sustain the flame fest.]

Regards,



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSAW8X3AXR8sjiylAQHECQfRAVlw1MzEpCceLzxM3LbwuLwmSpgacLFi
8eUNFGNHis1xwpOvYpY/u/6WQXScI00oq/44euY8N6bzUxV6djbhIPR1jX+J0KrQ
2Dl8gZgaRNdo69nBabIt3gBG4OZzWiqX2g7YLOcr4I7rcNvCPn0SbaIayb5trgjh
AWSVnC1g8gy17XBpAZMrLurgQQx0ul5CS0RreO6/Tpqy3P2V2ly0+k3k9p29RJly
Y/Ug7KSYxirXUt07eeI8HCXzEtJ8DvN133Nwbos7WZvXitR5fzf0eXbxGSe7WXay
KB0olIiWEi/r0q7xP8GdE07WcBzbXCfH5Uf6VPr9F34rig8=
=p6BW
-----END PGP SIGNATURE-----

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bplib at wat.hookup.net  Tue Feb 13 14:36:20 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Wed, 14 Feb 1996 06:36:20 +0800
Subject: Smart cards
In-Reply-To: <960213091516.2021706c@hobbes.orl.mmc.com>
Message-ID: 



	The headline in the Toronto Star this morning is "'SMART CARD'
HERE WITHIN YEAR" 
	The idea is to have everyone in Ontario have a 'smart card' that
will "keep track of everything from mammograms to speeding tickets". This
card will "replace the existing health card, drivers's licence, social
assistance identification, drug card, and senior identification". 
	Health Minister Jim Wilson said " For example, when you are 
discharged from hospital, your patient record doesn't follow you (so) you 
may go to your family doctor back in your hometown and have all the tests 
and x-rays duplicated." "That sort of information can be available in a 
central database. Of course we have to have all the discussions about 
privacy of information." (I'll just bet we do!)
	"Former Health Minister Ruth Grier also explored a smart card, but
rejected the idea because she said it posed too great a risk to patient
privacy. Wilson said privacy protection will be a key part of the new 
card, ensuring that only appropriate health-care workers and OHIP 
(Ontario Health Insurance Plan) officials can access sensitive patient 
information."
	"The card would carry basic 'tombstone data' such as date of 
birth and gender that Wilson said is now collected by 200 different 
government programs."
	"Wilson said the government has not decided whether the cards will
carry a residents's fingerprints, photo or other form of identification." 

	It seems that Canada is backing into a national identity card
using 'smart' technology. Before any Americans on this list get too smug
about 'it could never happen in America', just remember, all it takes is a
successful example of implementation in a western country and the pressure
will come to your country too. 

Sign me concerned,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From jdoe-agamemnon at alpha.c2.org  Tue Feb 13 15:12:34 1996
From: jdoe-agamemnon at alpha.c2.org (jdoe-agamemnon at alpha.c2.org)
Date: Wed, 14 Feb 1996 07:12:34 +0800
Subject: Give it a rest Perry
Message-ID: <199602131633.IAA13161@eternity.c2.org>


Cpunks,

On Mon, 12 Feb 1996 Ray Arachelian wrote:

>I personally like reviews of messages that are posted regarding other 
>people's posts, however I prefer to read them in email.  Cypherpunks 
>isn't for "this doesn't belong here" messages. :)

I personally agree with him.







From ylo at cs.hut.fi  Tue Feb 13 15:58:43 1996
From: ylo at cs.hut.fi (Tatu Ylonen)
Date: Wed, 14 Feb 1996 07:58:43 +0800
Subject: Free end-to-end encryption code?
In-Reply-To: 
Message-ID: <199602122233.AAA06108@trance.olari.clinet.fi>


> >Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
> >myself...
> 
> Okay...well...here's another problem. You see, most of the clients are
> going to be Windows people. I can't use a Unix-only solution.

There is already a windows version of ssh, though it is not very
stable.  I am myself working on an "official" Windows version, and it
should be available after a few weeks.

    Tatu





From tcmay at got.net  Tue Feb 13 16:05:54 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 14 Feb 1996 08:05:54 +0800
Subject: Cypherpunks vs. Coderpunks
Message-ID: 



Much has been written by people about the "appropriate themes" of the
Cypherpunks list. I'm sure I don't need to remind you all of this ongoing
debate.

Well, the "coders" have formed their own list, closed to non-coders, and
known as "Coderpunks." More power to them. (Archives of this list may now
be found at Todd Masco's site: http://www.hks.net/cpunks/index.html.

Apparently the Cyphepunks list is thus being left to those of us who either
don't want to code, or have no skills at coding, or who think the
sociopolitical issues are more interesting.

It may turn out that the "gated community" of Coderpunks is ultimately more
influential, and that the "favela" of Cypherpunks is filled with the rants
and raves about "Assasination Politics," who deserved to be nuked in WW II,
whether Vince Foster was killed by the NSA or the Mossad, and so forth.

Whatever, this ought to once and for all answer the question of whether
only _coding_ topics alone belong on Cypherpunks: the answer is, clearly,
that they _don't_. If you want to discuss coding, go over to Coderpunks and
see if you have the magic password that gets you in. Otherwise, we have
political rants over here to get back to.

(ObPerry: "What does this have to do with crypto or coding?" ObAnswer:
"Nothing, this is Cypherpunks, not Coderpunks.")

--Tim May, an unelected spokesman of the Cypherpunk Ghetto (tm)




Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jeffb at sware.com  Tue Feb 13 16:21:35 1996
From: jeffb at sware.com (Jeff Barber)
Date: Wed, 14 Feb 1996 08:21:35 +0800
Subject: Communication
In-Reply-To: <960213100636.2021706c@hobbes.orl.mmc.com>
Message-ID: <199602131605.LAA22213@jafar.sware.com>


A. Padgett Peterson P.E. Information Security writes:

> Now in the case of extra-National communications, I believe that in certain
> cases the Nation-state has not only the sovereign right of control but the 
> obligation to control. For example just to pick a popular example, France 
> might negotiate a trade agreement with the USA that included an agreement to 
> block all PGP communications between the two countries. That would be legal.

Padgett, you can't just throw out these pronouncements without supporting 
arguments.  Why would this be legal?  Merely because you say so?
Where would the US government get the authority to prohibit all PGP
communications?  If you still insist this is allowed by the "regulate
foreign commerce" clause of the US Constitution, you at least need
to describe how the USG would attempt to justify it to a court as
commerce.  Furthermore, since the foreign commerce clause is also the
inter-state commerce clause, explain why the government can't use the
same argument to prohibit us folks in Georgia from using PGP in our
communications with Californians (for example).  Or do you believe it can?


-- Jeff





From sunder at dorsai.dorsai.org  Tue Feb 13 16:51:23 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Wed, 14 Feb 1996 08:51:23 +0800
Subject: Put the Protest where your money is.
In-Reply-To: <199602130229.SAA10506@mark.allyn.com>
Message-ID: 


On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:

> What do you mean by a speech bubble?
> 
> "write in a speech bubble to the president dude"
> 
> Does this mean a transparent plastic bubble over his head??

Like in comic books.  i.e:
         __________________________________
        /CDA is unconstitutional and sucks \
       | Exon sucks rhino dick for lunch    |
   ___  \ _________________________________/
  /   \ |/
  |O O|
  \ ^ /
   -~-

:-)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From jeffb at sware.com  Tue Feb 13 16:51:59 1996
From: jeffb at sware.com (Jeff Barber)
Date: Wed, 14 Feb 1996 08:51:59 +0800
Subject: META: Filtering/Posting advice
In-Reply-To: 
Message-ID: <199602131802.NAA22343@jafar.sware.com>


Ray Arachelian writes:

> So there are options for those who want less noise.  I do not beleive it 
> is anyone's place to banish anyone from posting to the list, nor grading 
> a person's worth based on past posts.

Every one of us "[grades] a person's worth based on past posts" and
this is as it should be.  That's why my finger hovers only nanometers
above the 'd' key when I see a post from, say, Vlad the Imposter.


-- Jeff





From frantz at netcom.com  Tue Feb 13 17:13:09 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 09:13:09 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602131752.JAA28288@netcom7.netcom.com>


At 12:36 AM 2/13/96 -0800, jim bell wrote:
>
>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>idea.   Quite the contrary; I think it actually supports me.
>
>How so?, you ask?  Well, let's consider any potential assassin who might be 
>interested in this "contract."  Aside from the obvious moral issues involved 
>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>is that such a potential assassin would see a number of problems that would 
>strongly dissuade him from attempting to kill Rushdie.
>
>1.  There is no way he could be assured that he could collect the award 
>anonymously.  His name would certainly "get out," and then he would be 
>subject not merely to "the law," but also anybody who wanted revenge for 
>Rushdie's death.
>
>2.   There is no way he could be assured that he would actually receive the 
>award.  (How would he prove HE did it?)
>
>3.  That's because there is no way he would enforce this "contract" should 
>the offerer refuse to pay.

These points would not affect a devout Iranian Muslem.  To him the death
warent has already been issued by legitimate authority.  It is not even
clear that money would be his princple motivator.

I must respectifully disagree with Jim in this case.  I believe that
Rushdie has not been hit because the protection he enjoys is sufficent to
repel the potential assassins.  Note that he has an advantage over the US
president (who probably has as many potential assassins) in that he does
not need to make public appearences.

Adding money to the pot will attract rational (and amoral) people who will
then make a determination based on (1) profit, and (2) risk, which includes
getting caught or killed.  It seems to me that Secret Service levels of
protection can protect a public figure against even Assassination Politics.

Bill







From tcmay at got.net  Wed Feb 14 09:16:01 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 14 Feb 96 09:16:01 PST
Subject: Response to Perrygram
Message-ID: 


At 2:04 PM 2/14/96, Robert Hettinga wrote:

>Perry and Tim,
>
>Why don't you two have sex already? The tension around here is getting
>unbearable...

And why don't you stop cluttering up the list with supposedly cute stuff
like this?

The couple of fairly short messages I've written in response to comments by
Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
Netscape battle.

(If anyone can point to examples where I have engaged in protracted--more
than a couple of short messages--flames, please send me pointers to these
examples in private mail. I claim no especial morality, but I do think I've
stayed out of ongoing flame wars. I haven't even commented on
"assassination politics," even though it's just a watered-down and
poorly-thought-out version of what I wrote about in 1988...easier to just
delete the ramblings.)

And yet people like Bob and Uni feel compelled to throw their two cents in
about what a spectacle this is.

Get real.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From perry at piermont.com  Tue Feb 13 17:19:01 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 14 Feb 1996 09:19:01 +0800
Subject: DEA
In-Reply-To: <199602130154.CAA23267@utopia.hacktic.nl>
Message-ID: <199602131752.MAA21256@jekyll.piermont.com>



Okay, Anonymous: what does DEA corruption have to do with Cypherpunks?

Anonymous writes:
> Column by Jim Dykes 
> in the Knoxville Journal (423-584-9606), 2/8/96.
> 
> 
> (...) I had a call the other day.  About the DEA.  Try to keep
> all these damn acronyms straight:  DEA is Drug Enforcement
> Agency.
> 
> Call was from an old cowboy - well, former Air America pilot, to
> be more precise, CIA.  (There should be a federal agency to
> control us old men better.)
[...]





From wilcoxb at nag.cs.colorado.edu  Tue Feb 13 17:22:14 1996
From: wilcoxb at nag.cs.colorado.edu (Bryce)
Date: Wed, 14 Feb 1996 09:22:14 +0800
Subject: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
In-Reply-To: <199602131244.XAA00168@mail.mel.aone.net.au>
Message-ID: <199602131752.KAA12867@nag.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

This quotes some mail sent directly to me by (probably) an 
entity calling itself "Jiri Baum".  I apologize in advance
if said probable entity is offended at my broadcasting his
words, but I thought it was a good contribution to cpunks.
(Which, cosmos knows, could use some good contributions
that aren't just rehashes of the eternal floating
"libertarianism" Usenet flamewar/rantfest.)


(Hereafter knowns as "the EFLUFR", pronounced "Effluffer".)


  +---+---- Bryce
  |   |
+---+------ Probably an entity calling itself Jiri
| | | |
v v v v
> > > > An entity calling itself Jiri Baum 
> > > >  probably wrote:
> > > ...
> > > 
> > > Probably? Didn't I sign it? :-)
> >
> >
> >Ah, grasshopper...  If there was a good path between you and
> >I in the Web of Trust, *then* I would take out the
> >"probably".  :-)
> ...
> 
> I guess it depends on whether we are talking about "Jiri Baum wrote"
> (about which you'd be perfectly right) or "An entity calling itself
> Jiri Baum wrote". Witness:
>   + there exists an entity which controls the PGP key in question
> (*)
>   + that entity calls itself "Jiri Baum" (key signature)
>   + that entity wrote the text in question (text signature)
> 
> Therefore, an entity calling itself Jiri Baum wrote the text in
> question. No need for a web of trust - as they say on Star Trek,
> simple logic will suffice :-)


Well now let's say that an active attacker had supplanted
your public key with his own.  He is not, really, an entity
who calls himself "Jiri".  I mean, sure by using a public 
key which he controls and which has "Jiri" on it he is 
calling himself "Jiri", but he rarely if ever actually talks
to people and says things which those people associate with 
the name "Jiri".  More significantly, he never thinks of
*himself* as "Jiri".  So in this most fundamental sense he
does not "call himself Jiri".


*You* are the entity who calls yourself Jiri, and I can only
say that you "probably" wrote the above because I'm not sure
if you actually control the public key associated with your 
name.


Tim May's solipsistic conflation of appearance and identity
notwithstanding.


I guess we are just using different semantics for "an entity
calling itself".  I didn't want to say "an entity whose One
True Name is 'Jiri Baum'", because I don't believe in One
True Names.  I can see how my choice of words was confusing
though, since Mitch (the Man In The CHannel) can be seen as
"calling itself 'Jiri Baum'".


Maybe I'll start saying "An entity who creates the output
which we associate with the nym 'Jiri Baum'...", in order to
point out that the actual "Jiri" makes this stuff up and 
Mitch just relays it with perhaps some editing.  But then
what if Mitch took a more active role, putting words in your
mouth and so forth?  Maybe I should say "An entity who calls
itself 'Jiri Baum' and is more or less unaware of any nym
collision regarding that nym...".


Yeah, that one seems bulletproof...



> True - I guess that's another use - a time-stamping service could
> sign any page that asks for it. Time to whip up yet another CGI
> script! (When/if I have the time - this one ain't so simple because
> it has to get the page off the web.)


Wei Dai  and Matthew Richardson 
 have both done this.  I suspect
that Wei's time-stamping service is not still functional.
(A pity.  We need redundancy for added assurance.)


I myself use Usenet and mailing lists as a sort of poor
man's time-stamping service.  If I invent an idea or some
prose, and I sign it and then broadcast it thusly, I think
enough people will keep a record of it having been in
existence with my signature on it at this time, that I can
later call on them to testify to that effect.  Hopefully.


Yet another reason to clearsign my output.


Okay I will try to find responses to this even if they are
buried in the EFLUFR.  (All hail GREP!)


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMSDPpPWZSllhfG25AQFrUgP+IzidvICvkApSl87b03f4Ebatwcmg05cJ
QF3jE7SbmRpcJshE6Cty5Lu3revBeGknRI3VDMoS4n0fCIxjq3D592d5mqOjwN0e
QV620Aq2cnJZ3LRknZtaIGNluedkC4iG2xM3VzxIbVVGmmGEbhwEhKNmFEqWr2um
SdDPSWvtnhs=
=sc0s
-----END PGP SIGNATURE-----





From jya at pipeline.com  Tue Feb 13 17:36:31 1996
From: jya at pipeline.com (John Young)
Date: Wed, 14 Feb 1996 09:36:31 +0800
Subject: TEN_ysp
Message-ID: <199602131607.LAA08878@pipe4.nyc.pipeline.com>


   2-13-96. NYT:

   "New Spynet Links C.I.A. and Envoys."

      The C.I.A. is planning to buy commercial comm gear, put
      an encrypting scrambler on it, and give diplomats in
      Bosnia and elsewhere the ability to receive adulterated
      facts that it previously had been unwilling or unable to
      share except with enemies. Soon, diplomats will be up to
      speed with spying foreign correspondents, many of
      whom have portable comm gear combining sat phones and
      computer ports. "We have our own classified Internet in
      the intelligence community, with home pages just like
      you do on the Internet," gurgled a spy-leaker to this
      reporter-siphon -- who already knew by spying browsers
      and snooping search engines what the dagger-gagger
      duhhed.

   TEN_ysp













From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 13 18:02:25 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 14 Feb 1996 10:02:25 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <01I15ZHN65A0A0V0R0@mbcl.rutgers.edu>


From:	IN%"declan+ at CMU.EDU"  "Declan B. McCullagh" 13-FEB-1996 00:19:48.79

>Exactly. Catharine MacKinnon, for instance, has called the EFF and other
>Rimm-debunkers part of the "pro-pornography power block" which
>represents the "howling fury of the pornographers protecting their
>penises and their wallets."

	So Catharine MacKinnon wants to castrate and steal from men? No
surprise... Excellent quote to repeat, BTW... it might even get
the male followers of the Christian Coalition et al to question with whom
they're working. 

>ObCrypto: Yes, Know Your Enemies and work with the natural enemies of
>the religious right, such as groups like the ACLU and the FEN. The
>theocratic push to outlaw nonescrowed crypto is next.

	As I said before about the CPSR and libertarians (and Rush Limbaugh and
libertarians), politics makes strange bedfellows.
	-Allen





From perry at piermont.com  Tue Feb 13 18:14:06 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 14 Feb 1996 10:14:06 +0800
Subject: Cypherpunks vs. Coderpunks
In-Reply-To: <199602130525.AAA24031@bb.hks.net>
Message-ID: <199602131829.NAA21286@jekyll.piermont.com>



Leslie Todd Masco writes:
> My concern is that the two lists will become more disjoint than they
> already are.  I believe that the content of Cypherpunks is enhanced
> by having the programmers present, just as the coders benefit from
> the guidance of seeing the possibilities opened by their endeavors.

I agree and would like to amplify.

I'm really sick of the folks who can post to libernet, com-priv,
talk.politics.guns, etc, pissing on the parade.

The thing that makes Cypherpunks worthwhile is that its a place where
you could, once, get news updates about GAK, information on the latest
research into cryptography, organize mass key crackings, discuss APIs,
talk a bit about the politics of cryptography, etc.

Now, we get anonymous posters putting up bits on corruption in the
DEA, sections of Tsutomu Shimomura's sex life, and other garbage. I
don't give a damn if you think "Perry's a whining asshole; no one
appointed him God", the stuff I'm mentioning is almost totally
irrelevant to the topic at hand. (I *still* see no relevance to the
late great Kevin Mitnick discussion, and frankly, I don't give a damn
if he's in jail.) I also really am not impressed enough with the
justification for why Jim Bell's "ideas" need to be discussed here.

For some people without jobs (I won't name names) there is no problem
with this. However, some of us have trouble keeping up, and
unfortunately Cypherpunks has content that is key to our work and
interests. 

Sadly, there isn't another place with the momentum where people are a
bit more polite and talk about the same information.

Yet.

Perry





From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 13 18:16:35 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 14 Feb 1996 10:16:35 +0800
Subject: Australian net limitations
Message-ID: <01I15ZWKBYJ8A0V0R0@mbcl.rutgers.edu>


	This may have some relevance to the Australian crypto regulation
thread a while back.
	-Allen

From:	IN%"rre at weber.ucsd.edu" 12-FEB-1996 23:51:48.10

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sun, 11 Feb 1996 18:28:44 -0800
From: madanmohan rao 
To: "Multiple recipients of list india-gii at cpsr.org"
     
Subject: Internet news about Asia, India

Hello folks -
 
     Here are excerpts from this week's edition of my column,
"International Internet NewsClips." The full version plus
archives are at MecklerMedia's Internet World site
(http://www.iworld.com/netday/NATW.html). You can also find my
reviews of books on Internet-related subjects at this site.
     Comments, feedback, etc. most welcome as always.
                                                      - madan
______________________________________________________________
  Madanmohan Rao (rao at igc.org), Communications Consultant, 
     United Nations Inter Press Service bureau.
--------------------------------------------------------------
 
[...]

Internet Legislation To Be Formulated In Australia
--------------------------------------------------
1996 is probably going to be a watershed year in Australian
Internet history. Decisions are going to be made about what is
and is not allowable on-line. Concerned users will have a chance
to express their opinions to the Australian Broadcasting
Association's On-line Services Investigation, by February 16. 
The ABA's is the second similar investigation in the last six
months. A Senate report last November argued that it should be an
offence to "transmit, obtain possession of, demonstrate,
advertise or request the transmission of material equivalent to
RC (refused classification), R or X categories." But this would
mean that the on-line world would be restricted by tighter
standards than the off-line world. The ABA has issued a
comprehensive Issues Paper for its inquiry (http://www.dca.gov.
au/aba/olsissue.htm). Available since December, the paper deals
with the concepts of codes of practice, the development of a
representative industry body, the establishment of an independent
complaints-handling body and other mechanisms for controlling
access in the on-line environment. It also looks at consumer and
Australian content issues on the Net, provides a handy guideline
to censorship classification, and a summary of the findings of
the Office of Film and Literature Classification's own informal
search of the Net - 27 hours of porn hunting yielded the
discovery that "restricted and refused classification material
was difficult to find, at times difficult to download, and was
more prevalent on Usenet newsgroup files than on the World Wide
Web." The ABA accepts submissions by e-mail (online at aba.gov.au).
(Sydney Morning Herald; February 6, 1996)
 
Nations See Internet As Cultural, Political, Economic Threat
------------------------------------------------------------
Nations are discovering that data sent via the Internet can be
every bit as threatening to a country's laws or its culture as
the armies of yesteryear. "Nation states are trying to assert
themselves with increasing aggression into cyberspace," said
Electronic Frontier Foundation's John Perry Barlow, at the World
Economic Forum in Davos, Switzerland. It's not just cultural or
social sovereignty that governments worry about. The power to tax
is also being eroded by the increase in economic transactions
that take place over the Internet, some of it encrypted so that
prying eyes of the tax department could not read them. "You can't
control it, it's uncontrollable," said MIT's Nicholas Negroponte.
"If someone tells you that you can, they are probably smoking
pot."
(Toronto Globe and Mail; February 3, 1996)





From frantz at netcom.com  Tue Feb 13 18:27:17 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 10:27:17 +0800
Subject: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602131839.KAA02998@netcom7.netcom.com>


PowerPC News (free by mailing add at aptdata.co.uk) quotes Reuter as as saying
that Thomas Middelhoff, a board member of Bertelsmann AG, which has a
significant stake in America  Online, said that a decision on the merger
could be made within a month. He noted that new data showed that 40% of US
Internet traffic was flowing through America OnLine's network and that
together with Netscape the two companies would effectively  control the
technology now shaping the global network - "And then Microsoft would be
left without an Internet standard,".







From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 13 18:52:45 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 14 Feb 1996 10:52:45 +0800
Subject: Cypherpunks vs. Coderpunks
Message-ID: <01I16036OIWSA0V0R0@mbcl.rutgers.edu>


From: Leslie Todd Masco 

>My concern is that the two lists will become more disjoint than they
>already are.  I believe that the content of Cypherpunks is enhanced by having
>the programmers present, just as the coders benefit from the guidance of
>seeing the possibilities opened by their endeavors.

>The remailers network is the most obvious example of the benefits of this
>synergy. I'd hate to see us lose later rewards that could otherwise be reaped.

	I would agree about this. However, hopefully some of the pure-coding
stuff (such as the timing of sun speeds or whatever thread) can be moved to
coderpunks for the sake of those on here who aren't interested... and who are
also the least likely to have an easy filter to use.
	-Allen





From privsoft at ix.netcom.com  Tue Feb 13 19:16:28 1996
From: privsoft at ix.netcom.com (Steve )
Date: Wed, 14 Feb 1996 11:16:28 +0800
Subject: DSN Tech.
Message-ID: <199602131852.KAA20485@ix6.ix.netcom.com>


Is anyone famillar with the balck-box by Dr. Aaron Freidman of DSN 
Technologies? I am trying to get info on it and other products from DSN 
Tech. 
thnx
privsoft at ix.netcom.com
Steve

"The CDA Sucks!" 






From alano at teleport.com  Tue Feb 13 20:36:35 1996
From: alano at teleport.com (Alan Olsen)
Date: Wed, 14 Feb 1996 12:36:35 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks issues
Message-ID: <2.2.32.19960213203230.00af30dc@mail.teleport.com>


At 03:21 AM 2/13/96 -0800, John Gilmore wrote:
>Date: Mon, 12 Feb 1996 17:02:39 -0500 (EST)
>From: Paul Resnick 
>To: gnu at eff.org
[Snip]
>Markets for IP Addresses
>
>The 32-bit numbers used for Internet addressing and routing are a
>limited resource. As this resource becomes scarcer, political
>considerations are likely to creep into allocation decisions made
>through existing administrative processes, leading to suboptimal
>allocations. By granting transferable property rights to addresses,
>allocation decisions can be removed from the political realm into the
>economic realm, so that addresses are allocated to those who value them
>most. This project seeks to develop consensus in the Internet community
>for a move to market-based allocation, and investigates alternative
>designs for an electronic market to coordinate the exchange of IP
>addresses.

This proposal bothers me. I do not see any positive results from this
proposal. (Or at least the negatives will far outweigh the positive.)

Here is what I see as the results of such a plan...

Getting an IP address will become prohibitivly expensive except for the
largest megacorps.  Instead of solving the limitations of the current
system, this plan will cause people to "invest" in IP addresses in the hope
that the price will go up.  IP addresses will become part of a corporation's
invenstment portfolio.  This will result in less usage of IP addresses, not
more.  The Internet is a fully complient buzzword.  People will buy IP
addresses becuase it is "the cool thing to do" and they can make a quick buck.

I wonder if "used" addresses will get less money on the "open market" than
"unused" addresses.  If that is the case, then the you will see huge blocks
of addresses go unused so as to not spoil their "market value".

All in all, I see it as a bad idea...

"Ever have a problem getting an IP address from your local ISP?  YOU WILL!
And the poeple to bring it to you? AT&T!"
 
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From stewarts at ix.netcom.com  Tue Feb 13 20:53:30 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Wed, 14 Feb 1996 12:53:30 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602130712.XAA26897@ix12.ix.netcom.com>



>> One thing the V-Chip gives us is the argument:  Now that parents have the
>> ability to control what their children watch, the government should turn
>> responsibility over to them and butt out.

Unfortunately course it doesn't; we still "need" the government to control
sex and indecency on TV, plus to enforce the "voluntary" rating standards
and make sure TV companies attach them to their programs.  Sigh.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From jsw at netscape.com  Tue Feb 13 20:54:48 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Wed, 14 Feb 1996 12:54:48 +0800
Subject: COO_kie
In-Reply-To: <199602121615.LAA21849@pipe4.nyc.pipeline.com>
Message-ID: <312046BF.3C64@netscape.com>


John Young wrote:
> 
>    2-12-96. FinTim:
> 
>    "This bug in your PC is a smart cookie."
> 
>       Netscape Navigator contains a little-known wrinkle that
>       increases the power of companies to find out who their
>       customers are and what they are up to. It allows
>       companies to track which Web pages an individual looks
>       at, when, for how long, and in what order. The
>       information is stored on the customer's computer as
>       "persistent client-state hypertext transfer protocol
>       cookies".
> 
>    2-12-96. WSJ:

  There is a lot of confusion about cookies.  They do not allow
a web site to access private information such as the user's
e-mail address or other preferences as was recently reported
in Web Review.  They only store information that the web site
already has.  If you never give a web site private information
about you or your identity, they will not be able to match your
access patterns to your identity.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jcobb at ahcbsd1.ovnet.com  Tue Feb 13 20:56:20 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Wed, 14 Feb 1996 12:56:20 +0800
Subject: Internet Without Frontiers?
Message-ID: 


 
 
  Friend, 
 
 
     A 02 11 96 Reuter newsstory from Brussels, headlined 
     ---------------------------------------------------- 
 
         STRASBOURG MEDIA DEBATE HEADS FOR SHOWDOWN 
 
  reports: 
 
    ...the European Parliament in Strasbourg on Wednesday...
    hammers out new rules for the European Union's audio- 
    visual sector. 
 
 
  The EP may try to revise the 1989 law puffed as "television 
  without frontiers."  That law might be extended to govern 
  "new" services such as 
 
    ...teleshopping, the internet and pay television.... 
 
  
  Ach! and Sacre bleu!  Therefore-- 
 
     A coalition of 40 companies and trade associations from 
     the recording, advertising and technology industries has 
     written to parliamentarians...to urge them against extend- 
     ing rules to new services. 
 
 
  But there's another factor. 
 
    If the socialist demands for regulation of information high- 
    way services...prevail, the Parliament will then be set for 
    an almighty row with EU governments. 
 
 
  Why? 
 
    EU culture ministers agreed last November to keep current 
    rules unchanged. 
 
 
  It's cheaper to enlighten a few ministers, you see,  than it is 
  to enlist a whole gaggle of parliamentarians. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename: 
 
                         info13_8187.html 
 
 
         This critical essay was composed 02 12 96. 
 
 






From cactus at hks.net  Tue Feb 13 20:56:35 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Wed, 14 Feb 1996 12:56:35 +0800
Subject: Cypherpunks vs. Coderpunks
Message-ID: <199602130525.AAA24031@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May, an unelected spokesman of the Cypherpunk Ghetto (tm) wrote:
> Apparently the Cyphepunks list is thus being left to those of us who either
> don't want to code, or have no skills at coding, or who think the
> sociopolitical issues are more interesting.

I think you're misinterpreting what's going on.  Participants in the 
Coderpunks list are not generally abandoning Cypherpunks.  Some people
who have long been absent from the Cypherpunks list have joined it, but
I've seen posts from most of the Cypherpunk participants of Coderpunks 
on Cypherpunks since it was formed.

My concern is that the two lists will become more disjoint than they
already are.  I believe that the content of Cypherpunks is enhanced by having
the programmers present, just as the coders benefit from the guidance of seeing
the possibilities opened by their endeavors.

The remailers network is the most obvious example of the benefits of this synergy.
I'd hate to see us lose later rewards that could otherwise be reaped.

I don't believe that it'll be sociopolitical content that'll chase
the coders away: if the constant fighting over indisputable metaphysics
doesn't do it, the fighting over who was killfiled by whom first
and who's a total loon will.

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSAgvSoZzwIn1bdtAQE0CQF/Zk1TkLEnHKcBsi1IETtwqMP7y6oO6dmF
R3bAM7bpP2Rg4HphYkxEAIyo6zztkDrr
=jTwL
-----END PGP SIGNATURE-----





From ethridge at Onramp.NET  Tue Feb 13 20:57:10 1996
From: ethridge at Onramp.NET (Allen B. Ethridge)
Date: Wed, 14 Feb 1996 12:57:10 +0800
Subject: CyberAngels
Message-ID: 


Don't know if this has been mentioned on this list, since i'm, as usual, a
little behind on my reading.  I found this while out about this while
reading alt.religion.scientology.

The Guardian Angels have decided to enter cyberspace and make it safe for
us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/
.  How is this relevant to cypherpunks?  From their FAQ:


"9) What kinds of changes would the Guardian Angels / CyberAngels like to see?

a) We would like to see an improvement in User identification. User ID is
impossible to verify or trace back. The very anonymity of Users is itself
causing an increase in rudeness, sexual abuse, flaming, and crimes like
pedophile activity. We the Net Users must take responsibility for the
problem ourselves. One of our demands is for more accountable User IDs on
the Net. When people are anonymous they are also free to be criminals. In a
riot you see rioters wearing masks to disguise their true identity. The
same thing is happening online. We would like to see User ID much more
thoroughly checked by Internet Service Providers."


Since i'm can't do emphasis in ascii well, i'll quote the interesting
sentence again -

"When people are anonymous they are also free to be criminals."

I've never been a fan of anonymity, but it does have it's legitimate uses.

        allen







From lmccarth at cs.umass.edu  Tue Feb 13 20:57:20 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 14 Feb 1996 12:57:20 +0800
Subject: Cypherpunks vs. Coderpunks
In-Reply-To: 
Message-ID: <199602130502.AAA13406@opine.cs.umass.edu>


-----BEGIN PGP SIGNED MESSAGE-----

I wasn't going to mention this here, but...

Tim May writes:
> If you want to discuss coding, go over to Coderpunks and
> see if you have the magic password that gets you in. 

FWIW, I am (and have been) adding everyone who asks to subscribe to 
coderpunks, in spite of what the welcome message says. (I don't have control
over that :)  But the charter is much narrower than the cypherpunks list's;
I expect many cypherpunks subscribers wouldn't find the coderpunks traffic
particularly interesting. 

I volunteered for the dirty job of "enforcing" the charter by throwing 
people who ignore it off the list. This arrangement has the obvious 
disadvantage that I can capriciously eject people from the list. It has the
arguable advantage that I am willing and able to not-so-capriciously eject 
people from the list. Only time will tell whether this model will succeed or 
fail in some sense.  

If you want to join coderpunks, my life is made slightly easier if you
mailto:coderpunks-request at toad.com rather than sending directly to me.

Futplex 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSAbISnaAKQPVHDZAQERqwf8D/TawTbHjw5WbJJGC6mfJn8U8k2zPwrK
PS6hWiFJEZlyBJAfgYoSpoSvnEAq/Ba1PxiivhX35cQqifsFbYrK7vF6DdTy1wQH
ic/KbJcuhS9HoPliJ4wPLZv43o+edhthiz0LiA8Z5EWXd9ux2Hik82Chk8xDDNTo
zElcUOt0XJZV2rbnjHGWe+jSuFCWsKAXKelNhZb012+TESePDT0OXSnmzh7NsTKV
4xMJIlf2Me1VmZGQv6a5KUuPaSOO9XThRcxXkRzGXfTkjKFTTaUCCEGFvtawUWLo
F+zOSWYUmTdadkMkfW6iIpNU1hnC2cHhCerqWQjwfyqnkkPfSRj/8A==
=5YD4
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Tue Feb 13 20:57:42 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 14 Feb 1996 12:57:42 +0800
Subject: 
Message-ID: 


At 01:41 PM 2/12/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>
>>Yet if I read you correctly earlier, you don't think the USG has the right 
>>to regulate those communications. Why the distinction ?
>
>Okay, obviously I need to drop down a gear & explain *my* feelings:
>
>Part of the definition of a "sovereign nation" is to define and carry
>out both high and low justice over it's domain - the absolute right
>of a sovereign. Is not mentioned in the US constitution because it 
>was a given.

Hardy har har!  This sounds like a joke, right?  Anything you WANT the 
Constitution to have said, "is not mentioned in the Constitution because it 
was a given."

Thanks for making me laugh...at you!


>"Free speech" means that a citizen is free to speak (communicate) anthing,
>anytime, anywhere. This is the right guarenteed by the first amendment. This
>does not relieve the individual from being liable for the consequences of 
>the exercise of "free speech".

This statement is internally inconsistent.  If the speech is truly "free," it 
is (and should be!) unconstrained.  To whatever extent it is constrained, it 
is not entirely "free."  Now, even if we all agree that SOME speech should 
be limited, don't try to use this argument to allow the government to 
restrict ALL speech!


>However, the government is under no obligation (though in the silly seventies
>it seemed that we were going that way) to aid or abet in the exercise of
>free speech. If it were properly and legally decided that communications 
>with anon.penet.fi is against "national interest" then the sovereign has 
>not only the "right" but the *duty* to block/monitor such communications.

Here you get wacky again.  You first make a true statement, and then come to 
a false conclusion.

Logic lesson for Padgett:

There are at least three categories here:

1.  Government restricts communication.
2.  Government neither assists nor restricts communication.
3.  Government assists communication.  (through stolen tax dollars, BTW.)

Your first sentence in the paragraph immediately above simply says that item 
3 is not required.  That is a true statement.  However, you falsely 
(apparently deliberately?) suggest that item 2 cannot exist; the only 
alternative is item 1.

Get real, Padgett.  Wake up.

Jim Bell

Klaatu Burada Nikto







From stjude at well.com  Tue Feb 13 21:01:30 1996
From: stjude at well.com (Judith Milhon)
Date: Wed, 14 Feb 1996 13:01:30 +0800
Subject: uh oh, mutation time?
Message-ID: <199602130658.WAA27561@well.com>



Electronic Guerrillas: Resisting Net Censorship
THE MUTATE PROJECT
http://www.onworld.com/MUT

"Don't black out YOUR website.  Black out THEIRS"

        Hassan I Sirius

        2/8/96

This is an invitation to join a public forum on the World Wide Web on
resisting internet censorship.  By now, you have all heard about the
Communications Decency Act and you know, or should know, the scope of this
law.  This discussion will revolve around active resistance to this law;
routing around it, on-line uncivil disobedience, pranking, hacking, and
otherwise fucking with the Net Cops.  And ordinary political organizing need
not be excluded.

Electronic Guerrillas:  Resisting Net Censorship is a topic within a Forum
called Kulchur Wars.  Kulchur Wars is a Forum that is part of The Mutate
Forum.  The Mutate Forum is a part of the website "THE MUTATE PROJECT."  THE
MUTATE PROJECT is an outgrowth of the book "How to Mutate & Take Over the
World" by R. U. Sirius, St. Jude & The Internet 21.  

While we'd planned to officially open THE MUTATE PROJECT in mid-February,
we've decided to open up the forum TODAY, in response to the passage of this
legislation.

Don't worry.  It's easy to open up this Chinese box.  

Just go to
http://www.onworld.com/MUT
click on 
Mutate Forum
Read your induction papers
Click on 
Join a Cool Conspiracy
open
Kulchur Wars
add your posting to the string entitled Electronic Guerrillas: Resisting Net
Censorship

Feel free to post in the other topics
start your own
or to poke around in the scaffolding of THE MUTATE PROJECT
but remember that it's STILL UNDER CONSTRUCTION

see you there

R. U. Sirius
Sirius Communications





From sjb at universe.digex.net  Tue Feb 13 21:38:10 1996
From: sjb at universe.digex.net (Scott Brickner)
Date: Wed, 14 Feb 1996 13:38:10 +0800
Subject: Secrecy of NSA Affiliation
In-Reply-To: <3107db204068002@noc.cis.umn.edu>
Message-ID: <199602131959.OAA16076@universe.digex.net>


Kevin L Prigge writes:
>Timothy C. May said:
>> When I attended Crypto '88, nearly 8 years ago, at least several of the NSA
>> attendees had "National Security Agency" on their name badges. It may be
>> that run-of-the-mill employees still maintain the fiction  for public
>> consumption that they are DOD employees, but such was not the case in 1988
>> at "Crypto."

This sounds about right.  When I was an NSA employee ('83), our
introductory briefing included the suggestion (I don't recall it being
phrased as a command command) that we identify ourselves as DoD.  It
was suggested that this might lessen our visibility as espionage
targets.

At the time, the brass would likely have been identified as NSA, as
were the lesser brass in the National Computer Security Center, but
regular employees weren't.

>At the RSA conference last week, there were approximately 10 people from
>the NSA. Only 2 of those were registered as DOD, the rest were NSA. I
>mentioned this at lunch to a guy from the NSA, and he said that only
>oldtimers do the DOD identification anymore.

Yikes.  Sometimes age creeps up on you when you aren't looking.  I
guess I'd be an "oldtimer" if I were still working there?  An
"oldtimer" at thirty-three... hmm.





From daw at dawn7.CS.Berkeley.EDU  Tue Feb 13 21:51:07 1996
From: daw at dawn7.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 14 Feb 1996 13:51:07 +0800
Subject: Firewall USA to Firewall China
Message-ID: <199602132225.RAA29121@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602130139.RAA11162 at mage.qualcomm.com>,
Peter Monta  wrote:
> > [ Jim Clark, "Firewall China" ]
> >
> >   A: A lot of people think that's not possible. It's difficult to enforce,
> >   but it's certainly possible. A corporation has a so-called fire wall -- a
> >   single point of entry into the corporate net. You can have a country
> >   that has a single point of entry into its "country net." It's doable. All
> >   you need, though, is one breach of security, and there's a leak.
> > 
> >   A fire wall is a filter -- it filters and doesn't let certain people come in.
> >   You can only come in if you have the right permission. So you could
> >   easily set that up so that it would filter out your objectionable
> >   material.
> 
> He seems to be confusing network security with the propagation of content.
> A firewall is going to have a lot more trouble filtering dangerous
> thoughts than UDP port 1234, unless there are humans in the loop.

Hmm, I'd argue that firewall technology would indeed let China filter
out many "subversive" thoughts on the Internet.

The firewall is not going to be able to stop the two-rogue problem:
two technically knowledgeable rogue agents, one on each side of the
firewall, *will* succeed in communicating dangerous thoughts if they
try hard enough.  But that's not so important to solve perfectly,
in practice.

No, in reality, China could set up a few simple application proxies
and only allow world -> China traffic on a few closely controlled
ports, such as http, smtp, nntp, ftp, etc.  The proxies could

* filter out "naughty" and "seditious" sites (e.g. www.playboy.com),
* filter out email, news, etc. which has traversed
  a "known dangerous site" (e.g. a remailer or ftp.hacktic.nl),
* daily update their lists of subversive sites
  (e.g. by reading Raph's remailer list),
* filter out indecent newsgroups,
* do simple keyword searches (e.g. fuck, revolution, protest, crypto),
  and/or
* do simple content analysis
  (e.g. maybe filter out .gifs, to stop nude pics).

This would hose 93% of the subversive stuff on the 'net.

"Social solutions" (read: men with guns) can eliminate the last 7%.

And so it goes.

Sure, someone in the "free world" (e.g. not China or the USA) could run
a remailer / http-proxy at a new site each day, enabling someone knowledgeable
in China to find dangerous material.  But the fact remains that this
requires technical knowledge and the willingness to go to the trouble of
actively accessing the remailer site.

Again, someone in the China could run a remailer / reposter / http-proxy
themselves inside the firewall; that's where the "social solutions" come in.
Kick down the door (see, jackboots are good for something after all!), beat
up the children, and you can kiss that remailer goodbye.

Technically, you're right in saying that you can't filter all the content
perfectly; it's the classic covert channel problem.  But practically, the
Chinese gov't can probably wreak havoc with 'net freedom in China.

- -- Dave Wagner
Fuck the CDA.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSEPwyoZzwIn1bdtAQEFDAF9GXWLz9beaciHbY3mo3Reaom7K5IK0k2I
pVz5NrHqa80eDtC8Rr0w/kSzkKtq4GCL
=k93A
-----END PGP SIGNATURE-----





From weidai at eskimo.com  Tue Feb 13 21:58:39 1996
From: weidai at eskimo.com (Wei Dai)
Date: Wed, 14 Feb 1996 13:58:39 +0800
Subject: Crypto++ 2.0 beta
In-Reply-To: <199512031725.LAA03163@duracef.shout.net>
Message-ID: 


I'm about to release version 2.0 of Crypto++, and I am looking for people 
to do some beta testing on it.  I'm especially interested in testing for 
compatibility with different compilers/OSs.  If you are interested, 
please e-mail me stating that you are a US or Canadian citizen or 
permanent resident living in US or Canada and that you will not export 
the software.

Wei Dai

Here's the readme for Crypto++ if you don't know what it is.

Crypto++: a C++ Class Library of Cryptographic Primitives
Version 2.0 beta   2/13/1996

This library includes:

MD5, SHS, HAVAL, DES, IDEA, WAKE, 3-WAY, TEA, SAFER, Blowfish, 
Diamond2, Diamond2 Lite, Sapphire, Luby-Rackoff, MDC, various 
modes (CFB, CBC, OFB, counter), DH,  DSA, ElGamal, LUC, Rabin,
BlumGoldwasser, elliptic curve cryptosystems, BBS, gzip 
compression, Shamir's secret sharing scheme, Rabin's information 
dispersal scheme, and zero-knowledge prover and verifier for
graph isomorphism.  There are also various miscellanous modules such 
as base 64 coding and 32-bit CRC.

RSA and RC5 are noticeably absent.  I am still talking to RSA
DSI about adding them back into Crypto++.  I hope version 2.1
will include them.

Crypto++ has been compiled and tested with Borland C++ 4.5, MSVC 4.0, 
and G++ 2.7.2 on MS-DOS, Windows NT, and a variety of Unix machines.
You are welcome to use it for any purpose without paying me, but see
license.txt for the fine print.

           
Some short instructions to compile this library:
(you probably need to modify this to suit your environment)


-- if want to use this library with RSAREF, then

1. get a copy of RSAREF

2. untar or unzip it into a directory below this one

3. type "gcc -c -I. *.c" (in the rsaref/source directory) to compile RSAREF

4. edit config.h

5. type "g++ -c -Irsaref/source -I. *.cpp" to compile this library

6. type "g++ *.o rsaref/source/*.o -lstdc++ -lm" to link the test driver

7. type "a.out" to run the test driver


-- if you DON'T want to use this library with RSAREF, then

1. edit config.h (make sure to comment out #define USE_RSAREF)

2. type "g++ -c *.cpp" to compile this library

3. type "g++ *.o -lstdc++ -lm" to link the test driver

4. type "a.out" to run the test driver


Finally, a note on object ownership:  If a constructor for A takes 
a pointer to an object B (except primitive types such as int and char),
then A owns B and will delete B at A's destruction.  If a 
constructor for A takes a reference to an object B, then 
the caller retains ownership of B and should not destroy it until A no 
longer needs it.

Good luck, and feel free to e-mail me at weidai at eskimo.com if you have
any problems.  Also, check http://www.eskimo.com/~weidai/cryptlib.html
for updates and new versions.

Wei Dai

History

1.0 - First public release.  Withdrawn at the request of RSA DSI.
    - Has a big bug in the RSA key generation code.

1.1 - Removed RSA, RC4, RC5
    - Disabled calls to RSAREF's non-public functions
    - Minor bugs fixed

2.0 - a completely new, faster multiprecision integer class
    - added HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, 
Elliptic Curve
      algorithms
    - added the Lucas strong probable primality test
    - ElGamal encryption and signature schemes modified to avoid weaknesses
    - Diamond changed to Diamond2 because of key schedule weakness
    - fixed bug in WAKE key setup
    - lots of miscellaneous optimizations






From lunaslide at loop.com  Tue Feb 13 22:28:04 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 14 Feb 1996 14:28:04 +0800
Subject: 
Message-ID: 


}>sovereign n. 1. A person, governing body, etc., in whom the >supreme power
}>or authority is vested.<  adj. 1. Exercising or possessing supreme
}>authority or jurisdiction.  2. Independent, and free from external
}>authority or influence: a sovereign state.
}
}Yup.
}
}>This is not what our government is.
}
}The United States is a sovereign nation. Do you dispute that ? The
}constitution is a binding agreement between the government and its citizens
}that determines how that sovereignty will be exercised, the elements in which
}the nation will not interfere with citizens, and the duties which it will
}carry out.

No, but I do dispute that the _U.S. Government_ is sovereign.  I'm not
going to write why all over again, since you seem to have convieniently
snipped the rest of my post, rather than answer it.  You are commiting a
straw man fallacy.  I didn't say that the nation isn't soveriegn, I said
that the government is not sovereign.  Yes, there is a difference.

}The three branches of the government were set up to ensure that "supreme
}power" would never rest with a single entity, yet taken together they do have
}that power.


The three branches are a system of checks and balances to counter the the
immergence of one sovereign pwoer.  See, it is actually built into the
constution that the govt cannot be sovereign!

}Congress and the Senate are the legally empowered representatives of the
}people. In that they do have the "power of the people" to make decisions
}on what is right and what is wrong within limits. That too is defined in
}the constitution.

The Congress is the Senate and the House, and they are given specific
powers by the people to govern themselves in relation to the job in Article
1, Sections 1-7 and to govern the people in Article 1, Sections 8-10.  The
powers given are very specific in nature and involve mostly limited
legislative powers and taxing abilities.

The President is given his rights and duties to govern the people in
Article 2, Sections 2 and 3 and they include the power to command the army
and navy, give pardons, make treaties and appoint people to positions as
Judges, Ambassadors and the like.  He has the duty to give a State of the
Union address from "time to time" to inform and ask for recomendation and
consideration on matters ofhis choosing.  He also has the right to conviene
both houses of congress to discuss matters.

In Article one, he is also given the power of the veto.

The Judicial branch, and particularly the Supreme Court, is given the power
to rule on matters concerning the court involving laws and disputes.  They
have the power to refute laws and the duty to adhere to the principles of
the constitution.

The people have the right to dissent and may petition the govt for a
redress of grievances as dictated by Amendment one.  If they are not given
satisfaction, they still have the right to free speech and press so that
they may share their dissent with one another and affect the outcome of the
next election.

The Fourth Amendment, of course, protects the "...right of the people to be
secure in their persons, houses, papers, and effects against unreasonable
searches and seizures..."  Clearly the govt cannot be sovereign if this is
true.

}Take the CDA. I do believe that it is unconstitutional but that Congress/
}Saxplayer had the *right* to pass the law just as the Supreme Court has the
}right to declare it to have been outside the power of the Congress to do so
}(which I expect). Somehow it works.

But ultimately it is the people who decide, and the people are not one with
the government.  The people have influence over the government, therefore
the government cannot be sovereign.

The first part of the Declaration of Independence indicates that it was
never the intent of the founding fathers to create a sovereign government,
refuting your nonsensical statement about it being "a given."

I ended up restating almost my whole case anyway.  But that's ok, cause
I'll just keep explaining until you understand it.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From dsmith at midwest.net  Tue Feb 13 23:18:25 1996
From: dsmith at midwest.net (David E. Smith)
Date: Wed, 14 Feb 1996 15:18:25 +0800
Subject: Netscrape's Cookies
Message-ID: <2.2.32.19960214003255.00687914@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

At 04:18 PM 2/13/96 +0000, a Deranged Mutant wrote:

[re cookies! yum]

>I'm curious if anyone knows which sites use/modify it.
AFAIK, the only site that uses it is *.netscape.com

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSEtFjVTwUKWHSsJAQHkJAf9EaG4gSj6zJLLcI6wiT6Qd45yBPL2sxIW
M8Vtf95bLgCM7h0BP6jtdUGRG0nMVqbY/Xj+kNYfDHmgZSnuoBrYld9E4bs5puTr
aVW6y7UBs3hdqz5dtWh4Gn2nq6/xTkj/t3/DlI/fuakNVnTlN0TeGPj2Alp5x8Z3
mww1gQ0EyymlioPEpyaNqg8vGSVcltDOQRdw+7HZoc2fZ6urvBkDKtHRAtN7PiUG
LMafuM+27TiRoKi1kSf0Q1S6EE7QrXoJTnTm6/qAIY1e+kPw/Lg17NhJmIQR0TnT
tSzucfxzjrGvFGI2fZL0kr5qAe/k/eqx+xKNXZHJjsNWIG8/WbdiPQ==
=dpvR
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From jimbell at pacifier.com  Tue Feb 13 23:44:08 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 14 Feb 1996 15:44:08 +0800
Subject: 
Message-ID: 


At 06:03 AM 2/13/96 GMT, John Lull wrote:
>On Mon, 12 Feb 1996 13:41:04 -0500 (EST), Padgett wrote:
>
>> If it were properly and legally decided that communications 
>> with anon.penet.fi is against "national interest" then the sovereign has 
>> not only the "right" but the *duty* to block/monitor such communications.
>
>Bullpuckey.  One could just as legitimately say:
>
>  "If it were properly and legally decided that publication of the
>  Los Angeles Times is against "national interest" then the sovereign
>  has not only the "right" but the *duty* to block such publication."

"Right on", as they used to say.  Padgett's clueless.  He'll try to justify
ANYTHING.






From cmca at alpha.c2.org  Tue Feb 13 23:48:06 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Wed, 14 Feb 1996 15:48:06 +0800
Subject: Req. for soundbites
Message-ID: <199602130917.BAA01730@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks at toad.com]
[Subject: Re: Req. for soundbites]

It was written (in English) by bob bruen :
   The four letter words that are considered indecent are an anachronism
   from the days when the French/Normans ruled England, (~1066-1300's).
   A quick look at the words and their acceptable counterparts will make
   clear the issue. The four letter word are all of English derivation and
   the socially acceptable ones are of French (sometimes Latin) derivation.
   Even the term "four-letter" is a derogatory term for the English language
   in general, because the French considered English second rate because the
   words tended to be short, unlike French. Anyone who supports the suppression 
   of these words is merely enforcing the old French repression of the English 
   and the English language from over 500 years ago. Why think for yourself 
   when tradition can do it for you?

    eg:
      to piss  - to urinate
      to shit  - to deficate
      to fuck  - to copulate
      cunt     - vagina 

So, what is the French-derived word for Motherfucker?
And, being nice and long, why isn't it acceptable?

:-) for the implicit-smiley-impaired mofos.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMR/TAYHskC9sh/+lAQGowQP+Jq3TPolK3C5pEeIHaypF8MyZSrnbxtbp
FpmVpXWw5ZqJ2txccSpTiykfE5gcANN6VeRh8N3xKJyxP3039qOQF+lpb1cAEcpF
oMU/BYUCAq3TzPboetL5dDXn6Z1OhogwQS6gv687l1gSedO6rtDBcltYft1YLjzc
WX5VSEpjDqs=
=o6E6
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Tue Feb 13 23:50:43 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 14 Feb 1996 15:50:43 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: 


At 11:56 PM 2/11/96 -0800, Bill Frantz wrote:
>At 10:18 PM 2/11/96 -0800, Alan Olsen wrote:
>...
>
>>The v-chip will be less than useful as a real filter tool for those of us
>>who have a different worldview than the censors.
>
>Again, absolutely.  Hell, I can't even devise a filter that will let me
>filter out Jim Bell's rants while letting me see his reasoned arguments on
>anonymous assassination.  (I would love to have him address the Salman
>Rushdie issue, a man who is still alive despite a considerable announced
>price for his head.  There appear to be limits to who can be subject to
>assassination for pay.)

Since Olsen claimed to have filtered me out, I'm replying primarily for the 
benefit of the others on the list.

You mention the issue of Rushdie, as if it is some sort of refutation of my 
idea.   Quite the contrary; I think it actually supports me.

How so?, you ask?  Well, let's consider any potential assassin who might be 
interested in this "contract."  Aside from the obvious moral issues involved 
here (Rushdie has, presumably, done nothing to warrant his death), the truth 
is that such a potential assassin would see a number of problems that would 
strongly dissuade him from attempting to kill Rushdie.

1.  There is no way he could be assured that he could collect the award 
anonymously.  His name would certainly "get out," and then he would be 
subject not merely to "the law," but also anybody who wanted revenge for 
Rushdie's death.

2.   There is no way he could be assured that he would actually receive the 
award.  (How would he prove HE did it?)

3.  That's because there is no way he would enforce this "contract" should 
the offerer refuse to pay.


In other words, this situation is VASTLY different than the one that 
"Assassination Politics" would presumably be able to guarantee:

1.  The assassin would be absolutely anonymous; he would not have to trust 
ANYONE with knowledge of his guilt.

2.  The assassin would have a digital record of previous payoffs made by the 
organization in question, reassuring him that they actually will pay their 
debt.

3.  There will be no need to "enforce" such a contract; failure to pay will 
be provable in the "court of public opinion."  If the offering organization 
fails to pay, this failure will destroy its hard-earned credibility.


So you see, the Rushdie case is simply not any kind of disproof of 
"Assassination Politics":  if anything,it demonstrates WHY "murder for hire" 
in so rare and ineffective today, despite even a huge offer on a well-known
target.






From gnu at toad.com  Tue Feb 13 23:50:52 1996
From: gnu at toad.com (John Gilmore)
Date: Wed, 14 Feb 1996 15:50:52 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks issues
Message-ID: <9602131121.AA09899@toad.com>


Date: Mon, 12 Feb 1996 17:02:39 -0500 (EST)
From: Paul Resnick 
To: gnu at eff.org

Last July, we started a new Public Policy Research department at
AT&T. We're writing to ask if you have friends, students, or colleagues
who could contribute to this new enterprise. We are looking both for
software hackers and for Ph.D. level researchers who are comfortable
with software but bring expertise in economics, politics, law, or
sociology. There is also an opening for a senior researcher with strong
management skills to head the department.

We're very excited about the prospects for this department. The
fundamental premise is that communication systems can provide the glue
that holds society together, in many cases more effectively and less
intrusively than governments can. We will explore the interplay of
software tools, rules, and rewards, as means of governance in electronic
markets and other virtual public spaces. In other words, how can we make
it safe, fun, and profitable to interact with people you do not know
very well?

Throughout the company, there is untapped energy that lingers from the
days when AT&T had a clear public mission of universal telephone service
for everyone in the United States. This department can offer a new
public-oriented mission. The enclosures briefly describe some sample
projects.

In spite of, or perhaps because of the recent breakup, the company is
continuing to invest in research. About 300 technical staff from the old
Bell Labs, mostly computer scientists, are part of the new AT&T Research
organization. Research areas include databases, programming languages,
software engineering, speech, cryptography and security, human factors,
collaborative applications, and more. Many departments will be hiring.

Like the former Bell Labs, the work environment is informal but intense
and intellectually rigorous.  External publication is encouraged. We
measure success by leadership and impact, in the academic research
community, in AT&T's business, and in the world.  

Please feel free to send us suggestions or pass this letter on to anyone
you think may be interested. In addition to permanent positions, there
are also opportunities for sabbaticals, post-docs, and summer
employment.

Thanks in advance for any assistance you can provide.

Sincerely,


Paul Resnick	
Member of Technical Staff
Public Policy Research Department	
presnick at research.att.com

Eric Sumner
Director, 
Network Services Research Laboratory
ees at research.att.com

P.S. You may also receive this message by paper mail: we're trying to make
it as easy as possible for you to pass it along to people who might be
interested.

-----------------------------------

Public Policy Research Department

The department creates rules and tools that enhance the common wealth in
electronic markets and other virtual public spaces where people may
interact with others they do not know very well. Traditionally,
enhancing the common wealth has been the government's purview, but
advanced communication services offer new opportunities for governance
without government. Areas of interest include:

  privacy, security, anonymity, freedom and responsibility in cyberspace
  rating and reputation services
  intellectual property
  universal service
  electronic markets
  pricing and provision of public goods
  trust and other forms of social capital

Sample Projects

PICS: The Platform for Internet Content Selection

With its recent explosive growth, the Internet now faces a problem that
confronts all media that serve diverse audiences: not all materials are
appropriate for every audience. For each new medium, society has had to
balance the value of free speech against the social costs of
distributing materials to inappropriate audiences. While most media are
regulated by blanket rules, on the Internet it is possible to reconcile
those goals through individual choices in a marketplace of ideas. In
other words, the Internet can regulate itself.

PICS, the Platform for Internet Content Selection, is designed to enable
supervisors-- whether parents, teachers, or administrators-- to block
access from their sites to certain Internet resources, without censoring
what is distributed to other sites. It draws on two unique features of
the Internet. First, publishing is instantaneous, world-wide, and very
inexpensive, so it is easy to publish rating and advisory labels. Labels
and ratings already help consumers choose many products, from movies to
cars to computers. Such labels are provided by the producers or by
independent third parties, such as consumer magazines. Similarly, labels
for Internet resources could help users to select interesting,
high-quality materials and could help supervisors to block access to
inappropriate ones.  Second, access to Internet resources is mediated by
computers that can process far more labels than any person could. Thus,
parents, teachers, and other supervisors need only configure software to
selectively block access to resources based on the rating labels; they
need not personally read them.

This project is a consortium of 23 companies, under the auspices of
MIT's World Wide Web Consortium. It has received significant attention
in the press as an alternative to government-mandated blanket rules that
would restrict the distribution of indecent materials. Details can be
found at http://www.w3.org/PICS.

Markets for IP Addresses

The 32-bit numbers used for Internet addressing and routing are a
limited resource. As this resource becomes scarcer, political
considerations are likely to creep into allocation decisions made
through existing administrative processes, leading to suboptimal
allocations. By granting transferable property rights to addresses,
allocation decisions can be removed from the political realm into the
economic realm, so that addresses are allocated to those who value them
most. This project seeks to develop consensus in the Internet community
for a move to market-based allocation, and investigates alternative
designs for an electronic market to coordinate the exchange of IP
addresses.

Electronic Support for Entry-Level Labor Markets

Entry-level labor markets in several professional fields, including law,
medicine, and psychology, share the characteristic that a large cohort
of new employees are available at approximately the same starting date
each year. The hiring processes in these fields,however, differ
significantly. Medical residents "match" with hospitals through a
centralized process embedded in a computer algorithm. Law students are
hired in a far more decentralized process. This project explores whether
computer mediation of the process can combine the advantages of both the
centralized and decentralized approaches.

Reputation Services

In the physical world, trust and reputations play critical roles in
commercial and social interactions. If word travels fast in a community,
the consequences of unethical or antisocial behavior may be sufficient
to deter such behavior. Moreover, there is an incentive to engage in
good behavior, because it will be recognized and rewarded. In on-line
environments with a dispersed base of casual users, word may not get
around so fast. Reputation services will help spread the word: they can
automatically keep track of good and bad behavior and make that history
available in useful ways. Since it is easy to assume new identities and
start new businesses on-line, leaving old reputations behind, positive
reputations are likely to be far more important than negative ones.


------------------------------------------------------------
Paul Resnick			AT&T Research
Public Policy Research		Room 2C-430B
908-582-5370 (voice)		600 Mountain Avenue
908-582-4113 (fax)		P.O. Box 636
				Murray Hill, NJ 07974-0636





From pmonta at qualcomm.com  Wed Feb 14 00:34:22 1996
From: pmonta at qualcomm.com (Peter Monta)
Date: Wed, 14 Feb 1996 16:34:22 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks issues
In-Reply-To: <2.2.32.19960213203230.00af30dc@mail.teleport.com>
Message-ID: <199602140212.SAA18926@mage.qualcomm.com>


Alan Olsen writes:

> [ AT&T, markets for IP addresses ]

What's the point, given that IPv6, with 128-bit addresses (and IP
security), is in the pipeline?  The IPv4 issue isn't *that* pressing.

Peter Monta   pmonta at qualcomm.com
Qualcomm, Inc./Globalstar






From lmccarth at cs.umass.edu  Wed Feb 14 00:35:00 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 14 Feb 1996 16:35:00 +0800
Subject: [ADMIN] Unknown address
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140135.UAA16777@opine.cs.umass.edu>


Jean-Francois Avon writes:
> Hi!  Could you tell me why I receive this message?!?
[...]
> >The user this message was addressed to does not exist at this site.  Please
> >verify the name and domain in the original message that follows.
> >Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org

Sam Kaplin's account @warehouse.mn.org is apparently gone, but his address is
still apparently subscribed to cypherpunks. Some combination of the headers
placed on outgoing list mail by majordomo at toad, and the mail-return header
interpretation policy enforced by the mailer daemon @warehouse, is causing
list mail bounces to get routed to the original message sender. (Arguing over
which site is "at fault" should probably be done somewhere like the 
list-managers list, or much better still, between the sites themselves.)

A week or two ago I forwarded a bounce message to cypherpunks-owner at toad, and
my mail bounced. I asked Eric about it and he told me he hadn't been able to
get into that account for a while (he's the list manager :). Maybe that's been
rectified now. In lieu of that, the most expedient solution to these things
is usually a well-forged unsubscription request to majordomo at toad for the
bouncing address. I think Anonymous claimed to have taken care of that a
couple of days ago, but apparently they didn't succeed.

(Sam K. announced a while back that he would be effectively dropping off the
face of the net....)





From declan+ at CMU.EDU  Wed Feb 14 00:57:14 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Wed, 14 Feb 1996 16:57:14 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <0l8IS0K00YUvFgy1tJ@andrew.cmu.edu>


Excerpts from mail: 13-Feb-96 Re: Spin Control Alert (LI .. by Sten
Drescher at grendel.te 
>         As someone who would prolly be considered part of the
> 'religious right' (why don't we ever hear of the 'religious left', who
> are prolly just as much in support of banning porn?), I have to take
> exception to this.
> I'm appalled by the CDA, and, if you start
> pointing out to religious supporters of the CDA that it has already
> resulted in the King James version of the Bible being removed from (at
> least) one web site, I'm sure that some of them will be as well,

I do hope the religious right keeps fighting against GAK. However good
their intentions may be on *that* issue, it is transcendently obvious to
anyone who has been following the flux on Capitol Hill that they were
behind the recent push to regulate the Internet. (I assume your Bible
argument is just posturing. No U.S. Attorney, political appointees they,
ever will prosecute someone who puts the complete text of the King James
Bible online.)

So you are trivially correct in asserting that not everyone who
identifies as a member of the "religious right" supports all the actions
of their lobbyists in Washington. However, that does not change the fact
that conservative theocrats were the architects of the cyberporn scare
and the accompanying "indecency" legislation.

The selfsame theocrats, in fact, used Marty Rimm's cyberporn study and
the TIME cyberporn cover as a vehicle to promote their agenda. The very
conservative Sen. Chuck Grassley in July 1995 organized a hearing around
Rimm's study to justify his anti-smut legislation. "Not a study by an
advocacy group!" he crowed on the Senate floor.

Of course, he neglected to say that religious right lobbyists *helped
write* Rimm's study, and a member of his staff likely was involved.

Let's see who the players are, as identified by Mike Godwin:

 1) _The National Coalition for the Protection of Children and Families._
Formerly the National Coalition Against Pornography, this organization
renamed itself last year, perhaps in anticipation of its legislative
compaign against online "indecency" (a broader category than pornography).
 
 2) _The National Law Center for Children and Families._ This orgnization
was formerly headed by antiporn activist Cathy Cleaver -- it is now headed
by Bruce Taylor, formerly a prosecutor specializing in obscenity cases and
formerly the general counsel of a an antiporn group based in Phoenix,
Arizona, and founded under the name "Citizens for Decency through Law."
The organization was founded by Charles Keating, himself a veteran of the
Attorney General's Commission on Pornography (a.k.a. the Meese
Commission).
 
 3) _Enough is Enough!_  Presenting itself as a secular effort, this
organization provides a platform for former party girl and ex-No
Excuses-jeans model Donna Rice-Hughes, who has leveraged her fame from the
Gary Hart candidacy into a career as an antiporn activist. (With almost
suspiciously frequent meetings with Bob Dole.)

Enough is Enough is headed by Dee Jepsen, who testified about the
dangers of online nastiness at Grassley's cyberporn hearing. Bob
Chatelle from the Boston Coalition for Freedom of Expression reports
that Jepsen is Chairman of the Board of Regents of Pat Roberson's Regent
University, is Cochair of Washington For Jesus, and has served on the
Steering Committee of the Coalition on Revival, closely linked with the
Christian Reconstructionist movement. Reconstructionists believe that
Christians should "take dominion" and establish Old Testament law. Many
Reconstructionists openly advocate death for homosexuals, preferably by
stoning.

I'd be happy to expand on the links between the religious right and the
move to regulate the Net, but Mike Godwin has already done it quite
eloquently, at:
   http://www.cs.cmu.edu/~declan/rimm/

Some additional background about Donna Rice's censorship efforts,
including recent media profiles of her:
  http://fight-censorship.dementia.org/fight-censorship/dl?num=1178
  http://fight-censorship.dementia.org/fight-censorship/dl?num=302

-Declan






From abostick at netcom.com  Wed Feb 14 01:03:33 1996
From: abostick at netcom.com (Alan Bostick)
Date: Wed, 14 Feb 1996 17:03:33 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602121313.IAA26828 at UNiX.asb.com>,
"Deranged Mutant"  wrote:

> Know your enemies:
> 
> There's an op-ed in LI Newsday by Cathleen A. Cleaver ("directory of 
> legal studies at the Family Research Council..." in LI Newsday today.
> 
> Serious pro-CDA spin here. Justifies the bust of Amateur Action BBS, 
> ignoring that they were set up by the gov't, and then insists the CDA 
> only prohibits making porn accessible to kids. Calls anti-CDA folx 
> "free-speech zealots" and "friends of the porn industry", claims the 
> courts can determine merit on a per-case basis, and claims objections 
> to CDA are really from "arrogance and greed... Most Americans do not 
> have access to the Internet. The on-line elite would like to keep it 
> that way..."

No surprises here.  Except for the "on-line elite" shot in the dark, the
anti-sex censors have been talking this way for decades.

What's interesting is that your report of this spokesperson's tone makes
it sound *defensive* -- like a reaction to an onslaught rather than a
celebration of victory.

The battle for people's hearts and minds on this issue is far from over.

ObMetzgerQ:  What the hell does this have to do with cryptography?

ObMetzgerA:  Nothing! So there!  Hahahahahahha!

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR+b5uVevBgtmhnpAQH62wL8CgSlQ7r6WsRkLZmWeQMPjuzuEoCxsdq6
Q2ZLE/6pOSd01ieK+5SzQhUZQQtIB2mCu6rhtAVK1zjJPUJ/eLuGWvLmdPnJAGZw
cSPoVqoYW1XSas4ATzcnK9dC71ao9VOS
=je58
-----END PGP SIGNATURE-----





From jf_avon at citenet.net  Wed Feb 14 01:08:49 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Wed, 14 Feb 1996 17:08:49 +0800
Subject: Unknown address
Message-ID: <9602140048.AB19351@cti02.citenet.net>


Hi!  Could you tell me why I receive this message?!?

I *never* sent anything to your place...

What is it that is wrong? The cypherpunks remailer?  Your site? (how?)



========== original e-mail from you ================
>From warehouse.mn.org!postmaster at kksys.com Mon Feb 12 04:06:24 1996
Return-Path: 
From: postmaster at warehouse.mn.org (Postmaster)
Subject: Unknown address
Date: Sun, 11 Feb 1996 22:19:49 GMT
Organization: The Warehouse BBS
To: jf_avon at citenet.net )

>The user this message was addressed to does not exist at this site.  Please
>verify the name and domain in the original message that follows.
>Message was addressed to: SAMUEL.KAPLIN at warehouse.mn.org
>
>                     ----- Original Message follows -----
>
>From: jf_avon at citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
>To: cypherpunks at toad.com
>Date: Sun, 11 Feb 1996 23:41:06 -0500
>Subject: Re: "Rights"
>
>Ed.Carp at linux.org, ecarp at netcom.com wrote:



========= end original message from you ================
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From alano at teleport.com  Wed Feb 14 01:15:18 1996
From: alano at teleport.com (Alan Olsen)
Date: Wed, 14 Feb 1996 17:15:18 +0800
Subject: Netscrape's Cookies
Message-ID: <2.2.32.19960214024957.0076a27c@mail.teleport.com>


At 06:32 PM 2/13/96 -0600, David E. Smith wrote:
>>I'm curious if anyone knows which sites use/modify it.
>AFAIK, the only site that uses it is *.netscape.com

That is not quite true.  There are other sites that use the cookies.  (It is
not very common though...)

One of the reasons that it was not used very much is that the first
implementation of cookies did not leave them after you exited Netscape.
There are a couple of server tools that utilize the cookie spec.  (I would
have to check the stack of sales stuff to verify which ones...)
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From strata at virtual.net  Wed Feb 14 01:15:31 1996
From: strata at virtual.net (strata at virtual.net)
Date: Wed, 14 Feb 1996 17:15:31 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: 



Duncan,

A well-thought out set of replies, but entirely within your line of thinking.
I apologize for not replying to your point by point, but I still have to keep
my typing to a minimum due to RSI.  I traded a work day for my Refutation
(in typing time).

I believe that you and I are working with either a subset or an almost
disjoint set of facts in relation to each other on the subjects of the
origins of the net, Operation Sun Devil, subsequent seizures, the operation
of the IETF and InterNIC, and how physical routing policy can be used to
easily implement gag orders.  Rather than have us attempt to educate each
other via back-and-forth messages, I will go back and re-examine some source
material on each of these issues over the next few weeks.  If my opinions
change, I will post them to you and to this list.  In the meantime, let us
merely agree to disagree; your mind is clearly made up, as is mine.

Cheers,
_Strata





From jcorgan at aeinet.com  Wed Feb 14 01:15:37 1996
From: jcorgan at aeinet.com (Johnathan Corgan)
Date: Wed, 14 Feb 1996 17:15:37 +0800
Subject: Stealth PGP work
In-Reply-To: <199602081217.HAA20652@opine.cs.umass.edu>
Message-ID: 




On Thu, 8 Feb 1996 lmccarth at cs.umass.edu wrote:

> Is anyone out there actively working on an implementation of the "stealth 
> PGP" concept ?  I asked Derek Atkins about a stealth mode in the upcoming 
> PGP `96 ^H^H^H 3.0 at the Jan. Bay Area physical mtg, and he said the PGP3
> team had no particular plans to support such a thing. 

When asked, he also indicated that the PGP 3.0 message formats would be 
embedded into the API in such a way that it would not be possible to use 
the library to generate or process stealth.  Of course, you could always 
strip the unstealthy data out as you would with PGP 2.x, but that doesn't 
help on the receiving end.

--
Johnathan M. Corgan
jcorgan at aeinet.com
http://www.aeinet.com/jcorgan.htm

"One should realize, of course, that whether Crypto Anarchy
prevails depends not upon the varied philosophical leanings of
citizen-units May and Denning, but rather upon whether our
mathematics is more powerful than their jackbooted thugs."

                                                -Mike Duvos

(seemed appropriate :)





From tcmay at got.net  Wed Feb 14 01:16:24 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 14 Feb 1996 17:16:24 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: 


At 10:07 PM 2/12/96, Steven C. Perkins wrote:
>Cyber-Anarchists aren't the only ones who can use the Net.
>
>>--- Forwarded message follows ---
>>From: zakat at dircon.co.uk (Sohail Mohammed)
>>Subject: Online Zakat Payment
...
>>Zakat collection and distribution is not a free-enterprise do-it-yourself
>>project. Khalifa AbuBakr (RA) went to war against those people who did
                                ^^^^^^^^^^^
>>not want to pay Zakat to the central authority and who instead wanted to
  ^^^^^^^^^^^^^^^^^^^^^
>>do it 'their-way'.

I think it safe to say the ragheads want their taxes (= "Zakat") collected,
and they will block any schemes which attempt to bypass their tax
collectors. They are enemies of Cypherpunks, but then we all knew that a
long time ago.

>>The long term strategy is that we Muslims need a major presence in
>>cyberspace. This would include intelligent agents (robots, sheriffs,)
>>roaming cyberspace collecting Zakat funds and Jihad funds and doing other
>>things we can't yet imagaine. Islamic Gateway http://www.ummah.org.uk

Yes, such as collecting funds to send to Jim Bell to arrange for the
assassination of Salman Rushdie.

Once again, the gutter religion of Islam reveals the derangement of its
so-called Prophet.

The world really needs to get around to nuking these folks.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From wlkngowl at unix.asb.com  Wed Feb 14 01:16:57 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Wed, 14 Feb 1996 17:16:57 +0800
Subject: Four letter words (was Re: Req. for soundbites)
Message-ID: <199602130329.WAA23482@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I'm no etymologist, nor do I play one on TV, but...

A few words of note about the "four letter words":
a) at one time they were quite acceptable, even after the Norman invasion 
of England; read Chaucer's Canterbury Tales... meant to be read in polite 
company, mind you.  A few Old English texts are also peppered with them, 
which at the time was also quite acceptable...
b) ...while words for bodily functions like shit, pis, fuck, etc. were 
acceptable, blasphemes were not... "god dammit" and "ods-bodkin" and 
"bloody" ("odsblood") were really naughty, even legally punishable(?). 
Note that the latter are quite usable on TV and have been used in 
congress on C-SPAN quite often while the former are illegal... you can 
make a very good religious argument for banning blasphemes and allowing 
words for bodily functions...
c) for a Latin-speaker in Ancient Rome, "feces" = "shit", etc. etc. Some 
languages do not distinguish a polite word vs. a naughty word for these 
things (a very important point)
d) they're just words... superstitious beliefs that a word is harmful...

ObCrypto: I wish I knew.... back to your regularly scheduled programme.

bob bruen wrote:
> 
>    For what it's worth department:
> 
>    The four letter words that are considered indecent are an anachronism
>    from the days when the French/Normans ruled England, (~1066-1300's).
>    A quick look at the words and their acceptable counterparts will make
>    clear the issue. The four letter word are all of English derivation and
>    the socially acceptable ones are of French (sometimes Latin) derivation.
>    Even the term "four-letter" is a derogatory term for the English language
>    in general, because the French considered English second rate because the
>    words tended to be short, unlike French. Anyone who supports the suppression
>    of these words is merely enforcing the old French repression of the English
>    and the English language from over 500 years ago. Why think for yourself
>    when tradition can do it for you?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSAFkioZzwIn1bdtAQEKuAGAsvpx5YmmS78Cwze1cvS5jZdSsMF3VcbO
fLANxaceEXG2r5CKywmHgHsADUCCTlOB
=qw9h
-----END PGP SIGNATURE-----





From qut at netcom.com  Wed Feb 14 01:29:18 1996
From: qut at netcom.com (Dave Harman)
Date: Wed, 14 Feb 1996 17:29:18 +0800
Subject: DEA
In-Reply-To: <199602130154.CAA23267@utopia.hacktic.nl>
Message-ID: <199602140310.TAA17328@netcom6.netcom.com>


> 
> Column by Jim Dykes 
> in the Knoxville Journal (423-584-9606), 2/8/96.
> 
> 
> (...) I had a call the other day.  About the DEA.  Try to keep
> all these damn acronyms straight:  DEA is Drug Enforcement
> Agency.
> 
> Call was from an old cowboy - well, former Air America pilot, to
> be more precise, CIA.  (There should be a federal agency to
> control us old men better.)
> 
> To make a long, long story short, I have some names and phone
> numbers of people around the country - Customs, Immigration &
> Naturalization, maybe even some DEA, who can discuss rather
> interesting money ripoff techniques by DEA agents involving Title
> 18, Title 21, and Title 19 of the Federal Code.  There was a time
> when I would have busted a gut - and a phone budget - trying to
> snare some bent government agents.  But, now ...
> 
> Let me make it perfectly clear that this old persimmon really
> doesn't give a damn.  I am long past being shocked at venality
> and corruption in public servants.  But, if anybody wants to be a
> hotshot investigative reporter (and run up a helluva phone bill
> for his or her employer) just give me a call.  (That lets a lot
> of you out, since it would have to be somebody I know and trust.)

Someone with such information has one burning responsibility:
report all verifiable and relevent details to proper authorities.
Post your report to usenet to subject the object to public scrutiny.





From alanh at infi.net  Wed Feb 14 01:31:18 1996
From: alanh at infi.net (Alan Horowitz)
Date: Wed, 14 Feb 1996 17:31:18 +0800
Subject: To find the clock speed of a sun workstation
In-Reply-To: <199602130016.AA10339@sunstorm.corp.cirrus.com>
Message-ID: 


Open up the box and look at the crystal.

Or, Attach a loop of wire to the probe of a frequency counter and move 
the probe around till you get a reading.

Alan Horowitz
alanh at norfolk.infi.net






From frantz at netcom.com  Wed Feb 14 01:51:31 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 17:51:31 +0800
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602140333.TAA07066@netcom7.netcom.com>


At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 13-Feb-96 Re: V-chips, CC, and
>Motorc.. by Bill Frantz at netcom.com 
>> Adding money to the pot will attract rational (and amoral) people who will
>> then make a determination based on (1) profit, and (2) risk, which includes
>> getting caught or killed.  It seems to me that Secret Service levels of
>> protection can protect a public figure against even Assassination Politics.
>
>That may well be true, but speaking as someone who's worked on U.S.
>Presidential campaigns, that kind of protection is expensive,
>time-consuming, intrusive, and unlikely to be extended.

I assume that both Declan and Jim Bell agree that people high in the
government will be immune because they already enjoy this level of
protection (limitation one).  So the only people we can hit are the cannon
fodder, not the ones who gave the orders.  It has always been this way with
war.

If, after a couple of the Waco people had been hit, I was given the
responsibility to protect them I would proceed as follews:

(1) Gather them and their families onto some Army base and step up the
patrols.  Now I have them safe.

(2) Train and release them thru the witness protection program.  Cost
$20,000/person (if I remember the article John Young posted a pointer to
correctly.  (Thanks John))  This is probably about the same as the cost of
their training, so it makes economic sense.

(3) Make sure that the names/faces of the cannon fodder in future actions
are not available to make it harder to target the guilty.

Bill







From anonymous-remailer at shell.portal.com  Wed Feb 14 01:56:32 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Wed, 14 Feb 1996 17:56:32 +0800
Subject: PING packets illegal?
Message-ID: <199602140355.TAA08824@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
say, England, decided to ICMP-ping a host in America? Nothing wrong with
that ...... but if those ping packets contained little pieces of something
like PGP ...... would the host being pinged be breaking the law? Would
all the hosts in the route between that host and the host in England that
was doing the ping also be breaking the law?

Curious,

Michael Ellis


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSE1owqs/Oe38tFJAQEiVgP+M10Cjf1mCq8L9uAfaxHV/hYpDUSJ5FMA
8j7nYyi4hH8heAak7l2AJXeSyqY1nMexBMoeZnUPbCRiZmrk7h9SSjywXIhV4ITH
y6z70NKhoz3p0d3kSeBiPiMuHuz1HAI/5hrECAqY9f+R0kYkK3GvVitb405Ly7kn
J0gbHi7pQOA=
=NcP+
-----END PGP SIGNATURE-----







From alanh at infi.net  Wed Feb 14 02:07:32 1996
From: alanh at infi.net (Alan Horowitz)
Date: Wed, 14 Feb 1996 18:07:32 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 



> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.


    Get a grip, Tim. This is not the real you. I hope.





From lunaslide at loop.com  Wed Feb 14 02:12:14 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Wed, 14 Feb 1996 18:12:14 +0800
Subject: 
Message-ID: 


}>sovereign n. 1. A person, governing body, etc., in whom the >supreme power
}>or authority is vested.<  adj. 1. Exercising or possessing supreme
}>authority or jurisdiction.  2. Independent, and free from external
}>authority or influence: a sovereign state.
}
}Yup.
}
}>This is not what our government is.
}
}The United States is a sovereign nation. Do you dispute that ? The
}constitution is a binding agreement between the government and its citizens
}that determines how that sovereignty will be exercised, the elements in which
}the nation will not interfere with citizens, and the duties which it will
}carry out.



Yes, I do dispute it, but I'm not going to write why all over again, since
you seem to have convieniently snipped the rest of my post, rather than
answer it.  You are arguing a straw man.  I didn't say that the nation
isn't soveriegn, I said that the government is not sovereign.  Yes, there
is a difference.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From alanh at infi.net  Wed Feb 14 02:13:58 1996
From: alanh at infi.net (Alan Horowitz)
Date: Wed, 14 Feb 1996 18:13:58 +0800
Subject: your mail
In-Reply-To: <960212134104.2021ab25@hobbes.orl.mmc.com>
Message-ID: 


Corruption of blood isn't a musty, forgotten page of history. It lives on 
today in the form of the abuses of Civil Forfeiture that the War on Some 
Drugs has produced.  It got so bad that the US Supreme Court had to 
recently restrain the government. Although the Court chose to use the 
Double Jepeordy Clause to do their work.

Those Founding Fathers had some pretty good stuff. I'd like to see the 
revival of Letters of Marque

Those who don't study history are doomed to....

Alan Horowitz
alanh at norfolk.infi.net






From bruce at aracnet.com  Wed Feb 14 02:20:52 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Wed, 14 Feb 1996 18:20:52 +0800
Subject: Bruce Reads The Calendar - cypherpunk gathering correction
Message-ID: <3120f361.34862023@mail.aracnet.com>


It has been pointed out to me that the 26th is a Monday. Oops. The correct
date for the Portland cypherpunks get-together is in fact

Saturday, February 24, 1996

Thanks.


Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce





From perry at piermont.com  Wed Feb 14 02:30:53 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 14 Feb 1996 18:30:53 +0800
Subject: LI Newsday OpEd: Criminal Justice System
In-Reply-To: 
Message-ID: <199602131833.NAA21297@jekyll.piermont.com>



Timothy C. May writes:
> Au contraire. Those interested in pure cryptography and coding are over in
> Coderpunks, the new gated community for such folks.
> 
> The rest of us, stuck here in the ghetto of Cypherpunks, will talk about
> what we want to talk about.

Tim, you don't work for a living. Some of us do. You might try to
think back and remember what it was like in the days when you still
did something every once in a while and had a limited amount of time
available in which to do it.

Perry





From owner-cypherpunks at toad.com  Wed Feb 14 03:13:00 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:13:00 +0800
Subject: No Subject
Message-ID: 


	IP addresses are a scarce resource today.  Try getting a /16
allocation (what used to be a class B).  There are politics in the
process already.

	Addresses will not be easily 'transferable.'  The IETF is
discussing a 'Best Current Practices' document that talks about
address portability.  Basically, it can't happen, because the routers
only have so much memory, and the routers at the core of the internet
can't keep in memory how to reach every one; there needs to be
aggregation.  The only feasible aggregation seems to be provider
based, ie, MCI, Alternet, and other large ISPs get blocks of
addresses.  They give them to smaller companies, like got.net, which
gives them to customers.  The result?  The core routers have a few
more years.

	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
address space, and (hopefully) much more efficient allocation, as well
as such useful things as hooks for automatic renumbering of address space.

Adam


Alan Olsen wrote:
| >Markets for IP Addresses
| >
| >The 32-bit numbers used for Internet addressing and routing are a
| >limited resource. As this resource becomes scarcer, political
| >considerations are likely to creep into allocation decisions made
| >through existing administrative processes, leading to suboptimal
| >allocations. By granting transferable property rights to addresses,
| >allocation decisions can be removed from the political realm into the
| >economic realm, so that addresses are allocated to those who value them
| >most. This project seeks to develop consensus in the Internet community
| >for a move to market-based allocation, and investigates alternative
| >designs for an electronic market to coordinate the exchange of IP
| >addresses.
| 
| This proposal bothers me. I do not see any positive results from this
| proposal. (Or at least the negatives will far outweigh the positive.)
| 
| Here is what I see as the results of such a plan...
| 
| Getting an IP address will become prohibitivly expensive except for the
| largest megacorps.  Instead of solving the limitations of the current
| system, this plan will cause people to "invest" in IP addresses in the hope
| that the price will go up.  IP addresses will become part of a corporation's
| invenstment portfolio.  This will result in less usage of IP addresses, not


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From owner-cypherpunks at toad.com  Wed Feb 14 03:17:05 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:17:05 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sunder at dorsai.dorsai.org writes:

>
> On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:
>
>> What do you mean by a speech bubble?
>> 
>> "write in a speech bubble to the president dude"
>> 
>> Does this mean a transparent plastic bubble over his head??
>
> Like in comic books.  i.e:

I got a dollar bill yesterday with a rubber-stamped speech baloon saying
"I Grew Hemp" next to George's head.  First one I'd seen, so the
transmission layer isn't too crowded.
- -- 
           Roy M. Silvernail     [ ]      roy at cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey at cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSFXjxvikii9febJAQHaDAP9HQ/Iqw0CLNmSEBXcduwK9Wa0WaY6N026
bYU9fpvKMd16JBuRQ7wvQ6/l9QUwY9KF6J/LEnrbKC3bdEl3E09kqCg0VyL0QJYq
4y8b4QqvfzIt/yecOSVRyo4v3pCZXKeqaHvWq8wJnnYanzpMUXHGLmBL6FohJzi+
SvoHC5qlp9M=
=S05W
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Wed Feb 14 03:19:13 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:19:13 +0800
Subject: No Subject
Message-ID: 


On Feb 12, 1996 23:23:59, 'ethridge at Onramp.NET (Allen B. Ethridge)' wrote: 
 
 
> 
>The Guardian Angels have decided to enter cyberspace and make it safe for 
>us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

>.  How is this relevant to cypherpunks?  From their FAQ: 
> 
> 
>"9) What kinds of changes would the Guardian Angels / CyberAngels like to
see? 
> 
>a) We would like to see an improvement in User identification. User ID is 
>impossible to verify or trace back. The very anonymity of Users is itself 
>causing an increase in rudeness, sexual abuse, flaming, and crimes like 
>pedophile activity. We the Net Users must take responsibility for the 
>problem ourselves. One of our demands is for more accountable User IDs on 
>the Net. When people are anonymous they are also free to be criminals. In
a 
>riot you see rioters wearing masks to disguise their true identity. The 
>same thing is happening online. We would like to see User ID much more 
>thoroughly checked by Internet Service Providers." 
> 
 
See: 
 
_Computer underground Digest_, "CyberAngels in Cyberspace," #8.04, 01/13/96

          (my original piece on the CyberAngels) 
_Computer underground Digest_, "CYBERANGELS," #8.06, 01/21/96 
          (the CyberAnels official response) 
_Computer underground Digest_.  [ENTIRE ISSUE]. #8.13, 02/06/96 
          (the readership responds) 
 
CuD is available as a Usenet newsgroup: comp.society.cu-digest 
 
Also, I have been corresponding with folks at _Wired_ who are picking up
the story, for their March issue I believe. 
 
On Feb 13, 1996 00:46:05, 'joseph at genome.wi.mit.edu (Joseph
Sokol-Margolis)' wrote: 
 
>not sure if this is the right place. 
>I agree with allen, about the issues of 'nym. But looking at other aspects

>of these cyberangels I'm unsure how to feel. On one hand they seem
resonable, 
>protecting only the children. ... 
 
The CyberAngels want to do *far* more than "protect only children." 
 
--tallpaul





From owner-cypherpunks at toad.com  Wed Feb 14 03:29:47 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:29:47 +0800
Subject: No Subject
Message-ID: 


}Is ok. I suspect that we are narrowing on a similar position. Would like
}to see a time when net communications make "representatives of the people"
}obsolete" since majority voting on any issue can be "anytime,anywhere".
}Doubt that it will happen soon.



I too would like to see a purely democratic process rather than a
representative one.  And I also agree that it won't happen soon.  The
question is, what do we keep of govt?

How would the group propose electronic voting on legislation should
proceed?  What sort of technical solution could be arrived at to allow
everyone in the country to vote on specific legislation and how would they
get access to that legislation?  I think _this_ is a cypherpunk topic for
sure.

}Take CDA (please) - obviously draconian and unconstitutional. Think how
}much more difficult it would be to overturn if worded more reasonably.
}Then ask if that was intentional 8*).

I have to believe that Exon truly meant to castrate the net, but in his own
zealous wording, made it easier to turn the law over.  I think it is
reasonable to hope that that will be the effect.  Our doing our part to
make enough noise about it will only help our cause.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From owner-cypherpunks at toad.com  Wed Feb 14 03:42:14 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:42:14 +0800
Subject: No Subject
Message-ID: 


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 22:28-0500
From: The White House 
To: Public-Distribution at CLINTON.AI.MIT.EDU
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses

 

                            THE WHITE HOUSE

                      Office of the Vice President

________________________________________________________________________
For Immediate Release                                  February 13, 1996


   VICE PRESIDENT UNVEILS NEWEST ON-LINE SERVICE FOR U.S. BUSINESSES
  Gore Says U.S. Business Advisor Key To Governing In Information Age


    Vice President Gore today (2/13) unveiled the a new and improved
"customer-designed" version of the U.S. Business Advisor.  The
"Advisor", which was first presented at the 1995 White House
Conference on Small Business, underwent a six-month redesign that
addressed the specific needs of the business community.  The improved
"Advisor" will provide users with one-stop electronic access to more
than 60 different federal organizations that assist or regulate
businesses.

	This on-line service, which directly links American businesses
with the federal government, was originally developed by the Vice
President's National Performance Review in cooperation with federal
agencies and the business community.

	Today, at the annual convention of the Armed Forces
Communications and Electronics Association (AFCEA) in Tyson's Corner,
VA, the Vice President officially placed the new Advisor on the World
Wide Web (http://www.business.gov).

	"By employing state-of-the-art information technology, the
Advisor is improving communication between American businesses and
their government," the Vice President said.  "Because this version was
developed with the support of the business community, the Advisor
serves our customers on their terms.  Both Fortune 500 companies and
start-up businesses will benefit from this improved service."

	The Advisor provides an interactive environment where
businesses can:  file documents electronically with the government;
retrieve documents, applications and other information; get answers to
commonly asked questions; obtain names and contact numbers of business
agencies; acquire news on specific business topics; and send feedback.

	The improved version of the U.S. Business Advisor was unveiled
today as the Vice President delivered the second of three speeches on
technology and the future of America.  The "Technology Trilogy" began
Monday (2/12), in Baltimore, MD, where the Vice President spoke to the
American Association for the Advancement of Science.  The final speech
is scheduled for tomorrow (2/14), in Philadelphia, PA, where the Vice
President will visit the first programmable computer, also known as the
ENIAC.







From owner-cypherpunks at toad.com  Wed Feb 14 03:42:36 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:42:36 +0800
Subject: No Subject
Message-ID: 


At 09:22 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>I do hope the religious right keeps fighting against GAK. However good
>their intentions may be on *that* issue, it is transcendently obvious to
>anyone who has been following the flux on Capitol Hill that they were
>behind the recent push to regulate the Internet.

Not obvious to me.

While the religious right clearly supported the push to regulate the
internet, the main push seemed to me to come from the existing mass
media, primarily the three big TV channels.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From owner-cypherpunks at toad.com  Wed Feb 14 03:47:59 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:47:59 +0800
Subject: No Subject
Message-ID: 


At 07:36 PM 2/13/96 -0800, Bill Frantz wrote:
>At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:

>>That may well be true, but speaking as someone who's worked on U.S.
>>Presidential campaigns, that kind of protection is expensive,
>>time-consuming, intrusive, and unlikely to be extended.
>
>I assume that both Declan and Jim Bell agree that people high in the
>government will be immune because they already enjoy this level of
>protection (limitation one).  So the only people we can hit are the cannon
>fodder, not the ones who gave the orders.  It has always been this way with
>war.

Actually, I think the primary targets will be either the middle level 
manager types, or the ones who have attracted a substantial amount of bad 
publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
Weaver) for example, would be a excellent example of a person who'd try to 
claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
Eichmann.  

Once the tax collectors/enforcers were targeted, the rest of the government 
wouldn't be able to operate, and would collapse.


>If, after a couple of the Waco people had been hit, I was given the
>responsibility to protect them I would proceed as follews:
>
>(1) Gather them and their families onto some Army base and step up the
>patrols.  Now I have them safe.

And, of course, you've just ruined their lives.  Think about it.  By doing 
this, it is made absolutely, completely, and abundantly clear to them that 
THEY are considered "the enemy" and that their lives are forever put at 
risk.   Previously, government employees could hold their heads up high and 
be proud of their "public service."  Now, if they're discovered, they have 
to disappear.  Does this treatment sound familiar?  Their job description 
and circumstances will more closely resemble that of a Mafia enforcer than a 
proud public servant.  They'll have to teach their children to lie about 
what their parent does, rather than risk getting exposed.

Who, exactly, would want to work for the government under such 
circumstances?  Remember, we're not just talking about a tiny fraction of 
their number; if the most egregious ones were hidden the ones that were less 
secure would be killed in their place.

Remember, the only reason the government can even afford so many employees 
is because taxes are collected; what happens when literally every IRS agent 
resigns to avoid the bullet or bomb?  The remainder, the "less bad" ones, 
couldn't be paid.  At that point, government collapses.


>(2) Train and release them thru the witness protection program.  Cost
>$20,000/person (if I remember the article John Young posted a pointer to
>correctly.  (Thanks John))  This is probably about the same as the cost of
>their training, so it makes economic sense.

Except that you can't do this for every government employee, and who's going 
to want to work for the government if it is made clear to them that someday 
they'll either be killed, or discovered, or they will have to "go 
underground" to survive.  Not a very good prospect.  And what happens if 
they think there's a fairly good chance that my system will succeed?  Most 
people want to be able to retire with a pension; what's the prospect for 
collecting a pension from a demolished government?!?

>
>(3) Make sure that the names/faces of the cannon fodder in future actions
>are not available to make it harder to target the guilty.
>
>Bill

Then they'll target the "names," the ones who show their faces.  See how this 
works?  If the only way  you can maintain the government is to keep them all 
absolutely anonymous, then that government has FAILED.

Furthermore, this system's anonymity allows disgruntled public employees the 
chance to collect money by "turning in" their bosses to the public's ire; if 
the personnel list for the government is nominally a secret, it will "leak" 
eventually and those on the list will be followed, confirmed, and targeted.

I'm not a betting man, but if I were forced to place a bet, your position 
doesn't have a prayer.







From owner-cypherpunks at toad.com  Wed Feb 14 03:50:07 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 19:50:07 +0800
Subject: No Subject
Message-ID: 


> This would hose 93% of the subversive stuff on the 'net.

I guess I've gotten turned around on this -- last week I was arguing your 
position.

But:  China's problem is internal, not external, and it's political, not 
sexual.  Let's assume that they can build a successful firewall -- 
despite the fact that the people here on this list who design and install 
such firewalls for a living don't believe that the Chineese plan is 
feasible.  Let's assume that they can prevent people from grabbing photos 
from playboy.com.  So what?

Who's in a position to formulate devastating criticisms of China's
government?  Americans?  Or people who live under the system and
understand it?  And what's subversive, anyway?  Breasts enhanced with
silicon and airbrushing, or plain honest talk about liberty and
government? 

Any net that lets the Chineese people publish and talk to one another is 
going to create problems for the government.

On top of that, the firewall isn't even going to keep out foreign traffic. 
The firewall model doesn't work for internal security -- it assumes that
the people on the inside are trustworthy, and it focuses on protecting the
internal net from people on the outside.  The Chineese have to deal with 
people on the inside trying to subvert the wall by building illicit links 
via telephone lines or satellite channels.

Let's put it another way.  Suppose a company has a strong firewall 
installed by a first rate security consultant.  If an employee who has 
access to the internal net puts a modem on his machine and lets anyone 
who wants to dial in and connect to the internal net, what good does the 
firewall do?  You can't come in over the Internet, but you can come in 
over a pots line.  Either way, you've got your access.

For what it's worth, I have a friend who just got a job with Apple's
operation in China.  According to him, Hong Kong is fully wired, but
mainland China only has about 5,000 net accounts outside of government or
acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
connection to the outside world, which suggests that they're email only.






From owner-cypherpunks at toad.com  Wed Feb 14 04:17:32 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:17:32 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 07:28 PM 2/13/96 -0500, Rich Salz wrote:
>Okay, so how the hell did Microsoft get export approval for this? I mean,
>this is the classic crypto-with-a-hole; a service-provider interface (SPI)
>with DLL's means "plug your crypto here".  This is usually considered an
>"anciliary" device in ITAR language, and therefore export controlled.  I
>mean, how long until you see MSWord with "full privacy" option?
>
>Word I've heard is that the office of Export Control has had a lot of
>turnover and "nobody knows anything" anymore. 

At the risk of blowing my usual horn, I would argue that one advantage in 
vocal, common, and loudly hostile talk against government is that they have 
begun to understand how unhappy we are with them.  To make an analogy with 
late-1700's France,  the sound of a guillotine being tested probably had a 
remarkable effect on the upper strata of their society; likewise, dicussions 
of how we can all chip in and bump off the whole lot of the bastards might 
remind a few of they key government players that they are not immune from 
eventual retribution.  Resulting in "a lot of turnover."

If we make a "reasonable assumption" that most of those government employees 
aren't stupid, and they discover that the prospect for Crypto-Anarchy 
(trademark owned by Tim May?) is good, it seems reasonable to assume that 
they'll want to avoid being around when THE END comes for their employer.

Jim Bell

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSF8vvqHVDBboB2dAQExXQP+JHO6P80VfXE1+x5JmstA14dg+wlmXBK2
+8UYUnD7IpK2QzIKoEbmot2/WfUK/9zzOiuRuXvzc6FxfscRm7xNzNO28vviTN5U
osVNgm72t/R2jZspMPr+cYE3GcxDIcQvTEOth5Tz9J9q7TfI4+NPl68fN7sqEOsG
m44PPIy6F2I=
=m3hQ
-----END PGP SIGNATURE-----






From owner-cypherpunks at toad.com  Wed Feb 14 04:24:33 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:24:33 +0800
Subject: No Subject
Message-ID: 


At 01:48 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>	I have changed the subject header (despite its destroying threading
>with the way my mailreader works) so that Perry et al can more easily filter
>this out. I have concluded that Assasination Politics, since it is a possible
>development of true anonymnity, etcetera, is a proper discussion topic for
>cypherpunks - while not cryptography in and of itself, it is a possible result
>of cryptography.

I'm glad some people see that.  This may, in fact, turn out to be one of the 
most important products of modern, public-key cryptography.


>From:	IN%"frantz at netcom.com" 12-FEB-1996 03:24:07.29
>
>>Again, absolutely.  Hell, I can't even devise a filter that will let me
>>filter out Jim Bell's rants while letting me see his reasoned arguments on
>>anonymous assassination.  (I would love to have him address the Salman
>>Rushdie issue, a man who is still alive despite a considerable announced
>>price for his head.  There appear to be limits to who can be subject to
>>assassination for pay.)
>
>	Actually, that's an argument for non-misusage of Assasination Politics.
>If the person hides, there's not much one can do about it. But a hiding
>law enforcement agent can't be out violating people's rights. 

Bingo!   That's why this system will be so effective; it will DETER bad 
behavior on the part of the government and its agents.


>(I will mention
>that whether a right is violated or not is essentially a matter of the
>perceiver - under any system, whether governmental or not. All ethical
>arguments assume either some degree of common ground that can be argued from,
>or the finding of logical inconsistency). Those who do so via the net can be
>taken care of via the other mechanisms discussed here. It's just that the
>physical part is a possible net weakness.
>	Moreover, just because _some_ rights-violaters (not that Rushdie was
>one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
>have to be 100% efficient to be effective.

Yup; it's interesting that Franz didn't see this... Maybe he just didn't
WANT to see it!


>	However, the Rushdie case does bring up one problem I have with
>Assasination Politics as currently constructed. While people are unlikely to
>patronize a general/non-discriminatory organization, a more particular but
>non-libertarian one is still possible. For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them - such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.
>	-Allen

Your question was actually a two-parter.  I will separate it below and 
comment on the pieces:


>For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them -

"Who needs leaders"?  Think about this, carefully.  The current political 
system is based on the idea that if you don't like the way things are being 
done, you have to publicize your unhappiness, to organize, and for that  you 
normally "need" leaders.  With "Assassination Politics," _leaders_ will not 
only not be necessary, they might be the prime targets for unhappy people!  
But this will work both ways:  "Christian Coalition" LEADERS will be targets 
themselves if they publicly advocate the killing of abortion doctors.


> such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? 

I wish there was some sort of "perfect, easy solution" to this dilemma, but 
it's possible there isn't.  Ultimately, anybody who does anything that 
angers enough people, ENOUGH, will be a potential target.  I don't think 
this is a major admission however; society has ALWAYS been this way.  In the 
early 1600's in Salem, women were killed simply due to false accusations 
that they engaged in 'witchcraft."  Governments have prosecuted (and 
persecuted) people for violation of what we now call victimless crimes.  In 
the pre-1960's South, being black was a de-facto "crime":  They could be 
arrested, tried, and convicted on a pretense.  Over 60% of prison cells are 
filled with people who sold chemicals (drugs) to willing buyers.

I think it's clear that there are ALREADY plenty of violations of rights 
going on; at most, you can claim that "Assassination Politics" is 
"imperfect" in the sense that it doesn't completely solve this problem.  But 
since I do genuinely believe it will eliminate war, militaries, governments, 
taxes, and other evils, I think we'll end up with a far better society than 
we have today.

>The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.

All is not lost, however.  I contend that society would likely IMPROVE to 
the point where the kind of behavior you want to avoid will not commonly 
happen.  Wishful thinking?  Well, consider a point which was driven home to 
me a week ago at a dinner with my parents, sister and brother in law, and my 
two nieces, ages 4 and 9.  We were eating spareribs, and my father (age 65) 
commented that such meat used to be considered trash meat, and "only the 
niggers bought it."  (BTW, my father was not and is not a bigot, quite the 
opposite; he used this terminology to relate the general opinion during the 
time frame he grew up in; he used this terminology to reflect on and deride 
that public opinion back then.) 

My older niece looked mystified, and said she hadn't even HEARD the term 
"nigger." (and she's substantially above average in vocabulary and 
intelligence for age 9, BTW)   While I am not going to claim that bigotry is 
dead in the younger generation, I think it's clear that it went out of style 
in the 1960's and progress has since been made in eradicating most of its 
more egregious effects. In short, in that issue, society has improved, if by 
no other method than waiting for the bigots to die off naturally and develop 
a new generation of more tolerant people.  Call this "political correctness" 
if you wish (and I'm about as much an opponent of "political correctness" as 
you'll find) but the fact is that things are getting better with regards to 
race relations.

Similarly, I think that once public advocacy for killing abortion doctors 
and others was deterred (by judicious use of Assassination Politics, for 
example, even if a given example of such use might be considered "wrong" 
because it was a violation of "free speech") 
pretty soon it would be hard to gather much enthusiasm for such bad acts.  
Few people would risk calling publicly for that; the next generation will 
"never" hear such a thing, etc. 

Is it unreasonable for me to suggest that over time, the faults you fear 
will tend to disappear?











From owner-cypherpunks at toad.com  Wed Feb 14 04:24:44 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:24:44 +0800
Subject: No Subject
Message-ID: 


Howdy from Australia.

I am in the process of doing some research for an
article on our present bandwidth difficulties in 
Oz.

As a side issue, I wanted to cover the "overhead"
factor inherent in the TCP/IP (v4?) protocol 
which I understand is reduced under the proposed IPv.6 protocol.

I'd also like to discuss the "unfriendly" manner in which
web browsers such as Netscape hog resources by sending multiple
port access requests.

Can anyone point me towards recent papers which deal with these
issues?

TIA

Mark
___
Mark Neely - accessnt at ozemail.com.au 
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt






From owner-cypherpunks at toad.com  Wed Feb 14 04:41:33 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:41:33 +0800
Subject: No Subject
Message-ID: 


> It seems that there a market demand for a stealth-capable product.
> Many peoples here seems to discuss it.  And for the time being, AFAIK,
> this type of products are used by a specific class of peoples, most of
> which knows what 'stealth' means.
> 
> So why is it that they design a program that would not permit the use
> of a feature considered desirable by it's customer base?

The big question I have for you is, what do you mean by "stealth" PGP?
Do you want a PGP message which doesn't say to whom it is encrypted?
Or do you want a PGP message which does not even acknowledge that it
is a PGP message?  If what you want is the former, then that can fit
under the PGP API fairly well.  If you want the latter, it will not.

The reason is that PGP, by definition, is a self-describing packet
format.  Without that description there is no general way for the PGP
library to discover what kind of message it is parsing order to
perform the proper operation to open the message.  OTOH, if just the
keyID is missing, the library will happily try all the keys on your
secret keyring until one succeeds or they all fail (I'm not sure if
this is implemented, but it fits quite nicely under the API).

The other question I have is: who do you think the "customers" of PGP
are?  If you think the majority of PGP's customers are the
crypto-privacy activitst types, you are highly mistaken.  PGP has hit
the main stream, and is being used by many non-crypto-aware people.
Probably more of them than there are of us.

If you want to discuss this more, let's take it to private email,
please.

-derek





From owner-cypherpunks at toad.com  Wed Feb 14 04:51:29 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:51:29 +0800
Subject: No Subject
Message-ID: 


At 6:33 PM 2/13/96, Perry E. Metzger wrote:

>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>available in which to do it.
>

Perry once again resorts to insults. Constantly belittling the efforts of
others suggests deepseated psychological doubts about his own
contributions.

Shows you the reaction I get for even responding to him. My mistake.

Perry should learn how to use mail filters, then he can simply filter out
all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
in whatever reader he is using...surely typing "D" 20 or 30 times a day
takes far less time than writing one of his perrygrams?

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From owner-cypherpunks at toad.com  Wed Feb 14 04:53:37 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 20:53:37 +0800
Subject: No Subject
Message-ID: 


At 10:16 PM 2/13/96, Perry E. Metzger wrote:

>I will repeat, Tim. You have no job and do nothing for a living. For
>you it is probably hard to understand that some of us prefer to get
>our mail segregated by topic so that we don't have to spend more time

The issue of what I do with my time is a red herring. As it happens, many
folks in the "cyberspace activism" spend as much time or more as I do on
the Net. In any case, who cares how I spend my time?

I also note that for several years Perry was clearly spending a whole lot
more time than even I am now on the Net, making the "Top Ten Usenet
Posters," or somesuch.

I am sure that when Perry was a Shearson-Lehman, or Lehman Brothers, or
whatever it was called, and was posting several articles an hour on
Extropians, Cypherpunks, Libernet, Usenet, etc., that he would have roughly
the same reaction I am now having to someone writing: "Perry, you are
writing too much--some of us are trying to get some work done!" He would
likely have dismissed their complaints as irrelevant, that no one is forced
to read his articles.

Likewise today. No one is forced to read my posts, Perry's posts, or anyone
else's posts. This is what filters are for. As it happens, I do *not* read
all of the posts here. In fact, I delete about 90% of them after scanning
the first paragraph, the subject, and the author. Takes me about 15
seconds, tops, to do this, and sometimes I'm even faster. (Do the math: I
can "dispose of" about 50 or 60 messages a day in 10-15 minutes...and this
is about the best that can be hoped for, even if Perry were the moderator
and the 10 or so messages a day that are truly off the wall were screened
out...it just wouldn't change the basic time to screen all that much.)

>than needed reading our email. However, for some of us, time is
>money. I have failed to directly answer your comments on this sort of
>thing out of deference to your "elder statesman" status around here,

Spare me, Perry. As I mentioned, you certainly used to write a truly vast
number of rants to Extropians, Libernet, and, yes, even Cypherpunks. A
check of the archives will show this clearly.

It is well and good that you apparently are now very busy and cannot write
your customary number of articles. But spare us the insinuations (in
several of your perrygrams) that because you are too busy to write you are
doing critical work and because some of us use our time to write we are
slackers.

I write because setting down my thoughts and exploring ideas is far more
important to me than just about anything else I can imagine doing,
including writing C programs. If you don't like this, learn how to use
filters and filter me out, or leave the Cypherpunks list. Seems simple
enough to me.

--Tim May




>but this is getting silly. If you want to post about libertarianism,
>libernet, so far as I know, still takes postings. If you want to read
>about the habits of migrating birds, there are interest groups for
>that. We don't have a lot of good places to discuss specifically
>cryptography and its impact, and this group was set up *for that*.
>
>I mean, why not just have one mailing list for all topics of all sorts
>if "filtering" and "hitting the 'd' key" are supposed to be the only
>way we deal with this stuff, hmm?
>
>Perry

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From owner-cypherpunks at toad.com  Wed Feb 14 05:12:19 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:12:19 +0800
Subject: No Subject
Message-ID: 


Rich Salz (rsalz at osf.org) wrote:
> Okay, so how the hell did Microsoft get export approval for this?

They didn't.





From owner-cypherpunks at toad.com  Wed Feb 14 05:24:47 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:24:47 +0800
Subject: No Subject
Message-ID: 


>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 

You're a loon.  s/Rushdie/Khomeni/





From owner-cypherpunks at toad.com  Wed Feb 14 05:27:39 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:27:39 +0800
Subject: No Subject
Message-ID: 


>When asked, he also indicated that the PGP 3.0 message formats would be 
>embedded into the API in such a way that it would not be possible to use 
>the library to generate or process stealth.

Mmmmm....  
It seems that there a market demand for a stealth-capable product.  Many peoples here
seems to discuss it.  And for the time being, AFAIK, this type of products are used
by a specific class of peoples, most of which knows what 'stealth' means.

So why is it that they design a program that would not permit the use of a feature 
considered desirable by it's customer base?

Regards to most CypherPunk.

JFA

**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From owner-cypherpunks at toad.com  Wed Feb 14 05:31:36 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:31:36 +0800
Subject: No Subject
Message-ID: 


>From: 	Perry E. Metzger
>
>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
>available in which to do it.
.......................................................................

That's right:  crytpo-anarchy is a time-consuming business, and there isn't
much time in which to prepare for the New Cyberspatial Millenium.

Everybody get Back To WORK !!

                     :>) 

   ..
>Blanc
>





From owner-cypherpunks at toad.com  Wed Feb 14 05:33:00 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:33:00 +0800
Subject: No Subject
Message-ID: 


}        The headline in the Toronto Star this morning is "'SMART CARD'
}HERE WITHIN YEAR"
}        The idea is to have everyone in Ontario have a 'smart card' that
}will "keep track of everything from mammograms to speeding tickets". This
}card will "replace the existing health card, drivers's licence, social
}assistance identification, drug card, and senior identification".

Very convienient.  Why don't they just put bar codes on our foreheads at
birth and get it over with?

Seriously, what I want to know is how they plan to make one set of
information (drivers licence, soc security number) inaccessable to other
institutions like health and pharmacy.  This is even more of a concern if
the card becomes a method of payment.  Would each have it's own secret key
that would unlock only the relavent info?  That would be a big keyring.
Access time for a key and keeping the keys up to date in all the databases
around the country would have to be done.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From jya at pipeline.com  Wed Feb 14 05:36:21 1996
From: jya at pipeline.com (John Young)
Date: Wed, 14 Feb 1996 21:36:21 +0800
Subject: Pointer to pro-\"compromise\" analysis of Japanese Crypto Policy
Message-ID: <199602131703.MAA27340@pipe1.nyc.pipeline.com>


Responding to msg by johnsonr at hoshi.colorado.edu (Richard 
Johnson) on Tue, 13 Feb  6:17 AM

>EMERGING JAPANESE ENCRYPTION POLICY
>        by Stewart A. Baker



For a less NSA-taxidermic and a more cypherpunkish take on 
Japanese crypto try the effervescent work of B.U.G. -- Bright 
Uncanny Guys -- at:


     http://www.fix.co.jp/BUG/news.html


BUG has also just announced a new RSA-bred authentication 
service, sez a cypherpunk ninja.


Who also reports a Japanese smiley as: (^^)


And a thank you as: o


o


(^^)






From owner-cypherpunks at toad.com  Wed Feb 14 05:36:34 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:36:34 +0800
Subject: No Subject
Message-ID: 


John Gilmore  reported:


>My favorite was his summary report on the OECD meeting in December,
>~steptoe/286908.htm, at which the US tried to parade some of the
>fruits of its behind-the-scenes efforts to convince other governments
>to become as authoritarian as the US government on crypto policy.

Why help "potential enemies"?  Why a govt risks it's cherished 
'national security'?


>If the US government can quietly convince other countries to support
>Clipper-like systems (including "mandatory key escrow" and "trusted
     It probably means that they already cracked the code... :)

Definitely, they are insane beyond the safety level...

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From owner-cypherpunks at toad.com  Wed Feb 14 05:40:08 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 21:40:08 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Why There Exists No Middle Ground in the Crypto-policy Debate

[This message only appears to be posted anonymously, if you
 have the correct tools, you can learn my name and e-address.
 Take that auto-WWW indexers!]

Decius  recently presented an essay,
entitled ``Crypto-Absolutism,'' which described ``Why and how the
middle ground should be found in the crypto-policy debate.''  The
essay is clearly wrong in its assumptions and thus its conclusions.
Given the perceived flaws in the assumptions, his commentary must be
rebutted.

Within the context of this rebuttal, ``T-Camp Cypherpunks'' are those
``Cypherpunks'' (whatever they are :-) that follow a technology
evolution-based line of reasoning to arrive at the inevitable coming
of crypto-anarchy.  As well, ``A-Camp Cypherpunks'' are those that
advocate crypto-anarchy because they like the social and political
implications.  It is possible to be an A-Camp Cypherpunk or a T-Camp
Cypherpunk without being the other.  Of course, it is quite possible
to be both.  It has often been said on Cypherpunks, that ``we'' are
not a ``we''.  Decius falls into a trap by assuming that all
Cypherpunks are in the A-Camp.  This mistake colors the entire essay.

The main problem with Decius' essay is that it assumes that
Cypherpunks _merely_ advocate crypto-anarchy.  In fact, T-Camp
Cypherpunks do not stop at this puny point.  They observe that
crypto-anarchy is the _likely_ _outcome_ of the current technology
trend (this trend is discussed below).  Note that this observation of
fulfillment, if correct, is a far stronger statement than merely
advocating that crypto-anarchy should happen or would be a really good
idea.

A-Camp Cypherpunks also advocate that this trend should be exploited
to its conclusion, sooner rather than later, to preempt any massive
government crackdowns that would only prolong the transition pains.
The rationale being that these supposed government crackdowns have no
place in the natural evolution of a free society.  And that the
continuance of a free society is preferable to that of a move towards
a police state, which would be required to facilitate the useless ---
in the end --- crackdown on this information technology.

Decius is also wrong when he states that crypto-anarchy means people
will never again be accountable or recognized (pure A-Campers might
like this to be true, although I doubt it).  In the T-Camper's view,
crypto-anarchy means that people have the choice of when they wish to
be accountable and recognized for their statements and information
movement-related actions and when they wish otherwise.  People are not
forced under the crypto-anarchy model to be unaccountable or
unrecognizable.  Likewise, the crypto-anarchy model allows people to
ignore those that are unaccountable and unrecognizable, if they wish.
Decius fails to recognize that people could be recognized, and even
paid, for example, when operating under a pseudonym instead of
completely anonymously (this concept links two Cypherpunks favorites:
untraceable anonymous e-cash and anonymous reputations).

As primary counter-points to Decius on this issue:
- - The people who wrote the Federalists' Papers did so anonymously,
  yet I suspect that all were well-known and transacted business and
  other politics under their ``real names'' most of the time.
- - Individual articles are anonymously published in the _The Economist_
  yet I suspect that people are being paid to contribute information
  to this newspaper (at least, I know I am paying a lot per year, for
  a newspaper, to get the information :-).
- - The recently released ``Primary Colors'' book by Anonymous.  Yet
  this person, if the publisher is to be believed, is well-known to
  President Clinton (I think it may all just be a good marketing scam :-).

Back to the main point of unstoppable --- in a free society, at least
- --- technology trends.  Decius has not, but must, account for the
following change due to technology: Up until now, communication system
deployers (e.g. The Phone Companies) have been basically blackmailed
(through easily applied laws and licensing) into creating systems with
backdoors for government's use.  As system intelligence moves to the
end-user devices away from the internal network devices and encryption
moves to end-to-end encryption from link-based or non-existent
encryption, this form of blackmail will no longer work since there
will no longer be a small number of easily controlled entities
building and deploying the systems.  There will be open standards for
the interconnect itself [IPng or whatever].  And anyone will be able
to implement end-user devices that layer end-to-end encryption on top
of the raw interconnect services provided by the new network model.
In some ways, we have already arrived at the new interconnect model:
the Internet based upon IP.  In the form of today's computers, we also
have a rudimentary incarnation of the required intelligent end-user
device.

In sum, I am a T-Camp Cypherpunk not because I necessarily think
crypto-anarchy is a good idea but rather because the technology trend
will continue to make it happen.  I also happen to be an A-Camp
Cypherpunk but it is for the reason that I am a T-Camper alone that I
derive that there can be no compromise on the issue of crypto-policy.
Not only would it be a bad idea to compromise, but also any compromise
will fail due to continuing changes in technology that favor
intelligence in the end-user devices and end-to-end encryption over
intelligence in the internal network components and easily controlled
encryption.  It is better to see the technology trend and embrace it
to prepare for the new crypto-anarchy to come.  ~``Those that prepare
for the change will have a lot of success, while those that ignore the
technology trend in this area will be left behind.''~  Truer words have
never been spoken.

Regards,
Loren

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSGeTP8de8m5izJJAQFFrQP/ZQFu64mGC/u4YC7jAsnv22Cx3Eub+xVw
i3IYX7aHJopfG3g6IVifaGuEJmHxF6mZDHj+YSS/9fQfHUm7QZtoXmgmvxgWpP3s
KiUVLgYA3/cVfZn/6iOUHlQCehzj2N4IPdW2QGWbe2rbk1i1YaiGLpnB+RRXo4nW
r7mKrSVOjOQ=
=TIOb
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Wed Feb 14 06:03:31 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:03:31 +0800
Subject: No Subject
Message-ID: 



It's real simple folks. Turn the damn set off.

If parents wont accept the responsiblity to monitor what their kids 
watch, then they get what they get. If I don't want my kids watching 
television when I am gone, then I take the remote with me, as that is the 
only way my TV works.

The V-chip, like every other type of electronic lockbox devised to date, 
is nothing more than a band aid trying to cover the real problem - lack 
of attention paid to one's children and what they are doing. A 
govermental solution designed to regulate and legislate morality. History 
has demonstrated that every time a government makes attempts to enforce 
what is considered the basic tenants of civilized behavior then the game 
has already been lost. The people and the politics have become so 
corrupted that no form of democracy will survive for long - as it is 
dependant on the individual's willingness to abide by the principle of 
personal honesty.

On Sun, 11 Feb 1996, Alan Olsen wrote:

> At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
> >The Dranged Mutand is far from deranged when he writes:
> >
> >At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
> >...
> >
> >>And besides... why rate program just on violence?  Why not "quality" from 
> >>a variety of orgs?  Other content ratings, from various organizations.  
> >
> >...
> >
> >One thing the V-Chip gives us is the argument:  Now that parents have the
> >ability to control what their children watch, the government should turn
> >responsibility over to them and butt out.
> 
> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)
> 
> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)
> 
> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
> from some sort of rating system or a heavy handed FCC regulation or two.)
> And don't believe that the V-Chip will let you choose the rating service.
> It will be one centrally produced rating from some faceless and nameless
> entity.  I am willing to bet that we will see some pretty absurd examples of
> ratings (mild things getting heavy ratings above and beyond the call of
> sanity) in the future.
> 
> The v-chip will be less than useful as a real filter tool for those of us
> who have a different worldview than the censors.
> 
> Remember: "Future events like these will happen to you in the future!"
> ---
> Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
>         `finger -l alano at teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> "I, Caligula Clinton... In the name of the Senate and the people of Rome!"
>    - Bill Clinton signing the CDA with the First Amendment bent over.
> 
> 





From owner-cypherpunks at toad.com  Wed Feb 14 06:05:20 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:05:20 +0800
Subject: No Subject
Message-ID: 


On Tue, 13 Feb 1996, Jeff Barber wrote:

> Ray Arachelian writes:
> 
> > So there are options for those who want less noise.  I do not beleive it 
> > is anyone's place to banish anyone from posting to the list, nor grading 
> > a person's worth based on past posts.
> 
> Every one of us "[grades] a person's worth based on past posts" and
> this is as it should be.  That's why my finger hovers only nanometers
> above the 'd' key when I see a post from, say, Vlad the Imposter.

I'm not talking about from a personal point of view, delete the stuff in 
your mailbox at will, I'm talking about NOT filtering messages that are 
sent to all from toad.com.  :)  There is a difference between deleting 
stuff you don't like for yourself, and deleting stuff you don't like for 
everyone.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From owner-cypherpunks at toad.com  Wed Feb 14 06:07:40 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:07:40 +0800
Subject: No Subject
Message-ID: 



I've just mailed off to Sameer Parekh the January '96 release of the
NRL IPv6 sources.  For those not in the know, this code implements the
IPsec protocol for both IPv4 and IPv6. IPsec is a cryptographic
protocol for securing IP datagrams -- it is now an IETF Proposed
Standard, defined in RFCs 1825-1829.

The code probably could use some work, but its not bad and a
reasonable start for all sorts of work.  This is a new version that
reportedly has lots of bug fixes -- I'm also given the impression it
may be the last NRL release of this code because the people doing the
work have left there -- if it gets adopted by the BSD community, it
will probably end up integrated into future NetBSD, BSDI and FreeBSDs,
which would be where to look for future releases.

The code should drop into BSDI almost out of the box -- it requires
more work for NetBSD and FreeBSD.


Perry

PS Sorry to interrupt the discussion of the sex life of the Aloe Vera
plant with something as irrelevant as cryptography. I can't resist
sometimes.





From lharrison at mhv.net  Wed Feb 14 06:07:45 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Wed, 14 Feb 1996 22:07:45 +0800
Subject: More DaveMail: New Date: 2/22/96
Message-ID: <9602131710.AA23378@mhv.net>


At 08:12 AM 2/13/96 -0500, Robert Hettinga wrote:
>
>  ***February 22, 1996
>
>  The start time will be: 12:01AM, Pacific, 2/22/96.
>
>  The end time will be: 11:59PM, Pacific, 2/22/96.
>
>  February 22 is George Washington's Birthday. A national holiday in
>  the United States. It's a bank holiday. The post office is closed.


    Although I missed the beginning of this thread, FYI, the holiday will be
celebrated on Monday, February 19, 1996, i.e., the day when it will be a
national holiday, and the banks and post office will be closed.


Regards -
Lynne


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison at mhv.net         |      - Go to bed."
*******************************************************






From sunder at dorsai.dorsai.org  Wed Feb 14 06:08:31 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Wed, 14 Feb 1996 22:08:31 +0800
Subject: META: Filtering/Posting advice
In-Reply-To: <199602122243.RAA22214@bb.hks.net>
Message-ID: 


On Mon, 12 Feb 1996, Leslie Todd Masco wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> "I have a concern..."
> 
> Cypherunks 
> First: Stipulated that any traffic has a 'right' to be on cypherpunks.
> However, cypherpunks is what we make it.  Every time you post a message,
> consider the desirability of seeing a hundred or so messages just
> like it from every other readers' point of view.  Content control begins at home.
> 
> Second: I'll remind the reader that one can easily evaluate an
> individual's past contributions to cypherpunks by looking at the archives'
> "by author" listing.  If you post to cypherpunks, I'd suggest that you
> go back and look at what you've posted in the past to get a feel for
> how other people on the list see you.

There are options for those that don't want to read the noise.  I do run 
a free filtering service, it's certainly not the best in the world, but 
it's available for free and all who want it.  There are two more that I 
know of, one for free the other for pay.

I'd like to filter the stuff I send according to topics, but I haven't 
yet written the tools to do so.  As it is most of my subscribers are 
happy with the crappy service I provide, much happier than having the 
whole list delivered to them.

Personally, I am interested in reading the whole list because even some 
of the noisy messages are worth reading (except for Perry's "This don't 
belong here" and *PLONK*'s. :)

So there are options for those who want less noise.  I do not beleive it 
is anyone's place to banish anyone from posting to the list, nor grading 
a person's worth based on past posts.  Remember that the cypherpunks list 
is after all headless and should remain that way.  The whole point is to 
have an anarchic, leaderless, moderatorless list.

Now some Cpunx do have reputations for being on the ball.  Tim and Hal 
being two such punx.  That doesn't make them moderators, nor does it make 
them the only voices worth listening to, nor does it make them infallible 
or on-topic all the time either.

Yet were to to instill a fascist moderated list, their voices would be 
squelched by definition of what doesn't fit.  Not a cool thing IMNSHO.

Certainly there are cross overs ranging from news bites to Mitnik to 
conspiracy-paranoia-punks, etc.  I don't mind reading some of the shit to 
get to the good bits.  You never know, even the shit messages have some 
worth in the long run.

"If you filter, filter it yourself for yourself" is what I agree with.  
Now some folks think that the stuff I filter for them is exactly or close 
to what they want or better than having to do it themselves.  Fine by me, 
I'm happy to filter stuff for them.  As much as I'd like Perry to cut the 
shit and write code instead of spamming the spammers, I'd rather have to 
put up with the shit than to put up with restrictions on the list.

Just my e$0.02. :)

[Shameless plug: to subscribe to my list, send a >PRIVATE reply, don't 
reply such that the message will reach cypherpunks at toad.com with the 
subject being either "FCPUNX HELP" or "FCPUNX SUBSCRIBE" and no quotes...

The 'bots that subscribe folks will refuse any subscription attemts that 
come via the actual cypherpunks list. :]

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From owner-cypherpunks at toad.com  Wed Feb 14 06:38:50 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:38:50 +0800
Subject: No Subject
Message-ID: 


http://www.microsoft.com/intdev/inttech/cryptapi.htm    

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warmish here.








From owner-cypherpunks at toad.com  Wed Feb 14 06:53:13 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:53:13 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 09:55 AM 2/13/96 -0800, Bill Frantz wrote:

>>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>>idea.   Quite the contrary; I think it actually supports me.
>>
>>How so?, you ask?  Well, let's consider any potential assassin who might be 
>>interested in this "contract."  Aside from the obvious moral issues involved 
>>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>>is that such a potential assassin would see a number of problems that would 
>>strongly dissuade him from attempting to kill Rushdie.
>>
>>1.  There is no way he could be assured that he could collect the award 
>>anonymously.  His name would certainly "get out," and then he would be 
>>subject not merely to "the law," but also anybody who wanted revenge for 
>>Rushdie's death.
>>
>>2.   There is no way he could be assured that he would actually receive the 
>>award.  (How would he prove HE did it?)
>>
>>3.  That's because there is no way he would enforce this "contract" should 
>>the offerer refuse to pay.
>
>These points would not affect a devout Iranian Muslem.  To him the death
>warent has already been issued by legitimate authority.  It is not even
>clear that money would be his princple motivator.

Which simply proves my point;  money is not the limiting factor, here.

>I must respectifully disagree with Jim in this case.  I believe that
>Rushdie has not been hit because the protection he enjoys is sufficent to
>repel the potential assassins.  Note that he has an advantage over the US
>president (who probably has as many potential assassins) in that he does
>not need to make public appearences.

But remember, Rushdie is merely ONE PERSON.  And keeping him safe has 
consumed a lot of resources.  You don't think the government could protect 
each of their most publically hated employees to a similar level if a reward 
of, say, $20,000 were put on each of their heads.  How much could we collect 
to "get" Lon Horiuchi, for example?  Or the hundred or so agents immediately 
participating in the initial Waco incident, or the dozen or so decision 
makers immediately above them?   Etc.

The Rushdie incident is simply so far removed from "Assassination Politics" 
that it can't possibly be used to refute it; I still believe it actually 
demonstrates how much effort somebody has to go to, to protect a targeted 
person.  One targeted person is easy to protect.  10,000 would be FAR 
harder.  And the moment a few of those guys got "whacked," the rest would 
want to resign their jobs and hope they would be allowed to retire in peace.


>Adding money to the pot will attract rational (and amoral) people who will
>then make a determination based on (1) profit, and (2) risk, which includes
>getting caught or killed.  It seems to me that Secret Service levels of
>protection can protect a public figure against even Assassination Politics.

In a sense, qualitatively you absolutely correct, but (quantitatively) 
you're wrong.  

I think the problem is that when most people hear the term "Assassination", 
they think of only the highest-level targets.  Quite the contrary; I think 
this system will get the medium and even the lower-level people FIRST, 
de-populating the government primarily by hurried resignations of worried 
people.  The remaining  people would be terrified to actually make anybody 
angry, and they wouldn't have a paycheck because they couldn't collect any 
taxes.  The whole system would collapse in a heap.

Jim Bell

Klaatu Burada Nikto

Something is going to happen.   Something...Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDmO/qHVDBboB2dAQFeOgP/bpXFbTfw1R/iTRsWOrEZJI22N4nFPWX3
XBN2dx106jTdx/eoYz1rhjiaeZt/FzB83DABj34HuVPkws1OPEQ2e6Dneva5RjHK
QJFN4Po9SN03fb+7l3yp5Axr/1P4j4eiao4t0oAF+NPNk2FzU2LvHEMpbIawme0B
AC6Uv4nR8hc=
=9lr1
-----END PGP SIGNATURE-----






From owner-cypherpunks at toad.com  Wed Feb 14 06:57:19 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 22:57:19 +0800
Subject: No Subject
Message-ID: 


I got a mouse pad in the mail today, mailed in
Maryland, but otherwise in a plain brown envelope.
It has nice, understated gold seal announcing it
is from the National Security Agency's Information
Systems Security Organization.

Obviously it wasn't export controlled.

I met these people at the recent USENIX
conference; there was an Air Force related trade
show in the center next door to the San Diego
Marriott. I was looking for people to submit
papers to the upcoming USENIX Unix and Network
Security Conference in San Jose in July. The
deadline for extended abstracts is one month away
(hint, hint).

Greg.

-- 
Greg Rose               INTERNET: greg_rose at sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.





From owner-cypherpunks at toad.com  Wed Feb 14 07:21:01 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 23:21:01 +0800
Subject: No Subject
Message-ID: 


"Declan B. McCullagh"  said:

DBM> ObCrypto: Yes, Know Your Enemies and work with the natural
DBM> enemies of the religious right, such as groups like the ACLU and
DBM> the FEN. The theocratic push to outlaw nonescrowed crypto is
DBM> next.

	As someone who would prolly be considered part of the
'religious right' (why don't we ever hear of the 'religious left', who
are prolly just as much in support of banning porn?), I have to take
exception to this.  I'm appalled by the CDA, and, if you start
pointing out to religious supporters of the CDA that it has already
resulted in the King James version of the Bible being removed from (at
least) one web site, I'm sure that some of them will be as well,
especially the fundamentalists for whom the spread of the Gospel is,
well, gospel.  Be sure to point out that the same courts who the blame
for 'removing prayer from our schools' would be ruling on the indency
of the Bible.  As for supporting GAK/banning non-GAK, I don't think
that you would dispute that the 700 Club is strongly dominated by the
religious right, and it came out firmly AGAINST the entire notion of
GAK during the Clipper debate.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From owner-cypherpunks at toad.com  Wed Feb 14 07:46:51 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 14 Feb 1996 23:46:51 +0800
Subject: No Subject
Message-ID: 


> 
> From:	IN%"tallpaul at pipeline.com" 12-FEB-1996 00:47:35.36
> 
> >But I do not dismiss people as "lib'bers;" I merely call them that. I have
> >noticed that a large number of libertarians are fans of Rush Limbaugh and
> >chuckle a lot when Rush refers to women like Andrea Dworkin and her
> >supporters as lib'bers. I also find that the people opposed to Drowkin &
> >Co. are upset at her use of demagogic language, private dictionaries, and
> >the like. So am I, and started long before Rush got his TV shows. I am,
> >however, equally (if not more upset) by what I perceive as similar
> >demagogic etc. behavior by many libertarians. 
> 
> 	Large number of libertarians are fans of Rush Limbaugh? The last time
> I checked, Rush Limbaugh was basically a conservative populist like Pat
> Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
> who want to restrict free speech on ridiculous grounds, and who believe
> nonsensical things like an inability to consent to sex), that doesn't mean
> we're fans of his. I like some of what Jefferson said, too, but that doesn't
> mean I agree with him on slave-holding (or on agrarianism).

Neither Rush Limbaugh or Pat Buchanan are populists.  Populists tend to
believe in strong government with strict regulation of business, an
actually progressive tax system, confiscation of businesses which break
the rules, government enterprise in competition with the private sector,
no secrecy in government of the type required in the private sector,
bias toward small businesses and sole proprietors, etc.
Letting business "do whatever they want", really doesn't qualify.
FWIU, Buchanan's only claim is opposition to "free trade"(forcing the US
to trade)

AFWIU, Jefferson didn't like slavery, and later freed his slaves,
but considered it necessary for business when he practiced it.
Have you worked at a job you didn't approve of?

> >Do they really have a right not to be styled "lib'bers?" No, I do not think
> >they have that right. 
> 
> 	Call us whatever you like. My problem with the term is that it's
> confusing. I doubt, for instance, that Rush Limbaugh is using it as an
> abbreviation for libertarian, although I'm not sure for what, if anything,
> it's a contraction.
> 
> >I do not believe that all lib'bers are in league with the Christian right;
> >I am distrubed, however, by the large numbers of lib'bers who strangely
> >never mention the existence of the fundamentalists in the
> >ultra-conservative ultra-private-property camp. 
> 
> 	Yes, the fundys are in there. Politics makes strange bedfellows; work
> with whoever you can on whatever you can agree on. It's sort of like both our
> and CPSR's opposition to the CDA - CPSR has entirely too many desires to
> regulate private property (free net access et al), but we can still work with
> them on what we agree on.
> 
> >I am equally concerned with some leftists who consider every example of
> >authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
> >who argues for social responsibility as a "socialst statist." One
> >difference I see is that I am willing to criticize both groups while many
> >(but not all) lib'bers are again strangely silent at least the "statist"
> >side of the equation. 
>  
> 	Well, about 25% or so of libertarians are anarcho-capitalists, so far
> as I can tell. So of course they're going to find anyone who's advocating state
> control a "statist." They've agreed to disagree with people like me who aren't
> anarchists, but that's because we've got most other things in common.  
> 	-Allen
> 









From rsalz at osf.org  Wed Feb 14 08:11:59 1996
From: rsalz at osf.org (Rich Salz)
Date: Thu, 15 Feb 1996 00:11:59 +0800
Subject: I've just unsubscribed from cypherpunks
Message-ID: <9602141233.AA00418@sulphur.osf.org>


Normally, when people post notices proclaiming "Jim, I'm putting you in
my killfile" or "I can't take it, you've ruined this list, I'm leaving!"
I think it's among the worst kind of petty egotism.  (To date myself,
Chuq's old "goodbye" postings are still the pinnacle of this for me.) It
makes me very uncomfortable to write the Subject line, but it is clear
and to the point; it makes things easier for would-be readers to decide
what to do.  And who said writing is supposed to be  asy, anyway? :)

Pot, kettle, guilty as charged, I suppose.  In my defense, however, I want
to explain that I've had many public exchanges with people on this list,
and this seems the most effective way to let them know that they will now
have to send me email directly.  In particular, if anyone has a rational
reply to my MS CAPI export issue, please Cc me.

Later,
	/r$





From WlkngOwl at UNiX.asb.com  Wed Feb 14 09:10:08 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 15 Feb 1996 01:10:08 +0800
Subject: Netscrape's Cookies
Message-ID: <199602140056.TAA21506@UNiX.asb.com>


I said:

> >I'm curious if anyone knows which sites use/modify it.

Dave replied:

> AFAIK, the only site that uses it is *.netscape.com

...I'm also curious as to what the data on each line means...

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From tallpaul at pipeline.com  Wed Feb 14 09:12:50 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 01:12:50 +0800
Subject: Req. for soundbites
Message-ID: <199602140254.VAA14200@pipe4.nyc.pipeline.com>


On Feb 13, 1996 01:17:19, 'cmca at alpha.c2.org (Chris McAuliffe)' wrote on
the Anglo-Saxon vs. Norman-French issue on "bad words." 
 
In addition ot his correct historical analysis, you also tend to find that
the "polite"/"politically correct" terms contain more words, more
syllables, and more "educated" historical references than the taboo
references. 
 
> 
>So, what is the French-derived word for Motherfucker? 
>And, being nice and long, why isn't it acceptable? 
> 
 
How about "Oedipal emulator?" 
 
The Greco-commedic impaired are cordially invited to engage in sollipsistic
copulation. 
 
--tallpaul 
  





From perry at piermont.com  Wed Feb 14 09:12:55 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 15 Feb 1996 01:12:55 +0800
Subject: key changes
In-Reply-To: <9602140140.AA23543@cti02.citenet.net>
Message-ID: <199602140232.VAA22283@jekyll.piermont.com>



It helps if you send out your new key, signed in your old key, when
upgrading keys. This partially maintains the web of trust (it
stretches it one link, but thats not so bad) and gives people who
trust your old key a way to trust the new one for a while.

Perry

Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> 
> **** NEW PGP 2.6.2 KEY *********
> 
> 2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
> Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 
> 
> 
> **** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****
> 
> 1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
> Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 
> 
> 





From perry at piermont.com  Wed Feb 14 09:14:05 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 15 Feb 1996 01:14:05 +0800
Subject: Response to Perrygram
In-Reply-To: 
Message-ID: <199602132216.RAA21610@jekyll.piermont.com>



Timothy C. May writes:
> Perry once again resorts to insults. Constantly belittling the efforts of
> others suggests deepseated psychological doubts about his own
> contributions.

I have no deep seated psychological doubts about my own
contributions. I do, however, have a deep seated dislike for people
who wish to demonstrate their "freedom" by posting anything they like
wherever they like. Sure, you are "free" to do that, just like you are
"free" to burn down your own house, insult all your friends, or
anything else that isn't socially worthwhile. You have to ask, though,
if these are things in your interest or that will improve the world.

I will repeat, Tim. You have no job and do nothing for a living. For
you it is probably hard to understand that some of us prefer to get
our mail segregated by topic so that we don't have to spend more time
than needed reading our email. However, for some of us, time is
money. I have failed to directly answer your comments on this sort of
thing out of deference to your "elder statesman" status around here,
but this is getting silly. If you want to post about libertarianism,
libernet, so far as I know, still takes postings. If you want to read
about the habits of migrating birds, there are interest groups for
that. We don't have a lot of good places to discuss specifically
cryptography and its impact, and this group was set up *for that*.

I mean, why not just have one mailing list for all topics of all sorts
if "filtering" and "hitting the 'd' key" are supposed to be the only
way we deal with this stuff, hmm?

Perry





From jimbell at pacifier.com  Wed Feb 14 09:19:30 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 15 Feb 1996 01:19:30 +0800
Subject: Assasination Politics
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:03 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"jimbell at pacifier.com"  "jim bell" 12-FEB-1996 04:18:43.34
>
>>>How much weight is Lotus going to give the opinions of a bunch of
>>>unbalanced sociopaths when they're thinking about making deal to gak those
>>>extra 24 bits?  Not much, I'll bet. 
>
>>If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
>>bits."
>
>>Lotus should announce that they have heard of this new idea on CP, called 
>>"Assassination Politics," and have assigned a couple dozen programmers to 
>>implement it by July 1996.  They'd back (guarantee) the prizes for the first 
>>such organization, and they'd sell the software to others.  At that point, I 
>>think the resignations from government office would skyrocket.  
>
>	It seems likely that any overt organization operating an Assasination
>Politics scheme will be outlawed... even though the most logical reading of
>current laws says that it isn't illegal (except for the gambling part). An
>anonymously constructed one seems a lot more likely - which Lotus could then
>anonymously patronize.

Even if operation of such a system is "outlawed," the government would still 
have to TRY to enforce the law, which would be mighty difficult.  Remember, 
the whole system is based on anonymity, which means it'd be hard to get 
witnesses to any overt act.  And we have 1st amendment issues to consider:  
If this system were operated from overseas, it would be difficult or 
impossible to restrict communication with the main organization, etc.

I believe that the enthusiastic support by some well-known software company 
(even if they didn't intend to actually run or assist in the running of the 
operation itself) would make the politicians shit bricks, leading to a 
cathartic national debate that we sorely need.

> I do have some ideas for making such possible, but I'm
>waiting on a defense of three points before I'll release them. These points
>are:
>
>	A. My previously mentioned problem with a limited but non-libertarian
>organization.

I don't deny that such an organization might spring up.  (Anti-abortion 
activists are the group which come most immediately to my mind, BTW.  I'm 
not in sympathy with them; quite the opposite.)  I've never claimed that 
this system is totally immune to such abuse, in the same way that the seller 
of a gun can certify that it will never be used to commit a crime.


>	B. I don't trust the average person to look ahead enough to make this
>(or other Anarcho-Capitalist) schemes work.

Fortunately, "Assassination Politics" will achieve this "crypto anarchy" 
even if only a tiny fraction of the population participate and use it.  The 
reason is that the number of decision-maker government employees is 
comparatively small and most will resign before being "terminated." (with 
extreme prejudice.)  The total cost to bring down the US government will 
probably be substantially less than $100 million.


> In other words, the average person
>has to be able to see that a non-limited organization is a danger to them,
>etcetera.

I realize that this takes a bit of thinking to recognize.  I've thought 
about this whole thing for nearly a year, now, and it is still a fascinating 
and yet a bit terrifying subject.


> Moreover, Jim Bell is ignoring the other sources of propaganda than
>government in convincing the average person that someone is doing something
>wrong (when, by my ethics at least, they aren't) - such as religion and
>various organizations like the PFDA.

Again, only a tiny fraction of the population needs to participate...


> Admittedly, as I've stated before, the
>requirement for some money would help, at least to the degree that our economy
>is meritocratic. (A growing tendency, fortunately.) If most people are on a
>subsistence wage (the result of free trade & automation with varying human
>abilities), they can't afford enough money for Assasination Politics. (Yes,
>I'm an intellectual Elitist. Deal with it.)

I've been asked what I think would be the average payoff for a medium-level 
government official "kill" would be.  Naturally, that would be 
market-driven, but it is reasonable to assume that most of the payment for a 
CURRENT contract killing is based on the risk; not merely the risk of doing 
the job and/or getting caught, but also the risk of dealing with (and 
trusting, etc) the other guy.  I suspect that the vast majority of 
convictions for contract killings occur not because the killer was caught in 
the act, but because of these relationships associated with it.

Since "Assassination Politics" promises essentially perfect anonymity to the 
donors as well as the "predictors", the majority of the "risk" associated 
with having such a job done would be far lower than currently.  I estimate, 
therefore, that you could get "action" for around $10,000.

Since "Assassination Politics" is based on a combined-donation system, even 
people on a subsistence wage could contribute; a quarter here, a dollar 
there, pretty soon it turns into real money.


>	C. While I may not like dealing with the average person very much (see
>above), I don't want to see them starving in the streets. I can see
>governmental welfare as being necessary for this, although the private form
>is definitely preferable. (And yes, I can justify this as being a 
libertarian -
>if not Libertarian Party - viewpoint. If I recall correctly, I had a debate
>with Perry on this on Libernet, in which he tried to dismiss me as "just a
>Democrat." I was posting under the name ALLENS at YANG.EARLHAM.EDU at the time).
>	-Allen

I understand your concern.  I wish there was some simple argument I could 
give which would assuage your fears.  However, I look at it this way:  The 
Federal government (and all other governments, around the world) are 
curently parasites on the rest of the population.  Now "parasite theory" is 
that the parasite has some sort of optimum "parasite level" above which he 
cannot go.   Once the cost for such parasitism is removed, there will be an 
economic boom for those "hosts" of the parasite.  Naturally, the parasite 
will be in trouble, but that's only justice.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDdJfqHVDBboB2dAQEvrAP8DBlD+6eDoUGNBHo+VjfjWHoCv17zuxaE
ZpRek0qYw1hyLH/BtDbhdF9WWX+epcxN2FHEMgC/LOlndUmyx2GsVX2usfetT7bd
CBDG99nOg7aU1ZPavmEJDsp9rd2kycdjDA2WkLWLj4FeiwT3kiT2Yieh1aVweXff
U3VB1cYCefc=
=3LY3
-----END PGP SIGNATURE-----






From lunaslide at loop.com  Wed Feb 14 10:40:04 1996
From: lunaslide at loop.com (lunaslide at loop.com)
Date: Thu, 15 Feb 1996 02:40:04 +0800
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: 


}jim bell writes:
}> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
}> he should demonstrate this by writing notes which are focussing on the
}> crypto aspects, rather than just complaining.
}
}Frankly, Jim, the only reason I haven't torn apart all the utterly
}ennervated simulacra of arguments you have posted to support your
}"concepts" is that they are *all* off topic and I do not participated
}in the discussion of off topic postings.

Frankly perry, you're a fucking child and I can't remember reading anything
intelegent from you in this list at all.  Jim Bell at least contributes
ideas.  You generate garbage.  I'm a patient man, but you've finally done
it.

PLONK!

Jeff

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----









From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb 14 10:45:58 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 15 Feb 1996 02:45:58 +0800
Subject: Strange Sounds of Silence
Message-ID: <01I14KX2XSX4A0UZOC@mbcl.rutgers.edu>


From:	IN%"tallpaul at pipeline.com" 12-FEB-1996 00:47:35.36

>But I do not dismiss people as "lib'bers;" I merely call them that. I have
>noticed that a large number of libertarians are fans of Rush Limbaugh and
>chuckle a lot when Rush refers to women like Andrea Dworkin and her
>supporters as lib'bers. I also find that the people opposed to Drowkin &
>Co. are upset at her use of demagogic language, private dictionaries, and
>the like. So am I, and started long before Rush got his TV shows. I am,
>however, equally (if not more upset) by what I perceive as similar
>demagogic etc. behavior by many libertarians. 

	Large number of libertarians are fans of Rush Limbaugh? The last time
I checked, Rush Limbaugh was basically a conservative populist like Pat
Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
who want to restrict free speech on ridiculous grounds, and who believe
nonsensical things like an inability to consent to sex), that doesn't mean
we're fans of his. I like some of what Jefferson said, too, but that doesn't
mean I agree with him on slave-holding (or on agrarianism).

>Do they really have a right not to be styled "lib'bers?" No, I do not think
>they have that right. 

	Call us whatever you like. My problem with the term is that it's
confusing. I doubt, for instance, that Rush Limbaugh is using it as an
abbreviation for libertarian, although I'm not sure for what, if anything,
it's a contraction.

>I do not believe that all lib'bers are in league with the Christian right;
>I am distrubed, however, by the large numbers of lib'bers who strangely
>never mention the existence of the fundamentalists in the
>ultra-conservative ultra-private-property camp. 

	Yes, the fundys are in there. Politics makes strange bedfellows; work
with whoever you can on whatever you can agree on. It's sort of like both our
and CPSR's opposition to the CDA - CPSR has entirely too many desires to
regulate private property (free net access et al), but we can still work with
them on what we agree on.

>I am equally concerned with some leftists who consider every example of
>authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
>who argues for social responsibility as a "socialst statist." One
>difference I see is that I am willing to criticize both groups while many
>(but not all) lib'bers are again strangely silent at least the "statist"
>side of the equation. 
 
	Well, about 25% or so of libertarians are anarcho-capitalists, so far
as I can tell. So of course they're going to find anyone who's advocating state
control a "statist." They've agreed to disagree with people like me who aren't
anarchists, but that's because we've got most other things in common.  
	-Allen





From olbon at dynetics.com  Wed Feb 14 10:56:20 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Thu, 15 Feb 1996 02:56:20 +0800
Subject: Subject lines?
Message-ID: 


Ok, has everyone forgotten to use a subject line today, or is there a
problem with toad.com?  Every message I received today that was dated 14
Feb (except one - from "E. ALLEN SMITH" )
had no subject and no from line (other than cypherpunks).  This includes
messages from Perry and Jim Bell.

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From jya at pipeline.com  Wed Feb 14 10:59:45 1996
From: jya at pipeline.com (John Young)
Date: Thu, 15 Feb 1996 02:59:45 +0800
Subject: SEX_hex
Message-ID: <199602141329.IAA12254@pipe4.nyc.pipeline.com>


   2-14-96. NYT Page One:

   "Compuserve Halts Restriction on Sex Material. To Offer
   Blocking Software."

      Citing a desire to leave Internet censorship to
      individual tastes rather than government decree,
      Compuserve said yesterday that it would restore
      worldwide access to most of the 200 sex-related computer
      data bases it had recently blocked under pressure from
      German prosecutors.

      "By this action, Compuserve is intentionally providing
      obscene material to its subscribers, and they do so at
      their peril," said the Family Research Council. "We will
      encourage the Justice Department to prosecute Compuserve
      for violating CDA."

      The Justice Department has agreed not to prosecute
      anyone under the new law at least until tomorrow.

   SEX_hex












From olbon at dynetics.com  Wed Feb 14 11:48:51 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Thu, 15 Feb 1996 03:48:51 +0800
Subject: Linux on the Mac
Message-ID: 


In the latest PowerPC news it is reported that OSF is porting Linux to the
Mac with the support of Apple.  Apple has a web site -
www.mklinux.apple.com that discusses this and has a link to the OSF site.
In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
the Mac and unix might put me in the minority ;-)

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From owner-cypherpunks at toad.com  Wed Feb 14 14:30:57 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 15 Feb 1996 06:30:57 +0800
Subject: No Subject
Message-ID: 



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Q3: how to make that connexion [from mid ocean] *secure*?

Ah, that part is easy. End to end encryption. IPsec or things like
it. I hope I don't sound like a preacher, but IPsec is a good thing(TM).

Perry





From owner-cypherpunks at toad.com  Wed Feb 14 14:35:02 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 15 Feb 1996 06:35:02 +0800
Subject: No Subject
Message-ID: 


At 10:03 PM 2/13/96 -0500, Adam Shostack wrote:
>	IP addresses are a scarce resource today.  Try getting a /16
>allocation (what used to be a class B).  There are politics in the
>process already.

I know they are getting scarce.  I just find the "let's sell IP addresses on
the open market" do be a scary though.  it will make them less available.

>	Addresses will not be easily 'transferable.'  The IETF is
>discussing a 'Best Current Practices' document that talks about
>address portability.  Basically, it can't happen, because the routers
>only have so much memory, and the routers at the core of the internet
>can't keep in memory how to reach every one; there needs to be
>aggregation.  The only feasible aggregation seems to be provider
>based, ie, MCI, Alternet, and other large ISPs get blocks of
>addresses.  They give them to smaller companies, like got.net, which
>gives them to customers.  The result?  The core routers have a few
>more years.

A good point. Having parts of subnet shifting around could be pretty painful
from an admin point of view.

>	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
>address space, and (hopefully) much more efficient allocation, as well
>as such useful things as hooks for automatic renumbering of address space.

I just hope that the AT&T scheme does not get put into place.  Otherwise it
will be just viewed like a stock split.  ("Wow!  We have more addresses to
sell!")

The AT&T plan as described sounds like something dreamed up by a marketing
droid as a way to "Make Money Fast Off Of The Internet".

What is the timeline for implementation of IPv6?

---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From jlasser at rwd.goucher.edu  Wed Feb 14 17:16:05 1996
From: jlasser at rwd.goucher.edu (Jon Lasser)
Date: Thu, 15 Feb 1996 09:16:05 +0800
Subject: secure web page ideas
Message-ID: 


For those people who have Netscape / an SSL-enabled web-browser, wouldn't 
it be useful to have secure web pages that did the following:

(1) An anonymous remailer web page, like the current ones (this one has 
    the obvious advantage that plaintext doesn't travel to the http server)

(2) A pgp-sending web page (type in key id into field, send message to 
    address given, encrypted)  This isn't a bad idea for the same reason that
    (1) above is a much better idea.

(3) Ultimately, a server that did (2), through (1).  Being able to send PGP
    encrypted email to a recipient through anonymous remailers, over the web
    with a secure browser might be PGP's "killer app" in one way or another.

How hard would this be to implement? Would it be worth waiting until the PGP 
3.0 API is released?

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb 14 17:33:38 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 15 Feb 1996 09:33:38 +0800
Subject: Assasination Politics
Message-ID: <01I14MB2RNWWA0UZOC@mbcl.rutgers.edu>


	I have changed the subject header (despite its destroying threading
with the way my mailreader works) so that Perry et al can more easily filter
this out. I have concluded that Assasination Politics, since it is a possible
development of true anonymnity, etcetera, is a proper discussion topic for
cypherpunks - while not cryptography in and of itself, it is a possible result
of cryptography.

From:	IN%"frantz at netcom.com" 12-FEB-1996 03:24:07.29

>Again, absolutely.  Hell, I can't even devise a filter that will let me
>filter out Jim Bell's rants while letting me see his reasoned arguments on
>anonymous assassination.  (I would love to have him address the Salman
>Rushdie issue, a man who is still alive despite a considerable announced
>price for his head.  There appear to be limits to who can be subject to
>assassination for pay.)

	Actually, that's an argument for non-misusage of Assasination Politics.
If the person hides, there's not much one can do about it. But a hiding
law enforcement agent can't be out violating people's rights. (I will mention
that whether a right is violated or not is essentially a matter of the
perceiver - under any system, whether governmental or not. All ethical
arguments assume either some degree of common ground that can be argued from,
or the finding of logical inconsistency). Those who do so via the net can be
taken care of via the other mechanisms discussed here. It's just that the
physical part is a possible net weakness.
	Moreover, just because _some_ rights-violaters (not that Rushdie was
one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
have to be 100% efficient to be effective.
	However, the Rushdie case does bring up one problem I have with
Assasination Politics as currently constructed. While people are unlikely to
patronize a general/non-discriminatory organization, a more particular but
non-libertarian one is still possible. For instance, if the Christian
Coalition put together an organization, anonymously, what would prevent them
from offing everyone who was a major leader against them - such as a doctor
researching new abortion techniques, or a geneticist (such as myself) doing
gene therapy work they found offensive? The patrons would know that _they_
wouldn't be targeted after all... I would appreciate a response from Jim Bell
on this subject.
	-Allen





From WlkngOwl at UNiX.asb.com  Wed Feb 14 17:34:30 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 15 Feb 1996 09:34:30 +0800
Subject: LI Newsday OpEd: Criminal Justice System
Message-ID: <199602121826.NAA02153@UNiX.asb.com>


> I personally find stuff like this interesting, but I prefer read about
> it in places like libernet or the like. Cypherpunks is for
> cryptography.

I thought it was somewhat related in terms of The Law (tm), but 
you're point is taken. (Hey, at least I posted highlights rather than 
the whole article).

Rob.
 
--- "Mutant" Rob 

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.





From willer at carolian.com  Wed Feb 14 18:09:30 1996
From: willer at carolian.com (Steve Willer)
Date: Thu, 15 Feb 1996 10:09:30 +0800
Subject: Free end-to-end encryption code?
In-Reply-To: 
Message-ID: <311f61c8.2606869@saturn>


On Mon, 12 Feb 1996 09:46:29 +0000, you wrote:

>On Mon, 12 Feb 1996, Steve Willer wrote:
>
>> As a side project, to support remote mail and news pickup through the
>> Internet to my company's servers (through a firewall), I've been
>> slowly writing an end-to-end encryption program. Essentially, the idea
>
>Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
>myself...

Okay...well...here's another problem. You see, most of the clients are
going to be Windows people. I can't use a Unix-only solution.





From unicorn at schloss.li  Wed Feb 14 18:19:38 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 15 Feb 1996 10:19:38 +0800
Subject: Response to Perrygram
In-Reply-To: 
Message-ID: 


On Tue, 13 Feb 1996, Timothy C. May wrote:

> At 6:33 PM 2/13/96, Perry E. Metzger wrote:
> 
> >Tim, you don't work for a living. Some of us do. You might try to
> >think back and remember what it was like in the days when you still
> >did something every once in a while and had a limited amount of time
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >available in which to do it.
> >
> 
> Perry once again resorts to insults. Constantly belittling the efforts of
> others suggests deepseated psychological doubts about his own
> contributions.
> 
> Shows you the reaction I get for even responding to him. My mistake.
> 
> Perry should learn how to use mail filters, then he can simply filter out
> all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
> in whatever reader he is using...surely typing "D" 20 or 30 times a day
> takes far less time than writing one of his perrygrams?


Am I the only one who thinks that big money could be made selling tickets 
for a first class section in which Mr. Metzger and Mr. May were seated 
in 2a and 2b?  How about the video rights?  Would you two consider a show 
featuring the pair?  Cyphercrosstalk?  Crosspunks?


---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From perry at piermont.com  Wed Feb 14 18:23:17 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 15 Feb 1996 10:23:17 +0800
Subject: Response to Perrygram
In-Reply-To: 
Message-ID: <199602140212.VAA22242@jekyll.piermont.com>



I'll post a bit more on this because trying to lower the noise levels
around here is a matter of community importance. If you are sick of
this, kill it now, and I apologize in advance for it.

Timothy C. May writes:
> I also note that for several years Perry was clearly spending a whole lot
> more time than even I am now on the Net, making the "Top Ten Usenet
> Posters," or somesuch.

Actually, I made #19, for one month. I was between jobs at the
time. It was 1990. I was not starting my new job for several weeks and
had nothing better to in the meantime. I always posted to the right
groups, or tried to.

As I keep emphasizing, the problem is not volume. It is selection. It
is very easy for me to select only those channels of information I
want to read provided that people keep the information going into the
proper channels. This is an effort that everyone across the net has to
work on. Nothing wrong with posting PROVIDED IT IS TO THE RIGHT PLACE.

> Likewise today. No one is forced to read my posts, Perry's posts, or anyone
> else's posts. This is what filters are for. As it happens, I do *not* read
> all of the posts here. In fact, I delete about 90% of them after scanning
> the first paragraph, the subject, and the author. Takes me about 15
> seconds, tops, to do this, and sometimes I'm even faster

Kill files help a bit, but ultimately they are not a substitute for
human filters. I *do* in fact just "d" messages I don't want to read
very fast -- within seconds -- but there are still limits to how many
messages one person can process. Between this and other lists I have
to spend several seconds each on hundreds of messages a day. That adds
up fast. 300*15=75 minutes of my day. I actually do better than this,
but I figure about one hour of my life, day after day, is spent
deleting garbage. Unfortunately, there are nuggets of gold inside, but
they are becoming harder and harder to find.

As I said, if its fine to put everything everywhere, then why not have
one single newsgroup and post everything there instead of thousands of
newsgroups and mailing lists?

The reason people are upset to read about Joe's Wash and Toast on
comp.lang.c isn't that there isn't a reasonable place to read about
that, but because the content is inappropriate for the particular
place. The problem with spamming is entirely that it forces people to
waste time looking at inappropriate junk. Its fine to read about the
green-card lawyers on a newsgroup dedicated to visas (and they will
probably be flamed there for charging for something free, but thats
another story), but its a public nuisance similar to dog poop on every
square of sidewalk when you have to read about it in every other
newsgroup. Inappropriate posts are exactly like dog crap on the
sidewalk. They don't kill you, and you can just "walk around",
but after a while you get sick of dealing with it hour after hour, day
after day.

Keeping appropriate postings in appropriate places is much like trying
not to park in such a way as to take up two spaces, trying not to
track mud into your apartment building, or other forms of good
citizensship. It isn't required, no law forces you to do it, but
everyone who isn't an asshole tries to follow the social conventions
because it makes life for everyone. Yes, its your right to park such
that no one can fit in behind or ahead of you, but is it something you
really should be doing?

> I write because setting down my thoughts and exploring ideas is far more
> important to me than just about anything else I can imagine doing,
> including writing C programs. If you don't like this, learn how to use
> filters and filter me out, or leave the Cypherpunks list. Seems simple
> enough to me.

Thats fine -- you not only have the right to write everything you like
but as a good writer you should. However, not all thoughts belong
everywhere. Do you randomize your public library, or do you try to
sort it? If you have ideas about whether Uri Geller is a fraud or not,
why not post them to sci.sceptic instead of here? Why try to post
everything everywhere?


Perry





From jf_avon at citenet.net  Wed Feb 14 18:24:39 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Thu, 15 Feb 1996 10:24:39 +0800
Subject: where can I ftp Secure Split?
Message-ID: <9602140140.AA23543@cti02.citenet.net>



**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From declan+ at CMU.EDU  Wed Feb 14 18:26:07 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Thu, 15 Feb 1996 10:26:07 +0800
Subject: V-chips, CC, and Motorcycle Helmets
In-Reply-To: <199602131752.JAA28288@netcom7.netcom.com>
Message-ID: 


Excerpts from internet.cypherpunks: 13-Feb-96 Re: V-chips, CC, and
Motorc.. by Bill Frantz at netcom.com 
> Adding money to the pot will attract rational (and amoral) people who will
> then make a determination based on (1) profit, and (2) risk, which includes
> getting caught or killed.  It seems to me that Secret Service levels of
> protection can protect a public figure against even Assassination Politics.

That may well be true, but speaking as someone who's worked on U.S.
Presidential campaigns, that kind of protection is expensive,
time-consuming, intrusive, and unlikely to be extended.

-Declan






From markm at voicenet.com  Wed Feb 14 20:19:01 1996
From: markm at voicenet.com (Mark M.)
Date: Thu, 15 Feb 1996 12:19:01 +0800
Subject: Subject lines?
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 14 Feb 1996, Clay Olbon II wrote:

> Ok, has everyone forgotten to use a subject line today, or is there a
> problem with toad.com?  Every message I received today that was dated 14
> Feb (except one - from "E. ALLEN SMITH" )
> had no subject and no from line (other than cypherpunks).  This includes
> messages from Perry and Jim Bell.

I think this is a problem with toad.com.  I have seen this happen before.
For some reason, the subject line isn't kept and "owner-cypherpunks at toad.com"
is on the "From:" line instead of the "Sender:" line.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSJEurZc+sv5siulAQEM8QP/WspjfhPKgK2LvylNja3/XMEFDZ8WYRNu
Ogfg1QzTiZIww2ww23b7+LJbiT+lRUDv91yBoa+XXL1U+2jDTW6bWoS653yDamVU
c3xmNpHAw6XuG9CH8/fBKCyqqZrBiTswFKDgh71s5AqZW9vMLTojCPz/mbfoUWzU
LUDrQeBfZ7w=
=oYnk
-----END PGP SIGNATURE-----





From tallpaul at pipeline.com  Wed Feb 14 20:39:14 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 12:39:14 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602141950.OAA19685@pipe6.nyc.pipeline.com>


Dear Decius, 
 
I greatly enjoyed your post on this topic at the cpyherpunks list. 
 
On a related issue, I have been giving a lot of thought to the possibility
of moving the functional aspect of anon servers away from professionally
administered and globally known sites like C2 to many smaller virtually
unknown sites. 
 
I have been informed that the latest Sysquest parallel port 135 Mb drive
lets you boot off of it, (e.g. load the driver off a floppy then boot a new
OS off the Sysquest.) This permits one to put a linux kernal, lots of
utilities, pgp, mixmaster, etc. etc. on the single $20 floppy drive, along
with an easy to use and understand interface for the "sysop." 
 
People can then have a complete mixmaster etc. system regardless of what OS
they use on their regular machine, resident on a floppy easy to hide and
cheap enough to destroy. It would lead to an enormous number of sites
popping up among jr. high school students in the family garage or rec room
through undregrads in their dorm rooms. Access would be mainly through
personal friendships and word of mouth. 
 
Makes it almost infinitely more difficult for government to track them down
let alone clamp down. 
 
--tallpaul





From dneal at electrotex.com  Wed Feb 14 20:55:11 1996
From: dneal at electrotex.com (David Neal)
Date: Thu, 15 Feb 1996 12:55:11 +0800
Subject: [NOISY] Re: New Internet Privacy Provider - Press Release
Message-ID: <199602141854.MAA03609@etex.electrotex.com>


> Date:          Sat, 10 Feb 1996 18:12:58 -0500 (EST)
> From:          "Declan B. McCullagh" 
> To:            cypherpunks at toad.com, Vincent Cate 
> Subject:       [NOISY] Re: New Internet Privacy Provider - Press Release
> Cc:            

> Excerpts from internet.cypherpunks: 9-Feb-96 New Internet Privacy
> Provid.. by Vincent Cate at offshore.co 
> > PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.
> >  
> > As a result of recent efforts to censor the Internet in France, Germany,
> > China, and now the USA, [we] anticipate
> > a larger market for privacy services over the Internet. ...
> 
> Thanks, but no thanks. I don't need a shell account at $1,200 a year.
> 


You though that was bad?  (Besides I though it was $300/yr not a quarter)
try their clearing services!  $500/mo + 6% of all tranactions.  Yeoch.

 I know T1s and satellite links overseas are  expensive, but they're not THAT 
expensive.  Hey, Mark Twain.  Form a seychelles entity with the same fee
schedule as your U.S. counterpart.  You won't know what to do with all
the money!






From unicorn at schloss.li  Wed Feb 14 21:03:14 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 15 Feb 1996 13:03:14 +0800
Subject: Response to Perrygram
In-Reply-To: 
Message-ID: 


On Wed, 14 Feb 1996, Timothy C. May wrote:

> At 2:04 PM 2/14/96, Robert Hettinga wrote:
> 
> >Perry and Tim,
> >
> >Why don't you two have sex already? The tension around here is getting
> >unbearable...
> 
> And why don't you stop cluttering up the list with supposedly cute stuff
> like this?

I was quite serious.  I find it immensely entertaining and valueable.  
Mr. Metzger in many ways, perhaps unwittingly, perhaps by design, forces 
the list to evaluate and consider how wide the scope of crypto actually 
reaches.  Everytime he asks "what does this have to do with crypto" he 
tends to be responded to with some quite creative and original connections 
(and some not so creative or original).  Everytime Mr. May points out 
arguments for wider topicality the reverse is true for the code purists.  
Discourse.  Extremely valuable in my view.  I'll refrain from commenting 
on Mr. Hettinga's comment.

> The couple of fairly short messages I've written in response to comments by
> Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
> flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
> Netscape battle.

Mr. May takes my point the wrong way.  Again, I was quite literal.  I 
think the conflict is the best thing since crosstalk.  It hits right on 
the money as to what this list is about from two extremely opposed 
parties, one with a more liberal (literal, not political) view as to what 
is on topic, and one with a more conserative (again, literal, not 
political) view.  As to my own Netscape rantings, well, I'll leave that 
without comment too.

> (If anyone can point to examples where I have engaged in protracted--more
> than a couple of short messages--flames, please send me pointers to these
> examples in private mail. I claim no especial morality, but I do think I've
> stayed out of ongoing flame wars. I haven't even commented on
> "assassination politics," even though it's just a watered-down and
> poorly-thought-out version of what I wrote about in 1988...easier to just
> delete the ramblings.)

As I state above, I think the argument is a long running theme for which 
Mr. May and Mr. Metzger are the opposing camp figureheads.  I wouldn't 
call your discussions "flame wars" (with the possible exception of the 
occasional low barb by Mr. Metzger) at all.

> And yet people like Bob and Uni feel compelled to throw their two cents in
> about what a spectacle this is.

Again, I was pointing out the value and interest of the specticle, not 
its lack of merit.  It is my view that empassioned discourse is among the 
most devine of human expressions, but then, legal education tends to 
indoctrinate that view.

> Get real.

I was being quite real.  I'm sorry you took it as sarcasm.  The pair of 
you should start a PBS show.  Seriously.

> --Tim May
> 
> Boycott espionage-enabled software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From llurch at networking.stanford.edu  Wed Feb 14 21:07:03 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 15 Feb 1996 13:07:03 +0800
Subject: Subject lines?
In-Reply-To: 
Message-ID: 


Me too! It has happened a few times before. Actually, all headers save 
Sender: are being trashed.

I'd thought it was an interaction problem with deliver, our local MTA. 
Or maybe it is, if you use deliver too. Please share experiences *in 
private email*.

The messages on news://nntp.hks.net/hks.lists.cypherpunks do have subject 
lines, so at least some messages are leaving toad.com OK. I think it's 
our problem.

-rich

On Wed, 14 Feb 1996, Clay Olbon II wrote:

> Ok, has everyone forgotten to use a subject line today, or is there a
> problem with toad.com?  Every message I received today that was dated 14
> Feb (except one - from "E. ALLEN SMITH" )
> had no subject and no from line (other than cypherpunks).  This includes
> messages from Perry and Jim Bell.
> 
>         Clay
> 
> ---------------------------------------------------------------------------
> Clay Olbon II            | olbon at dynetics.com
> Systems Engineer         | ph: (810) 589-9930 fax 9934
> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
> 550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>     "To escape the evil curse, you must quote a bible verse; thou
>      shalt not ... Doooh" - Homer (Simpson, not the other one)
> ---------------------------------------------------------------------------






From declan+ at CMU.EDU  Wed Feb 14 21:20:37 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Thu, 15 Feb 1996 13:20:37 +0800
Subject: CyberAngels
In-Reply-To: <199602140254.VAA14288@pipe4.nyc.pipeline.com>
Message-ID: 


Excerpts from internet.cypherpunks: 13-Feb-96 Re: CyberAngels
> >The Guardian Angels have decided to enter cyberspace and make it safe for 
> >us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

I fear the so-called "CyberAngels" more than I do the Feds. At least
with their brand of jackboots, there can be accountability.

The CyberAngels are more like CyberCads, CyberFrauds, or CyberCriminals.

-Declan






From fdr at osf.org  Wed Feb 14 21:53:24 1996
From: fdr at osf.org (Franklin Reynolds)
Date: Thu, 15 Feb 1996 13:53:24 +0800
Subject: Linux on the Mac
Message-ID: <199602142221.RAA11704@postman.osf.org>



>From: cjs at netcom.com (cjs)
>To: olbon at dynetics.com (Clay Olbon II)
>Cc: cypherpunks at toad.com
>Subject: Re: Linux on the Mac
>Date: Wed, 14 Feb 1996 07:26:42 -0800 (PST)
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>
>> In the latest PowerPC news it is reported that OSF is porting Linux
>> to the Mac with the support of Apple.  Apple has a web site -
>> www.mklinux.apple.com that discusses this and has a link to the OSF
>> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
>> fan of both the Mac and unix might put me in the minority ;-)
>
>They aren't *really* porting Linux to powermac. They're throwing a
>little bit of paint on OSF/1 and hiding some stuff in libc.
>
>Looks to me like they are basicly trying to ca$h in on the Linux name
>and reputation without contributing anything to the cause.
>
>I personally think that Linux International (they still around?)
>should put out a counter press-release informing the public that the
>Apple/OSF Linux shares only the name.
>
>Christopher

*Sigh*

OSF ported Linux to our microkernel which is derived from Mach 3.0
from CMU. And we have ported our kernel and the Linux server to
PPC. Of course some of the functionality that is in Linux was replaced
with micro-kernel functionality. That was the point. The Linux server
implements the higher level OS functionality like the file system,
process management, networking, signals, etc. The paper presented at
the Conference on Freely Distributable Software describes some of the
technical details.

We have also ported OSF/1 to our microkernel. Both servers are layered
on top of the same microkernel. Perhaps you are confusing the
microkernel with the OSF/1 server?  Anyway, you don't have to worry
about getting any OSF/1 code. OSF/1 is licensed software. It is
illegal to distribute it freely.

Franklin Reynolds
Open Software Foundation    |   phone # 617-621-7321 
11 Cambridge Center	    |   fax # 617-621-8696
Cambridge, MA 02142         |   fdr at osf.org





From rah at shipwright.com  Wed Feb 14 22:20:31 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 14:20:31 +0800
Subject: Response to Perrygram
Message-ID: 



>Am I the only one who thinks that big money could be made selling tickets
>for a first class section in which Mr. Metzger and Mr. May were seated
>in 2a and 2b?

Personally, I'd pay big money for a firehose, myself...


Or, as someone said once said long ago on a list far away:

Perry and Tim,

Why don't you two have sex already? The tension around here is getting
unbearable...

;-)


Cheers,
Bob

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From cea01sig at gold.ac.uk  Wed Feb 14 22:28:02 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Thu, 15 Feb 1996 14:28:02 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Mon, 12 Feb 1996, Timothy C. May wrote:

> At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.
> 
Oh, Come now!  Islam may in its present form be a religion deeply hostile 
to liberty.  But since "nuking" the whole Islamic world would not be 
itself much of a defence of freedom, the only long term answer is to 
promote within Islam the same kind of Reformation as eventually made 
Christianity half decent.  And Tim's comments do not contribute to that.  
I don't know how many internet servers there are in the Middle East.  
But, if I were an intelligent fundamentalist, I'd be copying it all over 
the place.  "Look", I'd be saying, "these people really do mean another 
crusade to destroy us and our faith".

I can understand Tim's disgust with these people.  But I do question his 
manner of expressing it.





From rishab at best.com  Wed Feb 14 22:30:46 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Thu, 15 Feb 1996 14:30:46 +0800
Subject: Top 10 anagrams - "Communications Decency Act"
Message-ID: <199602132011.MAA23703@shellx.best.com>



Terribly sorry, I've a mail backlog a mile long, haven't
seen this yet, etc etc. Besides, it's so short, and so brilliant,
that it deserves being posted more than once.

-Rishab

---begin forwarded text---

From: Mike Morton 
Date: Sun, 11 Feb 96 20:25:35 -1000
Subject: Top Ten Anagrams -- 'Communications Decency Act'


Copyright (c) 1996 by the author, Mike Morton . All
rights reserved. You may reproduce this, in whole or in part, in any
form provided you retain this paragraph unchanged.

Top Ten Anagrams for "Communications Decency Act"

 10. Caution cynic: Scan modem, etc.
  9. Communist, candy, cocaine, etc.
  8. Academic custom: Cynic on 'Net
  7. Connect CIA, communist decay
  6. I disconnect my Acme account
  5. [This anagram too offensive to post]
  4. Condoms, etc., can cue intimacy
  3. Decency? Commit a sin, account!
  2. Cut my academic connections
And the number one anagram for "Communications Decency Act":
  1. Comic scene: Nudity act on Mac

Runners-up:

     A succinct edict: man, economy
     CIA? Disconnect me, my account?
     Connect Mosaic; induce my act
     Cute, cosmetic cynic: Madonna
     I accuse; condemn my tactic, no?
     I accused: Connect into my Mac
     I can't commend saucy conceit
     Media custom: Connect a cynic
     Mice may disconnect account
     Scan me: CIA concocted mutiny

---end forwarded text---
----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From jya at pipeline.com  Wed Feb 14 22:31:32 1996
From: jya at pipeline.com (John Young)
Date: Thu, 15 Feb 1996 14:31:32 +0800
Subject: Rivest's Goldmine
Message-ID: <199602131756.MAA04192@pipe1.nyc.pipeline.com>


Probably old news to wizened Cypher-Codgers, still, Ron 
Rivest's Web site is a treasure:


     http://theory.lcs.mit.edu/~rivest/crypto-security.html


Has he omitted any crypto-security source?


His site should be regularly cited for cypher-coder toddlers 
and numbheads.








From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb 14 22:32:10 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 15 Feb 1996 14:32:10 +0800
Subject: CyberAngels
Message-ID: <01I161QL751CA0UXAU@mbcl.rutgers.edu>


From:	IN%"joseph at genome.wi.mit.edu" 13-FEB-1996 02:57:56.92

>I agree with allen, about the issues of 'nym. But looking at other aspects
>of these cyberangels I'm unsure how to feel. On one hand they seem resonable,
>protecting only the children. "Acts bewteen consenting adults are okay" say 
>they. But the protect the children was what the CDA hid under.

	The 'CyberAngels' are rather like the CDA in that they keep using
child pornography as a red herring to avoid talking about everything else they
want to do. I will not be surprised if they wind up being informants for the
CDA.
	The following CuDigest issues may shed some light on the issue.
Both I and tallpaul have done some responding to them, incidentally.
(In all of these, http://www.soci.niu.edu/~cudigest/ should be put in
front of the web addresses.):

Vol 7, Issue 86: CUDS7/cud786
Vol 7, Issue 87: CUDS7/cud787
Vol 7, Issue 91: CUDS7/cud791
Vol 7, Issue 93: CUDS7/cud793
	(I will note that the relevant article contains an inaccuracy on
bestiality, claiming that it is illegal in all states. This is not the case, as
some later CuDigests explain.)

Vol 7, Issue 94: CUDS7/cud794
Vol 8, Issue 4: CUDS7/cud804
Vol 8, Issue 6: CUDS8/cud806
	(I would appreciate some responses explaining the difference between
an anonymous remailer and methods for mailbombing using forgeries - "Gabriel"
does not seem to understand this.

Vol 8, Issue 13: CUDS8/cud813

	-Allen





From wlkngowl at unix.asb.com  Wed Feb 14 22:48:54 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Thu, 15 Feb 1996 14:48:54 +0800
Subject: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602140044.TAA29736@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Bill Frantz wrote:
[..]
> could be made within a month. He noted that new data showed that 40% of US
> Internet traffic was flowing through America OnLine's network and that
> together with Netscape the two companies would effectively  control the
> technology now shaping the global network - "And then Microsoft would be
> left without an Internet standard,".

I dunno. The World Wide Web Consortium supposedly exists to prevent 
corporations from controlling the technology and standards.  Most web 
sites are not on AOL, and not run under DOS/Windows.

Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSEwcioZzwIn1bdtAQFyGgF+LgcuxW9BkzwwMCUUC4/1OK9bGrDrfqHW
YKTmghUAd90jOEc4kC3zlSgPrZpfGlOU
=5b5G
-----END PGP SIGNATURE-----





From abostick at netcom.com  Wed Feb 14 23:12:55 1996
From: abostick at netcom.com (Alan Bostick)
Date: Thu, 15 Feb 1996 15:12:55 +0800
Subject: Cypherpunks in 3/96 WIRED -"Wisecrackers" by Steven Levy
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

The Cypherpunks figure prominently in an article by Steven Levy, called
"Wisecrackers" (p. 128), about codebreaking efforts like last year's 
Hack SSL effort and Ian Goldberg's and David Wagner's crack of Netscape's
encryption.  A quick scan reveals what seems to be a sensible and intelligent
article.

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSJPHOVevBgtmhnpAQGM1QL+I57APNZi10VzxR2zswIzKxZ2oGJ62o/t
OWT8cBKcohttQEV2y+sdFa4wlaieQXSo4iE7/nFtafW9fG/U7+ISGWbWW0UHOiJq
0FTw0RIzbdlyuJd8j5zVXT5uYUcENtjB
=jAhn
-----END PGP SIGNATURE-----





From cmca at alpha.c2.org  Wed Feb 14 23:20:55 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Thu, 15 Feb 1996 15:20:55 +0800
Subject: I've just unsubscribed from cypherpunks
Message-ID: <199602142342.PAA17273@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: willer at carolian.com (Steve Willer), Rich Salz ]
[Subject: Re: I've just unsubscribed from cypherpunks]
[Cc: cypherpunks at toad.com]

willer at carolian.com (Steve Willer) wrote:
>I don't understand what the issue is.

I understand perfectly what the issue is. Rich wrote an important
informational message about "MS CAPI export issue" - which raises
questions about how exactly MicroSloth got away with exporting CAPI. I
for one dearly want to hear the answer. Instead he gets a JimBell rant
about conspiracies or something (I didn't read it to the end).

He CAN'T just killfile the subject. It's HIS subject, and he wants to
read the answer. The thread is relevent. When the noise level exceeds
the threshold, even in threads which you want to read or indeed
initiated, something is fundamentally wrong. I'd unsubscribe myself,
except I can't.

ObCrypto: I think the govmint goofed, letting this out. Perhaps someone
should (anonymousely) alert the DoJ to start a grand jury to indict Bill
Gates. Someone overseas should ASAP interface PGP to it and publish it.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCUAwUBMSJqPoHskC9sh/+lAQFsuQP2JWma2HNFXSLg5h0pEUn3J/BlEmOu2kBa
avtfvbvLL+25JkTR2Fn3K+zw1b7OyREX1fSj7lKdfRf6WukUJ55snPrqJmaRYeWS
0b7XVAP4bxYNBVV+IjhU+IaZSOE9YY1zuAQ07lSLTmprNiCCQm37loxfyBRiJsrU
VfGxKUXyqA==
=RiJ/
-----END PGP SIGNATURE-----





From rah at shipwright.com  Wed Feb 14 23:21:45 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 15:21:45 +0800
Subject: FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Message-ID: 



--- begin forwarded text

From: "Roger Koppl" 
Organization:  FAIRLEIGH DICKINSON UNIVERSITY
To: austrianecon at agoric.com
Date:   Wed, 14 Feb 1996 12:38:57 EDT
Subject:       FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Priority: normal
Sender: owner-austrianecon at agoric.com
Precedence: bulk
Reply-To: AustrianECON at agoric.com

I got this from a colleague.  Apparently the source is LaughWEB.

Sound familiar?

Roger
---------- Forwarded message ----------
*****************************************************************
        Be sure to visit LaughWEB
(http://www.misty.com/laughweb/)
*****************************************************************
*File Description: The Natural Life Cycle Of a Mailing List*

THE NATURAL LIFE CYCLE OF MAILING LISTS

Every list seems to go through the same cycle:

1.  Initial enthusiasm (people introduce themselves, and gush alot about
how wonderful it is to find kindred souls).

2.  Evangelism (people moan about how few folks are posting to the list,
and brainstorm recruitment strategies).

3.  Growth (more and more people join, more and more lengthy threads
develop, occasional off-topic threads pop up).

4.  Community (lots of threads, some more relevant than others; lots of
information and advice is exchanged; experts help other experts as well as
less experienced colleagues; friendships develop; people tease each other;
newcomers are welcomed with generosity and patience; everyone -- newbie
and expert alike -- feels comfortable asking questions, suggesting
answers, and sharing opinions).

5.  Discomfort with diversity (the number of messages increases
dramatically; not every thread is fascinating to every reader; people
start complaining about the signal-to-noise ratio; person 1 threatens to
quit if *other* people don't limit discussion to person 1's pet topic;
person 2 agrees with person 1; person 3 tells 1 & 2 to lighten up; more
bandwidth is wasted complaining about off-topic threads than is used for
the threads themselves; everyone gets annoyed).

6a. Smug complacency and stagnation (the purists flame everyone who asks
an 'old' question or responds with humor to a serious post; newbies are
rebuffed; traffic drops to a doze-producing level of a few minor issues;
all interesting discussions happen by private email and are limited to a
few participants; the purists spend lots of time self-righteously
congratulating each other on keeping off-topic threads off the list).

OR

6b. Maturity (a few people quit in a huff; the rest of the participants
stay near stage 4, with stage 5 popping up briefly every few weeks; many
people wear out their second or third 'delete' key, but the list lives
contentedly ever after).

******************************************************************************
LAUGH OF THE DAY - A service of LaughWEB (http://www.misty.com/laughweb/).

To subscribe, send e-mail to majordomo at world.std.com, with text:
     subscribe lotd email_address
To subscribe to lotd, point your web browser to:
     http://world.std.com/~joeshmoe/laughweb/lotd_subscribe.html


----------------------------------------------------------------------
Roger Koppl
Associate Professor
Economics and Finance
Fairleigh Dickinson University
Madison, NJ 07940
USA

Internet: Koppl at fdusvr1.fdu.edu
Phone:  (201) 443-8846
Fax: (201) 443-8804
----------------------------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From jlasser at rwd.goucher.edu  Wed Feb 14 23:36:13 1996
From: jlasser at rwd.goucher.edu (Jon Lasser)
Date: Thu, 15 Feb 1996 15:36:13 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


Several people have posted to the list that the Chinese, censored, 
Internet will fail. Usually, the claim is that the censored network will 
fail mostly because of technical reasons, namely the inability of the 
Chinese government to censor everything. The other significant claim made 
was that the Chinese problem is "behind" the "firewall" leading into the 
country... Suggestions have been made that RSA is involved with China to 
implement this censorship.

I would suggest that the Chinese solution to these problems is singular, 
and simple: the total inability to conduct any transaction anonymously.

How can this occur? It takes two parts; one simple, one somewhat more 
difficult.

The simple portion is a national (Chinese) database associating true 
names with key IDs. These keys will be usable only to sign documents, not 
to encrypt information, similar to the Federal DSS.

The more complex portion (from my perspective, at any rate) is a 
modification of the standard TCP/IP protocol, requiring that each packet 
be signed by its originating user. This would require lots of software 
modification on the Chinese end, as well as a conversion process at the 
National firewall. (This is where the censorship takes place; the 
censors don't filter out unwanted information, they sign acceptable 
information. They then store a reference to the bit of information with a 
hash. If the hash checks out, they don't need to re-sign the data. This 
allows a ramp-up after a while to provide adequate quantities of 
information).

The real question is who's going to design/implement this protocol? The 
answer is Western sofware companies which want to do business in China. 
RSA would obviously be called upon to design the protocol, as well as 
perhaps provide certain implementations of it. Another likely candidate 
is Microsoft, whose Windows OS has been declared a National Standard by 
China. It would hold obvious financial benifits for MS to develop a 
Chinese TCP/IP protocol for Windows. Any company which wants a monopoly 
in a country of > 1 billion people could probably get in on this deal.

Now that all information has a recognizable source, dissidents in China 
can be arrested, and unacceptable information never makes it into the 
country.

Can anybody say why this can't be implemented? Or why China wouldn't 
implement it?

This is obviously a worst-case scenario, but one which appears, at least 
to me, to be technically feasable.

I'd love to hear otherwise.
Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From perry at piermont.com  Wed Feb 14 23:42:15 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 15 Feb 1996 15:42:15 +0800
Subject: Linux on the Mac
In-Reply-To: 
Message-ID: <199602141521.KAA24196@jekyll.piermont.com>



Clay Olbon II writes:
> In the latest PowerPC news it is reported that OSF is porting Linux to the
> Mac with the support of Apple.  Apple has a web site -
> www.mklinux.apple.com that discusses this and has a link to the OSF site.
> In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
> the Mac and unix might put me in the minority ;-)

I hate to ask this, but why does this have an impact on cryptography?

Perry





From froomkin at law.miami.edu  Wed Feb 14 23:58:55 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Thu, 15 Feb 1996 15:58:55 +0800
Subject: anonymous age credentials, sharing of
Message-ID: 


Suppose Alice is a CA who issues anonymous age credentials.
Bob is 15
Carol is 25

Carol gets a legitimate anonymous age credential from Alice bound to an 
anonymous public key generated for this purpose.  Carol then gives the 
key pair to Bob.  Bob uses to do things only adults are legally permitted 
to do.  (It's not bound to Carol's everday keypair because that's not 
anonymous....)

What can stop Bob and Carol from subverting a scheme that relies on 
anonymous age creditials in this manner?

If the answer is "nothing" this might mean that purveyors of "adult" 
material might have no defense against a law requiring that they collect a 
True Name + age creditential....

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From markm at voicenet.com  Thu Feb 15 00:13:54 1996
From: markm at voicenet.com (Mark M.)
Date: Thu, 15 Feb 1996 16:13:54 +0800
Subject: PING packets illegal?
In-Reply-To: <199602140355.TAA08824@jobe.shell.portal.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 13 Feb 1996 anonymous-remailer at shell.portal.com wrote:
 
> Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
> say, England, decided to ICMP-ping a host in America? Nothing wrong with
> that ...... but if those ping packets contained little pieces of something
> like PGP ...... would the host being pinged be breaking the law? Would
> all the hosts in the route between that host and the host in England that
> was doing the ping also be breaking the law?

Exporting encryption to the U.S. from another country is not illegal, only
exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
does not matter if TCP packets or ICMP-ping packets are used to transmit the
data. 

However, it has not been decided if all of the hosts in between the source and
the destination are violating the law.  Since it is impossible to monitor the
contents of every packet being transmitted over a network, I seriously doubt
that any intermediate host would be considered to be in violation of ITAR.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSJD7rZc+sv5siulAQH7dQP/U2CsagSQYv7opIIU40drvTNXoHeryL0H
Q5KhJczjXJOCulRpuJiXULVpbWA9qYAEJ9vz3+mLs+EEiQ3ge+MxiIYA35wBTI0g
qfZh0qEmZjL5wMb+js2awwOGrsy0NsUsSgsHlbWItZ3/ZVrH7j7oI4LmrUKHNshQ
DmiADuwUlVM=
=cdEk
-----END PGP SIGNATURE-----





From tcmay at got.net  Thu Feb 15 00:20:54 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 16:20:54 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: 


At 11:28 AM 2/9/96, Duncan Frissell wrote:

>Look, the reason we hate the CDA is because it restricts speech.
>Restrictions on credit agencies gossiping about you are also speech
>restrictions.  If you are out in the world, people are going to talk about
>you.  The credit agencies are much easier to handle and less intrusive than
>the women were who talked about you while beating cloth on the rocks in the
>stream back in the old village.

Recall that in 1914 America adopted the "Gossiping and Busybodies Fair
Reporting Act," requiring all gossipers and busybodies to register their
planned speech acts with the typically-named Privacy Ombudsman (now
Ombudsperson). The modest registration fee of $75, a lot of money in 1914
of course, appears to have had a chilling effect on this market, as there
are few if any gossiping women beating clothes on rocks at the stream.

More seriously, what I find useful when thinking "There ought to be a law!"
thoughts is to imagine how it might be enforced against _me_. Creative
visualization. For example, while I get angry at times with TRW and
TransUnion like everyone else, I imagine a welter of laws about the keeping
of records and I imagine someone coming to *my* door and announcing that he
was there to inspect the contents of my hard drives to determine if I had
unlicensed data.

(Tim Philp's idea that this would only apply to "corporations" or
"businesses" (not clear which he means) misses the point. Am I, for
example, a business? Having such laws kick in at some well-defined
threshold would simply shift the nature of the information-gatherers...for
example, they's subcontract out the record-keeping to a raft of smaller,
linked entities. Then you'd have to prosecute people and companies for
accessing illegal data banks, etc.)

I am willing to support a few laws, about murder, theft, rape, etc., but
not busybody laws trying to control what information people collect.

If someone asks what the relevance to this list is of this issue, then they
really are as dumb as dirt, and as dumb as endangered dirt, too.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From raph at c2.org  Thu Feb 15 00:45:58 1996
From: raph at c2.org (Raph Levien)
Date: Thu, 15 Feb 1996 16:45:58 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: <199602142049.MAA20108@infinity.c2.org>


   This message briefly reviews and compares the four major email
encryption protocols under discussion: MOSS, PGP, PGP/MIME, and
S/MIME. Each is capable of adequate security, but also suffers from
the lack of good implementation, in the context of transparent email
encryption.

   I will try to address issues of underlying cryptographic soundness,
ease of integration with email, implementation issues, support for
multimedia and Web datatypes, and backwards compatibility.

   An additional grave concern is key management. Contrary to some
beliefs, key management is not a solved problem. All of the proposals
contain some mechanism for key management, but none of them have been
demonstrated to be scalable to an Internet-wide email system. My
belief is that the problems with key management do not stem from the
classic Web of trust/certification hierarchy split, but the
nonexistence of a distributed database (with nice interfaces) for
holding keys. The encryption protocols also stand in the way of such a
database, with key formats that are either overly complex, inadequate,
or both.

   In case it is not clear by now, this review will be quite
subjective, in many cases representing my own beliefs rather than
objective fact. I'll try to point that out where I can. Also, I do not
claim to have a thorough understanding of PEM and PKCS. Much of my
knowledge comes from implementing premail, a tool that acts as "glue"
between mailers and encryption packages. It supports PGP, MOSS (using
the TIS/MOSS 7.1 implementation), and a draft of PGP/MIME, in addition
to a wide range of anonymous remailer services. While usable, premail
has many limitations, and certainly does not represent the "holy
grail" of transparent email/crypto integration. Thus, my participation
in the Internet Mail Consortium Secuirty Workshop
(http://www.imc.org/security-workshop.html).

   I apologize for the wide distribution, and ask that followups be
trimmed.


PGP
---

   PGP (Pretty Good Privacy) is, of course, the de facto standard for
email encryption on the Internet.
   PGP's underlying cryptography is quite sound - RSA (up to 2048 bits
with the most recent implementation), IDEA with a 128 bit key, and
MD5. PGP is entirely in accordance with the recent recommendations on
minimum keylength (http://www.bsa.org/bsa/cryptologists.html), and in
fact does not include a mode of operation in violation of those
recommendations. This makes PGP (and, by extension, PGP/MIME) unique
among the encryption protocols.
   PGP is packaged in a single application (i.e. a single binary)
which performs encryption, decryption, signing, verification, and key
management. It does not depend on the existence of great deal of
infrastructure. These factors have, in my opinion, been decisive in
PGP's popularity.

   However, PGP is still not suitable for fully transparent email
encryption. The reasons are complex, and I will only touch on them
here.

   The main missing feature is the lack of MIME integration. Thus, PGP
is not suitable for multimedia types other than US-ASCII text. PGP
does contain some support for 8-bit charsets, but at cross-purposes
with MIME. Signature checking of non-US-ASCII data is simply not
reliable. To give an idea of this problem, the most recent
international version (2.6.3i) tries several different character set
conversions when verifying signatures, to see if any of them will
work.
   However, since a large fraction of email _is_ US-ASCII text, this
feature alone probably does not explain the lack of deployment. PGP
contains a number of implementation flaws (including silly things like
not locking files, so that concurrent invocations fail). In addition,
key management has some problems. Mostly, key management is hard to
learn, time consuming, and requires a great deal of manual
intervention. The "Web of trust" is supposed to fix this, by providing
transitive trust of key authenticity. However, in practice the Web of
trust has not delivered. In my experience (with many dozen
correspondents), I have only had one or two keys transitively trusted.

   A standard PGP-signed message consists of a "-----BEGIN PGP SIGNED
MESSAGE-----" line, the signed text (subject to some canonicalization
rules), a "----BEGIN PGP SIGNATURE-----" line, a version line, the PGP
signature itself, and an "-----END PGP SIGNATURE-----" line. All this
is in the message body. The headers indicate that the message is a
standard 7-bit, us-ascii, text/plain message. Thus, mailers have to
parse the message contents to identify the message as PGP signed, or
to extract the signed parts. This is at cross-purposes with MIME.
Mailer implementors are reluctant to include such ad-hoc extensions.
Existing extensibility mechanisms, based on MIME, cannot be used.
   PGP encrypted messages are similar - the identification as an
encrypted message can only be made by parsing the message body.

   One technical problem with PGP is its inability to support
single-pass processing, because the data format includes a size
field.


PGP/MIME
--------

   PGP/MIME is an effort to integrate MIME and PGP. There is a
workable draft based on the MIME security multiparts, but the PGP/MIME
mailing list is divided. Some particpants are happy with the existing
draft, while others feel that other points in the design space
(for the most part, labelling existing PGP message formats with
appropriate MIME types) would be better.
   The design space is large and complex, with many constraints on
efficiency, simplicity, backwards compatibility, and functionality. It
is not clear that a consensus will develop at all.
   There are two implementations of the PGP/MIME draft: premail, and
the PGPMIME reference implementation by Michael Elkins.
   For more information about the PGP/MIME draft, see
http://www.c2.org/~raph/pgpmime.html .


PGP 3.0
-------

   Many people are hoping that PGP 3.0 will somehow come along and
solve all their problems. PGP 3.0 is only an evolutionary improvement
over the existing implementations (MIT PGP 2.6.2 and PGP 2.6.3i). For
the most part, it will support only the existing message formats.
There may be support for decoding draft PGP/MIME signed messages, but
this is still being negotiated.
   The main advance in PGP 3.0 is a cleaned up implemenation. The PGP
2.6.2 code is disgusting, and should not be integrated directly into
any mailer application. The 3.0 code will be modular and based on
published interfaces. Furthermore, the 3.0 development team plans to
release the code as both a stand-alone application and as a library.
   It is difficult to predict when the public release will happen.
Based on what I've seen, fall of 1996 seems the most likely.


MOSS
----

   MOSS (MIME Object Security Services) is an attempt at an email
encryption protocol in accordance with MIME. It is currently an
Internet RFC. There is a reference implementation (TIS/MOSS 7.1).
   MOSS is mostly cryptographically sound. However, the choice of
symmetric encryption algorithm (and key size) is left unspecified.
Thus, it cannot be said that MOSS is in accordance with the
recommendations for minimum keysize. In fact, the only public
implementation, TIS/MOSS 7.1, uses 56-bit DES, which is in direct
violation of these standards.
   The TIS/MOSS implementation has a number of other problems. It is
big and complex, probably due to its TIS/PEM ancestry. For more
information about TIS/MOSS, see
http://www.tis.com/docs/Products/tismoss.html .

   MOSS supports two modes of key management: X.509, and completely
manual key management. In this way, it is a dramatic advance over PEM,
which only supported X.509, but life for implementors remains hard.
One feature which I believe is sorely lacking is a cryptographic hash
of the public key as the basic unit of manual key management. Thus,
people either have to trust the mechanism by which the key was
delivered, or examine the base-64 representation of the entire key. I
consider this to be a serious usability problem.
   For an example of how hashes of keys have been done right, see
Netscape 2.0's handling of untrusted certificates.


S/MIME
------

   S/MIME is an attempt to graft MIME support onto underlying PEM
standards. See http://www.rsa.com/rsa/S-MIME/ for more info.

   I feel compelled to deal harshly with RSA's S/MIME FAQ
(http://www.rsa.com/rsa/S-MIME/smimeqa.htm). It suggests that MOSS has
interoperability problems because of multiple implementations, while
S/MIME presumably doesn't. I take strong exception to this statement.
There is no technical basis for it. I consider the possibility of
admitting multiple implementations as a _requirement_ for an Internet
email standard. However, because S/MIME is documented, it hopefully
will be possible to create independent implementations, in spite of
what RSA says.

   The only symmetric encryption algorithm mandated by S/MIME is
40-bit RC2. Thus, S/MIME is in violation of the key size
recommendations. Further, RC2 has not been confirmed to be publicly
known. If RC2 is not known, then an independent implementation of
S/MIME is impossible. Fortunately, source code for an alleged
implementation of RC2 has recently been posted to the Internet,
resolving this problem, if it is authentic. If not, then my
reservations remain.

   S/MIME also recommends 56-bit DES CBC and (either 112 or 168 bit)
DES EDE3-CBC. This is good; any S/MIME implementation in accordance
with the recommendations will conform to the keysize recommendations
as well.

   S/MIME remains firmly grounded in the X.509 certification
hierarchy, although the FAQ claims that the guidelines for hierarchies
are "more flexible" than in PEM.

   One cryptographic weakness of S/MIME is that eavesdroppers can
distinguish between encrypted and signed-and-encrypted messages. This
violates the principle of disclosing a minimum amount of information.
PGP, PGP/MIME, and MOSS do not have this problem.

   Probably the most controversial aspect of S/MIME is its signature
format. An S/MIME signed message is a MIME multipart in which the
first part is the data to be signed, and the second part is a complete
PKCS #7 (section 10) signed message. This protects quite well against
munging by mail transport, but has two problems. First, the size of
the message is doubled. Second, the fact that the two singed messages
are identical is not enforced (if it were, mailer munging would cause
too many signatures to fail). Thus, Eve can send Alice and Bob a
message (M1, (M2, Signature(M2))). Alice, not having an S/MIME
implementation, would see only M1. Bob, having an S/MIME
implementation, would see only M2, for which the signature would
check. Alice, being suspicious, might call Bob up on the telephone and
ask whether the signature was really valid. Bob would of course say
yes. Unless they compared notes on the contents, they would not notice
the discrepancy. To my mind, this counts as protocol failure, and thus
it is not possible to claim that S/MIME conforms to best cryptographic
practice.
   I would expect that doubling the message body will create
performance problems in a Web environment. For example, if the first
message is used for display, then it becomes necessary to compare the
two messages. If, instead, the second message is used, then the first
message will be responsible for significant added latency.


Integration with mailers
------------------------

   Integration with mailers is quite difficult. In general, the mailer
implementor will need to add specific features to support
cryptography. Because of the restrictiveness of ITAR regulations, such
an approach may not be practical for US developers, at least while
supporting strong cryptography.
   Perhaps the biggest feature required in the mailer is integration
of key management and the "address book". If this feature is not
implemented in the mailer, then two address books are required - one
to select email addresses, and another to map email addresses to keys.
This approach is used by premail, and is the source of many usability
problems. It would be nice if a database existed which could map email
addresses to public keys without manual intervention, but none of the
proposals on the table are capable of it. Such a database would
certainly improve usability, as well as making it considerably easier
to 

   Another feature that is required for fully transparent integration
is caching of decrypted session keys. If not implemented, then the
user interface delays in navigating a mail folder become unacceptable.
To my knowledge, no implementation supports this feature.
   One dimension in the design space is whether the cryptographic
engine is tightly integrated with the mailer (i.e. shares an address
space), or is a separate process that communicates with the mailer.
Both approaches have been implemented. Both approaches are subject to
numerous pitfalls, which have unfortunately not been entirely avoided.
   These issues have more to do with implementation than with the
encryption protocol, but I thought I'd mention them here, so that they
are not actively thwarted.


Conclusion
----------

   All of the proposals described here can be used for secure email.
None of them will be widely deployed in this capacity unless they are
implemented well. I have concerns that both MOSS and S/MIME are
susceptible to political pressure which will restrict key sizes
insecurely in practice. I would like to see consensus develop around
one of the proposals, so that energies used for implementation can be
more focussed and effective. It is my hope that this conference will
move in that direction.

Raph Levien






From scmayo at rsc.anu.edu.au  Thu Feb 15 00:52:49 1996
From: scmayo at rsc.anu.edu.au (Sherry Mayo)
Date: Thu, 15 Feb 1996 16:52:49 +0800
Subject: A good cryptanalysis text?
Message-ID: <9602150103.AA22683@toad.com>


> Hi all
> 
> A friend of mine is looking for a good introductory cryptanalysis
> text. Does Schneier's book cover this in much depth or is it more
> cryptography as the name implies.
> 
> My friend is a computer networking admin who is trying to widen
> his background knowledge of security related issues (this may
> mean that a more computing oriented intro is more suitable).
> 
> Thanks in advance for any suggestions.
> 
> Sherry
> 
> 






From rah at shipwright.com  Thu Feb 15 00:53:27 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 16:53:27 +0800
Subject: Response to Perrygram
Message-ID: 



>And why don't you stop cluttering up the list with supposedly cute stuff
>like this?




It seems it must be time to up my Ritalin dose. I will refrain such patent
copralalia in the future. If I can restrain myself.

I most abjectly beg your forgiveness for violating the pristine discourse
of this most august e-mail list.

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From adam at homeport.org  Thu Feb 15 01:04:00 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 15 Feb 1996 17:04:00 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <2.2.32.19960214070150.00af2350@mail.teleport.com>
Message-ID: <199602141509.KAA25060@homeport.org>


Alan Olsen wrote:

| >	Addresses will not be easily 'transferable.'  The IETF is
| >discussing a 'Best Current Practices' document that talks about
| >address portability.  Basically, it can't happen, because the routers
| >only have so much memory, and the routers at the core of the internet
| >can't keep in memory how to reach every one; there needs to be
| >aggregation.  The only feasible aggregation seems to be provider
| >based, ie, MCI, Alternet, and other large ISPs get blocks of
| >addresses.  They give them to smaller companies, like got.net, which
| >gives them to customers.  The result?  The core routers have a few
| >more years.
| 
| A good point. Having parts of subnet shifting around could be pretty painful
| from an admin point of view.

Its not an admin's point of view thats worrisome.  Whats worrisome is
that the routers at the core of the net only have so much memory, and
if the routing tables grow beyond that, we're all hosed, becuase the
core of the internet will start thrashing.  So, in essense, you taking
your network address with you when you switch providers ('address
portability' causes costs that must be borne by the entire global
internet.


| What is the timeline for implementation of IPv6?

	Good question.  I think the address allocation just went to
last call, which means that we should have a policy for getting IPv6
addresses pretty soon.  After that, you need to wait for your router
vendor to announce an IPv6 capable version.  I'd guess it will be six
to eighteen months before you can call Netcom and ask for an IPv6 PPP
connection.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From tallpaul at pipeline.com  Thu Feb 15 01:16:22 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 17:16:22 +0800
Subject: The Emotional Killer (or out of the frying pan and into
Message-ID: <199602141951.OAA19983@pipe6.nyc.pipeline.com>


On Feb 11, 1996 23:48:29, 'jim bell ' wrote: 
 
 
>At 11:59 PM 2/11/96 -0500, tallpaul wrote: 
>>I want to write on the theme posted to the list in the message below
where 
>>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is

>>what justifies my seeking their deaths, should I choose to do so."  
>>  
>>First, one thing that marks the sane adult from the child and the
floridly 
>>psychotic adult is the sane adult's knowledge that "feelings" and "facts"

>>are two different things.  
>>  
>>It is one thing to "feel," as J. Bell or all of us might, that our rights

>>have been violated.  
>>  
>>It is another thing to maintain, as J. Bell uniquely appears to do, that 
>>the "feeling" gives him the right to seek another person's death.  
> 
>You're clearly confused. I was responding to an accusation that I was 
>defending seeking somebody's death simply because of a disagreement of 
>OPINION.  My comment was intended to remind the reader that it is the 
>ACTIONS of a person which justify the self-defense; not simply the 
>disagreement. 
 
I disagree and I believe that my quote (reposted by J. Bell) of his
original statement supports me. He mentioned "ACTIONS" and he mentioned
"OPINIONS" but he relied on his "feelings" as the touchstone of reality.
More than ever I believe that he genuinely cannot understand the
difference. He still confuses his "feelings" which exist nowhere but inside
his head with "ACTIONS" which exist outside his head in the real world. 
 
He shows similar confusion as he continued to write. 
 
> 
>You falsely imply that a person can't be correct in his assessment that
his 
>rights were, indeed, violated. 
> 
 
I implied no such thing. If anything, I implied the opposite. Human beings
can assess reality. But they do not do so with "feelings;" they do so with
intellectual reality testing, not emoting. 
 
> 
>>  
>>This and other posts by J. Bell and other lib'bers lead me to believe
that 
>>their claimed interest in human freedom for everyone is little more than
a 
>>cover for a set of authoritarian expectations that they can do whatever 
>>they want, free from any control, responsibility, or accountability.  
> 
>Since you just got through misrepresenting my position, probably 
>intentionally, it's pretty hard to take the rest of your opinions
seriously. 
> 
>>The argued centrality of J. Bell's "feelings" over other people's lives
is 
>>something that puts him in the god category. (Thankfully J. Bell is not
one 
>>of the dreaded tax collectors or "socialist statists.")  
> 
>You're wrong yet again.  Let's see, tallpaul needs a logic lesson: 
> 
>Let's suppose I _believe_ my rights are being violated.  While that, in 
>itself, does not guarantee that this is CORRECT, on the other hand it 
>doesn't mean that it is INCORRECT, either.  You're falsely implying that I

>was ignoring the issue of correctness; I wasn't. 
> 
 
If he was not ignoring "correctness" I neither know nor see where in his
original post he mentioned this. He may wish to give me a "logic lesson"
over the issue of observation, but this also seems lacking in his post. 
 
--tallpaul





From llurch at networking.stanford.edu  Thu Feb 15 01:17:03 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 15 Feb 1996 17:17:03 +0800
Subject: secure web page ideas
In-Reply-To: 
Message-ID: 


On Wed, 14 Feb 1996, Jon Lasser wrote:

> For those people who have Netscape / an SSL-enabled web-browser, wouldn't 
> it be useful to have secure web pages that did the following:
> ...
> (3) Ultimately, a server that did (2), through (1).  Being able to send PGP
>     encrypted email to a recipient through anonymous remailers, over the web
>     with a secure browser might be PGP's "killer app" in one way or another.
>
> How hard would this be to implement? Would it be worth waiting until the PGP 
> 3.0 API is released?

At first I wondered why you'd want to send encrypted mail you couldn't 
sign with your own key, but on second thought, I can think of a lot of 
reasons.

I'd think that much of the hard and unique work would be, first, proper
interface design, and second, putting together an efficient database and
database extraction mechanism for huge key rings (I notice that the MIT
keyserver was recently upgraded; talk to them). While the PGP 3.0 API
would help with the implementation, I see no reason to wait on these
infrastructure steps.  The final version would use the more secure and
efficient API, but quick modular hacks for steps that would be fulfilled
by the API should be all that is needed. 

If you put together a proof-of-concept model, even one that doesn't 
really work, I think you'd see this idea take off. I see no reason to 
wait, and while I'm certainly no CODERpunk, I'd be more than happy to 
play with user interface mockups in my copious free time... 

-rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/





From mlnoga at mail.hh.provi.de  Thu Feb 15 01:37:03 1996
From: mlnoga at mail.hh.provi.de (Markus L. Noga)
Date: Thu, 15 Feb 1996 17:37:03 +0800
Subject: PING packets illegal?
Message-ID: <199602150139.UAA06100@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I think there is an implementation of IDEA called TinyIDEA that will fit 
in <512 bytes. Why don't you try it?

- -- 

Markus L. Noga 
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSKO0ioZzwIn1bdtAQFXjAF9HIqkY59gp351Yv6ud8S6ZpxjvNaTh7NZ
rFSKNhly3uebjgN+mav7AewZ0wMtCuXW
=gg2N
-----END PGP SIGNATURE-----





From kdhayes at earthlink.net  Thu Feb 15 01:52:47 1996
From: kdhayes at earthlink.net (Ken D Hayes)
Date: Thu, 15 Feb 1996 17:52:47 +0800
Subject: FCPUNX:Beta Testers Wanted
Message-ID: <199602150223.SAA09056@iceland.it.earthlink.net>


At 12:28 AM 2/12/96 -0500, you wrote:
>
>

>> Please let me beta test the new puffer!  I just started using it. Its great!
>> I know next to nothing about crypto and am using Windows 3.1, but puffer
>> provides me with easy access to file security.  
>> 
>> Ken Hayes
>> 
>> KDHayes at earthnet.net
>> >
>> >
>> 
>> >
>> >
>> Ken Hayes (KDHayes at Earthlink.net): Veiws expressed represent only my own.
>> 
>> 
>
>==========================================================================
> + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
>  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
><--+-->|                 |liness and god is empty,  just like me,|   \|
>  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
> + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
>===================http://www.dorsai.org/~sunder/=========================
>
>
>[This Bible excerpt awaiting review under the Communications Decency Act]
>And then Lot said, "I have some mighty fine young virgin daughters. Why
>don't you boys just come on in and do em right here in my house - I'll just
>watch!"....Later, up in the mountains, the younger daughter said. "Dad's
>getting old. I say we should do him." So the two daughters got him drunk and
>did him all that night. Sure enough, Dad got em pregnant....Onan really
>hated the idea of doing his brother's wife and getting her pregnant while
>his brother got all the credit, so he whacked off first....Remember, it's
>not a good idea to have sex with your sister, your brother, your parents,
>your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
>Vernacular Translation, TCM, 1996] 
>
>
>
>
Ken Hayes (KDHayes at Earthlink.net): Veiws expressed represent only my own.






From jya at pipeline.com  Thu Feb 15 01:56:51 1996
From: jya at pipeline.com (John Young)
Date: Thu, 15 Feb 1996 17:56:51 +0800
Subject: MES_sag
Message-ID: <199602141626.LAA29322@pipe4.nyc.pipeline.com>


   The Wash Post today has front page "Specialists Say Message
   Spotlights Issues of Power, Responsibility" on an alleged
   abuse of the Internet by a UMD student (and member of the
   Utopian Anarchist Party) who posted a message accusing a
   mother of mistreating a daughter, and asking readers to
   telephone the mother to protest -- which many did, causing
   mayhem in the harem.

   Stiff-necks say that the incident demonstrates the
   uncontrolled nature of the Net. "Computer experts said lack
   of accountability in Internet communication could expand
   with the use of anonymous remailers." Easy e-mail forgery
   is noted.

   MES_sag







From jf_avon at citenet.net  Thu Feb 15 02:04:09 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Thu, 15 Feb 1996 18:04:09 +0800
Subject: Assasination Politics
Message-ID: <9602150158.AA01906@cti02.citenet.net>


>I understand your concern.  I wish there was some simple argument I could 
>give which would assuage your fears.  However, I look at it this way:  The 
>Federal government (and all other governments, around the world) are 
>curently parasites on the rest of the population.  Now "parasite theory" is 
>that the parasite has some sort of optimum "parasite level" above which he 
>cannot go.   Once the cost for such parasitism is removed, there will be an 
>economic boom for those "hosts" of the parasite.  Naturally, the parasite 
>will be in trouble, but that's only justice.

One thing you have to assess, is: what is the percentage of the population who
longs for a 'free lunch'.  And also, how much money is a big company willing to 
subsidise the predictor of the 'suicide' of a new competitor (the case of the 
lone inventor with patents rights and a revolutionary invention).  If you 
underestimate this number, you (or other like-minded peoples) might very well 
end up on the exit end of a gun barrel...

But anyways, if I were you, I'd watch my back.  The spooks are probably already trying
to figure out a way out of it.

JFA

**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From jya at pipeline.com  Thu Feb 15 02:06:03 1996
From: jya at pipeline.com (John Young)
Date: Thu, 15 Feb 1996 18:06:03 +0800
Subject: Cypherpunks in 3/96 WIRED -\"Wisecrackers\" by Steven Levy
Message-ID: <199602150157.UAA26692@pipe4.nyc.pipeline.com>


Indeed, congrats Steven, a swell, crackerjack story well told.


Flattering exhibits of Damien and DW.


Ponder the garish payback frontis-pieces announcing Steven's 
tale of "a throbbing collaborative network of potential 
crackers -- and, maybe, thieves and saboteurs." 


Steven, your credit sez the next book is "Crypto," about the 
revolution in cryptography.


Can you give a date for publication?








From nobody at REPLAY.COM  Thu Feb 15 02:18:55 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Thu, 15 Feb 1996 18:18:55 +0800
Subject: Error Condition Re: UNSCRIBING
Message-ID: <199602150225.DAA25747@utopia.hacktic.nl>



Responding to msg by lharrison at mhv.net ("Lynne L. Harrison") on 
Wed, 14 Feb 10:12 AM

>>An MIT student, no doubt hoping to enhance the 
>>reputation of his school, wrote:
>>
>>>>      Who the fuck are you? .......As for your ending 
remarks I don't give
>>>>a fuck what Judge Ito, Tim May or any other person has to 
say.
>
>  The best thing is to annoy the message.  UNSCRIBE 
>messages hit the c|punks  list every so often.  Rest 
>assured that the MIT student knows very well how  to 
>unsubscribe - and how to spell.



Yeah, place your bet that Tim writes these trolls and answers 
them, pumping the conversation, fostering coy controversies. 
Smart guy, bores easily, likes to lure the rubes, he says. Toy 
with them, spout outrageous remarks, act indiginant when they 
are challenged, feign hurt, let suckers defend him.


Sometimes mimics Rimm, may impersonate him, too, or coach 
Marty, who knows? He's got lots of Net personas, seldom non 
grata. He's a vintage infotainer, California dreaming, an 
export techno-wine of the region.


Avid Rube








From tcmay at got.net  Thu Feb 15 02:25:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 18:25:12 +0800
Subject: anonymous age credentials, sharing of
Message-ID: 


At 7:38 PM 2/14/96, Michael Froomkin wrote:
>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25
>
>Carol gets a legitimate anonymous age credential from Alice bound to an
>anonymous public key generated for this purpose.  Carol then gives the
>key pair to Bob.  Bob uses to do things only adults are legally permitted
>to do.  (It's not bound to Carol's everday keypair because that's not
>anonymous....)
>
>What can stop Bob and Carol from subverting a scheme that relies on
>anonymous age creditials in this manner?

Nothing, except biometric methods (fingerprints, retinal scans, electronic
signatures (the pen type), DNA, etc.) That is, if the credential is
transferrable by transfer (not a syllogism), then it can be transferred.
If, however, the credential needs some input from a local biometric input
device, then this makes it harder to transfer the credential.

Unless the biometric device is bypassed....

(Likewise, Carol could log on to the illegal activity and "let Bob watch."
Another form of bypassing viewing credentials.)

>If the answer is "nothing" this might mean that purveyors of "adult"
>material might have no defense against a law requiring that they collect a
>True Name + age creditential....

There are interesting questions here....mostly I think of the "True Name"
as only another credential, but this is a complicated argument to make, and
I don't have the time right now.

(Also, Perry is even now composing a "what does this have to do with
cryptography?" perrygram.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jya at pipeline.com  Thu Feb 15 02:33:51 1996
From: jya at pipeline.com (John Young)
Date: Thu, 15 Feb 1996 18:33:51 +0800
Subject: Cookie Crumbles
Message-ID: <199602141606.LAA27401@pipe4.nyc.pipeline.com>


   Wall Street Journal, February 14, 1996, p. B6.


   Internet Users Say They'd Rather Not Share Their 'Cookies'

   By Joan E. Rigdon


   Netscape Communications Corp., responding to complaints
   from consumers, said it will change its Internet browser
   software so customers can prevent on-line merchants from
   tracking their footsteps in cyberspace.

   The ruckus began Monday, when the Financial Times reported
   on a little-known feature in Netscape software called
   Cookies. Cookies helps merchants on the Internet's
   multimedia World Wide Web track what customers do in their
   stores, and how long they spend doing it.

   Cookies stores this data on the customer's own hard drive,
   (in a text file called "Cookies.txt" in the Netscape
   directory) . The next time the customer visits the
   merchant's store, the merchant can read about the
   customer's last visit, and serve up a version of the store
   that's tailored for the customer.

   Cookies won't show merchants what other stores the customer
   has visited.

   Net surfers have complained on-line about the feature,
   saying it's an invasion of privacy and that it ties up the
   resources of their own computers.

   Netscape, the Mountain View, Calif., maker of the No. 1
   Internet browsing software, says it didn't think people
   might object to Cookies, since merchants can track a
   customer's footsteps even without Cookies, and few have
   complained about that. Product manager Jeff Treuhaft
   contends Cookies actually helps customers, because among
   other things, it allows customers to buy several things
   from different parts, or "pages," of an Internet store, and
   only pay once, instead of once at every page.

   Also, the Internet's standards board, called the Internet
   Engineering Task Force, has asked Netscape to propose
   Cookies as a standard for the Internet, Netscape said.

   Still, Netscape agreed to change the software. In future
   versions of Netscape, customers will have the choice of
   refusing to let a merchant lay down "a persistent Cookie,"
   Mr. Treuhaft says, referring to Cookies that track customer
   movements for days, weeks or months, instead of just a
   single Internet session, as most do. "We want to give the
   user as much control as possible," Mr. Treuhaft says.

   [End]


   Still, be alert for invasive snoops and tracking analytics,
   not only by NSCP, but by all those invaders crying mea 
culpa, 
   "you misjudge the goodness in our hearts, we did it for your
   own good, like all good parents. Trust us."













From stend at grendel.texas.net  Thu Feb 15 02:35:03 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Thu, 15 Feb 1996 18:35:03 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <199602141541.JAA18088@grendel.texas.net>


"Declan B. McCullagh"  said:

DBM> (I assume your Bible argument is just posturing. No
DBM> U.S. Attorney, political appointees they, ever will prosecute
DBM> someone who puts the complete text of the King James Bible
DBM> online.)

	You assume wrong.  While I certainly agree that no
U.S. Attorney would voluntarily prosecute such a case, what happens
when an athiest files charges against someone for carrying the Bible?
IANAL, but couldn't the U.S. Attorney be forced to prosecute?
Apparently I'm not the only one who thinks so, since it has been
reported (on this list by Tim Philp from a Toronto Star article) that
the Bible has been removed from at least one Web site, presumably due
to fear of prosecution.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From dlv at bwalk.dm.com  Thu Feb 15 02:42:08 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 15 Feb 1996 18:42:08 +0800
Subject: Response to Perrygram
In-Reply-To: <199602140212.VAA22242@jekyll.piermont.com>
Message-ID: 


"Perry E. Metzger"  writes:
> Keeping appropriate postings in appropriate places is much like trying
> not to park in such a way as to take up two spaces, trying not to
> track mud into your apartment building, or other forms of good
> citizensship. It isn't required, no law forces you to do it, but
> everyone who isn't an asshole tries to follow the social conventions
> because it makes life for everyone. Yes, its your right to park such
> that no one can fit in behind or ahead of you, but is it something you
> really should be doing?

The protocols for both Usenet and the open mailing list were designed with the
assumption that the posters will follow the rules and post into "appropriate"
forums. This sort of worked 10 years ago, when I started reading Usenet, but
clearly doesn't work anymore. People should be free to post anything they want
anywhere they want. As more and more posters excercise this right, the readers
lose the right not to have their time wasted by the traffic they don't want to
see. A good friend of mine called this "the right to non-association". It's an
imporant part of one's privacy. While we have some technical people left on
this mailing list, perhaps we can discuss technical solutions to this problem?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From sunder at amanda.dorsai.org  Thu Feb 15 02:52:36 1996
From: sunder at amanda.dorsai.org (Ray Arachelian)
Date: Thu, 15 Feb 1996 18:52:36 +0800
Subject: Put the Protest where your money is.
In-Reply-To: <960213.212846.8b1.rnr.w165w@sendai.cybrspc.mn.org>
Message-ID: 


On Tue, 13 Feb 1996, Roy M. Silvernail wrote:

> I got a dollar bill yesterday with a rubber-stamped speech baloon saying
> "I Grew Hemp" next to George's head.  First one I'd seen, so the
> transmission layer isn't too crowded.

Very cool! It does sound like this is not a bad idea at all.  :) And 
considering how many hands a bill exchanges, it's an excellent way to 
distribute info.


==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder at dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From erc at dal1820.computek.net  Thu Feb 15 02:58:50 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Thu, 15 Feb 1996 18:58:50 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: 
Message-ID: 


On Wed, 14 Feb 1996, Jon Lasser wrote:

> Several people have posted to the list that the Chinese, censored, 
> Internet will fail. Usually, the claim is that the censored network will 
> fail mostly because of technical reasons, namely the inability of the 
> Chinese government to censor everything. The other significant claim made 
> was that the Chinese problem is "behind" the "firewall" leading into the 
> country... Suggestions have been made that RSA is involved with China to 
> implement this censorship.

I think it *will* work, in part because China has a very long history of
repressing and persecuting its own people.  Besides, if they really get in
a tight spot, there's always "the nuclear option." 

If you think I'm kidding, read the news about China threatening to nuke
Taiwan if they declare independence. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From cp at proust.suba.com  Thu Feb 15 03:02:10 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Thu, 15 Feb 1996 19:02:10 +0800
Subject: Netscrape's Cookies
In-Reply-To: <2.2.32.19960214024957.0076a27c@mail.teleport.com>
Message-ID: <199602141634.KAA10099@proust.suba.com>


> >>I'm curious if anyone knows which sites use/modify it.
> >AFAIK, the only site that uses it is *.netscape.com
> 
> That is not quite true.  There are other sites that use the cookies.  (It is
> not very common though...)

A good place to read about cookies is http://www.illuminatus.com/cookie;  
I think there are pointers to cgi/perl stuff that manipulates them.

Cookies are very helpful for database and commerce applications.  I'm 
using them for a crude online store, as a way to let the web server keep 
track of who has what in their shopping basket.  Another way to solve the 
same problem (letting the server store state information) is to put data 
in the urls.  (ie., when you sign in, you get a page back that's 
generated on the fly, and all the links in that page have a session id 
embedded in the urls.)

Preserving state information is useful, and as it's been pointed out here,
the cookie only contains information that came from the web server in the
first place -- I don't see coookies as a major threat to privacy.  You
could even argue the other side (somewhat unconvincingly), that cookies
let you put more applications under the netscape/ssl umbrella.  As the web
grows more robust, a secure web means having stuff like secure
communications between workstations and db servers, etc.  Cookies make it
easier to do db applications. 

But in general, I'd like to see netscape adopt a system that lets people
know when information is going to be transmitted to a remote site.  It's
easy to grab someone's email address by seting up a form with only hidden
fields and trick people into submitting it by mail by clicking on a
button.  The ftp problem has been discussed here before, and addressed by 
Netscape.

The best answer would probably be to use the kind of pop-up messages you 
get when you're going to submit a secure or insecure form.  "You're about 
to send a cookie back to a web server, continue or abandon?"  "You're 
about to send mail from a web page, do you want to do that?"  Give people 
the ability to turn the messages off -- that way functionality isn't 
impaired.






From aba at atlas.ex.ac.uk  Thu Feb 15 03:03:29 1996
From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk)
Date: Thu, 15 Feb 1996 19:03:29 +0800
Subject: Stealth PGP work
In-Reply-To: <199602140209.VAA03693@toxicwaste.media.mit.edu>
Message-ID: <10100.9602141537@dart.dcs.exeter.ac.uk>



Derek Atkins  writes on cpunks:
> > It seems that there a market demand for a stealth-capable product.
> > Many peoples here seems to discuss it.  And for the time being, AFAIK,
> > this type of products are used by a specific class of peoples, most of
> > which knows what 'stealth' means.
> > 
> > So why is it that they design a program that would not permit the use
> > of a feature considered desirable by it's customer base?
> 
> The big question I have for you is, what do you mean by "stealth" PGP?

I presume he means stealth, and the functionality that it provides, as
a filter for pgp versions 2.x.  The question in the minds of users of
this utility (for steganography applications) I think will be will
stealth still work with pgp3.0, and would it useful to include as
built-in functionality for pgp3.0.  I raised this question myself to
the pgp3 development team some time ago, and the reply I got was
essentially that it would still be possible to have as an add-on, so
there was no need to clutter the pgp3 functionality.

Henry Hastur's stealth 1.3 is included with pgp2.6.3i in the
contributions directory...

> Do you want a PGP message which doesn't say to whom it is encrypted?
> Or do you want a PGP message which does not even acknowledge that it
> is a PGP message?  If what you want is the former, then that can fit
> under the PGP API fairly well.  If you want the latter, it will not.

For steganography applications both are required (actually a
transformation formulated by Hal Finney, or an equivalent by Bodo
Moeller is necessary to add more than casual strength to the degree of
plausible deniability due to the fact that the rsa encrypted header
will always be less than the rsa modulus).

I haven't looked at the PGP3 API, but why will a stealth option not
fit?  If stealth can perform the operation as a separate program, why
is it infeasible or difficult for pgp3 to support a stealth option,
and another to support unstealth to a particular recipient.  (With
stealth on decrypt the user provides the user id they think the
message will be addressed to).

On encrypt, the stealth operation should be real easy to implement
inside PGP, it is just another post-filter operation like ascii armor,
stealth instead.

On decrypt, it is more tricky because firstly you loose information
about what kind of data it was, and secondly because you loose the
recipient user id if it was encrypted data.

However, if you provide an API call to unarmor with out decrypting,
and a call to decrypt with out uncompressing, etc then a call to test
for a particular user id on the assumption that it is addressed to
that user id and is an encrypted message would fit in a similar way?

Also note that the rest of the information, once this operation has
suceeded is retained inside the encryption envelope - the length tag,
signature, whether it is further compressed, and so forth.

The stealth operation as implemented in Henry's 1.3 is not all that
secure, and I had an attempt at implementing Hal Finney's algorithm to
produce a stealth 2.0.  My attempts are at:

	http://www.dcs.ex.ac.uk/~aba/stealth/

This is beta code, and I presume the reason that Stale included
stealth 1.3 rather than stealth2.01b with pgp263i was either that 2.01
is beta, or because he did not know it existed.

The reason that the code is beta, is that I had a problem in
implementing stealth as a standalone.  The problem is that Hal's
algorithm has a requirement for cryptographic quality random numbers.
It seems silly to duplicate all this code inside stealth when pgp
provides it internally.  And the (+makerandom=n file) option is not
convenient, because stealth is invoked as a filter with pipes, and
invoking pgp twice doesn't seem like a good idea.  It might even be
dangerous (interferring with the normal sequence of randseed
stirring)?  Besides I had gone to some pains in stealth2.0 to ensure
that nothing hit the disk at all if sufficient memory was available to
do without.

> The reason is that PGP, by definition, is a self-describing packet
> format.  Without that description there is no general way for the PGP
> library to discover what kind of message it is parsing order to
> perform the proper operation to open the message.

stealth allows you to specify encrypt or decrypt, if decrypt the user
id to insert.  It also supports conventional encryption.

> OTOH, if just the keyID is missing, the library will happily try all
> the keys on your secret keyring until one succeeds or they all fail
> (I'm not sure if this is implemented, but it fits quite nicely under
> the API).

That would be a useful functionality from stealths point of view.

> The other question I have is: who do you think the "customers" of PGP
> are?  

He expressed his request in terms of customer demand...

> If you think the majority of PGP's customers are the crypto-privacy
> activitst types, you are highly mistaken.  PGP has hit the main
> stream, and is being used by many non-crypto-aware people.  Probably
> more of them than there are of us.

PGP was started on idealogical grounds, my argument for including
stealth, or as much stealth compatible options as fit within the API
model, is that there are countries where crypto is illegal.  It is not
100% certain that the US won't one day join them (what do you rate the
odds of a mandatory GAK appearing in the US?).  I'd view it as part of
PGP's guerrilla privacy features, and a precaution against such worst
case scenarios.  Besides stego applications have their own set of
uses, albeit they are not in mainstream use in the same way that pgp
is.

> If you want to discuss this more, let's take it to private email,
> please.

I'd prefer to see the discussion on the list, or at least cc me in
such discussion.  Any reason for private email?  The topic is
cryptography related,

Adam






From hayden at krypton.mankato.msus.edu  Thu Feb 15 03:12:50 1996
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 15 Feb 1996 19:12:50 +0800
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 (fwd)
Message-ID: 




---------- Forwarded message ----------
Date: Tue, 13 Feb 96 22:49 PST
From: Gary Klein (bear-at-heart) 
To: Neil Radford 
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 

     In light of the recent furor over the airwaves, in the media, and in 
lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United 
States' President Clinton signed into law on February 8, 1996, I 
have created a forum for people to discuss the concerns raised by this 
(and similar) pieces of legislation.

LISTNAME:      CDA96-L
FULL TITLE:    Communications Decency Act of 1996 Discussion Group
FORMAT:        Un-moderated, Postings must come from registered subscribers
SUBSCRIPTIONS: via LISTPROC software
LISTOWNER:     Gary M. Klein 
               Management & Business Economics Librarian
               Hatfield Library
               Willamette University
               Salem, Oregon  97301 USA

DESCRIPTION:   
     CDA96-L is open to the networkng community.  Its primary role is
to serve as a means of communication among people who are concerned
about the implications of the United States of America's COMMUNICATIONS
DECENCY ACT of 1996 (signed into law by President William J. Clinton
on February 8, 1996).  Its secondary role is to serve as a discussion
forum for similar legislation or regulation that may be in the formative
or final stages in any other country, or at any local jurisdiction that
would restrict, limit or inhibit use of Internet resources based on
"decency", "morality", "offensiveness", or based on the age of someone
using, operating, or accessing an Internet resource.

SUBSCRIBING TO THE "CDA96-L" LIST:
     Anyone may subscribe to the list by sending a 
command to 

     For example, if Idi Amin wanted to subscribe, the post would be:
                  mailto:   listproc at willamette.edu
                    text:   sub cda96-l Idi Amin

OTHER LISTPROC COMMANDS:
     Will be supplied to each subscriber as part of the Welcome Message.

(please feel free to cross-post this announcement in appropriate places)

GARY M. KLEIN "not your average librarian & indecent communicator"
Hatfield Library / Willamette University / Salem, Oregon 97301 USA
work 503-370-6743 / gklein at willamette.edu















From cjs at netcom.com  Thu Feb 15 03:19:18 1996
From: cjs at netcom.com (cjs)
Date: Thu, 15 Feb 1996 19:19:18 +0800
Subject: Linux on the Mac
In-Reply-To: 
Message-ID: <199602141526.HAA09379@netcom20.netcom.com>


> In the latest PowerPC news it is reported that OSF is porting Linux
> to the Mac with the support of Apple.  Apple has a web site -
> www.mklinux.apple.com that discusses this and has a link to the OSF
> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
> fan of both the Mac and unix might put me in the minority ;-)

They aren't *really* porting Linux to powermac. They're throwing a
little bit of paint on OSF/1 and hiding some stuff in libc.

Looks to me like they are basicly trying to ca$h in on the Linux name
and reputation without contributing anything to the cause.

I personally think that Linux International (they still around?)
should put out a counter press-release informing the public that the
Apple/OSF Linux shares only the name.

Christopher






From adam at lighthouse.homeport.org  Thu Feb 15 03:28:06 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Thu, 15 Feb 1996 19:28:06 +0800
Subject: Off topic - research query
In-Reply-To: <199602140649.RAA14008@oznet02.ozemail.com.au>
Message-ID: <199602141518.KAA25093@homeport.org>


Mark Neely wrote:

| As a side issue, I wanted to cover the "overhead"
| factor inherent in the TCP/IP (v4?) protocol 
| which I understand is reduced under the proposed IPv.6 protocol.

	Comer is the best text on IP, his third edition talks about
IPv6 as well as v4.  Essentally, there was a some unneeded stuff in
IPv4 headers, which routers had to look at.  The IPv6 headers are much
cleaner.

| I'd also like to discuss the "unfriendly" manner in which
| web browsers such as Netscape hog resources by sending multiple
| port access requests.

	Our own Simon Spero has a paper entitled something like
'Optimizations for HTTP.'  Its on the w3.org web server.

	Speaking of HTTP-ng, I was thinking the other day about a
scheme for further optimization.  It only works in the presense of
dnssec, which is moving forward.

	When getting a URL, add a meta tag, which gives the web
server's idea of what the referenced hosts IP address (or its primary
NS) is.  This could be a win because we need fewer calls to the root
name servers.  Those calls tend to be short, (1 or 2 udp packets each
way), which need to be routed in a way that few other packets would
need to be.  By eliminating them, we push all of the traffic regarding
a web host to its network.

	This only works under DNSsec because otherwise I could say
http://www.microsoft.com/ meta-dns-A=140.174.1.3

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From anonymous-remailer at shell.portal.com  Thu Feb 15 03:33:11 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Thu, 15 Feb 1996 19:33:11 +0800
Subject: PING packets illegal?
Message-ID: <199602150341.TAA16668@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Some entity that called itself "Mark M." appears to have said:

> On Tue, 13 Feb 1996 anonymous-remailer at shell.portal.com [me] wrote:
 
>> that ...... but if those ping packets contained little pieces of something
>> like PGP ...... would the host being pinged be breaking the law? Would

> Exporting encryption to the U.S. from another country is not illegal, only
> exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
> does not matter if TCP packets or ICMP-ping packets are used to transmit the 
> data. 

That wasn't my point. I was talking about the host being pinged. Would 
that host be breaking ITAR regulations by sending those evil 
PGP-containing packets *back* to the foreign host?

> the destination are violating the law.  Since it is impossible to monitor the
> contents of every packet being transmitted over a network, I seriously doubt
> that any intermediate host would be considered to be in violation of ITAR.

Impossible, maybe. But that doesn't mean it can't be illegal. Take the 
CDA, for example. Fuck. Oops, Exon will be displeased. Am I going to be 
taken to jail? Most likely not. Was it illegal? Technically, yes.

Thanks,

Michael Ellis


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSKhUQqs/Oe38tFJAQGPLgP/WDwoyj9qNZp7BznEyvQ8tdiGwZUb7xY0
HvfopqkD9p2oLHqRTBIbBZnSfGnQxmBwj/nTOaoWRWb8SvEWYmgT9AIVaOtNd2BW
dqHoHGbc100o1yNUgY1YC5i09jQW668Np7zr82Vdt8uNnFIROH7Tl9wXO6uxYnGw
Wd041hx3PrM=
=25Ah
-----END PGP SIGNATURE-----








From ashfaq at corp.cirrus.com  Thu Feb 15 03:36:44 1996
From: ashfaq at corp.cirrus.com (Ashfaq Rasheed)
Date: Thu, 15 Feb 1996 19:36:44 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <199602150328.AA08186@sunstorm.corp.cirrus.com>


> From owner-cypherpunks at toad.com Tue Feb 13 10:34:37 1996
> To: "Timothy C. May" 
> Cc: cypherpunks at toad.com
> Subject: Re: Online Zakat Payment: Religious tithe.
> In-Reply-To: 
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> Content-Length: 971
> X-Lines: 20
> 
> On Mon, 12 Feb 1996, Timothy C. May wrote:
> 
> > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> > Once again, the gutter religion of Islam reveals the derangement of its
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > so-called Prophet.
> > 
> > The world really needs to get around to nuking these folks.
> > 
> Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> to liberty.  But since "nuking" the whole Islamic world would not be 
> itself much of a defence of freedom, the only long term answer is to 
> promote within Islam the same kind of Reformation as eventually made 
> Christianity half decent.  And Tim's comments do not contribute to that.  
> I don't know how many internet servers there are in the Middle East.  
> But, if I were an intelligent fundamentalist, I'd be copying it all over 
> the place.  "Look", I'd be saying, "these people really do mean another 
> crusade to destroy us and our faith".
> 
> I can understand Tim's disgust with these people.  But I do question his 
> manner of expressing it.
> 

Actions of certain individual or group does not reflect what the actual
religion is. Examples of this can be found on every religion. 

Somebody generalizing as above reflects his/her own closed/blocked mentality.

Look at yourself, if you can fall to such degrading levels and since you 
happen to be a member of this mailing list, it is not ration to think as
every cpunks as demented as you are.

Ashfaq Ahmed





From dlv at bwalk.dm.com  Thu Feb 15 03:51:10 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 15 Feb 1996 19:51:10 +0800
Subject: Linux on the Mac
In-Reply-To: <199602141526.HAA09379@netcom20.netcom.com>
Message-ID: 


cjs at netcom.com (cjs) writes:
> I personally think that Linux International (they still around?)
> should put out a counter press-release informing the public that the
> Apple/OSF Linux shares only the name.

I'm not sure what the crypto relavance of this is, but perhaps Er*c H*ghes
should put out a counter press release informing the public that people who
a) don't know much about crypto b) seek to restrict other people's freedom of
speech based on their political views should not call themselves "cypherpunks".

:-)

P.S. Don't ever do any business with the thieves at Cygnus.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tien at well.sf.ca.us  Thu Feb 15 03:55:57 1996
From: tien at well.sf.ca.us (Lee Tien)
Date: Thu, 15 Feb 1996 19:55:57 +0800
Subject: Regulation of citizen-alien communications
Message-ID: <199602141548.HAA26174@well.com>


Resident aliens, as well as U.S. persons, have First Amendment rights.  
Second, we have a right to speak to foreign audiences.  Independently of
the First Amendment, there is an equal protection issue whenever you
discriminate against aliens.  There's case law on these points which I
won't bother to cite.

Lee







From vznuri at netcom.com  Thu Feb 15 04:03:01 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 15 Feb 1996 20:03:01 +0800
Subject: True democracy the electronic way
In-Reply-To: 
Message-ID: <199602150303.TAA21304@netcom22.netcom.com>



>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?
>
>How would the group propose electronic voting on legislation should
>proceed?  What sort of technical solution could be arrived at to allow
>everyone in the country to vote on specific legislation and how would they
>get access to that legislation?  I think _this_ is a cypherpunk topic for
>sure.

two quick comments:

1. this is an extremely interesting problem in my opinion. the ideal
form of government has not been achieved in many millenia. could it
be solved given the full power of the information age, i.e. 
an apex in intellect and technology? personally I think a very
efficient form of government can be created. its a problem with
very little true "research" behind it in one sense (I mean, how much
thought goes into the creation of the average government? perhaps 
a lot of thought, but how much of it is backed by good understanding of
consequences of various choices?).  on the other hand, it is a problem
in which research has been ongoing for centuries. 

if anyone knows of
a mailing list to discuss this concept of trying to apply technology
to government, I would be most interested. the closest I can see
right now is groupware software, which I have repeatedly predicted
here is going to go ballistic as far as development some near date
in the future (esp. with high speed networks).

2. the mouth-foaming libertarians here hate discussions about
democracy. TCM repeatedly advocates total withdrawal as the "solution".
the basic belief is that government shouldn't matter. "if it doesn't
matter, we're right, if it does matter, then there's nothing we can do about
it" I saw paraphrased here once. the nihilism associated with the 
attitude that people always move toward the evil side of the morality
spectrum, such that the majority is always a tyrannical cabal, is
strong here. so if you want to get some serious discussion on this
matter, maybe you can find another mailing list where the mere basic
premises are not going to elicit dirty looks.







From tcmay at got.net  Thu Feb 15 04:04:27 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 20:04:27 +0800
Subject: Common Carrier Status is Often a Red Herring
Message-ID: 


[I picked a new thread title. Speaking of which, YACM (Yet Another
Cyberspace Magazine) is out: "Herring," or "Red Herring," or "Pickled
Herring." I only glanced at it long enough to see that it had the
obligatory interview with cyberspace guru Marc Andreesen, the obligatory
cover photo of Steve Jobs, and the obligatory other techno-rave articles.
Probably several mentions of PGP, but I didn't bother to look for them.
Needless to say, I put it back on the shelf before being too heavily
contaminated.]


At 7:48 PM 2/14/96, Declan B. McCullagh wrote:

>Since you don't understand the way Federal criminal charges work,
>there's no reason I should take your argument seriously. (Hint: The
>*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
>"athiest.")
>
>As for this mythical Bible being removed, that is irrelevant to this
>discussion, which centers around a Bible being *prosecuted*. If I had a
>Bible on my web site (perhaps the TCM Vernacular Translation!) I'd
>remove it just to make a point. As I suspect the owner of the web pages
>did.

By the way, this is one reason why the "try to be like a common carrier"
arguments are somewhat weak. Let me explain.

I hear often on this list and in other places that Web sites and other Net
sites should strive to be as much like common carriers as possible, that
removing any items or discouraging controversial material (Zundelsites,
militia sites, Sarin formulas, antifeminista material, etc.) will weaken
their defense in a legal case.

Well, I don't buy it. Maybe in the abstract, and in the long run, it has
worked out that common carrier status involves non-intervention. However,
in the real world it is _real prosecutors_ who decide who to go after. Real
prosecutors who are ordered to prosecute a CDA case are not going to go
after clean-living ISPs who happened to let one questionable item through,
they're going to go after the rough trade, just as Declan suggests.

Now, in the real world, does anybody think that "The Christian Fellowship
Internet Service Provider," which has taken numerous steps to limit access
to indecent material, is *more likely* to be prosecuted by federal
prosecutors than "Buck Satan's Anything Goes Web Site"? (Hint: "Common
carrier" status is not something that gets handed out to some Internet
providers and not others. Second hint: so far as I have heard, there has
not yet been any determination as to whether some ISPs are "common
carriers" and others are not.)

The realpolitik of it is that an ISP which tries to limit access by minors,
which discourages Zundelsite material, and which makes soothing comments
about Jess Helms and the Christian Right will of course be *far less
likely* to be prosecuted under whatever CDA charges come up as some
leftist, anarchist, radical ISP which takes a hands-off approach. Sad, but
true. This is also known in legal circles as "the chilling effect."

[ObPerry: "What does this have to do with the  IPv6 domestic distibution?"
ObAnswer: "Nothing. Since you're so concerned about people coding, go back
to coding."]

---Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From stewarts at ix.netcom.com  Thu Feb 15 04:05:15 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 15 Feb 1996 20:05:15 +0800
Subject: [ASSASSINATION NOISE] Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602150411.UAA07780@ix2.ix.netcom.com>


At 11:36 AM 2/13/96 -0800, you wrote:

>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 
>demonstrates how much effort somebody has to go to, to protect a targeted 
>person.  One targeted person is easy to protect.  10,000 would be FAR 
>harder.  And the moment a few of those guys got "whacked," the rest would 
>want to resign their jobs and hope they would be allowed to retire in peace.

Rushdie is just low on your target list.  I agree that it's much harder
to protect 10,000 people (say the Iranians put out a contract on Baha'is
and other heretics, at $X/head...) but it's still abusable.  Maybe the
Anonymous Captains of Industry put out a contract on strike leaders.

>From a cypherpunks perspective, yes you could run an assassination lottery,
though it might be hard for the assassin to collect - how do you prove
that _you_ were the hit man, and not merely the nearest person to a phone
after it happened?  How do you prevent an anonymous escrow agency from refusing
to deliver the cash?  Some of the protocols may be difficult to work out.


Meanwhile
        WANTED, DEAD OR ALIVE
        JIM BELL
        REWARD 13 demo-cyberbucks

An assassination-sponsoring society is _not_ a polite society.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From tcmay at got.net  Thu Feb 15 04:24:01 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 20:24:01 +0800
Subject: Carrying the Bible an Offense?
Message-ID: 


At 3:41 PM 2/14/96, Sten Drescher wrote:
>"Declan B. McCullagh"  said:
>
>DBM> (I assume your Bible argument is just posturing. No
>DBM> U.S. Attorney, political appointees they, ever will prosecute
>DBM> someone who puts the complete text of the King James Bible
>DBM> online.)
>
>        You assume wrong.  While I certainly agree that no
>U.S. Attorney would voluntarily prosecute such a case, what happens
>when an athiest files charges against someone for carrying the Bible?
>IANAL, but couldn't the U.S. Attorney be forced to prosecute?

I'm also not a lawyer, but no prosecution is possible in this situation.
Not in this country. A case must be presented to a grand jury (remember the
Zimmermann case?) and no grand jury in the United States would do this.

There are two further points which need clearing up:

1. Private citizens (the atheist in this case) do not file criminal
charges. They may swear out a complaint ("I witnessed John Doe carrying a
Bible"), but they do not file criminal charges.

2. The "carrying of a Bible" is not covered by the CDA.

No prosecutor can be "forced" to prosecute, absent approval by a grand
jury. (And if a prosecutor doesn't want to indict a ham sandwich, it won't
be indicted.)

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From jf_avon at citenet.net  Thu Feb 15 04:33:48 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Thu, 15 Feb 1996 20:33:48 +0800
Subject: Hey Derek: who are you? (toad.com is glitching...)
Message-ID: <9602150517.AA11469@cti02.citenet.net>


Would the author of this message please reply to me by e-mail?

I received it under the name ,
with no subject whatsoever.  The remailer is freakin' out...



>The other question I have is: who do you think the "customers" of PGP
>are?  If you think the majority of PGP's customers are the
>crypto-privacy activitst types, you are highly mistaken.  PGP has hit
>the main stream, and is being used by many non-crypto-aware people.
>Probably more of them than there are of us.
>
>If you want to discuss this more, let's take it to private email,
>please.
>
>-derek
>
>
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From stewarts at ix.netcom.com  Thu Feb 15 04:35:08 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 15 Feb 1996 20:35:08 +0800
Subject: [NOISE] Re: The Internet Party
Message-ID: <199602150525.VAA11247@ix9.ix.netcom.com>


At 01:01 PM 2/14/96 -0800, Brian D Williams  wrote:
>If I see one more ad for some dumb ass 
>politician running for president I'm going to puke.
>
>Say, why not pick our own candidate?
>Why not form our own Party?
>The Internet party........
Because there's way too little for us to agree on outside of
Internet issues; it's like forming the Pro- or Anti- Abortion Party,
or the Womens' Party or whatever.

>It would be the ultimate write in campaign.
>Now all we need is a candidate who stands for free speech, personal
>privacy and the right to encrypt.......
>"I nominate John Perry Barlow. Who will second the nomination?"

For a write-in candidate, you don't _need_ a second.  Just put it
in your .signature file and see what happens.  On the other hand,
John's a Republican, and they desparately need _somebody_ as a candidate :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From medea at alpha.c2.org  Thu Feb 15 04:51:02 1996
From: medea at alpha.c2.org (Medea)
Date: Thu, 15 Feb 1996 20:51:02 +0800
Subject: CyberAngels
Message-ID: <199602150530.VAA00423@eternity.c2.org>


Declan sez:

>I fear the so-called "CyberAngels" more than I do the Feds. At >least with their brand of jackboots, there can be >accountability.
>
>The CyberAngels are more like CyberCads, CyberFrauds, or >CyberCriminals.

  While Declan makes a good point, I wouldn't worry too much about the CyberAngels a/k/a the CyberAsses.
  As we all know, the group received a lot of press years ago when they started as the Guardian Angels.  They began to go downhill when it was discovered that they employed the services of those they were supposedly protecting the public against.
  Now, they're trying their hand at *protecting* the Net since, by jumping on the "decency band-wagon", they've seen an opportunity to avoid becoming defunct.
  I bet if you use the word "cryptology" in a sentence, the CyberAsses would have no idea what you were taking about.
  The bottom line is that even the orange juice industry got tired of Anita Bryant.

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++










From wlkngowl at unix.asb.com  Thu Feb 15 04:55:19 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Thu, 15 Feb 1996 20:55:19 +0800
Subject: Mouse pad???
Message-ID: <199602141500.KAA03032@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

> I got a mouse pad in the mail today, mailed in
> Maryland, but otherwise in a plain brown envelope.
> It has nice, understated gold seal announcing it
> is from the National Security Agency's Information
> Systems Security Organization.

Ah. But don't you see... it's got a hidden transmitter there. It 
monitors your mouse movements and can sense keyboard timings, disk 
access and uses a mini-TEMPEST device to moniter your screen...




(I love it when there's a slew of untitled "owner-cypherpunks" 
messages... does a job on filtering software...)

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSH5FCoZzwIn1bdtAQGlKAF/RzgodmykMrgha9IFUYsFuxN0F+UggGeV
dtGjjovfZ7FXz5UC8T4DNq9ZOvbFfsP5
=P5gF
-----END PGP SIGNATURE-----





From tcmay at got.net  Thu Feb 15 05:01:39 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 21:01:39 +0800
Subject: True democracy the electronic way
Message-ID: 


At 3:03 AM 2/15/96, Vladimir Z. Nuri wrote:

>1. this is an extremely interesting problem in my opinion. the ideal
>form of government has not been achieved in many millenia. could it
>be solved given the full power of the information age, i.e.
...
>if anyone knows of
>a mailing list to discuss this concept of trying to apply technology
>to government, I would be most interested. the closest I can see


You might try the "Cypherwonks" mailing list that L. Detweiler set up a
couple of years ago to explore the very ideas you are supporting here. You
might find you have a lot in common with him.

--Klaus!, a tentacle


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From stewarts at ix.netcom.com  Thu Feb 15 05:01:43 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 15 Feb 1996 21:01:43 +0800
Subject: COO_kie
Message-ID: <199602150420.UAA09695@ix2.ix.netcom.com>


At 12:07 AM 2/13/96 -0800, Jeff Weinstein  wrote:
>  There is a lot of confusion about cookies.  They do not allow
>a web site to access private information such as the user's
>e-mail address or other preferences as was recently reported
>in Web Review.  They only store information that the web site
>already has.  If you never give a web site private information
>about you or your identity, they will not be able to match your
>access patterns to your identity.

What the cookie mainly does is allow a normally stateless server to
maintain state while using a normally stateless protocol, letting
the client machine store the state data at the cost of some extra
transmission and parsing.  If the cookie data is kept separate
for separate web pages, this gives you more privacy than having the
server keep the same information, since you can see it and maybe
change it.    (The documentation indicates that you _can_ do that,
but it looks like the amount of separation you get depends on
the cookie-generating-user's choices of options.) 

As a separate note, it looks like cookies will be bitten by the Year 2000
glitch; anybody who bakes cookies between now and late 1999 that
wants them to expire early in 2000 should probably just give up
and go for 12/31/99 expiration....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From anonymous-remailer at shell.portal.com  Thu Feb 15 05:06:34 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Thu, 15 Feb 1996 21:06:34 +0800
Subject: No Subject
Message-ID: <199602150544.VAA23815@jobe.shell.portal.com>


>Meanwhile
>        WANTED, DEAD OR ALIVE
>        JIM BELL
>        REWARD 13 demo-cyberbucks

     Send your contributions to:

         James D. Bell
         7214 Corregidor Road
         Vancouver, WA
         (503) 696-3911
         (503) 737-0284
         (503) 737-0357

>An assassination-sponsoring society is _not_ a polite society.

The first rule of not being seen is "Don't stand up".








From hochiminh at alpha.c2.org  Thu Feb 15 05:07:47 1996
From: hochiminh at alpha.c2.org (hochiminh at alpha.c2.org)
Date: Thu, 15 Feb 1996 21:07:47 +0800
Subject: Ben T. Moore "Mr. Anonymous"
Message-ID: <199602150533.VAA00583@eternity.c2.org>


<<<>>>

BTM> Well Karl, It seems I missed your idea/solution in this post, however, some of 
BTM> us figured this out some years ago... I begin a campaign almost 10 years ago 
BTM> of feeding the computers false information about myself. I never use the Social
BTM> Insecurity Number assigned to me... I don't even give it to the Bank. This makes
BTM> for some rather dicey situations. I rarely use my real name or give out my real
BTM> phone number. At this point in my life... I have *NO* credit history. I currently 
BTM> have *NO* bank account. My goal is to be completely invisible to the system.
BTM> Yes I have had a few glitches in this plan from time to time... but I continue to 
BTM> work on it.

Well, Mr. Anonymous, let's see how well YOU have used your own advice.  With
just a little effort using WEB search engines available to everyone on the net I
have found the following:

Yes you have no credit history, at least not a positive history and you have no bank
account.  However, these "accomplishments" were not the result of your "goal" to be "invisible to the system".  You have a credit history, a VERY poor one.  This and the fact that you have no bank account stems from the fact that you are a deadbeat not some cyber-hero looking to "drop-out" of the system.  You are approximately $13,000.00 behind in child support.  In fact a search of the records available to the general public reveals you were recently arrested for failure to pay child support.  A fund rasing campaign was instituted in several USENET and FIDONET newsgroups to raise your bail when your attorney-employer abandoned you in jail.  In fact you have been arrested several times in the last 12 months for some rather abberant behavior.

Let me list the things I have been able to find out about you:

1) You are an African-American Male, age 36.

2) You live in Indianapolis, Indiana.

3) You are the on-again off-again bodyguard for Militia-Patriot attorney Ms. Linda         Thompson and was with her when she was arrested (again)12-23-95.

4) You were arrested for attempting to smuggle weapons (bullets?) into the Indianapolis     County Jail 07-22-95.

5) You are about 6'4" tall and weigh 260#.

6) You also use the IRC name "Shaka".

7)  You are a deabeat dad being $13,000.00 in arrears in child support.

8)  You recovered some property for Ms. Thompson and filed a Police Report
     # 9531780A.

9)  You wrote a letter to the editor in the Indianapolis Post Spotlight lamenting you "child      support" woes.  Pathetic, very pathetic.


So while you are off being a cool anonymous dude the rest of us are paying for the AFDC you ex-wife has to use to feed the kids.  How do you justify an internet account while being $13,000.00 in arrears on child support?  You are a disgrace to your race, the Militia-Patriot movement and men in general.

BTM> I just have never felt warm and fuzzy knowing that any government agency,
BTM> business, or whoever can get my personal information off a computer could come
BTM> knock on my door some dark night. If you're interested in fortifying your privacy,
BTM> I can give you a few pointers.

BTM> 1.) Go to your local DMV and inform them you've had a change of address. I
BTM>      selected a high rise apartment building with 15 floors and selected an address
BTM>      on a non-existant 23rd floor. Getting your Driver's License address changed
BTM>      should cost less than $10.00.

This is a violation of Indiana Code but breaking the law is of no concern to you, huh?

BTM> 2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
BTM>      nominal compared to the added privacy and security. The distinction between
BTM>      a mailbox and a Post Office Box is with a mailbox you have an actual street
BTM>      address. You can receive deliveries from UPS and Federal Express at a 
BTM>      mailbox. You can't at a P.O. Box.

BTM> 3.) This part requires some skill... befriending a graphic artist is a good idea for 
BTM>      this one. But what you need is a phony work identification.  Pick a name! A 
BTM>      couple of "Pass Port Photos" and some lamination and you're good to go.

This is a violation of Indiana and Federal Laws depending on how they are used.

BTM> 4.) Take your new persona down to your local utility companies and get the serv-
BTM>      ice switched to the name of your new persona. Even get your phone switched
BTM>      and have the number non-published. You'll be pleasantly surprised from now
BTM>      on, everytime your phone rings, it will be someone you really want to talk to.

Another violation of Indiana Code





From cactus at hks.net  Thu Feb 15 05:14:29 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Thu, 15 Feb 1996 21:14:29 +0800
Subject: Subject lines?
Message-ID: <199602150628.BAA07627@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Rich Graves wrote:
> The messages on news://nntp.hks.net/hks.lists.cypherpunks do have subject
> lines, so at least some messages are leaving toad.com OK. I think it's
> our problem.

Nope, not necessarily.  Hypermail goes off of different headers than most
MUAs do (it's a slut: it'll use anything it can find).

Too bad it dumps core on Message-ids that don't have greater-thans or less-thans
(or did: that's the latest round of patches that I sent off to be ignored by
 its author).

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSLSkSoZzwIn1bdtAQH7YQF9FU1nbaYk7t/I0njC/c4ts5+hYrxYZwDg
lgj4ZVc6RvYNaB7wYFq9odgbvb3ewSGl
=W3SY
-----END PGP SIGNATURE-----





From cwalton at jovanet.com  Thu Feb 15 05:28:51 1996
From: cwalton at jovanet.com (cwalton at jovanet.com)
Date: Thu, 15 Feb 1996 21:28:51 +0800
Subject: FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Message-ID: <9602150559.AA28269@toad.com>


I just have to ask-- what does this have to do with........

>few participants; the purists spend lots of time self-righteously
>congratulating each other on keeping off-topic threads off the list).

oh, never mind. i see now......

Conrad Walton                           
http://www.industrial-artworks.com/
---------------------------------------------------------------------------
---
 INDUSTRIAL ARTWORKS  |  POB 2815, El Segundo, CA 90245  |  1-310-640-3365






From llurch at networking.stanford.edu  Thu Feb 15 05:31:21 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 15 Feb 1996 21:31:21 +0800
Subject: The Internet Party
In-Reply-To: <199602142101.NAA25866@well.com>
Message-ID: 


I say we elect Jim Bell, then kill him.

More seriously (or maybe I was serious), an "Internet party" just makes 
no sense to me. There's far too much diversity of views for the Internet 
to be a "party." Perhaps the "Internet party" could take shape as a 
corporatist pressure group, but hte record of corporatist systems is not 
great. 

I'm happy with the EFF and such remaining special interest groups with no 
partisan political baggage. "No entangling alliances," as Washington 
said, and no compromises.

-rich





From jamesd at echeque.com  Thu Feb 15 05:40:41 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Thu, 15 Feb 1996 21:40:41 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602150552.VAA09945@news1.best.com>


jamesd at echeque.com:
>> While the religious right clearly supported the push to regulate the
>> internet, the main push seemed to me to come from the existing mass
>> media, primarily the three big TV channels.

At 02:09 PM 2/14/96 -0500, Declan B. McCullagh wrote:
>The religious right did not *support* the "push to regulate the
>Internet" -- they drafted, defended, and pushed through the damn CDA!

Bunkum

Name this Christian rightist who drafted or defended the CDA!

The primary anti porn activists involved in the effort to regulate the net
were Donna Reed, and Marty Rimm, neither of whom are members of the Christian 
right, and Bill Arms, who is not only not a member of the Christian right,
but who in additon is a PC academic.

While their campaigns received assistance, encouragement, and free labor
from the Christian right, it was not the Christian right that enabled these
people to exercise the disproportionate power and influence that they did.

It was not the Christian right that obtained totally undeserved publicity 
for Rimm's spurious findings.

Rimm's study had connections both with the right and the left, but the real
question is where the big muscle came from.  If the big muscle came from
the Christian right they would have let us know by now, because they always
tend to exaggerate their influence and power.

While the effort to regulate the net had *links* to the Christian right, it
is simply untrue to say that it was composed of the Christian right, or even
to say that the Christian right played a significant role in the effort.  Their
role is scarcely visible.  They were minor foot soldiers.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From dsmith at midwest.net  Thu Feb 15 05:45:07 1996
From: dsmith at midwest.net (David E. Smith)
Date: Thu, 15 Feb 1996 21:45:07 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: <2.2.32.19960215051324.0067ca00@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

The new Science News that showed up in today's mail
has a short but informative article on quantum
cryptography.  It explains what quantum crypto is for
us newbies and gives the history of a recent success
in Lake Geneva (Switzerland, not Wisconsin) - an
encrypted message was sent 22.7 km over fiber-optic
cable successfully.  It's a nice article.

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSLAYzVTwUKWHSsJAQHAPQf6A4h68OSIUK7qOkZVrZByDg/1VGZweiti
3FpCGC/GHqZ9jZwJJOVqx7DucWEeXkeJtnepQsGr+SB/RBEnBfPwpkbSAS0wQnMX
D9mUR/p8yRPVWA8baodcG8NRWd4CMiA2+x/vxJEht6/gUx5YfSNQ5wOWQWA1AN4U
5BH/yqSe53m6Rm4h5r3z7ve9OU37wd1gjDgmqwRsiN2UsyZ035om63cPqqMFTIfd
0+PX+cQxag2tz1AXcwwyMpkKhKEmRL3FvW0eyOKXS0b9EcuYRPBEBLDmXzJnIaId
lt9EN4iyRgbux4S3M4OmMJB80kaTK2TPurb2fFO+LeuJJdnWa6MfGw==
=jLBT
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From jamesd at echeque.com  Thu Feb 15 05:54:38 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Thu, 15 Feb 1996 21:54:38 +0800
Subject: The Internet Party
Message-ID: <199602150738.XAA11996@news1.best.com>


At 01:01 PM 2/14/96 -0800, Brian D Williams wrote:
>Why not form our own Party?
>
>The Internet party........

No matter how excellent the people and the goals of such a party:
such a party would be a first step to creating a world state.

Good intentions, dreadful consequences.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jonl at WELL.COM  Thu Feb 15 05:56:28 1996
From: jonl at WELL.COM (Jon Lebkowsky)
Date: Thu, 15 Feb 1996 21:56:28 +0800
Subject: Safdar and Seiger at EF Forum
Message-ID: <199602131759.MAA21450@abel.ic.sunysb.edu>


Thursday, February 15, Electronic Frontiers Forum
http://www.hotwired.com/club or telnet://chat.wired.com:2428
7PM PST   8PM MST   9PM CST   10PM EST

Jonah Seiger and Shabbir Safdar

     Jonah Seiger is policy analyst/online presence for the Center for
     Democracy and Technology (CDT), and Shabbir Safdar is the driving
     force behind Voters Telecommunication Watch (VTW). Both have worked
     to track the evolution of the just-passed telecommunications reform
     bill and other legislation that would negatively impact the
     existence of a free and open Internet. Join us in Electronic
     Frontiers with host Jon Lebkowsky on Thursday, 15 February at 7 p.m.
     PST (Friday, 03:00 GMT).

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky                       http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays 
Vice President, EFF-Austin                     
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=






From ses at tipper.oit.unc.edu  Thu Feb 15 06:11:40 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Thu, 15 Feb 1996 22:11:40 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Mon, 12 Feb 1996, Timothy C. May wrote:

> 
> Yes, such as collecting funds to send to Jim Bell to arrange for the
> assassination of Salman Rushdie.
> 
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.

Nuke *Fulham*? I thought you might have picked up a few tidbits from the
last nukepunks thread, but just in case- despite what you may have heard,
nuclear weapons are not precision tools. A device dropped on Fulham would
probably not be welcomed by Her Majesty's Government, although since the
blast damage would probably level Kensington Palace to the ground, it
would solve the Diana problem. 


 ---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From johnhemming at mkn.co.uk  Thu Feb 15 06:21:15 1996
From: johnhemming at mkn.co.uk (John Hemming - CEO MarketNet)
Date: Thu, 15 Feb 1996 22:21:15 +0800
Subject: (cpx) secure web page ideas
Message-ID: <1996-Feb15-090001.2>


>From: Jon Lasser 

>For those people who have Netscape / an SSL-enabled web-browser, wouldn't
>it be useful to have secure web pages that did the following:
>(2) A pgp-sending web page (type in key id into field, send message to
>    address given, encrypted)  This isn't a bad idea for the same reason that
>    (1) above is a much better idea.

>How hard would this be to implement? Would it be worth waiting until the PGP
>3.0 API is released?

I have been slogging away with my own SSL browser trying to make it
crash less frequently (it actually crashes more often than Netscape).

Before I started on the latest round of changes I had managed to PGP
enable the browser (using my own implementation of PGP) with two web
linked functions:

a)  In the mailto:  Link a PGPKEY="ABCDE" field contains the PGP
public key of the recipient the program then encrypts the mail before
sending it.

b)  In forms using mailto a similar function acheives the same.

I have almost certainly broken the PGP implementation through all the
work I have been doing on the code recently although I think I should be
able to sort this relatively soon.

In other words:

It has been done (ish) see
ftp://193.119.26.70/mktnet/pub/horse.zip

(It also covers 128bit SSL)







From ddt at lsd.com  Thu Feb 15 06:28:25 1996
From: ddt at lsd.com (Dave Del Torto)
Date: Thu, 15 Feb 1996 22:28:25 +0800
Subject: [S1567] Leahy vs CDA
Message-ID: 


[This was Senator Leahy's reply to my mail to him on the CDA. -dave ]

>From: Senator_Leahy at leahy.senate.gov
>Date: Wed, 14 Feb 96 15:52:36 EST
>To: ddt at lsd.com
>Subject: Rule: Re: Thanks, Senator
>
>I really appreciate getting your message about the so-called
>"Communications Decency Act."
>
>On February 9, I introduced S. 1567, a bill to repeal this misguided
>attempt to censor the words used and topics discussed on the Internet. You
>can find the text of the bill and a copy of my full statement at:
> 
>
>Rather than use the heavy hand of government censorship, I believe we
>should encourage parents to use the growing number of technical tools
>available to control what their children may access on-line.
>
>We have a long, hard struggle ahead of us to reverse this misguided law. I
>am heartened and encouraged by the outpouring of support from Internet
>users all over the country in support of my efforts to protect our First
>Amendment rights when we go on-line. We must all keep working to convince
>a majority of Senators that we need to approach this whole issue
>rationally and sensibly. Grassroots support like yours is important to
>make this happen.
>
>Please stay in touch.








From a-kurtb at microsoft.com  Thu Feb 15 06:39:19 1996
From: a-kurtb at microsoft.com (Kurt Buff (Volt Comp))
Date: Thu, 15 Feb 1996 22:39:19 +0800
Subject: 
Message-ID: 



>}The United States is a sovereign nation. Do you dispute that ? The
>}constitution is a binding agreement between the government and its
>citizens
>}that determines how that sovereignty will be exercised, the elements in
>which
>}the nation will not interfere with citizens, and the duties which it will
>}carry out.
>
Haven't read much Lysander Spooner, or merely ignoring him?

If the former, try his essay:

No Treason: The Consitution of No Authority.

You can find it on the web, just use your favorite spider/whatever.

If the Constitution is a binding agreement, show me where I signed. A
contract requires two things of which I am aware (maybe some others that I
am not, since IANAL :-) - Agreement by all signatories, and performance. We
have at least one missing item in that list. If you wish to make the
argument that since I have paid taxes, I have agreed, then I will most
heartily beg to differ. I pay under protest, sometimes silent, sometimes
not, but never do I pay willingly.

If on the other hand you wish to argue from different grounds, I will
listen. But, with all due respect for your opinions (which is considerable,
actually) I expected better.

Kurt

>





From jimbell at pacifier.com  Thu Feb 15 06:40:42 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 15 Feb 1996 22:40:42 +0800
Subject: fortune and predictions...
Message-ID: 


At 08:55 PM 2/14/96 -0500, Jean-Francois Avon (JFA Technologies, QC, Canada)
wrote:
>GREETINGS!
>
>>(BTW, why don't you  respond to the list?)
>
>Actually, I just did.  I was tempted to mail the stuff directly to you but
then,
>I realised that you might have interpreted what I said as a threat. 

Huh? I didn't even notice.   Well, I guess after a few months of promoting
"Assassination Politics", I'm so thick-skinned that nothing fazes me anymore.

>So I posted it
>publicly. (Isn't CPunks about being untrustfull... :)

The reason I'd prefer most of the discussion on the list is simple:  I have
a limited amount of time, and I'm promoting an idea.  If you have a good
argument that I should be able to address, I want everyone to have the
benefit not only of your comment but also my response!


>I brought an argument in my post.  I could develop it further on private
e-mail with you.

I'll read it.  However, my mail has slowed to a trickle today.  There's
something wrong, somewhere.  It'll come flooding in, in a few hours I'll bet.


>You will certainly understand my argument.  I'd be delighted if you can
prove me wrong.

We shall see...






From jimbell at pacifier.com  Thu Feb 15 06:42:03 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 15 Feb 1996 22:42:03 +0800
Subject: [ASSASSINATION NOISE] Re: V-chips, CC, and Motorcycle Helmets
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:11 PM 2/14/96 -0800, Bill Stewart wrote:
>At 11:36 AM 2/13/96 -0800, you wrote:
>
>>The Rushdie incident is simply so far removed from "Assassination Politics" 
>>that it can't possibly be used to refute it; I still believe it actually 
>>demonstrates how much effort somebody has to go to, to protect a targeted 
>>person.  One targeted person is easy to protect.  10,000 would be FAR 
>>harder.  And the moment a few of those guys got "whacked," the rest would 
>>want to resign their jobs and hope they would be allowed to retire in peace.
>
>Rushdie is just low on your target list.  I agree that it's much harder
>to protect 10,000 people (say the Iranians put out a contract on Baha'is
>and other heretics, at $X/head...) but it's still abusable. 

Does the fact that some system is "abusable" mean that it is not better than 
the current system?  Or are you under the impression that the current system 
is NOT "abusable"?!?  The reason I mention this is that I get the strange 
impression that the system I advocate is being judged by a different 
standard than the status quo.  "Double standard," is the usual term.  Is 
this fair?

Let's consider the Rushdie situation in more detail.  Why is he in danger?  
Because, obviously enough, some high-ranking LEADERS in the Moslem faith put 
a contract out on him.  Okay, if they're high-ranking, and they're well 
known, and they're putting out contracts on people, RECIPROCATE!

See how this works?  If "Ayatollah X" says, "Kill Rushdie and we'll give you 
a couple million dollars," then "AsPol" that Ayatollah to death, a dollar at 
a time.  Pretty soon, no "high-ranking" Moslem would DARE put out a contract 
on a Rushie-like character, for fear of getting killed himself.

Of course, it is  true that individual Moslems could ALSO use the 
"Assassination Politics" mechanism, but they would have to be 
self-motivated, because the system is designed to be anonymous.  Keep in 
mind that "nobody" would have ever heard of the name "Rushdie" if it hadn't 
been for that contract.

> Maybe the
>Anonymous Captains of Industry put out a contract on strike leaders.

People keep talking about "leaders" as if we NEEDED leaders  SHEESH!  Stay 
stuck in your old ruts if you want, but the fact is the world is changing 
from a "leader-centric" system to a distributed-control system, assisted by 
digital anonymity.  

>>From a cypherpunks perspective, yes you could run an assassination lottery,
>though it might be hard for the assassin to collect - how do you prove
>that _you_ were the hit man, and not merely the nearest person to a phone
>after it happened?  How do you prevent an anonymous escrow agency from 
refusing
>to deliver the cash?  Some of the protocols may be difficult to work out.

There are a lot of interesting questions implied by the above paragraph, and 
I will be happy to discuss them, in the next note, tomorrow.  If anything, I am 
surprised that there hasn't been more commentary along these lines than has 
occurred up to now.  Frankly, if I want to discuss the POLITICAL aspects, I 
typically do that in NWLIBERTARIANS at TELEPORT.COMO, not Cypherpunks.  The 
main reason I subscribed to Cypherpunks is that I wanted the TECHNICAL 
issues discussed, debated, and perfected.

The problem, I think, is that people (like, for instance, Perry) complain 
about the political-implications discussion of AsPol, but he clearly doesn't 
want to move the discussion to a more technical "Cypherpunks"-type level, 
with detailed discussions of protocols, trust issues, etc.  I _DO_.


>Meanwhile
>        WANTED, DEAD OR ALIVE
>        JIM BELL
>        REWARD 13 demo-cyberbucks

Hey, I'm not easily offended!  Actually, while I think this is rather funny, 
I am fully aware that the truth is that my idea will upset a few million 
apple-carts.  And yes, I wouldn't be surprised if I'm one of the first 
victims of this system. (I am careful to point out, however, that I believe 
a system such as this to always have been inevitable;  Jim Bell is merely 
one of the first to notice the ultimate implications of this system.)

As I said long ago, there are some words in "A Tale of Two Cities" which 
describes my feelings on the subject.


>
>An assassination-sponsoring society is _not_ a polite society.

Question:  How would you know?  Since we've never had anything even remotely 
approaching the system I advocate, how can you say how "polite" it would be?

Jim Bell

jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSLpnPqHVDBboB2dAQESewP/X2KCgxxdWtCe/T26Pp7QadhwgkYv7bHT
PFj9SYKh07WlMQKQaL6kWvwtlx/LWJGjEWvU5wBBgp4Xrslmy6KKkjtjl0TwiGnA
sEKYCrjvXthSjcydt9O7zHRV+z9/khN+qw1WumCzQHSbbaW7DpaK4eQRmmOqcqD6
565Ay/AFJVY=
=/dWe
-----END PGP SIGNATURE-----






From erc at dal1820.computek.net  Thu Feb 15 06:50:24 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Thu, 15 Feb 1996 22:50:24 +0800
Subject: Linux on the Mac
In-Reply-To: <199602141521.KAA24196@jekyll.piermont.com>
Message-ID: 


On Wed, 14 Feb 1996, Perry E. Metzger wrote:

> Clay Olbon II writes:
> > In the latest PowerPC news it is reported that OSF is porting Linux to the
> > Mac with the support of Apple.  Apple has a web site -
> > www.mklinux.apple.com that discusses this and has a link to the OSF site.
> > In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
> > the Mac and unix might put me in the minority ;-)
> 
> I hate to ask this, but why does this have an impact on cryptography?

It's intuitively obvious to even the most casual observer what the 
connection is.  I guess you're not as smart as you think you are.

Ed "I'm not as think as you drunk I am!" Carp
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From wlkngowl at UNiX.asb.com  Thu Feb 15 06:50:31 1996
From: wlkngowl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 15 Feb 1996 22:50:31 +0800
Subject: The Internet Party
Message-ID: <199602150155.UAA06200@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Brian D Williams wrote:
[..]
> Looks pretty dim to me.
 
> Say, why not pick our own candidate?
> Why not form our own Party?
> The Internet party........
> It would be the ultimate write in campaign.
> Now all we need is a candidate who stands for free speech, personal
> privacy and the right to encrypt.......Just as bad as people who vote for ONE issue like abortion or civil 
rights or NAFTA/GATT and ignore everything else.  These are important 
issues, but they aren't the only ones.  And any support from netters will 
fall after arguing about everything else.

...and the sad thing is you might well shoot yourself in the foot for 
voting against somebody over one or two issues.  I know people who'd vote 
for anybody but Clinton.  They babble about Clinton being a "socialist" 
 so much that they'd end up voting for a National Socialist 

> "I nominate John Perry Barlow. Who will second the nomination?"I nominate Frank Zappa. The music's better and dead presidents don't cost 
as much to maintain.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSKSfyoZzwIn1bdtAQEr7gF/enFcC7CX8islsCHJ9BHdWa3SAvmvxlZh
Nd39qds0s0D5gjRcEoKTu9wiHCmIOqaU
=aKJh
-----END PGP SIGNATURE-----





From jsw at netscape.com  Thu Feb 15 06:51:23 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Thu, 15 Feb 1996 22:51:23 +0800
Subject: Cookie Crumbles
In-Reply-To: <199602141606.LAA27401@pipe4.nyc.pipeline.com>
Message-ID: <3122FB4E.20EF@netscape.com>


John Young wrote:
>    Still, be alert for invasive snoops and tracking analytics,
>    not only by NSCP, but by all those invaders crying mea
> culpa,
>    "you misjudge the goodness in our hearts, we did it for your
>    own good, like all good parents. Trust us."

  You may choose not to believe me, but I have been planning to add an option
to disable cookies in the next release for quite some time now.

  Just disabling cookies won't keep sites from tracking your movements.
Many sites require you to register and log in when you access them.
These sites will be able to track your movements through them with or
without cookies.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jsw at netscape.com  Thu Feb 15 06:53:12 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Thu, 15 Feb 1996 22:53:12 +0800
Subject: Netscrape's Cookies
In-Reply-To: <199602132121.QAA16259@UNiX.asb.com>
Message-ID: <3122F324.285@netscape.com>


Defanged Fruit-ant wrote:  (Hey, he called us Netscrape :-) )
> 
> Ready the article about the COOKIE.TXT file that Netscape creates.
> Apparently my copy has yet to modify it since it was installed... so
> much for 'hacking' it (I decided to try and leave it write-protected
> for now).
> 
> I'm curious if anyone knows which sites use/modify it.

  Sites that use the Netscape Merchant system for online malls use cookies
for keeping track of your "shopping basket".  I don't think they use
persistent cookies, so they will never get written to the file on disk.
Such sites include the netscape online store (merchant.netscape.com)
and the MCI mall at www.internetmci.com.

> Also wondering why Netscape seems to touch/modify the certification
> key files every time it runs.

  It is an artifact of the database library that we are using.  The
certificates and keys are not actually being written each time.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From llurch at networking.stanford.edu  Thu Feb 15 06:57:20 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 15 Feb 1996 22:57:20 +0800
Subject: Another CDA Protest Idear
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

To the message_fronter of the public majordomo lists I control
(win95netbugs and win95netbugs-digest), I have temporarily added the
following, as a way of limiting my liability:

############################################################################
## WARNING: Any use of this mailing list in violation of section 502 of   ##
## the Communications Decency Act of 1995 will immediately be referred to ##
## the appropriate authorities for prosecution. See http://www.eff.org/.  ##
############################################################################

I will of course remove this notice, or maybe move it to the footer, 
after a couple messages go by with the notice prepended. No need to be 
*totally* obnoxious.

I'll probably also post a notice that all submissions to
comp.os.ms-windows.announce (I'm the new moderator) must comply with the
CDA. Hmm, I haven't had time to put up a "submissions guidelines FAQ" yet. 
This could be fun, but I will keep it clean. 

- -rich
 llurch at networking.stanford.edu
 WARNING: Use of the above email address across international boundaries 
 implies consent to monitoring by the National Security Agency and other 
 lawfully recognized bodies. All domestic USA use of the above email 
 address must also comply with the Communications Decency Act of 1995. 
 Violations will be reported to the Federal authorities for prosecution.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSMFE43DXUbM57SdAQFyCQP9EPAgWF2xRLVyKYQww7xl92uK8kS/tFx6
4mUzkI2MhFTwfKCeEZvtmBzcGYhICDuJXZGGnHVNpaFSJKBJvRGfRazAMrcf1/Aq
V8RHXqBA6OgFpHTAh90dpuB/azGcOsP5YN9lVe3t+bCnlivVXA0N71PXC82e/ORd
5DZnU/3LPo0=
=esOC
-----END PGP SIGNATURE-----





From nobody at REPLAY.COM  Thu Feb 15 06:58:38 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Thu, 15 Feb 1996 22:58:38 +0800
Subject: No Subject
Message-ID: <199602150942.KAA13880@utopia.hacktic.nl>


Something for Jim Bell and his ilk to think about:

         "If we could climb
               the highest steeple
          And look around at
               all the people,
          And shoot the ones
               not wholly good
          As we, like noble
               shooters, should,
          Why, then there'd be
               an only worry ---
          Who would be left
               to bury 
                 us?"

                 - Walt Kelly








From warlord at MIT.EDU  Thu Feb 15 07:11:10 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 15 Feb 1996 23:11:10 +0800
Subject: Stealth PGP work
In-Reply-To: <10100.9602141537@dart.dcs.exeter.ac.uk>
Message-ID: <199602141830.NAA02458@toxicwaste.media.mit.edu>


> I presume he means stealth, and the functionality that it provides, as

I'm not familiar with the exact details of what stealth does, which is
why I asked for more details.  The problem is that PGP API, when
decrypting a message, keys off the PGP packet types in order to
operate.  If stealth can work outside of PGP 2.6.2, then it should be
possible to add it on to PGP 3, theoretically.

>   I raised this question myself to
> the pgp3 development team some time ago, and the reply I got was
> essentially that it would still be possible to have as an add-on, so
> there was no need to clutter the pgp3 functionality.

And in some ways this is true.  The PGP API does allow for add-ons.
I'll explain what I mean later in this message.  Then again, I don't
know to whom you spoke.  The "PGP 3 development team" has changed a
lot over the last couple years.  At this point, for all practical
purposes, there only two people on the team.

> However, if you provide an API call to unarmor with out decrypting,
> and a call to decrypt with out uncompressing, etc then a call to test
> for a particular user id on the assumption that it is addressed to
> that user id and is an encrypted message would fit in a similar way?

It is not implemented directly in this manner, but it is possible to
get this functionality.  The application will get a callback at which
point it can direct the PGP library.  For example, if you want to
dearmor but not decrypt, when you get to the encryption part you tell
it not to continue and to just output the encrypted block.

Basically, the PGP Message Processing API is based on a pipeline
model.  You have a bunch of pipeline modules that are connected, and
each module performs some transformation on the data.  For example,
you have a text module that goes into a literal module which goes into
a signature module which goes into an encryption module which then
goes into an armor module.  To add stealth, you just add a stealth
module in there.  However I can tell you now that we are not working
on such a module for the PGP 3.0 release.

I'll hopefully have the API Spec and Programmer's Guide in a state
where I can let others see it in the near future.  But since I'm going
to be off the net for about a week or two at the end of the month, it
might have to wait until March unless a miracle happens in the next
week.

I hope this helps.

-derek





From rah at shipwright.com  Thu Feb 15 07:21:47 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 23:21:47 +0800
Subject: Leahy moves for Repeal of Communications Indecency Act
Message-ID: 



--- begin forwarded text

Date: Tue, 13 Feb 1996 22:52:21 EDT
From: oldbear at arctos.com (The Old Bear) (by way of rah at shipwright.com
(Robert A. Hettinga))
To: rah at shipwright.com
Subject: Leahy moves for Repeal of Communications Indecency Act
Organization: The Arctos Group - http://www.arctos.com/arctos
Path: sundog.tiac.net!arctos.com!oldbear
Newsgroups: tiac
Lines: 366
NNTP-Posting-Host: arctos.com
X-Newsreader: Trumpet for Windows [Version 1.0 Rev B final beta #4]
X-Newsreader: Yet Another NewsWatcher 2.1.2

----------begin forwarded text----------

Date: Mon, 12 Feb 1996 21:32:00 +0000
From: "Cyber Rights" 
To: Multiple recipients of list 
Subject: cr> UPDATE: Leahy Proposes Repeal of Communications Dece


Senator Leahy, last year's white knight of the Net, has struck
another blow for online decency.  Thanks to Todd Lappin for getting
this out so quickly.

--caj


Craig A. Johnson


======================================================
Date:          Mon, 12 Feb 1996 17:08:57 -0800 (PST)
To:            toddl at wired.com
From:          telstar at wired.com (--Todd Lappin-->)
Subject:       UPDATE: Leahy Proposes Repeal of Communications Decency
Act


Senator Patrick Leahy has introduced legislation designed to repeal
the Internet "indecency" provisions of the telecommunications reform
bill President Clinton signed into law last Thursday.

The text of Leahy's proposal, as well as his (very articulate) floor
statement, follows below.  Both are worth reading.

Leahy was one of only five Senators to vote against the telco bill on
February 1, 1996. He is also one of the few legislators on Capitol
Hill who truly understands what the Net is all about.

If you'd like to send the Senator a message of support, his e-mail
address is: senator_leahy at leahy.senate.gov.

Onward,

--Todd Lappin-->
Section Editor
WIRED Magazine

===================================================================

FILE s1567.is
          S 1567 IS
          104th CONGRESS
          2d Session
          To amend the Communications Act of 1934 to repeal the
          amendments relating to obscene and harassing use of
          telecommunications facilities made by the Communications
          Decency Act of 1995.

                           IN THE SENATE OF THE UNITED STATES

                     February 9 (legislative day, FEBRUARY 7), 1996

          Mr. LEAHY (for himself and Mr. FEINGOLD) introduced the
          following
              bill; which was read twice and referred to the Committee
              on Commerce, Science, and Transportation

                                         A BILL

          To amend the Communications Act of 1934 to repeal the
          amendments relating to obscene and harassing use of
          telecommunications facilities made by the Communications
          Decency Act of 1995.
           [Italic->]   Be it enacted by the Senate and House of
          Representatives of the United States of America in Congress
          assembled, [<-Italic]

          SECTION 1. REPEAL OF AMENDMENTS.
            Effective on the day after the date of the enactment of
            the
          Communications Decency Act of 1995, the amendments made to
          section 223 of the Communications Act of 1934 (47 U.S.C.
          223) by section 502 of the Communications Decency Act of
          1995 are repealed and the provisions of such section 223 as
          in effect on the day before such date shall have force and
          effect.



 [end bill text]



   Floor Statement On Repealing The Communications Decency Act
   February 9, 1996
     _________________________________________________________________

   Mr. LEAHY. Mr. President, last week, the Congress passed
   telecommunications legislation. The President signed it into law
   this week. For a number of reasons, and I stated them in the
   Chamber at the time, I voted against the legislation. There were a
   number of things in that legislation I liked and I am glad to see
   them in law. There were, however, some parts I did not like, one of
   them especially. Today I am introducing a bill to repeal parts of
   the new law, parts I feel would have far-reaching implications and
   would impose far-reaching new Federal crimes on Americans for
   exercising their free speech rights on-line and on the Internet.

   The parts of the telecommunications bill called the "Communications
   Decency Act" are fatally flawed and unconstitutional. Indeed, such
   serious questions about the constitutionality of this legislation
   have been raised that a new section was added to speed up judicial
   review to see if the legislation would pass constitutional muster.
   The legislation is not going to pass that test.

   The first amendment to our Constitution expressly states that
   "Congress shall make no law abridging the freedom of speech." The
   new law flouts that prohibition for the sake of political
   posturing. We should not wait to let the courts fix this mistake.
   Even on an expedited basis, the judicial review of the new law
   would take months and possibly years of litigation. During those
   years of litigation unsuspecting Americans who are using the
   Internet in unprecedented numbers and more every day, are going to
   risk criminal liability every time they go on-line.

   Let us be emphatically clear that the people at risk of committing
   a felony under this new law are not child pornographers, purveyors
   of obscene materials or child sex molesters. These people can
   already be prosecuted and should be prosecuted under longstanding
   Federal criminal laws that prevent the distribution over computer
   networks of obscene and other pornographic materials harmful to
   minors, under 18 U.S.C. sections 1465, 2252 and 2423(a); that
   prohibit the illegal solicitation of a minor by way of a computer
   network, under 18 U.S.C. section 2252; and that bar the illegal
   luring of a minor into sexual activity through computer
   conversations, under 18 U.S.C. section 2423(b). In fact, just last
   year, we passed unanimously a new law that sharply increases
   penalties for people who commit these crimes. In fact, just last
   year, we passed unanimously a new law that sharply increases
   penalties for these people.

   There is absolutely no disagreement in the Senate, no disagreement
   certainly among the 100 Senators about wanting to protect children
   from harm. All 100 Senators, no matter where they are from, would
   agree that obscenity and child pornography should be kept out of
   the hands of children.

   All Senators agree that we should punish those who sexually exploit
   children or abuse children. I am a former prosecutor. I have
   prosecuted people for abusing children. This is something where
   there are no political or ideological differences among us.

   I believe there was a terribly misguided effort to protect children
   from what some prosecutors somewhere in this country might consider
   offensive or indecent online material, and in doing that, the
   Communications Decency Act tramples on the free speech rights of
   all Americans who want to enjoy this medium.

   This legislation sweeps more broadly than just stopping obscenity
   from being sent to children. It will impose felony penalties for
   using indecent four-letter words, or discussing material deemed to
   be indecent, on electronic bulletin boards or Internet chat areas
   and news groups accessible to children.

   Let me give a couple of examples: You send E-mail back and forth,
   and you want to annoy somebody whom you talked with many times
   before -- it may be your best buddy -- and you use a four-letter
   word. Well, you could be prosecuted for that, although you could
   pick up the phone, say the same thing to him, and you commit no
   crime; or send a letter and say the same word and commit no crime;
   or talk to him walking down the street and commit no crime.

   To avoid liability under this legislation, users of e-mail will
   have to ban curse words and other expressions that might be
   characterized as indecent from their online vocabulary.

   The new law will punish with 2-year jail terms someone using one of
   the "seven dirty words" in a message to a minor or for sharing with
   a minor material containing indecent passages. In some areas of the
   country, a copy of Seventeen Magazine would be considered indecent,
   even though kids buy it. The magazine is among the 10 most
   frequently challenged school library materials in the country.
   Somebody sends an excerpt from it, and bang, they could be
   prosecuted.

   The new law will make it a crime "to display in a manner available
   to" a child any message or material "that, in context, depicts or
   describes, in terms patently offensive as measured by contemporary
   community standards, sexual or excretory activities or organs..."
   That covers any of the over 13,000 Usenet discussion groups, as
   well as electronic bulletin boards, online service provider chat
   rooms, and Web sites, that are all accessible to children.

   This "display" prohibition, according to the drafters, "applies to
   content providers who post indecent material for online display
   without taking precautions that shield that material from minors."

   What precautions will Internet users have to take to avoid criminal
   liability? These users, after all, are the ones who provide the
   "content" read in news groups and on electronic bulletin boards.
   The legislation gives the FCC authority to describe the precautions
   that can be taken to avoid criminal liability. All Internet users
   will have to wait and look to the FCC for what they must do to
   protect themselves from criminal liability.

   Internet users will have to limit all language used and topics
   discussed in online discussions accessible to minors to that
   appropriate for kindergartners, just in case a child clicks onto
   the discussion. No literary quotes from racy parts of Catcher in
   the Rye or Ulysses will be allowed. Certainly, online discussions
   of safe sex practices, or birth control methods, and of AIDS
   prevention methods will be suspect. Any user who crosses the vague
   and undefined line of "indecency" will be subject to two years in
   jail and fines.

   This worries me considerably. I will give you an idea of what
   happens. People look at this, and because it is so vague and so
   broad and so sweeping, attempts to protect one's self from breaking
   the law become even broader and even more sweeping.

   A few weeks ago, America Online took the online profile of a
   Vermonter off the service. Why? Because the Vermonter used what AOL
   deemed a vulgar, forbidden word. The word -- and I do not want to
   shock my colleagues -- but the word was "breast." And the reason
   this Vermonter was using the word "breast"? She was a survivor of
   breast cancer. She used the service to exchange the latest
   information on detection of breast cancer or engage in support to
   those who are survivors of breast cancer. Of course, eventually,
   America Online apologized and indicated they would allow the use of
   the word where appropriate.

   We are already seeing premonitions of the chilling effect this
   legislation will have on online service providers. Far better we
   use the laws on the books today to go after child pornographers, to
   go after child abusers.

   What strikes some people as "indecent" or "patently offensive" may
   look very different to other people in another part of the country.
   Given these differences, a vague ban on patently offensive and
   indecent communications may make us feel good but threatens to
   drive off the Internet and computer networks an unimaginable amount
   of valuable political, artistic, scientific, health and other
   speech.

   For example, many museums in this country and abroad are going
   hi-tech and starting Web pages to provide the public with greater
   access to the cultural riches they offer. What if museums, like the
   Whitney Museum, which currently operates a Web page, had to censor
   what it made available online out of fear of being dragged into
   court? Only adults and kids who can make it in person to the museum
   will be able to see the paintings or sculpture censored for online
   viewing under this law.

   What about the university health service that posts information
   online about birth control and protections against the spread of
   AIDS? With many students in college under 18, this information
   would likely disappear under threat of prosecution.

   What happens if they are selling online versions of James Joyce's
   Ulysses or of Catcher in the Rye? Can they advertise this? Can
   excerpts be put online? In all likelihood not. The Internet is
   breaking new ground important for the economic health of this
   country. Businesses, like the Golden Quill Book Shop in Manchester
   Center, Vermont can advertise and sell their books around the
   country or the world via the Internet. But now, advertisers will
   have to censor their ads.

   For example, some people consider the Victoria's Secret catalogue
   indecent. Under this new law, advertisements that would be legal in
   print could subject the advertiser to criminal liability if
   circulated online. You could put them in your local newspaper, but
   you cannot put it online.

   In bookstores and on library shelves, the protections of the First
   Amendment are clear. The courts are unwavering in the protection of
   indecent speech. In altering the protections of the first amendment
   for online communications, I believe you could cripple this new
   mode of communication.

   At some point you have to start asking, where do we censor? What
   speech do we keep off? Is it speech we may find politically
   disturbing? If somebody wants to be critical of any one Member of
   Congress, are we able to keep that off? Should we be able to keep
   that off? I think not. There is a lot of reprehensible speech and
   usually it becomes more noted when attempts are made to censor it
   rather than let it out in the daylight where people can respond to
   it.

   The Internet is an American technology that has swept around the
   world. As its popularity has grown, so have efforts to censor it.
   For example, complaints by German prosecutors prompted an online
   service provider to cut off subscriber access to over 200 Internet
   news groups with the words "sex", "gay" or "erotica" in the name.
   They censored such groups as "clarinet.news.gays," which is an
   online newspaper focused on gay issues, and "gay-net.coming-out",
   which is a support group for gay men and women dealing with going
   public with their sexual orientation.

   German prosecutors have also tried to get AOL to stop providing
   access to neo-Nazi propaganda accessible on the Internet. No doubt
   such material is offensive and abhorrent, but nonetheless just as
   protected by our First Amendment as indecent material.

   In China, look what they are trying to do. They are trying to
   create an "intranet" that would heavily censor outside access to
   the worldwide Internet. We ought to be make sure it is open, not
   censored. We ought to send that out as an example to China.

   Americans should be taking the high ground to protect the future of
   our home-grown Internet, and to fight these censorship efforts that
   are springing up around the globe. Instead of championing the First
   Amendment, however, the Communications Decency Act tramples on the
   principles of free speech and free flow of information that has
   fueled the growth of this medium.

   We have to be vigilant in enforcing the laws we have on the books
   to protect our children from obscenity, child pornography and
   sexual exploitation. Those laws are being enforced. Just last
   September, using current laws, the FBI seized computers and
   computer files from about 125 homes and offices across the country
   as part of an operation to shut down an online child pornography
   ring.

   I well understand the motivation for the Communications Decency
   Act. We want to protect our children from offensive or indecent
   online materials. This Senator --and I am confident every other
   Senator-- agrees with that. But we must be careful that the means
   we use to protect our children does not do more harm than good. We
   can already control the access our children have to indecent
   material with blocking technologies available for free from some
   online service providers and for a relatively low cost from
   software manufacturers.

   Frankly, and I will close with this, Mr. President, at some point
   we ought to stop saying the Government is going to make a
   determination of what we read and see, the Government will
   determine what our children have or do not have.

   I grew up in a family where my parents thought it was their
   responsibility to guide what I read or would not read. They
   probably had their hands full. I was reading at the age of 4. I was
   a voracious reader, and all the time I was growing up I read
   several books a week and went through our local library in the
   small town I grew up in very quickly. That love of reading has
   stood me in very good stead. I am sure I read some things that were
   a total waste of time, but very quickly I began to determine what
   were the good things to read and what were the bad things. I had
   read all of Dickens by the end of the third grade and much of
   Robert Louis Stevenson. I am sure some can argue there are parts of
   those that maybe were not suitable for somebody in third grade. I
   do not think I was severely damaged by it at all. That same love of
   reading helped me get through law school and become a prosecutor
   where I did put child abusers behind bars.

   Should we not say that the parents ought to make this decision, not
   us in the Congress? We should put some responsibility back on
   families, on parents. They have the software available that they
   can determine what their children are looking at. That is what we
   should do. Banning indecent material from the Internet is like
   using a meat cleaver to deal with the problems better addressed
   with a scalpel.

   We should not wait for the courts. Let us get this new
   unconstitutional law off the books as soon as possible.

    ##
--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From eagle at armory.com  Thu Feb 15 07:58:33 1996
From: eagle at armory.com (Jeff Davis)
Date: Thu, 15 Feb 1996 23:58:33 +0800
Subject: Secrecy of NSA Affiliation
In-Reply-To: <199602131959.OAA16076@universe.digex.net>
Message-ID: <9602150257.aa22395@deepthought.armory.com>


> This sounds about right.  When I was an NSA employee ('83), our
> introductory briefing included the suggestion (I don't recall it being
> phrased as a command command) that we identify ourselves as DoD.  It
> was suggested that this might lessen our visibility as espionage
> targets.

You can read the NSA Employees Manual at http://nyx10.cs.du.edu:8001/~eagle
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email *
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email *   





From printing at explicit.com  Thu Feb 15 09:04:34 1996
From: printing at explicit.com (William Knowles)
Date: Fri, 16 Feb 1996 01:04:34 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


On Wed, 14 Feb 1996, Ed Carp wrote about Chinese censonship:

>I think it *will* work, in part because China has a very long history of
>repressing and persecuting its own people.  Besides, if they really get in
>a tight spot, there's always "the nuclear option." 

>If you think I'm kidding, read the news about China threatening to nuke
>Taiwan if they declare independence. 

I dunno on that one, Did you see the tape of the Chinese rocket with the 
U.S. telecommunications satellite exploding?

But they did censor that pretty quickly!

William Knowles
Graphically Explicit


//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
  Graphically Explicit                     
  Printing - Advertising - Graphic Design  
  1555 Sherman Avenue - Suite 203          
  Evanston IL., 60201-4421                 
  800.570.0471 - printing at explicit.com
  Accept, Embrace, Adapt, Create     
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//






From gorkab at sanchez.com  Thu Feb 15 09:13:30 1996
From: gorkab at sanchez.com (Brian Gorka)
Date: Fri, 16 Feb 1996 01:13:30 +0800
Subject: FW: Cyberspace Declaration Of Independence
Message-ID: <01BAFAD3.940E0460@loki>


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 20:53:34 -0500
From: janice 
To: janice at artsedge.kennedy-center.org
Newgroups: at.mail.com-priv
Subject: (fwd) A Declaration of Independence, for Cyberspace. (fwd)

Path: earth.superlink.net!news.sprintlink.net!europa.chnt.gtegsc.com!news.uoregon.edu!usenet.eel.ufl.edu!newsfeed.internetmci.com!howland.reston.ans.net!EU.net!Austria.EU.net!osiris.wu-wien.ac.at!news-mail-gateway
From: avalon at coombs.anu.edu.au (Darren Reed)
Newsgroups: at.mail.com-priv
Subject: A Declaration of Independence, for Cyberspace. (fwd)
Date: 12 Feb 1996 11:36:26 +0100
Organization: WU Mail/News Gateway
Lines: 173
Sender: daemon at osiris.wu-wien.ac.at
Message-ID: <199602121024.FAA25713 at lists.psi.com>
NNTP-Posting-Host: osiris.wu-wien.ac.at


I haven't seen this on com-priv yet...but I may have deleted it without
noticing....(sorry if it has been through it already).

darren

>>> John Perry Barlow  dared to speak the following <<<

From: John Perry Barlow 
To: watts at hawaii.edu
Subject: A Cyberspace Independence Declaration

Yesterday, that great invertebrate in the White House signed into the law
the Telecom "Reform" Act of 1996, while Tipper Gore took digital
photographs of the proceedings to be included in a book called "24 Hours in
Cyberspace."

I had also been asked to participate in the creation of this book by
writing something appropriate to the moment. Given the atrocity that this
legislation would seek to inflict on the Net, I decided it was as good a
time as any to dump some tea in the virtual harbor.

After all, the Telecom "Reform" Act, passed in the Senate with only 5
dissenting votes, makes it unlawful, and punishable by a $250,000 to say
"shit" online. Or, for that matter, to say any of the other 7 dirty words
prohibited in broadcast media. Or to discuss abortion openly. Or to talk
about any bodily function in any but the most clinical terms.

It attempts to place more restrictive constraints on the conversation in
Cyberspace than presently exist in the Senate cafeteria, where I have dined
and heard colorful indecencies spoken by United States senators on every
occasion I did.

This bill was enacted upon us by people who haven't the slightest idea who
we are or where our conversation is being conducted. It is, as my good
friend and Wired Editor Louis Rossetto put it, as though "the illiterate
could tell you what to read."

Well, fuck them.

Or, more to the point, let us now take our leave of them. They have
declared war on Cyberspace. Let us show them how cunning, baffling, and
powerful we can be in our own defense.

I have written something (with characteristic grandiosity) that I hope will
become one of many means to this end. If you find it useful, I hope you
will pass it on as widely as possible. You can leave my name off it if you
like, because I don't care about the credit. I really don't.

But I do hope this cry will echo across Cyberspace, changing and growing
and self-replicating, until it becomes a great shout equal to the idiocy
they have just inflicted upon us.

I give you...



A Declaration of the Independence of Cyberspace

Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind. On behalf of the future, I ask
you of the past to leave us alone. You are not welcome among us. You have
no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address
you with no greater authority than that with which liberty itself always
speaks. I declare the global social space we are building to be naturally
independent of the tyrannies you seek to impose on us. You have no moral
right to rule us nor do you possess any methods of enforcement we have true
reason to fear.

Governments derive their just powers from the consent of the governed. You
have neither solicited nor received ours. We did not invite you. You do not
know us, nor do  you know our world. Cyberspace does not lie within your
borders. Do not think that you can build it, as though it were a public
construction project. You cannot. It is an act of nature and it grows
itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you
create the wealth of our marketplaces. You do not know our culture, our
ethics, or the unwritten codes that already provide our society more order
than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this
claim as an excuse to invade our precincts. Many of these problems don't
exist. Where there are real conflicts, where there are wrongs, we will
identify them and address them by our means. We are forming our own Social
Contract . This governance will arise according to the conditions of our
world, not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself,
arrayed like a standing wave in the web of our communications.  Ours is a
world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice
accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her
beliefs, no matter how singular, without fear of being coerced into silence
or conformity.

Your legal concepts of property, expression, identity, movement, and
context do not apply to us. They are based on matter, There is no matter
here.

Our identities have no bodies, so, unlike you, we cannot obtain order by
physical coercion. We believe that from ethics, enlightened self-interest,
and the commonweal, our governance will emerge . Our identities may be
distributed across many of your jurisdictions. The only law that all our
constituent cultures would generally recognize is the Golden Rule. We hope
we will be able to build our particular solutions on that basis.  But we
cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications
Reform Act, which repudiates your own Constitution and insults the dreams
of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These
dreams must now be born anew in us.

Your increasingly obsolete information industries would perpetuate
themselves by proposing laws, in America and elsewhere, that claim to own
speech itself throughout the world. These laws would declare ideas to be
another industrial product, no more noble than pig iron. In our world,
whatever the human mind may create can be reproduced and distributed
infinitely at no cost. The global conveyance of thought no longer requires
your factories to accomplish.

These increasingly hostile and colonial measures place us in the same
position as those previous lovers of freedom and self-determination who had
to reject the authorities of distant, uninformed powers. We must declare our
virtual selves immune to your sovereignty, even as we continue to consent to
your rule over our bodies. We will spread ourselves across the Planet so
that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more
humane and fair than the world your governments have made before.

Davos, Switzerland
February 8, 1996


****************************************************************
John Perry Barlow, Cognitive Dissident
Co-Founder, Electronic Frontier Foundation
Home(stead) Page: http://www.eff.org/~barlow
Message Service: 800/634-3542

*****************************************************************

It is error alone which needs the support of government.  Truth can
stand by itself.

                         --Thomas Jefferson, Notes on Virginia


Signers of the declaration of Independence of Cyberspace:

---
Andrew F. Daniels                                      Computing Specialist
http://nickel.ucs.indiana.edu/~andrew                 Pager: (800) 958-4503
adaniels at ais.net                                             andrew at cic.net
statements made represent the views of the author and no other organization
         finger andrew at hamlet.ucs.indiana.edu for further details

---

PPP   A   TTTTT M   M   A   N   N
P  P A A    T   MM MM  A A  NN  N      Patrick C. Farabee
PPP  AAA    T   M M M  AAA  N N N
P   A   A   T   M M M A   A N  NN      pfarabee at intersource.com
P   A   A   T   M   M A   A N   N  











From cjs at netcom.com  Thu Feb 15 09:42:38 1996
From: cjs at netcom.com (Christopher J. Shaulis)
Date: Fri, 16 Feb 1996 01:42:38 +0800
Subject: Linux on the Mac
In-Reply-To: <199602142221.RAA11704@postman.osf.org>
Message-ID: <199602151207.HAA01960@localhost.cjs.net>


> >> In the latest PowerPC news it is reported that OSF is porting Linux
> >> to the Mac with the support of Apple.  Apple has a web site -
> >> www.mklinux.apple.com that discusses this and has a link to the OSF
> >> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
> >> fan of both the Mac and unix might put me in the minority ;-)
> >
> >They aren't *really* porting Linux to powermac. They're throwing a
> >little bit of paint on OSF/1 and hiding some stuff in libc.
> >
> >Looks to me like they are basicly trying to ca$h in on the Linux name
> >and reputation without contributing anything to the cause.
> *Sigh*
> 
> OSF ported Linux to our microkernel which is derived from Mach 3.0
> from CMU. And we have ported our kernel and the Linux server to

Mach != Linux. When people use use this thing, they will *not* be
using Linux in any way shape of form. The drivers and such that you
develop will be completely worthless to Linux proper without someone
spending months to port them, and advances in Linux such as the new
page cache or the upcoming revision of ext2fs may not show themselves
on your "linux" for an equal period of time.

This comes back to my belief that you folks are just trying to cash in
on Linux's name and reputation without contributing something directly
to the cause. Why didn;t you just call it it "OSF/1 for PowerMac" and
include an ext2fs server? Hindsight? Why don't you just port Linux
proper to PowerMac? 

(and how did this get on cypherpunks?)

Christopher





From rah at shipwright.com  Thu Feb 15 09:46:18 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 16 Feb 1996 01:46:18 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: 



>The new Science News that showed up in today's mail
>has a short but informative article on quantum
>cryptography.  It explains what quantum crypto is for
>us newbies and gives the history of a recent success
>in Lake Geneva (Switzerland, not Wisconsin) - an
>encrypted message was sent 22.7 km over fiber-optic
>cable successfully.  It's a nice article.

Does anyone know if the new in-line optical amplifiers (not switches!) have
any effect on quantum crypto messages?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From nobody at REPLAY.COM  Thu Feb 15 09:50:04 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Fri, 16 Feb 1996 01:50:04 +0800
Subject: National Cryptologic Museum (Noise)
Message-ID: <199602151257.NAA19309@utopia.hacktic.nl>


I peeled this off of Usenet, Wondering if this is Tim doing a little trolling?

Cheers!

The Christmas Troll

--(fwd)--

Hi all,

If you've never heard of the National Cryptologic Museum and have an
interest in this kind of stuff, you MUST go take a look.  It's at Fort
Meade, outside Laurel, Maryland, and actually lies on the grounds of the
NSA. I dropped by the other day and was very impressed.  The NSA is to be
grudgingly %^) commended, although the material on recent operations
(post-1950) is understandably a little thin.

The very coolest exhibit is a functioning Enigma machine on which visitors
are allowed to encrypt/decrypt messages. It really does work well, and I
got the same gloating thrill I felt the first time I decrypted a PGP
message from a friend. There is also a piece of Gary Powers' U2, a Cray
X-MP processor that you can sit on and peer into, several specimens of old
Japanese crypto machines, and incontrovertible proof of the Rosenbergs'
perfidy and treason, among many other interesting displays.  

The staff is friendly and informative, but you will not get the current
key codes for ICBM launch control out of them, of course. I did not see
any mention of PGP or related topics in my brief visit, either. Oh, and
most surreal was the entrance: at the end of the road, an almost unmarked
gate a yard wide in a razor wire fence, dangling a padlock.  I wondered
for a moment if it were the right place and if I would be shot if I
actually went inside.

Allow half a day if you are a serious student of these topics, and an hour
or two if not. All in all, it was the second most interesting museum I saw
in Washington (after Air & Space). I still don't trust Clipper, but it was
certainly nice to see the human side of the big bad spooky NSA. They have
done an important job for the country and don't deserve most of the abuse
that I see heaped on them on the Internet.

--ccm

Christopher C. May, M.D.
Univ. of Texas Health Sci. Ctr. � San Antonio
may at uthscsa.edu  *  72707.413 at compuserve.com
"Too much Law; not enough Order."



--





From sperkins at andromeda.rutgers.edu  Thu Feb 15 10:21:12 1996
From: sperkins at andromeda.rutgers.edu (Steven C. Perkins)
Date: Fri, 16 Feb 1996 02:21:12 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <1.5.4b11.32.19960215132811.0071d93c@andromeda.rutgers.edu>


I am resending Mr. Gabb's message edited to show that Mr. May wrote the
three lines in question.

SC Perkins


At 10:34 AM 2/13/96 +0000, you wrote:
>On Mon, 12 Feb 1996, Timothy C. May wrote:
>
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.
> 
>Oh, Come now!  Islam may in its present form be a religion deeply hostile 
>to liberty.  But since "nuking" the whole Islamic world would not be 
>itself much of a defence of freedom, the only long term answer is to 
>promote within Islam the same kind of Reformation as eventually made 
>Christianity half decent.  And Tim's comments do not contribute to that.  
>I don't know how many internet servers there are in the Middle East.  
>But, if I were an intelligent fundamentalist, I'd be copying it all over 
>the place.  "Look", I'd be saying, "these people really do mean another 
>crusade to destroy us and our faith".
>
>I can understand Tim's disgust with these people.  But I do question his 
>manner of expressing it.
>
>
*****************************************************************************
Steven C. Perkins                             sperkins at andromeda.rutgers.edu
User Services Coordinator, Rutgers School of Law at Newark
15 Washington Street					 Newark, NJ  07102
VOX: 201-648-5965                                        FAX:  201-648-1356
                 http://www.rutgers.edu/RUSLN/rulnindx.html
                     http://www.rutgers.edu/lawschool.html
"Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
*****************************************************************************






From adam at lighthouse.homeport.org  Thu Feb 15 11:21:42 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 16 Feb 1996 03:21:42 +0800
Subject: A good cryptanalysis text?
In-Reply-To: <9602150103.AA22683@toad.com>
Message-ID: <199602151438.JAA28463@homeport.org>


Sherry Mayo wrote:

| > A friend of mine is looking for a good introductory cryptanalysis
| > text. Does Schneier's book cover this in much depth or is it more
| > cryptography as the name implies.
| > 
| > My friend is a computer networking admin who is trying to widen
| > his background knowledge of security related issues (this may
| > mean that a more computing oriented intro is more suitable).

My single favorite work is by Ross Anderson.  His paper 'Why
Cryptosystems Fail' is excellent, and unknown for reasons that are not
clear to me.  Perhaps its because he diesn't spend all his time
telling the media how wonderful he is. ;)

Next would be Cheswick & Bellovin.  Both are very smart guys, and they
talk a lot about the philosophy of security.  They have a book
'Firewalls and Internet security,' and both have authored many papers.


Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From anonymous-remailer at shell.portal.com  Thu Feb 15 11:22:03 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Fri, 16 Feb 1996 03:22:03 +0800
Subject: Canada (was Re: Regulation of citizen-alien communications (Was: Choices))
Message-ID: <199602151431.GAA02174@jobe.shell.portal.com>


[Attributions lost in the flow]

> >Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
> >of PGP?
> >
> 
> Nah - Canada is America's 51st state :-)

Until you try to bring your laptop back across the border.

On a recent trip, I was actually stopped at customs and asked about my 4
year old Dell.  Of course, I had purchased it in the US, but I didn't even
want to think about the .. er .. things that I had on the hard drive.

Linux with pgp, cfs, ssh, and a number of other interesting packages
installed. 

Should I have been worried?

yup





From owner-cypherpunks at toad.com  Thu Feb 15 11:36:15 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 16 Feb 1996 03:36:15 +0800
Subject: No Subject
Message-ID: 


Ready the article about the COOKIE.TXT file that Netscape creates.  
Apparently my copy has yet to modify it since it was installed... so 
much for 'hacking' it (I decided to try and leave it write-protected 
for now).

I'm curious if anyone knows which sites use/modify it.

Also wondering why Netscape seems to touch/modify the certification 
key files every time it runs.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From jya at pipeline.com  Thu Feb 15 12:14:50 1996
From: jya at pipeline.com (John Young)
Date: Fri, 16 Feb 1996 04:14:50 +0800
Subject: Net Police, Red and in Bed
Message-ID: <199602151529.KAA20629@pipe1.nyc.pipeline.com>


   WSJ, 15 February 1996:

   China Tells Internet Users To Register With Police

   Beijing (AP) - China ordered all users of the Internet and
   other international computer networks to register with the
   police, as part of an effort to tighten control over
   information.

   The order came in a circular issued by the Ministry of
   Public Security, according to the state-run Xinhua News
   Agency.

   Xinhua didn't give a date by which current users must
   register but said new users and those switching or
   terminating services must inform police within 30 days. It
   was unclear how foreigners would be affected.

   The rules haven't been published in detail, but previous
   Xinhua reports warned network users not to harm national
   security, reveal state secrets or disseminate pornography.

   China embarked on a broad crackdown on Internet users and
   other sources of information potentially harmful to
   government interests in December.

   The Ministry of Post Telecommunications was made the sole
   provider of channels connecting Chinese computer users with
   international networks.

   -----

   Financial Times, 15 February, 1996

   Cyberlaws [Editorial]

   Communication *sans frontieres*. To the Internet's fans
   that is the essence of its appeal. But to anyone putting
   information on the Internet's World Wide Web, its global
   nature is the cause of a growing headache: how to uphold
   intellectual property rights to the rivers of information
   pouring over its wires.

   Online computer systems such as the Net are among the
   fastest growing ways to distribute information -- music and
   pictures as well as words and numbers. But existing
   copyright laws deal inadequately with digital transmission.
   Regulation is complicated by the way that information
   downloaded in one country can have originated almost
   anywhere in the world. The $35bn-a-year music industry now
   believes that digital copyright abuse is a big future
   threat to its revenues.

   The century-old Berne convention on copyright and the
   General Agreement on Tariffs and Trade represent a degree
   of international agreement on the treatment of such issues.
   However, many countries are not signatories, while
   standards of intellectual property protection vary widely
   among those which have signed.

   Moreover, there are technological problems in enforcing
   agreements even where they exist. At present, it is often
   difficult to identify both those who have accessed
   information, and those who have entered it on the Net.
   Given that problem, some groups want companies providing
   Internet access to be responsible for upholding rules,
   rather than users or publishers. But this is highly
   unattractive: service providers will be unaware of much on
   the Net.

   The currently imperfect state of protection is one reason
   why much cyberinformation is junk, of value to almost
   nobody, deposited partly to stir up interest in paidfor
   services beyond the Net. However, new ways to restrict
   access to parts of the Net, and to charge for subscriptions
   to that information, may address that shortcoming.
   Companies are also working on "electronic tags" which will
   show whether information is passed to unauthorised users.

   If such technological developments bear fruit, the whole
   game may change. The mainstay of the Internet may no longer
   be information already published in another medium.
   Instead, publishers could put material of real value on the
   Net, knowing they would be paid. Other media may be
   squeezed as the Internet assumes some of their role.

   In this respect, copyright problems are a symptom of the
   Internet's immaturity, rather than a sign that electronic
   sophistication has made regulation impossible. The Net
   itself is a creation of technology, not policy, and the
   solutions to this problem are more likely to be
   technological than legal. But solutions must be found if
   the Net is to realise its enormous commercial potential.

   -----

   FT has a front page article on what China may do if
   the US imposes sanctions for copyright violations. It
   includes overtures by the Chinese to Britain to reap the
   benefits of shutting down US businesses in retaliation.
   Noting the well-oiled handover of Hong Kong to China as
   an example of the mutual benefits of imperialist most-
   favored status, and sharing tips and tricks of crackdown
   on civil disorder.











From willer at carolian.com  Thu Feb 15 12:19:20 1996
From: willer at carolian.com (Steve Willer)
Date: Fri, 16 Feb 1996 04:19:20 +0800
Subject: I've just unsubscribed from cypherpunks
In-Reply-To: <9602141233.AA00418@sulphur.osf.org>
Message-ID: <31235055.260282871@saturn>


On 14 Feb 1996 19:56:38 -0800, you wrote:

>Rich $alz is the author of INN, and responsible (as the original
>moderator of comp.sources.unix) for the propagation of all the best
>tools we have available today.  Few people have contributed as much as
>he has to the spread of good free software.
>
>I think you probably owe him an apology.

I'm way ahead of you. I had misinterpreted his letter, thinking him to
be whining when he really wasn't. I've already apologized, and he's
already accepted.





From jya at pipeline.com  Thu Feb 15 12:28:35 1996
From: jya at pipeline.com (John Young)
Date: Fri, 16 Feb 1996 04:28:35 +0800
Subject: 2.5_bil
Message-ID: <199602151556.KAA23380@pipe1.nyc.pipeline.com>


   The 2-15-96 NYT reports on the design and manufacture of
   the new high-tech Swiss bank note:

      The 50-franc bill is the world's first digital bank note
      -- designed on a computer that resolves its design into
      2.5 billion points, each of them individually accessible
      electronically. There are more than 20 security
      features, though the precise number is a secret. Its
      design is vertical rather than horizontal. Ten printing
      processes are involved, including silk screening for the
      chameleon numbers and hot stamping for the silvery
      elements.

      The Swiss say American bills are "a little outdated,
      even the new ones, as far as the state of the art goes."


   2.5_bil












From jf_avon at citenet.net  Thu Feb 15 12:33:25 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Fri, 16 Feb 1996 04:33:25 +0800
Subject: Netscrape's Cookies
Message-ID: <9602151600.AA03535@cti02.citenet.net>


Alex Strasheim  said:

>The best answer would probably be to use the kind of pop-up messages you 
>get when you're going to submit a secure or insecure form.  "You're about 
>to send a cookie back to a web server, continue or abandon?"  "You're 
>about to send mail from a web page, do you want to do that?"  Give people 
>the ability to turn the messages off -- that way functionality isn't 
>impaired.

I find that a very good solution providing that the browser say:
>"You're about to send a cookie...."
Here, I would add:
"... that contain the following information:"

(information list)

"... back to a web server, continue or abandon?"

Otherwise, it not as worse, but still in the same spirit as to 
sign a blank check to a stranger...

( I am telling you... it's been *at least* a million years that
I did not exagerate! :)


Regards to the vast majority of CPunk

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From ses at tipper.oit.unc.edu  Thu Feb 15 12:59:19 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Fri, 16 Feb 1996 04:59:19 +0800
Subject: Carrying the Bible an Offense?
In-Reply-To: 
Message-ID: 


On Wed, 14 Feb 1996, Timothy C. May wrote:
> 
> 1. Private citizens (the atheist in this case) do not file criminal
> charges. They may swear out a complaint ("I witnessed John Doe carrying a
> Bible"), but they do not file criminal charges.
> 

I don't know about the US, but under British common law it's possible to 
bring private prosecutions; this is incredibly rare, but still possible.


---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From samman-ben at CS.YALE.EDU  Thu Feb 15 13:05:21 1996
From: samman-ben at CS.YALE.EDU (Rev. Ben)
Date: Fri, 16 Feb 1996 05:05:21 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: 
Message-ID: 


On Wed, 14 Feb 1996, Michael Froomkin wrote:

> Suppose Alice is a CA who issues anonymous age credentials.
> Bob is 15
> Carol is 25
[...]
> What can stop Bob and Carol from subverting a scheme that relies on 
> anonymous age creditials in this manner?

Transfer of credentials is a big problem in terms of computer based 
authentication.

Authentication is traditionally carried out in one of three forms:

*	Authentication by knowledge(passwords)
*	Authentication by posession(key cards)
*	Authentication by being(biometrics)

With the first two, which are overwhelmingly popular and cheap, the 
transfer of credentials is trivial.

Even if they're not anonymous credentials, the fact that I can hand 
someone my driver's licence to swipe through a card reader next to a 
machine is a simple example of transfer of credentials problem.

Ben.
____
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman at powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume






From geeman at best.com  Thu Feb 15 13:07:59 1996
From: geeman at best.com (gw)
Date: Fri, 16 Feb 1996 05:07:59 +0800
Subject: anonymous age credentials, sharing of
Message-ID: <199602151626.IAA20391@blob.best.net>


At 02:38 PM 2/14/96 -0500, you wrote:
>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25
>
>Carol gets a legitimate anonymous age credential from Alice bound to an 
>anonymous public key generated for this purpose.  Carol then gives the 
>key pair to Bob.  Bob uses to do things only adults are legally permitted 
>to do.  (It's not bound to Carol's everday keypair because that's not 
>anonymous....)
>
>What can stop Bob and Carol from subverting a scheme that relies on 
>anonymous age creditials in this manner?
>
>If the answer is "nothing" this might mean that purveyors of "adult" 
>material might have no defense against a law requiring that they collect a 
>True Name + age creditential....
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law | 
>U. Miami School of Law     | froomkin at law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.
>
>
I believe the answer is nothing ... but the situation is no different than
Carol going into Le Sexxey Shoppey, buying a porn-pack of restricted
material, and then giving it to Bob.

As has been said in this forum and others before, in the limit all access
control comes down to positive identification of an individual.  Unless We,
the People, want to support permanently binding a traceable, non-anonymous
identity to all certificate attributes that are used in electronic exchange
(age, etc...) then there is going to be the potential for someone to
deliberately allow their credential to be misused.

IMO, to prevent this totally would require implanting a non-forgable i.d.
chip in everyone at birth ..... not very appealing.






From lwp at conch.aa.msen.com  Thu Feb 15 13:40:06 1996
From: lwp at conch.aa.msen.com (Lou Poppler)
Date: Fri, 16 Feb 1996 05:40:06 +0800
Subject: Using lasers to communicate
In-Reply-To: 
Message-ID: 


This idea of sending data via laser beams across open spaces has some
very useful potential.  I want to suggest some motivation and some
enhancement.  [quotes below give a little background, from the list]

Eavesdropping and channel-blocking and physical-location-discovery are 
related threats to which most traditional data channels are susceptible.  
Any link which depends on a physical conduit (phone line, fiber, coax)
is relatively easy to interrupt and to trace to its end points.
RF links, even with frequency hopping, are subject to triangulation and
jamming.  All these kinds of links can be eavesdropped.

Point-to-point conduitless laser signalling, as envisioned by "Bill" and
Tim in their quotes below, eliminates or reduces these threats. 
Now consider an enhancement.  In show business, we sometimes entertain
the folks with "laser light shows".  The technology used is fairly
straightforward, mainly involving the use of mirrors (the effect also uses
smoke ususally, but please don't prematurely dismiss my remarks on this
basis).  The laser source is attached to a "laser table" which holds a 
number of small mirrors which may be individually inserted (via fast
solenoids) into the path of the laser beam.  Each of these mirrors is then
calibrated to aim at a particular place in the theatre, usually another
larger mirror.  Then (under computer control) the various small mirrors
on the laser table are rapidly inserted and withdrawn from the light beam,
causing the laser beam to follow first one path, then another, then another
through the (smoky) air -- all to the delight of the audience.

This technology could easily be adapted to make a communication channel
safer from the various threats of eavesdropping, interruption, and tracing.
A single point-to-point channel could be made to follow various paths 
having common elements only VERY close to the endpoints.  Better still,
a network of more than two nodes could be constructed without needing to
provide multiple transceivers at each node (and with possibly multiple 
beam paths between each pair).  With known methods of routing and
collision avoidance, we could thus not only route around any known opposition
but also make it very expensive to eavesdrop or even to discover that 
a signal exists.  ("Honey, call the EPA again -- those gubmint boys are back,
driving their oil-burning old van around Mr. May's house.").

[previous attribution unknown...:]
} >>With a tightly focused beam (light is easy, I don't know about lower
} >>frequencies), you can prevent interception except by very obvious physical
} >>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
} >>avoid the need to encrypt the link (and all the paranoia about key
} >>management, advances in factoring etc. that that implies.)
} >>
} >>Bill

On Thu, 4 Jan 1996 12:45:15 -0800, tcmay at got.net (Timothy C. May) wrote:
} 
} Just a couple of points on this optical idea.
} 
} We were linking buildings a mile apart in the 70s, at Intel. We needed to
} ship CAD data back and forth, and PacBell rates for a dedicated line were
} outrageous, slow to be installed, etc. So, a commercially available laser
} and modulator/demodulator (modem, but it bears sometimes using the longer
} version, to remind people of what it is doing in general) were mounted on
} the roofs of our buildings. I'm sure various packages are commercially
} available to do this.
[snip] 
} I'm actually more positive on low-level (below safety regs get interested
} in) light than on free space RF, for bypassing of the local cable/phone
} monopolies. There's just not enough "bandwidth of free space" available. Do
} the math.
[snip]


::::::::::::::::::::::::::::::::::::::
::  Lou Poppler  ::  " The more you drive, 
::      http://www.msen.com/~lwp/   ::    the less intelligent you are."
::::::::::::::::::::::::::::::::::::::    -- Repo man





From amehta at doe.ernet.in  Thu Feb 15 14:04:02 1996
From: amehta at doe.ernet.in (Arun Mehta)
Date: Fri, 16 Feb 1996 06:04:02 +0800
Subject: Firewall USA to Firewall China
In-Reply-To: <199602132225.RAA29121@bb.hks.net>
Message-ID: 


> Hmm, I'd argue that firewall technology would indeed let China
> filter out many "subversive" thoughts on the Internet.

All it needs is for someone to broadcast Usenet via satellite over Asia, 
as Pagesat does in the US, or use radio. No firewall can keep that out.

Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta at doe.ernet.in a.mehta at axcess.net.in amehta at cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi





From anonymous-remailer at shell.portal.com  Thu Feb 15 14:08:28 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Fri, 16 Feb 1996 06:08:28 +0800
Subject: sameer's lawsuit??
Message-ID: <199602150153.RAA03348@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Some entity calling itself Sameer may have said:

> 	One of my ex-users who is now suing me has posted to
> alt.anonymous. You might want to read about it. Look for the subject
> "THE FACTS ON COMMUNITY CONEXION"
> 	(this guy is a wellknown spammer)

Could someone forward this post to cypherpunks? I can't get ahold of a 
reliable newsserver ......

Thanks,

Micahel Ellis


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSKE2Qqs/Oe38tFJAQG8nwP/RCqIfKZrSXfhgsGBG+P61fBvzzXM6fdR
QmRtA/xYcxTUW7TZmjvsvQAnpUQYSpywB84FFUhHB7w8cdxJBZVHg53tYyuDuAHU
q4InJbbS+9AsFeoCGspy7ADqn4DU8gmLpIZ6mxGb37hBav10xlVYaUm7IyYjej+Z
WWSakPnjcVk=
=W2v0
-----END PGP SIGNATURE-----








From bplib at wat.hookup.net  Thu Feb 15 14:12:05 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Fri, 16 Feb 1996 06:12:05 +0800
Subject: Fair Credit Reporting Act and Privacy Act
In-Reply-To: 
Message-ID: 



On Wed, 14 Feb 1996, Timothy C. May wrote:

> (Tim Philp's idea that this would only apply to "corporations" or
> "businesses" (not clear which he means) misses the point. Am I, for
> example, a business? Having such laws kick in at some well-defined
> threshold would simply shift the nature of the information-gatherers...for
> example, they's subcontract out the record-keeping to a raft of smaller,
> linked entities. Then you'd have to prosecute people and companies for
> accessing illegal data banks, etc.)

	I think that the reason that this was not clear was because it was
not central to my argument. I was not "really" suggesting that only
corporations be included by this law. I do realise what a corporation is
and that some very small entities can be a corporation. 
	What my central thesis was that people who take information from 
me for one purpose, ie health care, hydro, internet provision, etc, 
should be required to keep this information confidential. If I detect a 
violation of this confidentiality, I should have an expectation of some 
legal recourse. 
	If I apply for a credit card and use it to buy a hockey glove (how
Canadian eh) I should not expect to be on the mailing list of every
sporting goods operation in North America! I should be able to expect 
that my doctor's files on me will be kept confidential. This is certainly 
an area where you cannot provide false information as medical records must 
be accurate to provide for future care.
	Again, I am not suggesting prior restraint. I simply want to sue 
the bastards who violated my expectation of privacy.

Warm Regards,
Tim Philp






From cme at cybercash.com  Thu Feb 15 14:33:57 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 16 Feb 1996 06:33:57 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


>The more complex portion (from my perspective, at any rate) is a
>modification of the standard TCP/IP protocol, requiring that each packet
>be signed by its originating user.

That's the killer.  Signatures take a huge amount of CPU time.  Signing
each packet is not going to be cost effective.

However, they could have an authenticated key exchange and then symmetric-
encrypt each TCP/IP connection.  That can perform -- and has the nice
side effect [from the Chinese POV] of depriving the NSA of Chinese civilian
net intelligence.  As long as the key exchange is signed, everything
travelling using that key is authenticated implicitly.

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From jya at pipeline.com  Thu Feb 15 14:34:00 1996
From: jya at pipeline.com (John Young)
Date: Fri, 16 Feb 1996 06:34:00 +0800
Subject: DES_ono
Message-ID: <199602151707.MAA24559@pipe2.nyc.pipeline.com>


   Citing the crypto-expert BSA study noted here by Matt
   Blaze, Computerworld of 2-12-96:

   "Standard Encryption Vulnerable To Attack. Banking's most
   trusted technique for funds transfer questioned."

   It reports on puny crypto and DES desperation, with an "Oh,
   no, please" by the ABA.


   DES_ono



   [Thanks to BC]









From jlasser at rwd.goucher.edu  Thu Feb 15 14:41:21 1996
From: jlasser at rwd.goucher.edu (Jon Lasser)
Date: Fri, 16 Feb 1996 06:41:21 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: 
Message-ID: 


On Thu, 15 Feb 1996, Carl Ellison wrote:

> >The more complex portion (from my perspective, at any rate) is a
> >modification of the standard TCP/IP protocol, requiring that each packet
> >be signed by its originating user.
> 
> That's the killer.  Signatures take a huge amount of CPU time.  Signing
> each packet is not going to be cost effective.

Yep; this has been pointed out to me already. On this point I concur. 

> However, they could have an authenticated key exchange and then symmetric-
> encrypt each TCP/IP connection.  That can perform -- and has the nice
> side effect [from the Chinese POV] of depriving the NSA of Chinese civilian
> net intelligence.  As long as the key exchange is signed, everything
> travelling using that key is authenticated implicitly.

How would packets coming into the country be marked / passed on?

So it seems that, in general, the Chinese supression of the net is 
possible. A frightening thought. Or, if you think about potential 
implications 10 yrs down the road here, a sobering thought.

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From ashfaq at corp.cirrus.com  Thu Feb 15 14:56:28 1996
From: ashfaq at corp.cirrus.com (Ashfaq Rasheed)
Date: Fri, 16 Feb 1996 06:56:28 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <199602151753.AA16558@sunstorm.corp.cirrus.com>


Steven

	I was referring to Tim May comments. I am sorry if I was not clear in
my response.

Thanks!
Ashfaq Ahmed

> From sperkins at andromeda.rutgers.edu Thu Feb 15 13:45:35 1996
> X-Sender: sperkins at andromeda.rutgers.edu
> X-Mailer: Windows Eudora Light Version 1.5.4b11 (32)
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> To: Ashfaq Rasheed 
> Subject: Re: Online Zakat Payment: Religious tithe.
> Content-Length: 2796
> X-Lines: 67
> 
> Ashfaq:
> 
> Please note that the lines you underlined were written by Mr. May and not by
> me.  As a descendant of the Prophet Muhammad, blessed be his name, I would
> not write such comments.
> 
> Steven C. Perkins
> 
> 
> 
> At 07:28 PM 2/14/96 -0800, you wrote:
> >> From owner-cypherpunks at toad.com Tue Feb 13 10:34:37 1996
> >> To: "Timothy C. May" 
> >> Cc: cypherpunks at toad.com
> >> Subject: Re: Online Zakat Payment: Religious tithe.
> >> In-Reply-To: 
> >> Mime-Version: 1.0
> >> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> >> Sender: owner-cypherpunks at toad.com
> >> Precedence: bulk
> >> Content-Length: 971
> >> X-Lines: 20
> >> 
> >> On Mon, 12 Feb 1996, Timothy C. May wrote:
> >> 
> >> > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> >> > Once again, the gutter religion of Islam reveals the derangement of its
> >		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> > so-called Prophet.
> >> > 
> >> > The world really needs to get around to nuking these folks.
> >> > 
> >> Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> >> to liberty.  But since "nuking" the whole Islamic world would not be 
> >> itself much of a defence of freedom, the only long term answer is to 
> >> promote within Islam the same kind of Reformation as eventually made 
> >> Christianity half decent.  And Tim's comments do not contribute to that.  
> >> I don't know how many internet servers there are in the Middle East.  
> >> But, if I were an intelligent fundamentalist, I'd be copying it all over 
> >> the place.  "Look", I'd be saying, "these people really do mean another 
> >> crusade to destroy us and our faith".
> >> 
> >> I can understand Tim's disgust with these people.  But I do question his 
> >> manner of expressing it.
> >> 
> >
> >Actions of certain individual or group does not reflect what the actual
> >religion is. Examples of this can be found on every religion. 
> >
> >Somebody generalizing as above reflects his/her own closed/blocked mentality.
> >
> >Look at yourself, if you can fall to such degrading levels and since you 
> >happen to be a member of this mailing list, it is not ration to think as
> >every cpunks as demented as you are.
> >
> >Ashfaq Ahmed
> >
> >
> *****************************************************************************
> Steven C. Perkins                             sperkins at andromeda.rutgers.edu
> User Services Coordinator, Rutgers School of Law at Newark
> 15 Washington Street					 Newark, NJ  07102
> VOX: 201-648-5965                                        FAX:  201-648-1356
>                  http://www.rutgers.edu/RUSLN/rulnindx.html
>                      http://www.rutgers.edu/lawschool.html
> "Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
> *****************************************************************************
> 






From cme at cybercash.com  Thu Feb 15 15:03:24 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 16 Feb 1996 07:03:24 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


At 12:31 2/15/96, Jon Lasser wrote:
>How would packets coming into the country be marked / passed on?

Presumably, you'd need a Chinese-approved identity key in order to get
packets into the country.

>So it seems that, in general, the Chinese supression of the net is
>possible. A frightening thought. Or, if you think about potential
>implications 10 yrs down the road here, a sobering thought.

Hold on..

Assuming we really believe the net is a good thing, if the Chinese block
it, they're hurting themselves.  We don't need to get bent out of shape.
They could as easily refuse to connect to the rest of the world.

The more they repress their population, the more their population will
want to rise up in protest -- maybe not this millenium but probably in
the next.

All we have to be sure of is that we don't let the Chinese dictate to us
what content we can provide.  It's like the CDA.  The Chinese might choose to
implement a nation-wide SurfWatch at all connection points at its borders.

...their problem, IMHO....


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From jimbell at pacifier.com  Thu Feb 15 15:50:07 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 16 Feb 1996 07:50:07 +0800
Subject: The Emotional Killer (or out of the frying pan and into
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:51 PM 2/14/96 -0500, tallpaul wrote:
>On Feb 11, 1996 23:48:29, 'jim bell ' wrote: 
> 
> 
>>At 11:59 PM 2/11/96 -0500, tallpaul wrote: 
>>>I want to write on the theme posted to the list in the message below
>where 
>>>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
>
>>>what justifies my seeking their deaths, should I choose to do so."  
>>>  
>>>First, one thing that marks the sane adult from the child and the
>floridly 
>>>psychotic adult is the sane adult's knowledge that "feelings" and "facts"
>
>>>are two different things.  
>>>  
>>>It is one thing to "feel," as J. Bell or all of us might, that our rights
>
>>>have been violated.  
>>>  
>>>It is another thing to maintain, as J. Bell uniquely appears to do, that 
>>>the "feeling" gives him the right to seek another person's death.  
>> 
>>You're clearly confused. I was responding to an accusation that I was 
>>defending seeking somebody's death simply because of a disagreement of 
>>OPINION.  My comment was intended to remind the reader that it is the 
>>ACTIONS of a person which justify the self-defense; not simply the 
>>disagreement. 
> 
>I disagree and I believe that my quote (reposted by J. Bell) of his
>original statement supports me. He mentioned "ACTIONS" and he mentioned
>"OPINIONS" but he relied on his "feelings" as the touchstone of reality.
>More than ever I believe that he genuinely cannot understand the
>difference. He still confuses his "feelings" which exist nowhere but inside
>his head with "ACTIONS" which exist outside his head in the real world. 


Frankly, I think you are deliberately engaging in nit-picky semantical 
arguments when your fundamental position is bankrupt.  I've always made it 
clear that I don't "assume" that every person is right in his belief that 
his rights have been violated; rather, I point out that whether they are 
right or  wrong, ultimately you (and me, and society) must deal with the 
FACT of that belief.  

If the person (people?)  in question is actually wrong, then consider it a 
useful task to explain to that person WHY his beliefs are wrong.  If he's 
RIGHT, he has the right to act to defend his rights.  The question of 
whether any given person is right, in any given belief, is an interesting 
matter, but it is only marginally relevant to the subject of "Assassination 
Politics."  Ultimately, people WILL act on what they believe to be true; you 
can't just stick your head in the sand and make them go away.  You can try 
to convince them they're wrong, or you can try to defend yourself against 
their (allegedly misguided) actions:  That is your choice.

Get back to the subject at hand and I'll be happy to continue to debate.  
Engage in silly semantics and I'll be pleased to ignore you.

Jim Bell
jimbell at pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSN1V/qHVDBboB2dAQFObAQAnYKsS2YqWwWVatdTCYBvcq2eGdXD4UNf
0hLC15BHPcK7PPNx2RbgevjatE8+NFCDXsgOYdANDDcCLo9KiXGtHjOg9790msuX
sCLGKkZkijXNe64Bu2tpvcYT1Aqs+PVrYiAad/itieIvCQ3v1GdWSAvuULuNVqP0
TZptrXTDYtE=
=SJtm
-----END PGP SIGNATURE-----






From stend at grendel.texas.net  Thu Feb 15 16:38:25 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Fri, 16 Feb 1996 08:38:25 +0800
Subject: Carrying the Bible an Offense?
In-Reply-To: 
Message-ID: <199602151924.NAA24235@grendel.texas.net>


tcmay at got.net (Timothy C. May) said:

TCM> There are two further points which need clearing up:

TCM> 1. Private citizens (the atheist in this case) do not file
TCM> criminal charges. They may swear out a complaint ("I witnessed
TCM> John Doe carrying a Bible"), but they do not file criminal
TCM> charges.

	OK, how about `press charges`?  And please, don't try telling
me that private citizen's don't `press charges`, because one of the
well reported problems in fighting domestic violence has been the
battered spouse (almost always the wife) refusing to press charges.

TCM> 2. The "carrying of a Bible" is not covered by the CDA.

	You are the only one who has suggested that it is.  I have
suggested that portions of the Bible are 'indecent', and that
electronic transmissions of the same would fall under the CDA ban.

TCM> No prosecutor can be "forced" to prosecute, absent approval by a
TCM> grand jury. (And if a prosecutor doesn't want to indict a ham
TCM> sandwich, it won't be indicted.)

	OK, how about this.  J Random Atheist, Jr, comes across the
Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
and swears out a complaint.  The AUSA refuses to investigate.  Could J
Random Atheist, Sr, file a lawsuit against the AUSA because he is
being denied equal treatment under the law?

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From jya at pipeline.com  Thu Feb 15 16:40:31 1996
From: jya at pipeline.com (John Young)
Date: Fri, 16 Feb 1996 08:40:31 +0800
Subject: Remailers Pose Risk
Message-ID: <199602151941.OAA09821@pipe2.nyc.pipeline.com>


   Computerworld, February 12, 1996, Front page:

   Stealth E-mail poses corporate security risk

   By Gary H. Anthes


   Anonymous remailers on the Internet are emerging as a
   threat to national and corporate security, some experts
   warn.

   These remailers are Internet sites that strip the names and
   addresses from electronic-mail messages before passing them
   along anonymously to prople or newsgroups.

   For corporate information systems managers, stealth E-mail
   is especially troubling because it allows hackers to attack
   systems, steal trade secrets and broadcast them worldwide
   without leaving an audit trail for authorities to follow.

   "Anonymous remailers have a lot of nasty potential," said
   Stephen T. Kent, chief scientist for security technology at
   BBN Corp. in Cambridge, Mass. "They have the broadcast
   potential of the news media but without the possibility of
   recourse if something is unsubstantiated or defaming is
   published."

   Critics are calling for strict limits or an outright ban on
   remailer sites, but others insist they are a safeguard
   against electronic snooping by abusive governments and
   should be considered a political freedom.

   Anonymous remailers have been used in a variety of criminal
   acts, including distributing pornography and computer
   viruses, violating copyright laws and harassing people with
   nasty messages.

   One snowy day last month, for example, about 25% of the
   workforce at a defense contractor in Rockville, Md., went
   home after they received a bogus E-mail message dismissing
   them for the day. The message originated from an anonymous
   remailer that allowed the user to impersonate a senior
   company official.

   But there are more scary, less publicized uses of
   remailers, said Paul Strassmann, former director of defense
   information at the Pentagon. Stealth E-mail also is used
   extensively by Russian criminals, often former KGB agents.

   "This method of communication is a favorite for engaging
   the services of cyber-criminals and for authorizing payment
   for their acts through a third party." Strassmann said.

   Its Reputation Precedes It

   Perhaps the best-known remailer site is in Finland at
   anon.penet.fi.

   The Finnish server was used last year to publish
   confidential and copyrighted scriptures from the Church of
   Scientology. It also was used to reveal the secret source
   code used by RSA Data Security, Inc. in some of its
   encryption products.

   Last year, police raided the Finnish site and seized
   records and computer gear as part of an investigation of
   alleged copyright infringement.

   The administrator of anon.penet.fi offers this warning to
   new users: "I believe very firmly that it's not for me to
   dictate how other people ought to behave. But remember,
   anonymous postings are a privilege, and use them
   accordingly. Remember, this is a service that some people 
   who use newsgroups such as alt.sexual.abuse.recovery need.
   Please don't do anything stupid that would force me to
   close down the service."

   One remailer advertises itself as a way to thwart attempts
   by intelligence agencies to trace illegal traffic,
   Strassmann said. It holds all incoming messages until five
   minutes after the hour, then remails them in random order.
   The messages are sent through five to 20 other remailers,
   with a stop in at least one of the several countries noted
   for lax law enforcement, he said.

   Yet other experts say the threat from remailers is greatly
   exaggerated. "We've had remailers around for a while, and
   society hasn't fallen," said Mike Godwin, staff counsel at
   the Electronic Frontier Foundation in San Francisco. "We've
   had anonymous communication in the U.S. for years, you can
   use a public telephone, send a letter without a return
   address or engage in a cash transaction."

   Last year, the U.S. Supreme Court struck down an Ohio law
   that required the authors of political posters and
   pamphlets to identify themselves. "In the case of political
   speach, you can't make people tell you who they are," said
   Patrick Sullivan, executive director of the Computer Ethics
   Institute in Washington.

   But Sullivan said the police raid on the Finnish remailer
   was prompted by the Church of Scientology's legitimate
   complaint about violations of copyright law.

   "I haven't heard many uses of remailers that haven't
   involved, at the very least, being disrespective and, at
   the most, trying to cause harm of some sort." he said.

   _________________________________________________________

   Battle against remailers an unfair fight

   Think of anonymous remailers as enemies you can't fight
   face to face, says Paul Strassmann, former director of
   defense information at the Pentagon and now a lecturer at
   the U.S. Military Academy at West Point.

   "Anonymous remailers are here to stay," he said. "That
   means the old military paradigm of retaliation falls apart.
   The whole theory of warfare has been if someone attacks
   you, you can attack them. But when you are anonymous, there
   is no one to shoot at."

   Strassmann said society myst look for defenses in the
   health sciences, not among electronic technologies.

   "The history of public health teaches us that suppression
   of any disease must be preceded by a thorough understanding
   of its behavior, its method of transmission and how it
   creates its own ecology," he said.

   "As in the case of smallpox, yellow fever, flu epidemics,
   AIDS or malaria, it will take disasters before the public
   may accept that some forms of restrictions on the
   electronic freedom of speech and  that  privacy may be
   worthwhile."

   - Gary H. Anthes

   _________________________________________________________

   Do's and don'ts

   Unethical or illegal uses of anonymous remailers:

   -  To spread viruses or other malicious software
   -  To harass or commit libel
   -  To violate copyright laws
   -  To encourage others to commit unethical or illegal
      behavior

   Legitimate uses of anonymous remailers:

   -  For "whistle blowing"
   -  For political speech
   -  For encouraging frank but constructive exchanges of
      opinions

   _________________________________________________________

   Article also contained chart on how to use anon.penet.fi,
   not included here.

   [Thanks to BC for transcribing]














From jlasser at rwd.goucher.edu  Thu Feb 15 17:30:08 1996
From: jlasser at rwd.goucher.edu (Jon Lasser)
Date: Fri, 16 Feb 1996 09:30:08 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: 
Message-ID: 


On Thu, 15 Feb 1996, Carl Ellison wrote:

> At 12:31 2/15/96, Jon Lasser wrote:
> >So it seems that, in general, the Chinese supression of the net is
> >possible. A frightening thought. Or, if you think about potential
> >implications 10 yrs down the road here, a sobering thought.
> 
> Hold on..
> 
> Assuming we really believe the net is a good thing, if the Chinese block
> it, they're hurting themselves.  We don't need to get bent out of shape.
> They could as easily refuse to connect to the rest of the world.
[...]
> All we have to be sure of is that we don't let the Chinese dictate to us
> what content we can provide.  It's like the CDA.  The Chinese might choose to
> implement a nation-wide SurfWatch at all connection points at its borders.
> 
> ...their problem, IMHO....

Not if it's just a proof-of-concept for US implementation of the same.

The US version might be ostensibly only "anti-indecency" or 
"anti-cryptography," but I'm betting that if the Chinese are successful, 
many other nations follow.

It's the naval blockade to JPB's Independant Cyberspace.  And I think JPB 
is... a little overoptimistic this time... but I still don't like the 
blockade.

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From perry at piermont.com  Thu Feb 15 18:23:02 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 16 Feb 1996 10:23:02 +0800
Subject: True democracy the electronic way
In-Reply-To: <199602151940.LAA04320@netcom18.netcom.com>
Message-ID: <199602152143.QAA27240@jekyll.piermont.com>



"Vladimir Z. Nuri" writes:
> >You might try the "Cypherwonks" mailing list that L. Detweiler set up a
> >couple of years ago to explore the very ideas you are supporting here. You
> >might find you have a lot in common with him.
> 
> interesting you should mention that. because of my interests
> I've heard various legends that this list (long ago in a galaxy far away)
> was sabotaged by piles of trash sent
> through anonymous remailers,

For those not in the know, I will point out for the record that
Vladimir Z. Nuri is actually L. Detweiler and that you are watching a
form of strange masked dance in which everyone pretends that they
don't know who the other person is. We now return you to the surreal
dialog already in progress.

Perry





From frantz at netcom.com  Thu Feb 15 18:28:40 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 16 Feb 1996 10:28:40 +0800
Subject: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <199602152215.OAA27592@netcom7.netcom.com>


[I've changed the Subject: to more accurately reflect the contents]

My purpose on this thread is to examine the limits of Jim Bell's idea of
Assassination Politics.  My ground rules are to assume that it is a natural
outgrowth of the technologies of anonymous cash and anonymous remailers. 
As such arguments that it is immoral are only valid to the extent that they
bare on individual's decisions to particpate in an assassination.

I believe that we have general agreement that high government figures are
not subject to sanction via assassination politics because they already
enjoy Secret Service levels of protection.

I also believe that Jim and I disagree about the significance of Salmon
Rushdie.  Jim thinks that the lack of anonymity in the Mullah's
assassination bounty is repelling possible assassins.  I disagree.  A
question worth asking is, How much does it cost the British government to
protect Mr. Rushdie by keeping his location secret and providing other
unspecified protection.  If anyone knows the answer, it could help build an
economic model of Assassination Politics.

Jim Bell said:

>Actually, I think the primary targets will be either the middle level 
>manager types, or the ones who have attracted a substantial amount of bad 
>publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
>Weaver) for example, would be a excellent example of a person who'd try to 
>claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
>Eichmann.  

I agree that Jim's idea of targeting certain specific individuals, such as
the sniper above might work.


>Once the tax collectors/enforcers were targeted, the rest of the government 
>wouldn't be able to operate, and would collapse.

However if you tackle the whole tax system, you get into problems of scale.
 The IRS alone (according to their web page) has over 110,000 employees,
and we havn't even mentioned the state and local employees.  I don't think
killing one or two will have a sigificant effect (that is occuring now).  I
will assume that you have to successfully kill about 10% to have enough
effect to shut off the government's money supply.

Attacks at this scale will be difficult because while people will have
perfect anonymity in cyberspace, they won't enjoy it in physical space. 
Neighbors, survalence cameras, etc.; in fact all the technology that makes
privacy so hard to achieve today will be available to catch the assassins. 
The police will also be more motivated to utilize the technology for this
class of people than they would for drug dealers, pimps and other low
lifes.  These points will tend to raise the price of assassinations.

Let us assume that we can buy assassinations for $50,000 per person.  Times
11,000 people is $550 million dollars.  That is quite a sum.  I need to see
an analysis which shows how to raise money on this scale.

Bill







From shamrock at netcom.com  Thu Feb 15 19:31:52 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 16 Feb 1996 11:31:52 +0800
Subject: Netscrape's Cookies
Message-ID: 


At 10:34 2/14/96, Alex Strasheim wrote:
>> >>I'm curious if anyone knows which sites use/modify it.
>> >AFAIK, the only site that uses it is *.netscape.com
>>
>> That is not quite true.  There are other sites that use the cookies.  (It is
>> not very common though...)
>
>A good place to read about cookies is http://www.illuminatus.com/cookie;
>I think there are pointers to cgi/perl stuff that manipulates them.
>
>Cookies are very helpful for database and commerce applications.  I'm
>using them for a crude online store, as a way to let the web server keep
>track of who has what in their shopping basket.

Cookies are a godsend for shopping baskets. Saving state without them is a
major pain.


-- Lucky Green 
   PGP encrypted mail preferred.







From blake at bcdev.com  Thu Feb 15 19:35:48 1996
From: blake at bcdev.com (Blake Coverett)
Date: Fri, 16 Feb 1996 11:35:48 +0800
Subject: Cookie Crumbles
Message-ID: <01BAFBB4.C26F0250@bcdev.com>


-----BEGIN PGP SIGNED MESSAGE-----

>What are the chances that NSCP might add a feature that would 
>allow customers to say yes or no at login to tracking their 
>movements at any site visited, with a friendly notice that 
>tracking analysis was being done?

The netscape browser could assert that tracking was not desired to it's
heart's content, but that doesn't prevent the server from tracking any 
state it wants about you.

(The typical non-cookie approach being to include a session identifier in all URLs)

regards,
- -Blake

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQCVAwUBMSOODrmr67p11D8rAQHg8wP/fdjXkJFGuFCyCFr7oyP+z5B6a4S4RNd7
3nkzLVIhil6fHW78CKohGmjVPwuwiz81FGRobfsAoQKgUW0zCMI4SmI9Parxk63A
Ly5ckTVf+oDI6WWbyXg39xr7lMPKUqzfyzi3M7nDVXEPNZXLKH58+WJoR0eUsUyW
7AWwcEOducM=
=DGYR
-----END PGP SIGNATURE-----






From hoz at univel.telescan.com  Thu Feb 15 19:36:19 1996
From: hoz at univel.telescan.com (rick hoselton)
Date: Fri, 16 Feb 1996 11:36:19 +0800
Subject: Using lasers to communicate
Message-ID: <9602152017.AA17834@toad.com>


At 10:38 AM 2/14/96 -0500, you wrote:
>This idea of sending data via laser beams across open spaces has some
>very useful potential.  ...

>Eavesdropping and channel-blocking and physical-location-discovery are 
>related threats to which most traditional data channels are susceptible.  
>Any link which depends on a physical conduit (phone line, fiber, coax)
>is relatively easy to interrupt and to trace to its end points.
>RF links, even with frequency hopping, are subject to triangulation and
>jamming.  All these kinds of links can be eavesdropped.

>Point-to-point conduitless laser signalling, as envisioned by "Bill" and
>Tim in their quotes below, eliminates or reduces these threats

Dust will cause diffraction of the beam (at a reduced intensity, of course).  
Near the source, a detector tuned narrowly to the wavelength of interest would 
probably succeed quickly.  If you have a line of sight channel, there are 
many other ways to signal that will preserve some deniability.


Rick F. Hoselton  (who doesn't claim to present opinions for others)






From ethridge at Onramp.NET  Thu Feb 15 19:36:47 1996
From: ethridge at Onramp.NET (Allen B. Ethridge)
Date: Fri, 16 Feb 1996 11:36:47 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: 


>Alan Olsen wrote:
>
>| >     Addresses will not be easily 'transferable.'  The IETF is
>| >discussing a 'Best Current Practices' document that talks about
>| >address portability.  Basically, it can't happen, because the routers
>| >only have so much memory, and the routers at the core of the internet
>| >can't keep in memory how to reach every one; there needs to be
>| >aggregation.  The only feasible aggregation seems to be provider
>| >based, ie, MCI, Alternet, and other large ISPs get blocks of
>| >addresses.  They give them to smaller companies, like got.net, which
>| >gives them to customers.  The result?  The core routers have a few
>| >more years.
>|
>| A good point. Having parts of subnet shifting around could be pretty painful
>| from an admin point of view.
>
>Its not an admin's point of view thats worrisome.  Whats worrisome is
>that the routers at the core of the net only have so much memory, and
>if the routing tables grow beyond that, we're all hosed, becuase the
>core of the internet will start thrashing.  So, in essense, you taking
>your network address with you when you switch providers ('address
>portability' causes costs that must be borne by the entire global
>internet.

Given that the world of telephony is moving towards Local Number Portability,
isn't it inevitable that the internet will be expected to provide the
equivalent functionality?  In the world of telephones it's being mandated
in the name of local loop competition, which presumably isn't a problem
for the internet.  But if someday i can move across the country and
keep my telephone number, i'd expect the same of my internet address.

That said, the issue of who manages the database is a significant one, but
more political/economic issue than technical.

        allen







From cea01sig at gold.ac.uk  Thu Feb 15 19:43:01 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Fri, 16 Feb 1996 11:43:01 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: <199602150328.AA08186@sunstorm.corp.cirrus.com>
Message-ID: 


On Wed, 14 Feb 1996, Ashfaq Rasheed wrote:

> > 
> > On Mon, 12 Feb 1996, Timothy C. May wrote:
> > 
> > > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> > > Once again, the gutter religion of Islam reveals the derangement of its
> 		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > so-called Prophet.
> > > 
> > > The world really needs to get around to nuking these folks.
> > > 
> > Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> > to liberty.  But since "nuking" the whole Islamic world would not be 
> > itself much of a defence of freedom, the only long term answer is to 
> > promote within Islam the same kind of Reformation as eventually made 
> > Christianity half decent.  And Tim's comments do not contribute to that.  
> > I don't know how many internet servers there are in the Middle East.  
> > But, if I were an intelligent fundamentalist, I'd be copying it all over 
> > the place.  "Look", I'd be saying, "these people really do mean another 
> > crusade to destroy us and our faith".
> > 
> > I can understand Tim's disgust with these people.  But I do question his 
> > manner of expressing it.
> > 
> 
> Actions of certain individual or group does not reflect what the actual
> religion is. Examples of this can be found on every religion. 
> 
> Somebody generalizing as above reflects his/her own closed/blocked mentality.
> 
> Look at yourself, if you can fall to such degrading levels and since you 
> happen to be a member of this mailing list, it is not ration to think as
> every cpunks as demented as you are.
> 
> Ashfaq Ahmed
> 
True, there are risks in generalising from the actions of one individual 
to the group as a whole.  Nevertheless, where Islam is concerned, there 
are so many individuals behaving badly that we are justified in thinking 
the whole religion a force for bad.

Doubtless, I shall be told that "true Islam" is "true tolerance", "true 
freedom", and even "true apple pie".  I may be told that the horrors of 
actually existing Islam - remember this phrase, or something like it? - 
are all somehow the fault of the West.  But the fact is that most Moslems 
venerate old men in beards, who think that anyone who disagrees 
with them about God should be put to death, that a woman with a 
clitoris is a kind of devil, and that Western classical music is evil.

By my standards, these people are disgusting.  My only dispute with Tim 
is in our manner of expressing our disgust.

Sean Gabb
Editor
Free Life.






From vznuri at netcom.com  Thu Feb 15 19:48:54 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Fri, 16 Feb 1996 11:48:54 +0800
Subject: True democracy the electronic way
In-Reply-To: 
Message-ID: <199602151940.LAA04320@netcom18.netcom.com>



>>1. this is an extremely interesting problem in my opinion. the ideal
>>form of government has not been achieved in many millenia. could it
>>be solved given the full power of the information age, i.e.
>...
>>if anyone knows of
>>a mailing list to discuss this concept of trying to apply technology
>>to government, I would be most interested. the closest I can see
>
>
>You might try the "Cypherwonks" mailing list that L. Detweiler set up a
>couple of years ago to explore the very ideas you are supporting here. You
>might find you have a lot in common with him.
>

interesting you should mention that. because of my interests
I've heard various legends that this list (long ago in a galaxy far away)
was sabotaged by piles of trash sent
through anonymous remailers, and the moderator quit instead of put
up with it (not provided the tools to keep out mail from unsubscribers). 
perhaps a little data point about forms of information
technology (and the absence of it) that *doesn't* necessarily lead 
to an improved form of human interaction. 

apparently there is some pretty harsh antagonism towards "electronic
democracy" among the people best suited to experiment with it, i.e.
the pioneers of cyberspace. but hell, alienation and nihilism is
so much more convenient and versatile than bubbly enthusiasm. 
it's a one-size-fits-all philosophy. "screw everyone!!!"  "it'll never
work!!!"  "government == tyranny!!"

something tells me that "electronic democracy" is going to survive
the death of an early mailing list dedicated to its discussion, however.

but thanks very much for the pointer,  Klaus! I'm always impressed with
the helpful spirit of everyone on this list.

(speaking of which I'd be interested in talking to anyone with spare 
resources to start mailing lists.)

--Vlad





From cactus at hks.net  Thu Feb 15 20:43:01 1996
From: cactus at hks.net (Leslie Todd Masco)
Date: Fri, 16 Feb 1996 12:43:01 +0800
Subject: META: Filtering/Posting advice
Message-ID: <199602122243.RAA22214@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

"I have a concern..."

Cypherunks 
First: Stipulated that any traffic has a 'right' to be on cypherpunks.
However, cypherpunks is what we make it.  Every time you post a message,
consider the desirability of seeing a hundred or so messages just
like it from every other readers' point of view.  Content control begins at home.

Second: I'll remind the reader that one can easily evaluate an
individual's past contributions to cypherpunks by looking at the archives'
"by author" listing.  If you post to cypherpunks, I'd suggest that you
go back and look at what you've posted in the past to get a feel for
how other people on the list see you.

Third: Filtering isn't just a game for the vocal: as noise begets noise, I'd
encourage everybody to filter out people whose prose they simply
can not stand.  While this is an important aspect to creating a more
readable list, I can't imagine anybody really caring who else has been
"plonked": to me, in seems no more than a preadolescent "nyah nyah, I'm
not listening..."

I'm half- (only half-, as I'm a free-speech absolutist) tempted to write a tool
that would automatically remove any person from cypherpunks who posts a
"plonk" message.  Until the total lack of security in majordomo is addressed,
this is a game that anybody who can telnet to an smtp port can play.

Fourth: Cypherpunks is fast becoming a ghetto.  My first reaction (which I
did not follow) to several crypto posts in the last few days has been to refer
the posters to coderpunks.  While there is some signal that will always
remain uniquely suited to cypherpunks (Tim May's contributions, Strata's
response to JPB, and Jim Bell's Assassination idea -- though not all of the
messages he's sent since -- immediately come to mind), any signal
that has another place to migrate will do so if the noise issue isn't addressed
better.  

Words of wisdom from the past:

 This program posts news to thousands of machines throughout the entire
 civilized world.  Your message will cost the net hundreds if not thousands of
 dollars to send everywhere.  Please be sure you know what you are doing.

 Are you absolutely sure that you want to do this? [ny]

IE, please... if you aren't adding *new* *signal* to the list, please
refrain from posting.  If you must flame a person, do it in private email.

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR/CnioZzwIn1bdtAQEG6gGAsw6qzFNpiRLGRW0n7qdHDIJ+Yf+XmBIC
dnntiQ+UbXODeNLwsp4jVPSFVETAkCJj
=GAYX
-----END PGP SIGNATURE-----





From adam at lighthouse.homeport.org  Thu Feb 15 20:49:56 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 16 Feb 1996 12:49:56 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: 
Message-ID: <199602160223.VAA00381@homeport.org>


DNS names are not IP numbers.

IP numbers are not portable, DNS names are.  You can move toad.com
anywhere on the network, but you can't move 140.174.2.1 anywhere on
the network.

Allen B. Ethridge wrote:

| >Its not an admin's point of view thats worrisome.  Whats worrisome is
| >that the routers at the core of the net only have so much memory, and
| >if the routing tables grow beyond that, we're all hosed, becuase the
| >core of the internet will start thrashing.  So, in essense, you taking
| >your network address with you when you switch providers ('address
| >portability' causes costs that must be borne by the entire global
| >internet.
| 
| Given that the world of telephony is moving towards Local Number Portability,
| isn't it inevitable that the internet will be expected to provide the
| equivalent functionality?  In the world of telephones it's being mandated
| in the name of local loop competition, which presumably isn't a problem
| for the internet.  But if someday i can move across the country and
| keep my telephone number, i'd expect the same of my internet address.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From WlkngOwl at UNiX.asb.com  Thu Feb 15 20:50:07 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Fri, 16 Feb 1996 12:50:07 +0800
Subject: (Fwd) UPDATE: DoJ Brief is Filed
Message-ID: <199602160222.VAA17815@UNiX.asb.com>


Just received this... (apologies to crypto-only folx on the list)

------- Forwarded Message Follows -------
Date:          Thu, 15 Feb 1996 14:26:38 -0800 (PST)
To:            protest at wired.com
From:          telstar at wired.com (--Todd Lappin-->)
Subject:       UPDATE: DoJ Brief is Filed


At long last, the U.S. Department of Justice has filed a brief in
Philadelpia, in an effort to persuade Judge Buckwalter NOT to issue a
Temporary Restraining Order (TRO) that would block implementation and
enforcement of the Communications Decency Act.

As you'll see below, the DoJ, much like Cathleen Cleaver, seems all too
eager to equate "indecency" with "pornography."

Grrrrrr.

Even worse, the DoJ brief apparently cites Marty Rimm's discredited study
about the "pervasiveness" of online pornography as evidence of the urgent
need to outlaw indecent material.

(TIME Magazine used Rimm's study as the basis for it's sensationalistic
"Cyberporn" cover story back in July.  It was later revealed that Rimm was
an undergradute at Carnegie Mellon University when he did the study, and
that his research contained so many methodological flaws that it was all
but worthless.  TIME even printed a retraction of the story.  For more
information, visit http://www.hotwired.com/special/pornscare/)

According to Ann Beeson, Staff Counsel for the ACLU, "We never thought DOJ
would be dumb enough to cite to the Rimm study, so it wasn't mentioned in
our initial brief!  We expect the judge to rule on the TRO without further
reply from us, so we'll have to wait until the next round (the preliminary
injunction hearing)
before getting in all the info debunking Rimm -- in any event, it is
certain to be *very* embarassing for the government."

Grrrrrrr.

No word yet on when we can expect a decision from Judge Buckwalter, but the
ACLU tells me they plan to issue a press release later today.  If so, I'll
immediately pass it along.

In the meantime, here's a CNN update on the DoJ action from
http://www.cnnfn.com/news/wires/9602/15/telecom.lawsuit/index.html

Stay tuned!

--Todd Lappin-->
Section Editor
WIRED Magazine

==================================================================

Justice Department responds to telecom lawsuit

February 15, 1996
Web posted at: 12:30 p.m. EST

PHILADELPHIA, Pennsylvania (AP) -- The Justice Department filed its
written response Wednesday to a lawsuit seeking to block the new
computer "indecency" law, saying criminal prosecutions are needed to
stop a huge increase in the availability of pornography.

The government urged a federal judge not to issue a temporary
restraining order against provisions that would make it a crime to send
"indecent" and sexually explicit material to minors over computer
networks.

"Individuals undoubtedly have an important interest in being free of
purposeful and direct intrusions on First Amendment freedoms," the brief
said. "But the governmental interests at stake here in controlling
access by minors in indecent sexually explicit materials is compelling."

The American Civil Liberties Union and 19 other groups sought the
temporary ban Feb. 8, the same day President Clinton signed into law the
Telecommunications Act of 1996.

U.S. District Judge Ronald L. Buckwalter said then that he wanted to see
a written response from prosecutors before issuing a ruling.

The law defines indecent as that which, "in context, depicts or
describes, in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or organs."

Opponents say the standard is too broad and would criminalize
information, even in private e-mail, that has educational, artistic and
social value, simply because it relates to sex.

The government said the indecency standard has been upheld as
constitutional in previous cases, and argued that the law's purpose is
to restrict access to widely available pornographic images and
materials.

Violators would face up to two years in prison and $250,000 in fines.

A temporary restraining order should only be granted in extraordinary
circumstances and if there are no other legal remedies available to
plaintiffs. Meanwhile, the situation is dire, the government said.

"In the end, plaintiffs cannot dispute that a large and growing amount
of pornography is presently available on-line and easily accessible to
children in the home, far exceeding anything available prior to the
advent of on-line computer services," the government said.

###



Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From Shade at cdale1.midwest.net  Thu Feb 15 21:07:31 1996
From: Shade at cdale1.midwest.net (Sentient1)
Date: Fri, 16 Feb 1996 13:07:31 +0800
Subject: PGP
Message-ID: <199602160232.UAA04240@cdale1.midwest.net>


Esteemed GentlePersons,

      Could you settle a dispute?  Is it, or Is it not, legal to take 
PGP source code and the like out of the country if it is written on 
paper?

Thank You





From tallpaul at pipeline.com  Thu Feb 15 21:50:52 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 13:50:52 +0800
Subject: CDA Yes Votes; Collection
Message-ID: <199602160317.WAA04288@pipe11.nyc.pipeline.com>


On Feb 09, 1996 05:56:13, 'Duncan Frissell ' wrote: 
 
 
> 
>If you are deeply upset by the high-handed manner in which the legislature

>has screwed around with your life, welcome to the club.  Every bill they 
>pass and every regulation upsets someone just as badly as you are upset. 
>That is why some of us want less legislation and less regulation to
minimize 
>just this sort of human suffering.  Maybe next time those of you who are 
>into "proactive" government will think before you crush other people's
lives. 
> 
>DCF 
> 
 
Isn't it the libertarian types on the list who are into mass killings of
civilians with nukes and the "socialist statists" who tend to oppose it? 
 
How does this square with your view that it is people into "'proactive'
government" who are "crush[ing] other people's lives?" 
 
It seems to me having your city nuked is a tad more likely to produce the
crushing. 
 
Normally, I would not be the first to post this onto cypherpunks, but since
*you* did I'm game for another seemingly off-topic discussion. 
 
--tallpaul





From perry at piermont.com  Thu Feb 15 21:55:56 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 16 Feb 1996 13:55:56 +0800
Subject: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160313.WAA27781@jekyll.piermont.com>



"Sentient1" writes:
>       Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on 
> paper?

It appears to be legal, as MIT has done it. A written opinion has held
that other crypto sources can be taken out on paper, but no formal
opinion of the PGP sources in the MIT book has happened. It may only
be legal to take these sources out in the form of a published book,
however -- random printouts you do yourself may or may not be legal to
export since they don't qualify as "public domain" information.

In practice, of course, if you don't tell anyone and you arent someone
prominent you will never be caught no matter what you do.

Perry





From warlord at ATHENA.MIT.EDU  Thu Feb 15 22:08:29 1996
From: warlord at ATHENA.MIT.EDU (Derek Atkins)
Date: Fri, 16 Feb 1996 14:08:29 +0800
Subject: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160330.WAA16481@charon.MIT.EDU>


>       Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on 
> paper?

This is a leading question.  If you just print it out, it might not be
legal to export.  If it is printed in a book (e.g., the PGP Sourcecode
Book, MIT Press, 1995) then it should be legal to take it out of the
country.  IANAL, YMMV.

Hope this helps.

-derek






From wlkngowl at unix.asb.com  Thu Feb 15 22:36:17 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Fri, 16 Feb 1996 14:36:17 +0800
Subject: The Internet Party
Message-ID: <199602160347.WAA13058@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

jamesd at echeque.com wrote:
> At 01:01 PM 2/14/96 -0800, Brian D Williams wrote:
> >Why not form our own Party?
> >The Internet party........
> 
> No matter how excellent the people and the goals of such a party:
> such a party would be a first step to creating a world state.
> 
> Good intentions, dreadful consequences.

Bah. Instead we can have an Internet Party. No, not political party... I 
mean a nice world-wide baccanal... Hell of a lot more fun, anyway.

Bread & circus.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP+aSoZzwIn1bdtAQEGiQF8C46cp1jU+1zSNGUWYYJHYq3L/K9O+Gzo
IAYVTxL6ANiaebn+caUV4O8f5Er/gud3
=tJWO
-----END PGP SIGNATURE-----





From shauert at primenet.com  Thu Feb 15 22:41:09 1996
From: shauert at primenet.com (Scott A. Hauert)
Date: Fri, 16 Feb 1996 14:41:09 +0800
Subject: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <4fu82h$n0g@nnrp1.news.primenet.com>


m.purcell at navy.gov.au (LEUT Mark Purcell) wrote:

>In article <4eaksb$6i9 at recepsen.aa.msen.com>, jims at conch.aa.msen.com says...
>>
>>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>>content?  Please reply  via email:

If you are looking for a program that can log into your pop server,
scan for PGP messages, retrieve and decrypt them, then try Private
Idaho.  If you are looking for some combination of programs that can
handle your e-mail and provide PGP functions, then there are lots of
option.

Take a look at:
http://www.primenet.com/~shauert

There is a collection of PGP front-ends for Windows, many of which do
what you seem to be looking for.

Scott
Scott Hauert

Internet: shauert at primenet.com
Compuserve: 76342,1400
WWW: http://www.primenet.com/~shauert/






From tallpaul at pipeline.com  Thu Feb 15 22:47:17 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 14:47:17 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <199602160408.XAA12403@pipe11.nyc.pipeline.com>


Why oh why am I getting the idea that "cypherpunks" would better be called
"cryptoauthoritarians." From murder-as-political-liberation, to the
universalization of the libertarians "feelings" onto everyone else in the
world, to the mass nuclear bombings of civilians to the mass nuclear
elimination of religions. 
 
My, my. For a group of people so uspet at taxes you certainly have faith in
the ability of private individuals to generate the capital for things like
the Manhattan Project and high-cost nuke delivery systems! 
 
On Feb 15, 1996 20:03:56, 'Sean Gabb ' wrote: 
 
 
>True, there are risks in generalising from the actions of one individual  
>to the group as a whole.  Nevertheless, where Islam is concerned, there  
>are so many individuals behaving badly that we are justified in thinking  
>the whole religion a force for bad. 
> 
>Doubtless, I shall be told that "true Islam" is "true tolerance", "true  
>freedom", and even "true apple pie".  I may be told that the horrors of  
>actually existing Islam - remember this phrase, or something like it? -  
>are all somehow the fault of the West.  But the fact is that most Moslems 

>venerate old men in beards, who think that anyone who disagrees  
>with them about God should be put to death, that a woman with a  
>clitoris is a kind of devil, and that Western classical music is evil. 
> 
>By my standards, these people are disgusting.  My only dispute with Tim  
>is in our manner of expressing our disgust. 
> 
>Sean Gabb 
>Editor 
>Free Life. 
> 
 
 
I was wondering if S. Gabb, as a self-declared expert on Islam, if he might
explain the difference between the Sunni and Shi'ite sects, and the
respective size of each? 
 
I am also curious if he could point us to a single written example where he
or anyone else has ever been told the various things that he "doubtless"
will be told? 
 
In short, is this important history posted on cypherpunks, more libertarian
political demagogery,  or another J. Bell-like reference to the
universalization of the libertarian's feelings onto the rest of the world? 
 
--tallpaul 
  "Gentle Jesus 
  "Meek and mild 
  "Bless me 
  "While I nuke this child. 
  "But reassure'em 
  "As I wack'em 
  "I love their rights; 
  "I'll never tax'em."





From wlkngowl at unix.asb.com  Thu Feb 15 22:52:25 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Fri, 16 Feb 1996 14:52:25 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: <199602160348.WAA13069@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I haven't been watching this thread much, but has anyone checked out the 
appropriate Chinese culture/politics newsgroups on this?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP+pyoZzwIn1bdtAQHb7AGAyzWHyF23Gvt/i9Fbs9zQuPrck2fCEdK3
3BAT0lqJoquriMf1Ten4OhVQlJA4nzB9
=lWWG
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Thu Feb 15 23:01:39 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Fri, 16 Feb 1996 15:01:39 +0800
Subject: Remailers Pose Risk
Message-ID: <199602160423.XAA13295@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

>    Computerworld, February 12, 1996, Front page:
> 
>    Stealth E-mail poses corporate security risk
> 
>    By Gary H. Anthes[..]
>    Anonymous remailers on the Internet are emerging as a
>    threat to national and corporate security, some experts
>    warn.

FNORD!
[..]
>    For corporate information systems managers, stealth E-mail
>    is especially troubling because it allows hackers to attack
>    systems, steal trade secrets and broadcast them worldwide
>    without leaving an audit trail for authorities to follow.

Dumpster-diving the corporate offices and mailing the results to the 
media doesn't leave much of an audit trail either. Perhaps a problem lies 
in their own security...

>    "Anonymous remailers have a lot of nasty potential," said
>    Stephen T. Kent, chief scientist for security technology at

So do kitchen knives or automobiles.
[..]
[..]
>    One snowy day last month, for example, about 25% of the
>    workforce at a defense contractor in Rockville, Md., went
>    home after they received a bogus E-mail message dismissing
>    them for the day. The message originated from an anonymous
>    remailer that allowed the user to impersonate a senior
>    company official.

Was that a remailer or simply forged mail?
>    Last year, the U.S. Supreme Court struck down an Ohio law
>    that required the authors of political posters and
>    pamphlets to identify themselves. "In the case of political
>    speach, you can't make people tell you who they are," said
>    Patrick Sullivan, executive director of the Computer Ethics
>    Institute in Washington.

BTW, "Docket 93-986 -- Decided April 19, 1995" from Cornell's Law site

[..]
>    "As in the case of smallpox, yellow fever, flu epidemics,
>    AIDS or malaria, it will take disasters before the public
>    may accept that some forms of restrictions on the
>    electronic freedom of speech and  that  privacy may be
>    worthwhile."FNORD!
[..]
>    Do's and don'tsAhem
>    Unethical or illegal uses of anonymous remailers:[..]
>    -  To violate copyright lawsScientology...
>    -  To encourage others to commit unethical or illegal
>       behaviorAhem. Illegal<>Unethical... it may be very ethical to violate some laws. 
And then again, so what about unethical? So what if an anonymous poster 
advocates adultury or pilfering paperclips from your employer...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSQGzCoZzwIn1bdtAQFw8wF/Ta61GbzPyYQR9CZPl7TEa6gA3O32OyLS
OqQeEA6k/Ehtd0TjCdMRRfsOOf6xfQ5w
=zBHu
-----END PGP SIGNATURE-----





From gimonca at skypoint.com  Thu Feb 15 23:10:53 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Fri, 16 Feb 1996 15:10:53 +0800
Subject: Trolling for Muslims during Ramadan
Message-ID: 



Has the list really sunk this far into trolling? Obviously we're
starting to see dreck posted simply to draw people into fights.
If I want a religious war, I'll hang out in soc.culture.pakistan, 
thank you. 

Oh, and for the still-clueless, posts like the following have 
about as much of a foundation in reality as your average Zundelsite.
Don't even bother replying.

 ***********************************************************************
        --The Interview--             | gimonca at skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

---------- Forwarded message ----------
Date: Thu, 15 Feb 1996 20:03:56 +0000 (GMT)
From: Sean Gabb 
To: Ashfaq Rasheed 
Cc: tcmay at got.net, cypherpunks at toad.com
Subject: Re: Online Zakat Payment: Religious tithe.

True, there are risks in generalising from the actions of one individual 
to the group as a whole.  Nevertheless, where Islam is concerned, there 
are so many individuals behaving badly that we are justified in thinking 
the whole religion a force for bad.

Doubtless, I shall be told that "true Islam" is "true tolerance", "true 
freedom", and even "true apple pie".  I may be told that the horrors of 
actually existing Islam - remember this phrase, or something like it? - 
are all somehow the fault of the West.  But the fact is that most Moslems 
venerate old men in beards, who think that anyone who disagrees 
with them about God should be put to death, that a woman with a 
clitoris is a kind of devil, and that Western classical music is evil.

By my standards, these people are disgusting.  My only dispute with Tim 
is in our manner of expressing our disgust.








From jzychik at via.net  Thu Feb 15 23:36:55 1996
From: jzychik at via.net (Joe Zychik)
Date: Fri, 16 Feb 1996 15:36:55 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <2.2.32.19960216050049.007358fc@via.net>


At 08:59 PM 2/15/96 -0500, you wrote:
>On Thu, 15 Feb 1996, Sean Gabb wrote:
>
>> where Islam is concerned, there 
>> are so many individuals behaving badly that we are justified in thinking 
>> the whole religion a force for bad.
>
>> But the fact is that most Moslems 
>> venerate old men in beards, who think that anyone who disagrees 
>> with them about God should be put to death, that a woman with a 
>> clitoris is a kind of devil, and that Western classical music is evil.
>
>
>    And your travels in the Islamic world consist of?   And you 
>personally know how many Muslims?  And you have read how much Islamic 
>sources?

Below is an article from today's Zychik Chronicle, that is very, very
relevant to this post:


(New York Times) "I didn't know enough Arabic to lead the prayer and was
still a student of the Koran," said Isak-El M. Pasha. A plumber at the time,
he was appointed the inman of the Malcolm Shabazz Mosque in Harlem. The
appointment was given to him by the dying inman, Ali Rashid.
He cried that night and "submitted to the 'will of Allah.'" The orthodox
Sunni Muslim sect he was to lead had broken with Louis Farakhaan in the
70's. By 1993, when Mr. Pasha took over, membership had dwindled down to
700. At one time this had been the temple where Malcolm X had preached his
most fiery sermons! But the break with Farakhaan almost caused the Mosque to
be foreclosed on.
Today the Mosque has 8,000 members and Mr. Pasha is "being called Harlem's
new spokesman." Mr. Pasha's rise in the Black community establishes that
most Blacks don't like racism. Here's a few quotes of his: "We have as much
racism practiced among us as black people as any racism that has been
practiced upon us by other groups." When he invited the white Mayor of New
York City to speak at the mosque he was criticized by radical black racists.
His response: "Sometimes leadership in Harlem treats African-Americans like
children. . Like if some white man talks to us we're going to be lead back
into slavery. We have a constituency and I'm obligated to bring those they
elect to them."
Finally, a comment that is sure to drive Bill-Racist-Clinton and
Janet-makes-you-feel-sorry-for-Parkinson's-disease-Reno up the wall: "Islam
won't accept racism and won't allow Muslims to practice it."
Let's call Mr. Pasha a True Muslim.

-----------------------
To subscribe to the Zychik Chronicle please reply by e-mail.


jz






From s1018954 at aix2.uottawa.ca  Thu Feb 15 23:39:01 1996
From: s1018954 at aix2.uottawa.ca (s1018954 at aix2.uottawa.ca)
Date: Fri, 16 Feb 1996 15:39:01 +0800
Subject: Berkeley ftp site moved again?
Message-ID: 


I've been unable to get through to ftp.csua.berkeley.edu
and www.csua.berkeley.edu for the past two days.

Does anyone know if the site (and the cpunk archives with it)
has moved or if it's just down? (I'd mail root, but what's the
point if the machine's down?)

Sorry if I've missed this being mentioned before.





From jsw at netscape.com  Fri Feb 16 00:45:35 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Fri, 16 Feb 1996 16:45:35 +0800
Subject: Netscrape's Cookies
In-Reply-To: <9602151600.AA03535@cti02.citenet.net>
Message-ID: <312429DD.1729@netscape.com>


Jean-Francois Avon JFA Technologies, QC, Canada wrote:
> 
> Alex Strasheim  said:
> 
> >The best answer would probably be to use the kind of pop-up messages you
> >get when you're going to submit a secure or insecure form.  "You're about
> >to send a cookie back to a web server, continue or abandon?"  "You're
> >about to send mail from a web page, do you want to do that?"  Give people
> >the ability to turn the messages off -- that way functionality isn't
> >impaired.
> 
> I find that a very good solution providing that the browser say:
> >"You're about to send a cookie...."
> Here, I would add:
> "... that contain the following information:"
> 
> (information list)
> 
> "... back to a web server, continue or abandon?"
> 
> Otherwise, it not as worse, but still in the same spirit as to
> sign a blank check to a stranger...

  The problem with this approach is that some sites are already obscuring
or encrypting their cookies.  I think our merchant system may even do it
for the user shopping basket.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jimbell at pacifier.com  Fri Feb 16 00:56:15 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 16 Feb 1996 16:56:15 +0800
Subject: 
Message-ID: 


At 09:44 PM 2/14/96 -0800, anonymous-remailer at shell.portal.com wrote:
>>Meanwhile
>>        WANTED, DEAD OR ALIVE
>>        JIM BELL
>>        REWARD 13 demo-cyberbucks
>
>     Send your contributions to:
>
>         James D. Bell
>         7214 Corregidor Road
>         Vancouver, WA
>         (503) 696-3911
>         (503) 737-0284
>         (503) 737-0357
>
>>An assassination-sponsoring society is _not_ a polite society.
>
>The first rule of not being seen is "Don't stand up".

BTW, the last two telephone numbers are no longer active at my residence.  I
haven't tried them to see if they've already been assigned to other people.
I would have hoped that anybody who went through the limited research (they
well all listed telephone numbers, BTW; I've NEVER had an unlisted telephone
number) to find them would have  at least called to verify that they were no
longer valid numbers.






From lmccarth at cs.umass.edu  Fri Feb 16 01:05:05 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 17:05:05 +0800
Subject: Cypherpunks Decency Act
Message-ID: <199602160714.CAA10060@opine.cs.umass.edu>


I tried to make this a private reply to jdoe-agamemnon at alpha.c2.org, but it 
bounced:

Forwarded message:
> From: MAILER-DAEMON at alpha.c2.org
> Subject: mail failed, returning to sender
> 
> Unknown addressee: jdoe-agamemnon at alpha.c2.org
> 
> ----- Unsent Message Follows -----
[...]
> > Bill Frantz wrote:
> > >Perry sent me a polite note asking why I had posted the original post, and
> > >He suggested that in the future I make it clear why I think my posts are
> > >relevent to the subject of the list.
> > 
> > Is this what we call the chilling effect?
> 
> Nope, not unless Perry has some position of authority w.r.t. Bill Frantz.
> I'm not aware of any such consideration.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From jimbell at pacifier.com  Fri Feb 16 01:09:47 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 16 Feb 1996 17:09:47 +0800
Subject: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:18 PM 2/15/96 -0800, Bill Frantz wrote:
>[I've changed the Subject: to more accurately reflect the contents]
>
>My purpose on this thread is to examine the limits of Jim Bell's idea of
>Assassination Politics.  My ground rules are to assume that it is a natural
>outgrowth of the technologies of anonymous cash and anonymous remailers. 
>As such arguments that it is immoral are only valid to the extent that they
>bare on individual's decisions to particpate in an assassination.

Pardon me, but the proper word is "bear", not "bare."

>
>I believe that we have general agreement that high government figures are
>not subject to sanction via assassination politics because they already
>enjoy Secret Service levels of protection.

You'd be surprised how few "high government officials" have 
Secret-service-type protection.  President, obviously, vice president, 
Speaker of house, majority and  minority leader of Senate, etc. "Ordinary" 
members of House and senate don't.  A few department heads probably do, but 
that is the exception, rather than the rule.

BTW, for the record, just a couple of days ago Clinton probably passed 
within a mile of my house, "Slant range", in a helicopter, with a day's 
warning.  (The term, "slant range", is a "term of art," for those not in the 
know.)

>I also believe that Jim and I disagree about the significance of Salmon
>Rushdie.  Jim thinks that the lack of anonymity in the Mullah's
>assassination bounty is repelling possible assassins.  I disagree.

Well, then what _IS_ "repelling possible assassins"?  Hint:  If I or you 
killed Rushdie, do you really believe you would be able to collect the 
reward?  I don't.  Unless you get people to really BELIEVE they can collect, 
then it is irrelevant what the value of that reward is!

Hint:  If the mullahs really wanted to see Rushdie dead, they would have 
implemented some sort of "Assassination Politics"-type system to ensure than 
anyone who wanted to collect the reward could do so from the comfort and 
safety of his own home.


>A
>question worth asking is, How much does it cost the British government to
>protect Mr. Rushdie by keeping his location secret and providing other
>unspecified protection.  If anyone knows the answer, it could help build an
>economic model of Assassination Politics.

Which is a valid goal.  Actually, it is unclear why Britain is spending the 
money to protect Rushdie.  Despite the fact that he's done nothing to 
deserve his targeting, governments are remarkably reticent about protecting 
individual citizens.  


>Jim Bell said:
>
>>Actually, I think the primary targets will be either the middle level 
>>manager types, or the ones who have attracted a substantial amount of bad 
>>publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
>>Weaver) for example, would be a excellent example of a person who'd try to 
>>claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
>>Eichmann.  
>
>I agree that Jim's idea of targeting certain specific individuals, such as
>the sniper above might work.

Now, imagine you were a government employee in this line of work, and a 
fellow employee was bumped off due to a well-publicized incident.  Next time 
you're asked to engage in a Waco-like operation, what do you think you'll 
say to  your manager?   "Is this trip necessary?"

This is called, "deterrence."

>>Once the tax collectors/enforcers were targeted, the rest of the government 
>>wouldn't be able to operate, and would collapse.
>
>However if you tackle the whole tax system, you get into problems of scale.
> The IRS alone (according to their web page) has over 110,000 employees,
>and we havn't even mentioned the state and local employees.  I don't think
>killing one or two will have a sigificant effect (that is occuring now).  I
>will assume that you have to successfully kill about 10% to have enough
>effect to shut off the government's money supply.

Needless to say, I disagree.  In practice, if you discovered that  each year 
there  was a 1% chance of you dying as a consequence of your job, you'd 
probably strongly consider changing your place of employment.

Now, I think statistics show that each year, about 800 billion dollars in  
individual income taxes are collected.  If we assume that the equivalent of 
only 1% of that  value  was donated to solve the "IRS problem," that's 8 
BILLION dollars, which at $10,000 per person would buy 800,000 deaths.  
THat's 7 times the current employment of the IRS.

You tell me:  What would the average person pay THIS YEAR to avoid paying, 
say, a $100,000 tax bill NEXT YEAR?  (Hint:  How much do rich people pay 
their accountants, TODAY, to avoid taxes?)

Another Hint:  Consider Bill Gates.  His wealth is variously estimated at 
over 10 BILLION dollars, probably almost all of which is in long-term 
capital gains (Microsoft stock), for which he will have to pay somewhere 
around 30% in Federal income taxes if he should choose to cash out.  He 
would be 1.5 Billion dollars ahead if he donated $1.5 billion dollars to an 
organization which would eliminate his  requirement to pay the total 3 
billion dollar tax bill to the IRS.  That alone is the equivalent of about 
$14,000 for each IRS employee.


>Attacks at this scale will be difficult because while people will have
>perfect anonymity in cyberspace, they won't enjoy it in physical space. 
>Neighbors, survalence cameras, etc.; in fact all the technology that makes
>privacy so hard to achieve today will be available to catch the assassins. 
>The police will also be more motivated to utilize the technology for this
>class of people than they would for drug dealers, pimps and other low
>lifes.  These points will tend to raise the price of assassinations.

That depends entirely on the identity of the target.  Besides, suppose for a 
moment that all these people are turned into "targets."  It's pretty easy to 
protect ONE INDIVIDUAL; it's far harder to protect thousands.

>Let us assume that we can buy assassinations for $50,000 per person.  Times
>11,000 people is $550 million dollars.  That is quite a sum.  I need to see
>an analysis which shows how to raise money on this scale.

Your estimate is way too high.   Remember, most of the cost of hiring a 
hitman is based on the risk (to him) of actually contacting and TRUSTING his 
contractor. (and vice versa:  The contractor has to trust the hitman.)   
While I have no firm statistics, I would  imagine that the vast 
majority of "contract killings" are  solved (if they are solved at  all, by 
the police) by something other   than evidence collected at the site where 
the killing actually occurred.  If you completely eliminate this risk, (by 
encryption and digital cash, etc.) by free-market principles the cost should 
drop drastically.

More generally, most murders are solved either by researching the prior 
relationships (and motives) of acquaintances of the "victim," or witnesses 
to an incident that the killer didn't expect to occur, etc.   "Assassination 
Politics" would result in a situation in which literally everybody in the 
world had an IDENTICAL motivation to kill the target.  Imagine explaining 
this away to a jury, who themselves might have had an equivalent motivation 
to collect the reward! 

Jim Bell
jimbell at pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSQpBfqHVDBboB2dAQH94QP8Dgza+4vkvt6LWYXSMCcmT6TivD/A5XRU
/zwBUxm44I7670jsBDwTpaV/0o6TRC5E5behUctUJPIh4aietaUOVThsghmLBinE
HUwc7nRxhKsyUJkYuSLx8JIn4iV1muGtKFe8KeYgPIHYWuTq380WRd64/RtxbYjy
aXfYSsOfSZQ=
=FwQ+
-----END PGP SIGNATURE-----






From lmccarth at cs.umass.edu  Fri Feb 16 01:11:39 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 17:11:39 +0800
Subject: National Cryptologic Museum (Noise)
In-Reply-To: <199602151257.NAA19309@utopia.hacktic.nl>
Message-ID: <199602160735.CAA10125@opine.cs.umass.edu>


If you're going to ask silly questions, it would be polite to provide a
private reply mechanism.

Anonymous writes:
> I peeled this off of Usenet, Wondering if this is Tim doing a little=
>  trolling?
[...]
> --(fwd)--
> 
> Hi all,
> 
> If you've never heard of the National Cryptologic Museum and have an
[...]
> Christopher C. May, M.D.

There's a "Christopher May" who has posted to the cypherpunks list before.
(Check the archives, and no, don't ask me where....)

Based on the message contents, it's not clear to me why you think this 
could have been a troll, but who the hell cares anyway ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From tbyfield at panix.com  Fri Feb 16 01:21:10 1996
From: tbyfield at panix.com (t byfield)
Date: Fri, 16 Feb 1996 17:21:10 +0800
Subject: Cypherpunks Decency Act
Message-ID: 


At 9:43 PM 2/15/96, jdoe-agamemnon at alpha.c2.org wrote:

>>Perry sent me a polite note asking why I had posted the original post, and
>>He suggested that in the future I make it clear why I think my posts are
>>relevent to the subject of the list.
>
>Is this what we call the chilling effect?

        No.
        bell at pacifier--surely not a coincidence--has indulged himself
excessively. Anyone checked out the LD angle on him? I'm not given over to
conspiratorialism, but, really...there's hardly much satisfaction in
exercising your D-key "right" when the result is emptiness.







From richier at Onramp.NET  Fri Feb 16 01:25:54 1996
From: richier at Onramp.NET (Nemesis)
Date: Fri, 16 Feb 1996 17:25:54 +0800
Subject: (no subject)
Message-ID: <3124373E.20DC@onramp.net>


I have lost the address to the page to join cypherpunks can anyone help 
me A friend needs it ..
                         thanx
				Nemesis





From geeman at best.com  Fri Feb 16 01:34:38 1996
From: geeman at best.com (gw)
Date: Fri, 16 Feb 1996 17:34:38 +0800
Subject: Using lasers to communicate
Message-ID: <199602160803.AAA17730@news1.best.com>


At 10:38 AM 2/14/96 -0500, you wrote:
>
>Eavesdropping and channel-blocking and physical-location-discovery are 
>related threats to which most traditional data channels are susceptible.  
>Any link which depends on a physical conduit (phone line, fiber, coax)
>is relatively easy to interrupt and to trace to its end points.
>RF links, even with frequency hopping, are subject to triangulation and
>jamming.  All these kinds of links can be eavesdropped.
>
>Point-to-point conduitless laser signalling, as envisioned by "Bill" and
>Tim in their quotes below, eliminates or reduces these threats. 

not as much, IMHO, as you would seem to suggest.  50% mirrors picking off
those laser beams would do it, and you could not detect the resulting
attenuation as distinct from naturally ocurring attenuation and variation.  


>Now consider an enhancement.  In show business, we sometimes entertain
>the folks with "laser light shows".  The technology used is fairly
>straightforward, mainly involving the use of mirrors (the effect also uses
>smoke ususally, but please don't prematurely dismiss my remarks on this
>basis).  The laser source is attached to a "laser table" which holds a 
>number of small mirrors which may be individually inserted (via fast
>solenoids) into the path of the laser beam.  Each of these mirrors is then
>calibrated to aim at a particular place in the theatre, usually another
>larger mirror.  Then (under computer control) the various small mirrors
>on the laser table are rapidly inserted and withdrawn from the light beam,
>causing the laser beam to follow first one path, then another, then another
>through the (smoky) air -- all to the delight of the audience.
>
>This technology could easily be adapted to make a communication channel
>safer from the various threats of eavesdropping, interruption, and tracing.
>A single point-to-point channel could be made to follow various paths 
>having common elements only VERY close to the endpoints.  Better still,
>a network of more than two nodes could be constructed without needing to
>provide multiple transceivers at each node (and with possibly multiple 
>beam paths between each pair).  With known methods of routing and
>collision avoidance, we could thus not only route around any known opposition
>but also make it very expensive to eavesdrop or even to discover that 
>a signal exists.  ("Honey, call the EPA again -- those gubmint boys are back,
>driving their oil-burning old van around Mr. May's house.").
>

KNOWN opposition ... hmmm.  you're back to obscurity=security.
It's always expensive to eavesdrop (tapped any fiber cables in pressure
jackets recently?) ... and (having been in the same business as yourself
once) alignment and bandwidth problems of them pesky little scanners is a
pretty hefty problem.

The concept seems to have merit ... but I don't think I'd want to have to
implement it!
Easily adapted .... ?????

>[previous attribution unknown...:]
>} >>With a tightly focused beam (light is easy, I don't know about lower
>} >>frequencies), you can prevent interception except by very obvious physical
>} >>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>} >>avoid the need to encrypt the link (and all the paranoia about key
>} >>management, advances in factoring etc. that that implies.)
>} >>
>} >>Bill
>
>On Thu, 4 Jan 1996 12:45:15 -0800, tcmay at got.net (Timothy C. May) wrote:
>} 
>} Just a couple of points on this optical idea.
>} 
>} We were linking buildings a mile apart in the 70s, at Intel. We needed to
>} ship CAD data back and forth, and PacBell rates for a dedicated line were
>} outrageous, slow to be installed, etc. So, a commercially available laser
>} and modulator/demodulator (modem, but it bears sometimes using the longer
>} version, to remind people of what it is doing in general) were mounted on
>} the roofs of our buildings. I'm sure various packages are commercially
>} available to do this.
>[snip] 
>} I'm actually more positive on low-level (below safety regs get interested
>} in) light than on free space RF, for bypassing of the local cable/phone
>} monopolies. There's just not enough "bandwidth of free space" available. Do
>} the math.
>[snip]
>
>
>::::::::::::::::::::::::::::::::::::::
>::  Lou Poppler  ::  " The more you drive, 
>::      http://www.msen.com/~lwp/   ::    the less intelligent you are."
>::::::::::::::::::::::::::::::::::::::    -- Repo man
>
>






From geeman at best.com  Fri Feb 16 01:38:12 1996
From: geeman at best.com (gw)
Date: Fri, 16 Feb 1996 17:38:12 +0800
Subject: anonymous age credentials, sharing of
Message-ID: <199602160754.XAA17607@news1.best.com>


At 04:24 PM 2/15/96 -0500, you wrote:
>On Thu, 15 Feb 1996, gw wrote:
>
>> the People, want to support permanently binding a traceable, non-anonymous
>> identity to all certificate attributes that are used in electronic exchange
>> (age, etc...) then there is going to be the potential for someone to
>> deliberately allow their credential to be misused.
>> 
>> IMO, to prevent this totally would require implanting a non-forgable i.d.
>> chip in everyone at birth ..... not very appealing.
>

>And even then, what about the people that undergo surgery to swap chips?
>

Seems less likely ... you would need qualified surgeon, etc. ... my
suspicion is that biometric devices are actually more susceptible to bypass .

>The only REAL way of authentication is biometrics.  Anything else can be 
>swapped.  

For that matter, if you can replace an amputated finger, how about
transplanting a hand?   

I think the distinction between an implanted device and a naturally occuring
biometric is 1. not that important, 2. not all that large, anyway.

My point is -and I think this pretty obvious- without the "something someone
IS" 
as opposed ot "HAS" there is no stopping the exchange of credentials.  And
then as you go to "HAS", it's just a matter of how far you want to raise the
bar.

I like that idea of surgically swapping tokens ... where do I find the Dr.?
Assuming s/he's illicit, then where do I get the $?  And the person to swap
with?  What's in it for him/her?

>But if you amputate someone's hand or retinas then they won't 
>work(check for things like blood flow, etc.)
>
>Ben.
>____
>Ben Samman..............................................samman at cs.yale.edu
>"If what Proust says is true, that happiness is the absence of fever, then
>I will never know happiness. For I am possessed by a fever for knowledge,
>experience, and creation."                                      -Anais Nin
>PGP Encrypted Mail Welcomed      Finger samman at powered.cs.yale.edu for key
>Want to give a soon-to-be college grad a job?         Mail me for a resume
>
>






From tedwards at Glue.umd.edu  Fri Feb 16 01:39:54 1996
From: tedwards at Glue.umd.edu (Thomas Grant Edwards)
Date: Fri, 16 Feb 1996 17:39:54 +0800
Subject: Religious Right and CDA
Message-ID: 



Please see http://www.cdt.org/policy/freespeech/cc_ltr.html for a letter 
from Ed Meese, Ralph Reed, Donald E. Wildmon, and others which actually 
suggests language in the CDA.

"Attached is the specific language we support which includes the House
passed language on obscenity and includes revisions on both the House
passed language on indecency, which would amend Title 18 and the
Senate-passed language on indecency, which would amend Title 47. The
combination of these provisions, we believe, would provide effective laws
to curb obscenity and indecency on the Internet by establishing that all
who knowingly participate in the distribution or facilitation of obscenity
to anyone or indecency to children would be subject to the law."

-Thomas






From samman-ben at CS.YALE.EDU  Fri Feb 16 01:41:17 1996
From: samman-ben at CS.YALE.EDU (Rev. Ben)
Date: Fri, 16 Feb 1996 17:41:17 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: <199602151626.IAA20391@blob.best.net>
Message-ID: 


On Thu, 15 Feb 1996, gw wrote:

> the People, want to support permanently binding a traceable, non-anonymous
> identity to all certificate attributes that are used in electronic exchange
> (age, etc...) then there is going to be the potential for someone to
> deliberately allow their credential to be misused.
> 
> IMO, to prevent this totally would require implanting a non-forgable i.d.
> chip in everyone at birth ..... not very appealing.

And even then, what about the people that undergo surgery to swap chips?

The only REAL way of authentication is biometrics.  Anything else can be 
swapped.  But if you amputate someone's hand or retinas then they won't 
work(check for things like blood flow, etc.)

Ben.
____
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman at powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume






From frantz at netcom.com  Fri Feb 16 01:41:31 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 16 Feb 1996 17:41:31 +0800
Subject: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602152214.OAA27564@netcom7.netcom.com>


Bill Frantz wrote:
>... He noted that new data showed that 40% of US
>Internet traffic was flowing through America OnLine's network and that
>together with Netscape the two companies would effectively  control the
>technology now shaping the global network - "And then Microsoft would be
>left without an Internet standard,".

Perry sent me a polite note asking why I had posted the original post, and
I replied:

>(1) I thought it was of interest to people on the list, and not yet generally
>available information.
...
>(3) It speaks to the issue of whether there is a danger of oligopolistic
>control of the net.  Cypherpunks will, of course, work on technical solutions
>to that danger.

He suggested that in the future I make it clear why I think my posts are
relevent to the subject of the list.


At  7:44 PM 2/13/96 -0500, Deranged Mutant wrote:
>I dunno. The World Wide Web Consortium supposedly exists to prevent 
>corporations from controlling the technology and standards.

I agree that keeping the cost of market entry low, by having the technical
standards freely available at no cost is an excellent way of furthering
this goal.  (The IETF has a similar policy.)  In addition, free software
(in the sense of the Free Software Foundation) will help.

BTW - I do not consider oligopolistic control of the net of the net to be a
serious danger in the five year time frame.  I am less sanguine about the
30 year time frame.

Bill








From hayden at krypton.mankato.msus.edu  Fri Feb 16 01:44:07 1996
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 16 Feb 1996 17:44:07 +0800
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 (fwd)
Message-ID: <199602151940.LAA08372@comsec.com>




---------- Forwarded message ----------
Date: Tue, 13 Feb 96 22:49 PST
From: Gary Klein (bear-at-heart) 
To: Neil Radford 
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 

     In light of the recent furor over the airwaves, in the media, and in 
lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United 
States' President Clinton signed into law on February 8, 1996, I 
have created a forum for people to discuss the concerns raised by this 
(and similar) pieces of legislation.

LISTNAME:      CDA96-L
FULL TITLE:    Communications Decency Act of 1996 Discussion Group
FORMAT:        Un-moderated, Postings must come from registered subscribers
SUBSCRIPTIONS: via LISTPROC software
LISTOWNER:     Gary M. Klein 
               Management & Business Economics Librarian
               Hatfield Library
               Willamette University
               Salem, Oregon  97301 USA

DESCRIPTION:   
     CDA96-L is open to the networkng community.  Its primary role is
to serve as a means of communication among people who are concerned
about the implications of the United States of America's COMMUNICATIONS
DECENCY ACT of 1996 (signed into law by President William J. Clinton
on February 8, 1996).  Its secondary role is to serve as a discussion
forum for similar legislation or regulation that may be in the formative
or final stages in any other country, or at any local jurisdiction that
would restrict, limit or inhibit use of Internet resources based on
"decency", "morality", "offensiveness", or based on the age of someone
using, operating, or accessing an Internet resource.

SUBSCRIBING TO THE "CDA96-L" LIST:
     Anyone may subscribe to the list by sending a 
command to 

     For example, if Idi Amin wanted to subscribe, the post would be:
                  mailto:   listproc at willamette.edu
                    text:   sub cda96-l Idi Amin

OTHER LISTPROC COMMANDS:
     Will be supplied to each subscriber as part of the Welcome Message.

(please feel free to cross-post this announcement in appropriate places)

GARY M. KLEIN "not your average librarian & indecent communicator"
Hatfield Library / Willamette University / Salem, Oregon 97301 USA
work 503-370-6743 / gklein at willamette.edu















From perobich at ingr.com  Fri Feb 16 01:49:42 1996
From: perobich at ingr.com (Robichaux, Paul E)
Date: Fri, 16 Feb 1996 17:49:42 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


Jon--

I would suggest that the Chinese solution to these problems is singular, 
and simple: the total inability to conduct any transaction anonymously.

My guess would instead be that the Chinese would register IP addresses to 
individuals. The precedent's been set already with registration of 
photocopiers, typewriters, and mimeograph machines. As Perry pointed out, 
RSA-signing each and every packet would be prohibitive. Assuming that their 
real interest is in controlling diffusion of information to and from the 
'net-- and not moderating what goes on in the Chinese intranet (or 
inter-intra-net, I guess) I think address registration would be a logical 
first step.

The simple portion is a national (Chinese) database associating true 
names with key IDs. These keys will be usable only to sign documents, not 
to encrypt information, similar to the Federal DSS.

If the binding is instead true name <-> IP address, then the censors drop, 
block, delay, or spoof packets from thoughtcriminals instead of refusing to 
sign them. This avoids both the signature overhead and the expenditure of 
hard currency on gwai lo.

Now that all information has a recognizable source, dissidents in China 
can be arrested, and unacceptable information never makes it into the 
country.

Registering IP addresses of course won't block out thoughtcrime originating 
outside China, but unless everyone else adopts the packet signing scheme you 
outline the censors will still have to filter incoming material 
semi-manually. As far as I can tell their government is at least as 
interested in keeping things in as they are keeping out the Four Horsemen.

-Paul






From cmca at alpha.c2.org  Fri Feb 16 01:52:59 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Fri, 16 Feb 1996 17:52:59 +0800
Subject: PGP
Message-ID: <199602160832.AAA11104@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks at toad.com]
[Subject: Re: PGP]

It was written (not on paper) by "Sentient1" :
>      Could you settle a dispute?  Is it, or Is it not, legal to take
>PGP source code and the like out of the country if it is written on
>paper?

Yes it is. MIT published a book consisting of nothing but PGP source in
OCR type, and it has been exported.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSQ2ZoHskC9sh/+lAQEd0gP/ZSj0lQYlWN9XxDEzSCRRSnt13TKG3DYU
cqGLcbJb9hsp7Ye4+oW8Ei1+iXGOX/2u/TB7gNfQQ0MFR96bqSl0VzCq1R1Z4vqC
vb6lv2pURpMwltTy7+k3gWx2p6Dsc6uTXC8ydTLKcWLg9o98JsR8ZtnxyOdzWtGM
SoeaAP+T7Wk=
=25iG
-----END PGP SIGNATURE-----





From lmccarth at cs.umass.edu  Fri Feb 16 01:57:02 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 17:57:02 +0800
Subject: Firewall USA to Firewall China
In-Reply-To: <199602140540.XAA09402@proust.suba.com>
Message-ID: <199602160849.DAA10400@opine.cs.umass.edu>


Alex Strasheim writes:
> For what it's worth, I have a friend who just got a job with Apple's
> operation in China.  According to him, Hong Kong is fully wired, but
> mainland China only has about 5,000 net accounts outside of government or
> acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
> connection to the outside world, which suggests that they're email only.

In that case, I expect it will be fascinating to see what happens to *.hk
when it gets swallowed by China. Presumably the Chinese govt. will at least
try to enforce the regulations (registration etc.) it has announced so far.

What is the Hong Kong part of the net doing in anticipation of the 
transition ?  Depending upon what happens in the next couple of years, it
seems to me that *.hk could be an impressive Trojan horse for the mainland
authorities to handle. I suggest that anyone who wants to deploy crypto tools
behind the Great Firewall should seriously consider outfitting the Hong Kong
populace with them.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From bruce at aracnet.com  Fri Feb 16 02:06:53 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Fri, 16 Feb 1996 18:06:53 +0800
Subject: Subject lines?
Message-ID: <2.2.32.19960214204503.006a1e50@mail.aracnet.com>


At 08:27 AM 2/14/96 -0500, olbon at dynetics.com (Clay Olbon II) wrote:

>Ok, has everyone forgotten to use a subject line today, or is there a
>problem with toad.com?  Every message I received today that was dated 14
>Feb (except one - from "E. ALLEN SMITH" )
>had no subject and no from line (other than cypherpunks). 

I'd noticed the same thing, and am a little disgruntled, since it screws up
my usual mail filtering.

Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From willer at carolian.com  Fri Feb 16 02:09:30 1996
From: willer at carolian.com (Steve Willer)
Date: Fri, 16 Feb 1996 18:09:30 +0800
Subject: I've just unsubscribed from cypherpunks
In-Reply-To: <9602141233.AA00418@sulphur.osf.org>
Message-ID: <312217ee.180250526@saturn>


On Wed, 14 Feb 1996 07:33:29 -0500, you wrote:

>Normally, when people post notices proclaiming "Jim, I'm putting you in
>my killfile" or "I can't take it, you've ruined this list, I'm leaving!"
>I think it's among the worst kind of petty egotism.

I don't understand what the issue is. I used to use procmail for my
filtering, and it worked fine with Pine (although it would have been
nice to thread my mailing lists). Now, I use Forte's Agent, which
gives me a newsgroup-like access to mail folders _and_ auto-filtering.
So I have no problem with the mailing list -- if I want to ignore a
thread, I just don't look at it. I also filter out all subscribe and
unsubscribe requests into a "Bozos" mailing list, and I can easily
ignore "I'm leaving" style messages by not looking at them and letting
them go away on the next purge.

If you don't know how to use the right tools, or you are not able to,
or you aren't willing to, I fail to see how the members of the list
are at fault. The people at fault are, respectively, you, your
employer, and you.






From declan+ at CMU.EDU  Fri Feb 16 02:10:16 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Fri, 16 Feb 1996 18:10:16 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: 


Excerpts from internet.cypherpunks: 14-Feb-96 Re: Spin Control Alert (LI
.. by Sten Drescher at grendel.te 
> DBM> (I assume your Bible argument is just posturing. No
> DBM> U.S. Attorney, political appointees they, ever will prosecute
> DBM> someone who puts the complete text of the King James Bible
> DBM> online.)
>  
>         You assume wrong.  While I certainly agree that no
> U.S. Attorney would voluntarily prosecute such a case, what happens
> when an athiest files charges against someone for carrying the Bible?
> IANAL, but couldn't the U.S. Attorney be forced to prosecute?
> Apparently I'm not the only one who thinks so, since it has been
> reported (on this list by Tim Philp from a Toronto Star article) that
> the Bible has been removed from at least one Web site, presumably due
> to fear of prosecution.

Since you don't understand the way Federal criminal charges work,
there's no reason I should take your argument seriously. (Hint: The
*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
"athiest.")

As for this mythical Bible being removed, that is irrelevant to this
discussion, which centers around a Bible being *prosecuted*. If I had a
Bible on my web site (perhaps the TCM Vernacular Translation!) I'd
remove it just to make a point. As I suspect the owner of the web pages
did.

Many of us have engaged in lofty rhetoric saying what *could* be
prosecuted -- the Bible, and Catcher in the Rye, and other works of
literature.

Now that the law's passed, let's talk about what *will* be prosecuted.
It will be material that U.S. Attorneys think will get them a
conviction. NAMBLA materials, stories about pedophilia, paraphilia, and
bestiality, and images of hardcore porn -- preferably gay porn -- that
are available to minors.

This law is dangerous because it is so overbroad that prosecutions can
be made exceedingly selectively -- depending on what a US Atty thinks
will offend a jury composed of folks from his area of the country.

-Declan






From lmccarth at cs.umass.edu  Fri Feb 16 02:16:40 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 18:16:40 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: <199602160925.EAA10473@opine.cs.umass.edu>


Ed Carp writes:
> If the Feds pulled the plug on the 
> backbone, I can see that there are a lot of people who would drag UUCP 
> and pathalias out of the closet, and the UUCP Mapping Project would live 
> again (hams have their own backbone are would be not as severely affected 
> by the backbone going away).
>
> Not that it wouldn't be hard - but it's doable.

I generally agree with this. But this would not be "the net as I know it"
by any stretch of my imagination. Most of the people who get high priority(*)
in my incoming mail wouldn't start doing UUCP. We could still do some
version of the cpunks list, but at some point I would lose some enthusiasm
for a "means to an end" that is just an end in itself.

(*) or rather, they will when I get my .procmailrc debugged

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lmccarth at cs.umass.edu  Fri Feb 16 02:39:15 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 18:39:15 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: <199602161003.FAA10539@opine.cs.umass.edu>


James Donald writes:
[in reply to strata]
> Your other arguments casually dismiss the very real power that large numbers 
> of able people with good communications can exercise, have just exercised
> very recently.

Large numbers of able people with good communications very recently exercised 
their putative "very real power" against the passage of the CDA. They had no
substantial impact AFAICS. (I intend no slur against the effort.)  Could you
name some examples, and add some qualifications that made the difference in
those cases ?

> Nation states are a new creation. In the past many different 
> kings ruled many different bits of one nation, and one king often 
> ruled parts of more than one nation.
>
> Today nation states are almost universal, and people can no longer 
> imagine what a nation is, other than a nation state. 

Just in case I'm one of those who "can no longer imagine what a nation is,
other than a nation state", you should perhaps define the term more
concretely. I guess The Nation of Islam might fit, or the worldwide
community of Palestinians.

> But the net is a nation, and is not a state, and nationalism is a force that 
> governments usually cannot withstand.

OK, first of all I'm not convinced that the net qualifies as a "nation", but
it's hard to say until I better understand what you mean by "nation".

_Strong_ nationalism is a powerful force that governments often exploit to
their own considerable advantage, and indeed also brings down governments
in some cases. Offhand, it looks to me as though the USSR did a decent job
of withstanding various strong internal nationalistic forces for a long time, 
and was brought down mainly by other considerations.

> What makes a government strong is its cohesion, but the state cannot
> create its own cohesion. When states attempted to confront nationalism, 
> they often lost cohesion and vanished altogether, like a string of sand. 
>
> The "Nation state" is in essence a tactic for avoiding this hazard.

Perhaps "often" is the case; from previous experience, I suspect your grasp 
of the relevant history is clearly superior to mine. (You have some great
stuff on your web pages.) I note that you did not claim "all".

> Governments are acutely aware of this problem, and act very cautiously 
> in the face of such threats. Many people seem to imagine that a 
> government innately and naturally has cohesion, that it is naturally 
> one thing, naturaly capable of acting coherently and cohesively as 
> an individual can. On the contrary, governments maintain their 
> cohesion with difficulty, and continually act, or refrain from acting,
> in fear that they might lose it.

OK, but govts. do indeed manage to muster plenty of cohesion in various
actions. 

> In an all out knock down battle between a particular government and the
> internet, in a state where a substantial proportion of the middle class
> was on the internet, the government would be in serious danger of 
> evaporating like a jellyfish in the sunshine.

I disagree, but assertions will get us nowhere.

> The government can get away with a substantial amount of harassment and 
> restraint, but has only limited power to act without itself being acted 
> on, to change the world without itself suffering change.

Sure, but the govt. has been changed before and can change again.

I'm honestly very happy to see all this optimism. But unless and until my
pessimism fundamentally changes, I couldn't sleep at night if I were to lie
down and accept the optimistic claims.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lmccarth at cs.umass.edu  Fri Feb 16 03:10:34 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 19:10:34 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: 
Message-ID: <199602161025.FAA10582@opine.cs.umass.edu>


lunaslide writes:
> One think does stand to reason though, when govt gets in the way of
> business, govt eventually gets run over.  Regulating the net in content
> brings them one step closer to obsolescence.  The govt is not yet in it's
> death throwes, but it has seen it's own fate.  The net regulation is one
> more feeble attempt at avoiding destiny.  

The interests of business are not nearly coincident with my interests,
although there is some nontrivial overlap. This is unfortunate but not
surprising, IMHO.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From amsden+ at andrew.cmu.edu  Fri Feb 16 03:44:03 1996
From: amsden+ at andrew.cmu.edu (Zachary R Amsden)
Date: Fri, 16 Feb 1996 19:44:03 +0800
Subject: Patents and Trademarks invalid
Message-ID: 


Here's an idea: whenever someone uploads something like the RC2 source code,
why not have everyone attach it to their .signature?  Is criminal justice
seriously going to pursue tracking down millions of people that did this?
Or would they pull the plug.

Food for thought

(please don't e-mail me about this - I have enough e-mail already.  Post
instead)






From jya at pipeline.com  Fri Feb 16 03:46:26 1996
From: jya at pipeline.com (John Young)
Date: Fri, 16 Feb 1996 19:46:26 +0800
Subject: Cookie Crumbles
Message-ID: <199602151345.IAA10572@pipe1.nyc.pipeline.com>



Responding to msg by jsw at netscape.com (Jeff Weinstein) on Thu, 
15 Feb  1:22 AM


>  You may choose not to believe me, but I have been 
>planning to add an option  to disable cookies in the 
>next release for quite some time now.
>
>  Just disabling cookies won't keep sites from tracking 
>your movements.  Many sites require you to register and 
>log in when you access them.  These sites will be able 
>to track your movements through them with or  without 
>cookies.


Jeff,


You shoot electro-ammunition straight, so your credibility is 
solid. HQ should take target practice from you. Although 
explanations on this list may not be comprehensible to the 
public, or to NSCP's PR Dept.


What are the chances that NSCP might add a feature that would 
allow customers to say yes or no at login to tracking their 
movements at any site visited, with a friendly notice that 
tracking analysis was being done?


That might redeem the exchange value of cookies, and perhaps 
come closer to gving customers equality with the merchants, and 
merchants credibility with customers. As you are giving 
Netscape here, despite Wall Street's treachery.


Thanks for your even-tempered and well-aimed potshots here.


John





From cea01sig at gold.ac.uk  Fri Feb 16 04:11:51 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Fri, 16 Feb 1996 20:11:51 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Thu, 15 Feb 1996, Alan Horowitz wrote:

> On Thu, 15 Feb 1996, Sean Gabb wrote:
> 
> > where Islam is concerned, there 
> > are so many individuals behaving badly that we are justified in thinking 
> > the whole religion a force for bad.
> 
> > But the fact is that most Moslems 
> > venerate old men in beards, who think that anyone who disagrees 
> > with them about God should be put to death, that a woman with a 
> > clitoris is a kind of devil, and that Western classical music is evil.
> 
> 
>     And your travels in the Islamic world consist of?   And you 
> personally know how many Muslims?  And you have read how much Islamic 
> sources?
> 
I never visited Nazi Germany, or the Soviet Union under Stalin; but I 
think I am justified in regarding them as nasty places, hostile to any 
concept of liberal civilisation.  Equally, though I have done my best to 
avoid visiting the Islamic world, I have seen enough *religious* Moslems 
here in England, and read enough of their material, to know that Islam is 
more often than not a force for evil.

Turning to literature, I have read my way through dozens of pamphlets 
sent me by the Islamic Propagation Centre International of Birmingham - 
the one that strikes me as most hilariously dishonest is "The Status of 
Women in Islam" by Dr Jamal A. Badawi.  I will upload a review of this 
tomorrow.  I also have a copy of the Koran, translation and Commentary by 
A. Yusuf Ali; and I have read much of Al Ghazali and a French version of 
"The Regency of the Theologian" by the late Ruholla Khomeini.

Of course, even if I list everything I have read about Islam or by 
Moslems, and read three times more, you would still come on this list 
questioning my right to form an opinion.  One tactic - used ad nauseam by 
the socialists - is to dismiss whatever I have read as works 
unrepresentative of the true essence and canon.  Well, I say that I know 
quite enough about Islam to regard it as a horrible religion.  I still 
disagree with Tim as to what response is appropriate.  But I agree with 
him that it would be a nasty day for humanity if Islam were ever to 
become the faith of a powerful and expansionist state.

Sean Gabb,
Editor
Free Life.





From lmccarth at cs.umass.edu  Fri Feb 16 04:13:14 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 20:13:14 +0800
Subject: [NOISE] Patents and Trademarks invalid
In-Reply-To: 
Message-ID: <199602161118.GAA10682@opine.cs.umass.edu>


Zachary Amsden writes:
> (please don't e-mail me about this - I have enough e-mail already.  
> Post instead)

I'm confused. Instead of you alone getting a copy of every reply, you'd
prefer the scenario where you get a copy of every reply, and so does 
everyone else on the cypherpunks list, because _you_ get too much mail ?
How does this scheme reduce the amount of email you get ?  Are you not in
fact subscribed to cypherpunks ?

(I have no objection to everyone replying to the list; I just don't
understand how this eases the burden on ZA's mailbox.)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lmccarth at cs.umass.edu  Fri Feb 16 04:17:45 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 16 Feb 1996 20:17:45 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: <2.2.32.19960212202324.006e8ee8@panix.com>
Message-ID: <199602161113.GAA10654@opine.cs.umass.edu>


I'm counting my blessings for not suffering carpal tunnel syndrome yet, so
I'll chime in here before we hear back from Strata.

Duncan Frissell writes:
> Operation Sun Devil happened in 1990.  A couple of BBS' were shut down.  It
> hasn't been repeated much since.  There are currently more than 7,000
> commercial ISPs in the world.  At one or two shutdowns per decade, it will
> take a while.  

Assuming shutdowns continue at the same rate, which is a rather large
assumption that I happen to doubt.

> Note too that an ISP is more like a carrier (common or not)
> than like a publisher.  Legal difficulties for the Feds.

>From what I have read here and heard elsewhere from lawyers, common carrier
status gets decided by the courts, and hasn't been conferred definitively on
ISPs or anonymizers/pseudonymizers, etc.

> Even harder in the future when 100 million households worldwide have full-
> time net access running on real multitasking workstations.

We'll see....

> I'm waiting.  Then I'll have to call all the way to Montreal to log on.

So much for the-net-as-I-know-it, where people don't have to call outside
the country just to log in to the net. Most of the people I want on the net
are very unlikely to do this.

> They will have a lot of fun trying to *find* all the ISPs though.  There are
> quite a few and that still leaves company, academic, government, and private
> TCP/IP servers up.

Presumably the govt. can use all the same means everyone else will be using
to find ISPs. They can also go around tracking physical net connections etc.,
which is out of reach for most folks.

Meanwhile the govt. will have coerced *.gov and *.edu and the corporate
sites to establish and enforce restrictive local use policies.

Strata wrote:
# I assume it surprises no one that much of the
# major flack about the net began when it became widely known to
# government that the net considered itself anarchic.

Duncan Frissell writes:
> It doesn't consider itself anarchic -- it is.  

(0) Strata did not claim that the net is not anarchic.

(1) Do you really believe that the net "doesn't consider itself anarchic" ???

[...]
> When one goes out into the marketplace, one encounters many different people
> and many challenges.  You must win acceptance from some of the other
> participants you find there.  There are mores.  You have to learn some of
> them or find others of your ilk who already share you mores.  It is not
> hard.  It is called life. 

Some mores are mostly bullshit. "The other ones are complete bullshit."
It is entirely consistent to defend everyone's right to his/her own set of
mores, and still attempt to convince some people that some of the mores they
observe are crocks. Many of the net.prejudices are particularly absurd,
counterproductive, and worthy of change, IMHO.

Strata wrote:
# WHAT PLANET ARE YOU FROM? Can someone take an anonymous poll of the
# Known Network and ask the following: "I routinely refrain from
# posting my opinions or beliefs to mailing lists and/or newsgroups for
# fear of flaming, harrassment, or ridicule, even when I am confident of 
# those beliefs or opinions

Duncan Frissell writes:
> A short survey of the Feed suggests that many other people
> continue to post at will.  Probably too many.  In fact, they obviously feel
> freer to do so on the net than in real life.

Uh, I guess that's why there's no need for anonymizers, pseudonymizers, etc. ?

[...]
> In modern capitalist societies like the US, it is possible to actually own
> fairly powerful computers yourself.  In fact, I understand that even the
> peasantry in America can put together the $200 for a used 386sx and the $39
> for a 14.4K modem and run a free copy of Linux and have a powerful TCP/IP
> server of their own.  

I'd be interested to see the documentation of the number of peasants in 
the U.S. (or elsewhere) who have done anything like this. Documentation of
the number of peasants who could manage the technical details would also
be interesting.

> The dialup connection is not permanent of course.  It
> can be bought from many local, national, and overseas providers.  

And of course, all peasants have plenty of disposable income to spend on
long-distance phone charges....

Strata wrote:
[yes, this is taken out of context]
# Yes, I should give up my political career and
# the hope of building new housing in my district, getting more school
# funding, etc for a bunch of twenty (or thirty)-something
# non-constitutents who think of me as a pustulent gastropod. I'll run
# right out and vote against TRA!!

Duncan Frissell writes:
> We (some of we) don't want the housing or the school funding either.  I
> certainly consider slave schools to be the most common form of child abuse
> in the world today.

That's nice, but are you seriously claiming that the portion of the average
set of voters in a Congressional district that strongly agrees with you on 
those issues matters a whit in a Congressional election ?

Strata wrote:
# How much do you go out of your way for people who openly despise you
# and publicly declare your stupidity with every other breath?

Duncan Frissell writes:
> Don't go out of your way.  Just stay out of our way.  Play golf instead.  

But the USG has to go out of its way to ignore creeps like Bob Dornan, just
for openers.

[...]
> Use another domain name.  Internic doesn't even have a monopoly of domain
> name assignment within the US.  If it casually screws around with too many
> people, it will guarantee further loss in market share.  

Well, for openers the USG can saddle all DNS companies with onerous
legal obligations. Let's not forget the stories we've heard about the
wiretap equipment set up at various telcos. Maybe it's high time for the
USG to _give_ a monopoly to InterNIC, or an ambitious competitor hungry for
market share.

Strata wrote:
# Find something original and concrete to do instead. Spend the five 
# minutes writing and *mailing* an original letter to your elected
# official and mention you are in his or her district. 

Duncan Frissell writes:
> This is *original*?

For many people, yes.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From Isaac.C.Hopkins-1 at tc.umn.edu  Fri Feb 16 04:29:52 1996
From: Isaac.C.Hopkins-1 at tc.umn.edu (Isaac Hopkins)
Date: Fri, 16 Feb 1996 20:29:52 +0800
Subject: True democracy in America.
Message-ID: <31237dbc235a002@mhub1.tc.umn.edu>


>
>}Is ok. I suspect that we are narrowing on a similar position. Would like
>}to see a time when net communications make "representatives of the people"
>}obsolete" since majority voting on any issue can be "anytime,anywhere".
>}Doubt that it will happen soon.
>
>
>
>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?
>
A truly Democratic society is only feasible when you have an educated
society that can act outside of their own self interest.  Take a look at the
ancient greeks,  they voted to put socrates to death because he questioned
their power and beliefs.  In a democratic society you must be accepted by
the majority in order to survive.  Think about all of the greatest minds in
history, most of them were very controversial.  A democracy is just the
tyranny of the majority.  I think that Americans are typically smart enough
to have more of a say in politics and believe that we should move to become
more democratic, but not to go so far as to become a real democracy.






From cea01sig at gold.ac.uk  Fri Feb 16 04:41:47 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Fri, 16 Feb 1996 20:41:47 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: <199602160408.XAA12403@pipe11.nyc.pipeline.com>
Message-ID: 


On Thu, 15 Feb 1996, tallpaul wrote:

> Why oh why am I getting the idea that "cypherpunks" would better be called
> "cryptoauthoritarians." From murder-as-political-liberation, to the
> universalization of the libertarians "feelings" onto everyone else in the
> world, to the mass nuclear bombings of civilians to the mass nuclear
> elimination of religions. 
>  
> My, my. For a group of people so uspet at taxes you certainly have faith in
> the ability of private individuals to generate the capital for things like
> the Manhattan Project and high-cost nuke delivery systems! 
>  
> On Feb 15, 1996 20:03:56, 'Sean Gabb ' wrote: 
>  
>  
> >True, there are risks in generalising from the actions of one individual  
> >to the group as a whole.  Nevertheless, where Islam is concerned, there  
> >are so many individuals behaving badly that we are justified in thinking  
> >the whole religion a force for bad. 
> > 
> >Doubtless, I shall be told that "true Islam" is "true tolerance", "true  
> >freedom", and even "true apple pie".  I may be told that the horrors of  
> >actually existing Islam - remember this phrase, or something like it? -  
> >are all somehow the fault of the West.  But the fact is that most Moslems 
> 
> >venerate old men in beards, who think that anyone who disagrees  
> >with them about God should be put to death, that a woman with a  
> >clitoris is a kind of devil, and that Western classical music is evil. 
> > 
> >By my standards, these people are disgusting.  My only dispute with Tim  
> >is in our manner of expressing our disgust. 
> > 
> >Sean Gabb 
> >Editor 
> >Free Life. 
> > 
>  
>  
> I was wondering if S. Gabb, as a self-declared expert on Islam, if he might
> explain the difference between the Sunni and Shi'ite sects, and the
> respective size of each? 

Yes, Mr Tallpaul, I see you are upset by my reply to your threat to have 
me arrested in London and dragged off to New York to face trial for 
having sent messages to this list that found their way to you.  As I 
understand it, the division between the Shiites and Sunnites goes back to 
a dispute in the seventh century between Ali, the son-in-law of Mahomet, 
and Muawiya, the Caliph of the time.  Since then, the Shiites have 
divided and dubdivided into many sects, while the Sunnites have remained 
more or less united.  To this extent, the division within Islam is 
similar to that between Catholics and Protestants - though I wouldn't 
like to draw any comparisons between the doctrinal disputes of Islam and 
Christianity.

As for their respective sizes, estimates vary; but the proportion 
most commonly given between Shiites and Sunnites is 15:85.  If you have 
other figures, doubtless you will post them.

>  
> I am also curious if he could point us to a single written example where he
> or anyone else has ever been told the various things that he "doubtless"
> will be told? 
>  
Yes, Mr Tallpaul, I can and will.  You should consult the various 
publications of the Islamic Propagation Centre International, at 481 
Coventry Road, Birmingham, B10 0JS, England, fax - **121 766 8577.  You 
will find enough there to have any sceptic wetting himself with laughter.

> In short, is this important history posted on cypherpunks, more libertarian
> political demagogery,  or another J. Bell-like reference to the
> universalization of the libertarian's feelings onto the rest of the world? 
>  
In fairness, this is a good point.  I accept that a list that I joined in 
order to read about Phil Zimmerman and pgp is not the best place for 
discussing the horrors of Islam.  I will therefore say no more on the 
subject - not even uploading the review I promised in an earlier 
posting.  I shall return to lurking.

Sean Gabb
Editor
Free Life
(I would remind you all that another issue of this comes out in March, 
but Mr Tallpaul might persuade his government to do to me what it did to 
General Noriega)

> 
--tallpaul >   "Gentle Jesus >   "Meek and mild >   "Bless me 
>   "While I nuke this child. 
>   "But reassure'em 
>   "As I wack'em 
>   "I love their rights; 
>   "I'll never tax'em."
> 





From perry at piermont.com  Fri Feb 16 05:15:47 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 16 Feb 1996 21:15:47 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: <199602161251.HAA29650@jekyll.piermont.com>



I have tried sending people comments in private mail, but that doesn't
seem to work.

This is NOT IslamPunks. This is totally off topic. Can you guys
discuss this privately instead?

.pm

Sean Gabb writes:
> I never visited Nazi Germany, or the Soviet Union under Stalin; but I 
> think I am justified in regarding them as nasty places, hostile to any 
> concept of liberal civilisation.  Equally, though I have done my best to 
> avoid visiting the Islamic world, I have seen enough *religious* Moslems 
> here in England, and read enough of their material, to know that Islam is 
> more often than not a force for evil.
> 
> Turning to literature, I have read my way through dozens of pamphlets 
> sent me by the Islamic Propagation Centre International of Birmingham - 
> the one that strikes me as most hilariously dishonest is "The Status of 
> Women in Islam" by Dr Jamal A. Badawi.  I will upload a review of this 
> tomorrow.  I also have a copy of the Koran, translation and Commentary by 
> A. Yusuf Ali; and I have read much of Al Ghazali and a French version of 
> "The Regency of the Theologian" by the late Ruholla Khomeini.
> 
> Of course, even if I list everything I have read about Islam or by 
> Moslems, and read three times more, you would still come on this list 
> questioning my right to form an opinion.  One tactic - used ad nauseam by 
> the socialists - is to dismiss whatever I have read as works 
> unrepresentative of the true essence and canon.  Well, I say that I know 
> quite enough about Islam to regard it as a horrible religion.  I still 
> disagree with Tim as to what response is appropriate.  But I agree with 
> him that it would be a nasty day for humanity if Islam were ever to 
> become the faith of a powerful and expansionist state.
> 
> Sean Gabb,
> Editor
> Free Life.
> 





From aba at dcs.exeter.ac.uk  Fri Feb 16 05:39:07 1996
From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk)
Date: Fri, 16 Feb 1996 21:39:07 +0800
Subject: Stealth PGP work
In-Reply-To: <199602141830.NAA02458@toxicwaste.media.mit.edu>
Message-ID: <11009.9602141935@dart.dcs.exeter.ac.uk>



Derek Atkins  writes on cpunks:

> I'm not familiar with the exact details of what stealth does, which is
> why I asked for more details.  

OK stealth is quite simplistic in the way it operates... neglecting
the pgp conventional encrypt support, here's what it does...

It takes a PGP message which looks like this (must be unarmored),

+---------+--------------------------------+----------+----------
| rsa CTB | RSA encrypted IDEA session key | IDEA CTB | IDEA encrypted data ..
+---------+--------------------------------+----------+----------

and outputs this:

+--------------------------------+---------------------+
| RSA encrypted IDEA session key | IDEA encrypted data |
+--------------------------------+---------------------+

(the point of stealth 2.01 is that the RSA encrypted session keys for
a given user will be less than that users RSA modulus by definition,
and hence not evenly distributed, and that this would be noticeable
statistically after a few messages)

So in stealth 2.01 the RSA encrypted IDEA session key is actually
transformed by a function on stealthing, and the reverse of that
transform is applied on unstealthing.  Before the transform:

0 < r < n

where r is the encrypted session key, and n is the users public key.

The transform ensures that, f(r) is uniformly distributed in:

0 < f(r) < 2^x 

(x depends on a security parameter, higher security implies greater
expansion, 2^x is of course greater than n, otherwise information
would be lost)

stealth 2.x requires n to perform the transform f, and the inverse f'.
when stealthing the n chosen is that specified in the RSA header.

on unstealth f' is used to recover, and n is again required, the n
chosen must be either specified as a user id to look up, or all
user-ids must be inspected.

The unstealth operation re-constructs the headers.

(One "feature" is that you can pad random junk after the stealthed
message and the unstealth, pgp decrypt operation still seems to work
because of the nested length bytes contained within IDEA encrypted and
within compression packets.  This is useful as it allows you to pad
your data to a fixed size in a similar way to mixmaster packets).

> The problem is that PGP API, when decrypting a message, keys off the
> PGP packet types in order to operate.

Right, understood.  I would have thought it nice to add support for
usage of the modules in the pipeline that you describe in an
independent manner also, as building blocks?  Perhaps this is already
catered for.  The problem with stealth from this point of view though
is that there is no packet.  Perhaps you could prime the pipeline by
prepending a dummy `stealthed' CTB, and a method to cope with this CTB?

> If stealth can work outside of PGP 2.6.2, then it should be possible
> to add it on to PGP 3, theoretically.

Stealth can work outside of PGP, but it duplicates work - it looks up
keys in the database to obtain the keyid to insert on unstealth (and
in 2.01 it also needs to know the rsa modulus on stealth and
unstealth).  The other functionality 2.01 duplicates is that it needs
cryptographically strong random numbers, I have not resolved this
satisfactorily, which is why stealth2.x has not be developed further
than beta stage.

The limitation of stealth is that it only supports a single recipient,
in that it expects the data following the key to be the IDEA encrypted
data.

Possibly pgp3 will make this easier, will give access to the random
number generator as an API call?

Will it provide API calls to allow key lookup?

(Maybe I should hold off more questions until you have the API ready
for release).

> [...]  To add stealth, you just add a stealth module in there.
> However I can tell you now that we are not working on such a module
> for the PGP 3.0 release.
>
> I'll hopefully have the API Spec and Programmer's Guide in a state
> where I can let others see it in the near future.  But since I'm going
> to be off the net for about a week or two at the end of the month, it
> might have to wait until March unless a miracle happens in the next
> week.

Perhaps you can accept a donated stealth module at a later stage, if I
understand the API spec and prog guide well enough I might try to
produce one of these .  I'm sure Colin & yourself have lots to do as
is.

> I hope this helps.

Clarifies quite a few things, yes thanks,

Adam






From perry at piermont.com  Fri Feb 16 05:43:46 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 16 Feb 1996 21:43:46 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: 
Message-ID: <199602142238.RAA24705@jekyll.piermont.com>



Jon Lasser writes:
> The more complex portion (from my perspective, at any rate) is a 
> modification of the standard TCP/IP protocol, requiring that each packet 
> be signed by its originating user. This would require lots of software 
> modification on the Chinese end, as well as a conversion process at the 
> National firewall.

They could use no stock software, and they would grind every machine
in the country to its knees doing the signatures. RSA signatures
aren't cheap.

Furthermore, you couldn't check the signatures at the other end fast
enough and it would probably be easy enough to steal keys. I doubt
this would fix their problem.

Perry





From mianigand at unique.outlook.net  Fri Feb 16 05:48:47 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Fri, 16 Feb 1996 21:48:47 +0800
Subject: re True democracy in America.
Message-ID: <199602161324.HAA01206@unique.outlook.net>


>}Is ok. I suspect that we are narrowing on a similar position. Would like
>}to see a time when net communications make "representatives of the people"
>}obsolete" since majority voting on any issue can be "anytime,anywhere".
>}Doubt that it will happen soon.
>
>
>
>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?

In my opinion, only the most basic of services, trash collection, road 
maintenance, education (decided upon experts, not just people with opinions. 
I don't claime to be an expert on history, so why should I have a say on how it 
is tought, I have no expertise in that area).

In a true democracy, which is based on a very diverse general populace, will 
result in a system that will not be able to pass any legislation except those 
described above, it will be imporable for the majority to agree to anything 
except the most basic things.


Why I hate this goverment is that it tries to decide what is right and wrong, 
that is my decision, not theirs.  I am accountable to me and my God as to what 
I do with my life, I am not accountable to any society as long as I do not 
infrige on someone elses rights.

Unfortunalty, I don't see such a goverment happening, I don't care about if 
anyone else likes the way I choose to conduct my life or not, but the majority 
of any country has this assine persistance to perpetuate their traditions and 
beliefs on others, it is their form of progegation.  It's true what is being 
said  sometimes you just gotta Nuke'em
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From tbyfield at panix.com  Fri Feb 16 06:46:50 1996
From: tbyfield at panix.com (t byfield)
Date: Fri, 16 Feb 1996 22:46:50 +0800
Subject: Selling-Candy[TM] Politics
Message-ID: 


At 2:18 PM 2/15/96, Bill Frantz wrote:

>My purpose on this thread is to examine the limits of Jim Bell's idea of
>Assassination Politics.  My ground rules are to assume that it is a natural
>outgrowth of the technologies of anonymous cash and anonymous remailers.

        It's a natural outgrowth of Jim Bell's noggin, more like. It has
nothing per se to do with anonymous remailers _or_ anonymous cash _or_
double blinding _or_ anything else of much interest to anyone on this list
except for a few overheated zealots: you could describe any economic
activity you want--including selling candy to children or paying big
meanies to steal it from them--with precisely the same protocols. KILL THIS
THREAD, NOT POLITICIANS.







From winkjr at teleport.com  Fri Feb 16 06:48:29 1996
From: winkjr at teleport.com (Wink Junior)
Date: Fri, 16 Feb 1996 22:48:29 +0800
Subject: HRoller Anonymous Remailer Shut Down
Message-ID: <199602160326.TAA09013@kelly.teleport.com>


This bit of unverified news from alt.privacy:

> From: hroller at infinity.c2.org (hroller)
> Date: 13 Feb 1996 16:47:06 GMT
>
> This is to announce that hroller remailer is shutting down for good. Due
> to the fact of the current issues and my ISP raising costs, I can no
> longer support this remailer. I guess you could say THEY Won! What I mean
> by this is not only Sen. Exxon, but the users also. The Abuse that goes
> through the remailers is something you would not believe. And until the
> people on the internet wake up and start acting like adults, this problem
> is not going to change.  
> 
> It's been fun, up until lately. 
> 
> hroller

Between irresponsible online behavior and media-spins, such as the example
posted by Mr. Young, will probably make '96 the year of the remailer wars.
If they're not out-and-out banned in the U.S. by '98 I'll be surprised (but
damned happy.)  Hats off to HRoller and Broiles who've fought the good fight.

Wink





From wussery at slip.net  Fri Feb 16 06:51:27 1996
From: wussery at slip.net (wussery at slip.net)
Date: Fri, 16 Feb 1996 22:51:27 +0800
Subject: Anonymous Posting FAQ'S Using Private Idaho
Message-ID: <4g0dpq$8u@slip.net>


-----BEGIN PGP SIGNED MESSAGE-----

I have created several FAQ'S that I hope will streamline the
creation and subsequent sending of postings or email using
Private Idaho. I would like any feedback, pro or con on the
usefulness of these documents. My goal throughout the writing
process was to make it as EASY as possible to set up an account
on alpha.c2.org. As most people know, subsequent to setting up
your account on the alpha server, one can post anonymously to
newsgroups and send anonymous email.

This by NO MEANS is the ONLY way to send anonymous mail, but is
a popular way of doing so. I was prompted to write these FAQ's
because of the amount of frustration that I experienced while
trying to setup my anonymous account. Hopefully others will have
an easier path, subsequent to reading my FAQ's. I have sent a
copy of these FAQ's to the author of Private Idaho and hope to
be hearing from him soon about any
glaring omissions or errors. Should you find any errors, please
point them out. It is most important that easy to use, step by
step documents be made available for the public. The consequence
of enabling individuals to easily set up an anonymous presence,
is the free flow of information and to be able to challenge a
"fact" or individual without hesitation or possible
repercussions. I hope my FAQ's will help in this regard.

The FAQ's can be found at:

http://www.slip.net/~wussery/pgp.html

While you're there, check out some of the other spots that have
caught my attention. Hope you enjoy, and don't forget to give
me
your feedback, pro or con.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMSNJDl4zaQ9yYVwNAQFCdAP/aKIOArRdihXpK9Q8wfILzxLXivTJ92Vy
Y6yXaDQtt/SF8NYc5FgkQ8qB/5qqFRUYIm/mEPWDWWhs68EapX2YjwZi5acFjbTT
kt905IHcsleDxxz2aL5NWH+2daKdOc0I7JNIioPg4YYlZ+2sr+/lnvWs9d6BClDV
+gHZZn4bLEY=
=zmAr
-----END PGP SIGNATURE-----


There's No Elevator To Success. You Have To Take The Stairs.
Remember:"You Can't Fake The Harvest", Stephen Covey
PGP ID 0x72615C0D
url:http://www.slip.net/~wussery
Compuserve:72567,2213





From wilcoxb at nagina.cs.colorado.edu  Fri Feb 16 06:51:37 1996
From: wilcoxb at nagina.cs.colorado.edu (Bryce)
Date: Fri, 16 Feb 1996 22:51:37 +0800
Subject: China -- the fragile glimmer of freedom
Message-ID: <199602160010.RAA03646@nagina.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

I have seen two articles-- one each from two prominent
cypherpunks who shall remain unnamed-- which said something
to the effect that China's censorship of the Chinese part of
the Internet will only "hurt themselves".  The apparent
degree of unconcern, or at least the callous way that it was
presented, saddened me.


One of the messages even ended with a sardonic "Oh well.".


For people who spewed forth hundreds of articles of rants
when the toothless CDA outlawed lewdity and advice about 
abortion, and for people who bravely and promptly took
action to protect the free speech of a Holocaust
denier, the cpunks have been noticeably silent 
about this much more cruel and widespread repression.


Perhaps you think that the compliant Chinese person is
satisfied with his or her role as lackey of his government? 
Or is it that we and the Asians inhabit such different 
worlds that we will have to make do without each other's 
help?



I think the cpunks are better than that, and I think that as
information technology permeates China, that the cpunks will
also be there, creating tools, smuggling them to the
Chinese people, and teaching them how to use these tools to
assert sovereign control over their own words and thoughts.


And pausing, on occasion, to engage in the cyberspace
equivalent of displaying a certain Western obscene gesture
towards the totalitarian government.



ObCrypto:  The RSA signature on this message can be used by
the Chinese police if they would like to verify its
authorship.  I might come to regret this someday...

ObE$:  Probably the most powerful of said tools is currency.


Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMSPLb/WZSllhfG25AQGKBwP7BFjWue3axSz2NH0vKjMhYI3EK5IQQb96
ApuLvyOyQgTHGNW0BWgESvT1Xm8zkWf7QoVM7qdnF5Q5FPi2TmaxNKx4TJi4+2cp
7lnxbOO/eXMIMutrKcBxMMJW8MiBi6le5FoJ98t/OeHLZQ32c7hljeE3YKSMSt5G
9kqKqfaPiu8=
=aZ3k
-----END PGP SIGNATURE-----





From rah at shipwright.com  Fri Feb 16 06:51:41 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 16 Feb 1996 22:51:41 +0800
Subject: (fwd) ALERT! Govt thought police online, to be debated on PBS 2/15
Message-ID: 



--- begin forwarded text

Mime-Version: 1.0
X-Priority: 1 (Highest)
Date: Thu, 15 Feb 1996 13:26:25 -0800
To: GovAccess at well.com
From: jwarren at well.com (Jim Warren)
Subject: ALERT! Govt thought police online, to be debated on PBS 2/15
Cc: fight-censorship+ at andrew.cmu.edu
Sender: owner-govaccess at well.com
Precedence: bulk

Date: Thu, 15 Feb 1996 15:05:21 -0500
To: policy-posts at cdt_list.cdt.org
From: editor at cdt.org (CDT Editor)
Subject: TONIGHT (2/15) on PBS - CDT Dir. Jerry Berman vs. Family Research
Council
Resent-From: policy-posts at cdt_list.cdt.org
X-Mailing-List:  archive/latest/14
X-Loop: policy-posts at cdt_list.cdt.org
Precedence: list
Resent-Sender: policy-posts-request at cdt_list.cdt.org

Jerry Berman, Executive Director of the Center for Democracy and
Technology, will debate Cathleen Cleaver of the Family Research Council
TONIGHT (Thurs 2/15) on PBS's 'News Hour with Jim Lerher'. (Formerly the
MacNeill/Lerher News Hour).

Check your local listings for time and channel.

Cleaver and the Family Research Council were strong supporters of the Exon
"Communications Decency Act." Topics to be discussed include the CDA, court
challenges, the recent announcement by Compuserve to un-block Usenet access
and provide parental control technologies to CIS subscribers, and other
issues relating to Internet Censorship.

==

I just god it, so now you just got it (as quick as my listserv can shovel
it out the pipe).

--jim
Jim Warren, GovAccess list-owner/editor (jwarren at well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>



Mo' as it Is.

--jim
Jim Warren, GovAccess list-owner/editor (jwarren at well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>

To add or drop GovAccess, email to  Majordomo at well.com  ('Subject' ignored)
with message:  [un]subscribe GovAccess YourEmailAddress (insert your eaddr)
For brief description of GovAccess, send the message:  info GovAccess

Past postings are at  ftp.cpsr.org: /cpsr/states/california/govaccess
and by WWW at  http://www.cpsr.org/cpsr/states/california/govaccess .
Also forwarded to USENET's  comp.org.cpsr.talk  by CPSR's Al Whaley.

May be copied & reposted except for any items that explicitly prohibit it.
--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From banisar at epic.org  Fri Feb 16 06:51:51 1996
From: banisar at epic.org (Dave Banisar)
Date: Fri, 16 Feb 1996 22:51:51 +0800
Subject: No Subject
Message-ID: 


A federal judge in Philadelphia has issued a partial temporary 
restraining order prohibiting enforcement of the "indecency" 
provision of the Communications Decency Act (CDA).  The judge 
declined to enjoin those provisions of the Act dealing with 
"patently offensive" communications.

The court agreed with the plaintiffs' claim that the CDA will have 
a chilling effect on free speech on the Internet and found that 
the CDA raises "serious, substantial, difficult and doubtful 
questions."  The court further agreed that the CDA is 
"unconstitutionally vague" as to the prosecution for indecency.  
But the court left open the possibility that the government could 
prosecute under the "patently offensive" provisions

The court has recognized the critical problem with the CDA, which 
is the attempt to apply the indecency standard to on-line 
communications.  Nonetheless, online speech remains at risk 
because of the sweeping nature of the CDA. 

The entry of the court order is a strong indication that the 
"indecency" provision of the legislation that went into effect on 
February 8 will not survive constitutional scrutiny by a three-
judge panel that has been impaneled in Philadelphia.  The panel 
will fully evaluate the constitutional validity of the legislation 
and consider entry of a permanent injunction against enforcement 
of the new law.

The temporary restraining order (TRO) was issued in a lawsuit 
filed by the Electronic Privacy Information Center (EPIC), the 
American Civil Liberties Union and a broad coalition of 
organizations.  EPIC is also participating as co-counsel in the 
litigation.  

The court ruling comes in the wake of widespread denunciation of 
the CDA, which was included in the telecommunications reform bill 
signed into law last week.

According to EPIC Legal Counsel David Sobel, one of the attorneys
representing the coalition, "The court's decision is a partial 
victory for free speech, but expression on the Internet remains at 
risk.  This is destined to become a landmark case that will 
determine the future of the Internet."  Looking ahead to 
proceedings before the three-judge panel, Sobel said "we are 
optimistic that further litigation of this case will demonstrate 
to the court that the CDA, in its entirety, does not pass 
constitutional muster."

EPIC has maintained since its introduction in Congress that the 
ban on "indecent" and "patently offensive" electronic speech is a 
clear violation of the free speech and privacy rights of millions 
of Internet users. 

Comprehensive information on the CDA lawsuit, including 
plaintiffs' brief in support of the TRO, is available at:

     http://www.epic.org/free_speech/censorship/lawsuit/


===============================================================
David L. Sobel
Legal Counsel
Electronic Privacy Information Center
sobel at epic.org
http://www.epic.org
===============================================================




_________________________________________________________________________
Subject:
_________________________________________________________________________
David Banisar (Banisar at epic.org)        *  202-544-9240 (tel)
Electronic Privacy Information Center   *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.epic.org
Washington, DC 20003                    *  ftp/gopher/wais cpsr.org 





From tallpaul at pipeline.com  Fri Feb 16 07:18:47 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 23:18:47 +0800
Subject: Cypherpunks Decency Act
Message-ID: <199602161441.JAA14966@pipe12.nyc.pipeline.com>


On Feb 15, 1996 21:43:49, 'jdoe-agamemnon at alpha.c2.org' wrote: 
 
 
>Bill Frantz wrote: 
>>Perry sent me a polite note asking why I had posted the original post,
and 
>>He suggested that in the future I make it clear why I think my posts are 
>>relevent to the subject of the list. 
> 
>Is this what we call the chilling effect? 
> 
 
No, certainly not in the *meaning* of the term. 
 
One: P.E. Metzger is an individual, not a state. To put it in context, "how
many [Army] divisions does Perry have?" 
 
Two: People publish a variety of opinions to the cypherpunk list. These
have included murder for hire and the mass destruction of civilians via
nuclear weapons. Surely P.E. Metzger is entitled to post his opinions, far
more topical to CP-List than the others. 
 
Three: The mathemetician Heri Poncaire once wrote that a properly prepared
scientific proof had the effect of "compelling" belief whether the person
vewing the proof wanted to believe in it or not. Put another way, any proof
in the HP sense has a chilling effect on all belief structures opposed to
the proof. This "chilling effect" is not what is meant by the same words
used to refer to government action. It is, perhaps, a type of "chilling
effect" that scientifically-oriented people would support. Now obviously,
P.E. Metzger's post and request is not a scientific proof. It might lead
some individuals to refrain from posting clearly off-topic material. The
same individuals may get upset at this new-found consciousness and be upset
at it. They might even decide their original unmediated desires had been
"chilled" by P.E. Metzger's request. So what? 
 
--tallpaul 





From wendigo at pobox.com  Fri Feb 16 08:21:33 1996
From: wendigo at pobox.com (Mark Rogaski)
Date: Sat, 17 Feb 1996 00:21:33 +0800
Subject: berkeley site kinda' up
Message-ID: <199602161512.KAA02293@apollo.gti.net>


-----BEGIN PGP SIGNED MESSAGE-----

Well, I got in to ftp://ftp.csua.berkeley.edu/ but it seems that 
none of the filesystems are mounted.

A nice, clean space.  Any news on what's happening?

- -----
    Mark Rogaski     | wendigo at gti.net | wendigo at pobox.com |  I use PGP, so
System Administrator |   http://www.pobox.com/~wendigo/    |    should you!
Global Telecom, Inc. | Why read when you can just sit and  | finger for pubkey
  http://w3.gti.net/ |          stare at things?           | wendigo at pobox.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSSc09T48ZIkMoEtAQGhYQf9FTxwG4lTpGJ2Rc1DtcsmjOvhnM2eTxvJ
zLy9WFo5Hr3W2jSAoQ7VWmfr5ZgcCuyiPtxnkTHfXBqWNS4SnJ5BCYmGhAmLu+WW
EMTPXmmeLN/R2vsLCfetmII+/WR2SKvShU8TOTHSrsEZQnbz56AWUVexEs86kvKY
q+dJFQadjTmQDdhIh/+jXIeJfccpRujBu7MOb7kWnbmC4VoMVDrKRh+73bcj+4+g
Zm+ptTgn8NVCHyjn+Ydy9jU8H2bymQnQl1YsqcAmhrKW9cpB04ijXKM3rGQl99OS
kc+qlT1Kwvf4laLHOcFcjKPIWV0o0WRExJhoapgpN6gUfmSWM3LDXg==
=nOvQ
-----END PGP SIGNATURE-----





From pcw at access.digex.net  Fri Feb 16 08:40:17 1996
From: pcw at access.digex.net (Peter Wayner)
Date: Sat, 17 Feb 1996 00:40:17 +0800
Subject: Computer unmasks Anonymous writer...
Message-ID: <199602161525.KAA28647@access1.digex.net>




The Feb 16, 96 edition of the Baltimore Sun announces that a computer
program similar to one used to attribute unknown poems to William
Shakespeare has been turned to solving the mystery of who wrote
the best selling book, _Primary Colors._ The work was apparently
done by Donald Foster a professor at Vassar College who discovered
that both Joe Klein and the author of _Primary Colors_ used these
adjectives quite often:

especially, entirely, fiercely, incredibly, mortally, particularily,
precisely, profoundly, reflexively, relentlessly, seriously, subtly,
surprisingly, ultimately, utterly, vaguely, wistfully

More information will be published in an article slated to run in the
copy of _New York_ magazine that goes on sale on Monday. This article
seems to be the major source for the Sun piece.

If Joe Klein, a well-known political writer, is indeed the author, it
is clear that he didn't learn one of the first lessons of Washington.
If you're going to leak information or quotes to the world, make sure
you use the diction of your enemy. That's ventriloquism Washington
style.

-Peter Wayner





From jya at pipeline.com  Fri Feb 16 09:52:45 1996
From: jya at pipeline.com (John Young)
Date: Sat, 17 Feb 1996 01:52:45 +0800
Subject: Computer unmasks Anonymous writer...
Message-ID: <199602161550.KAA02337@pipe1.nyc.pipeline.com>


The Wash Post today also covers fingering Joe Klein by 
stylistic analysis, gives Klein's denial and in a separate 
article reports on the methodology of its own computer analysis 
and most likely suspects, who are ...








From jamesd at echeque.com  Fri Feb 16 09:56:57 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sat, 17 Feb 1996 01:56:57 +0800
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602161554.HAA25202@news1.best.com>


At 10:32 PM 2/14/96 -0500, Tim Philp wrote:
>	If I apply for a credit card and use it to buy a hockey glove (how
>Canadian eh) I should not expect to be on the mailing list of every
>sporting goods operation in North America!
>
> [...]
>
>	Again, I am not suggesting prior restraint. I simply want to sue 
>the bastards who violated my expectation of privacy.

1.  All so called privacy laws against databases *have* involved 
prior restraint, and thus necessarily involved massive violation 
of privacy by the state.

2.  Absent prior restraint, you may have great difficulty discovering 
whole leaked information concerning you.

3.  Such a law as you propose, without prior restraint, would not 
violate peoples privacy, and for that very reason it is vastly 
unlikely that such a law would ever be passed.  The primary purpose
of laws against acts that are malum prohibitum and not malum in se 
is to empower those that pass them, and the secondary purpose is
to empower established businesses that are threatened by competition.
(The digital telephony act should be called the big three 
preservation act.)

When you say "There ought to be a law", ask yourself who would pass 
such a law, who would enforce such a law, and why.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jamesd at echeque.com  Fri Feb 16 10:47:07 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sat, 17 Feb 1996 02:47:07 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602161631.IAA25897@news1.best.com>



James Donald writes:
>[in reply to strata]
>> Your other arguments casually dismiss the very real power that large numbers 
>> of able people with good communications can exercise, have just exercised
>> very recently.

At 05:03 AM 2/16/96 -0500, lmccarth at cs.umass.edu wrote:
>Large numbers of able people with good communications very recently exercised 
>their putative "very real power" against the passage of the CDA. They had no
>substantial impact AFAICS. (I intend no slur against the effort.)  Could you
>name some examples, and add some qualifications that made the difference in
>those cases ?

1.  President Clinton declared CDA unconstitutional and directed 
the Justice department to refrain from enforcing it.

2.  The normal course of events, when a new medium starts 
competing against an old medium, is for the new medium to 
be censored to an utterly ludicrous degree, analogous to 
the law requiring a man with a red flag to walk in front 
of horseless carriages, while the old medium has censorship 
radically relaxed.  In the normal course of events one would 
expect a strict ban on pictures of women in clothes cut 
below the neck or above the ankles, and a ban on any 
unpleasant or disturbing subject.  (For example the comics 
code, and the TV rule that married couples had to have 
separate beds)

Instead alt.pictures.binaries.erotica.children is still 
going strong.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From froomkin at law.miami.edu  Fri Feb 16 11:36:40 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Sat, 17 Feb 1996 03:36:40 +0800
Subject: ITAR personal use exemption in force
Message-ID: 


61 Federal Register 6111 (Feb. 16,  1996)
To be codified at 22 CFR parts 123 & 126
Effective today.

Excerpts:


	"After extensive review, the Department of State has decided to 
further amend the regulations to provide for an exemption for the 
temporary export of products for personal use.  The exemption does not 
apply to other circumstances, for example, those in which a person 
contemplates sales, marketing or demonstration....

	... for purposes of this exemption, a product is considered to be 
in the possession of the exporter if the exporter takes normal  
precautions to ensure the security of the product by locking the product 
in a hotel room, safe, or other comparably secure location; and, while in 
transit, the exporter keeps the product in his/her carry-on luggage or 
locked in baggage accompanying the exporter which has been checked with 
the carrier.

	This amendment involves a foreign affairs function of the United 
States and thus is exploded from the procedures of [ordinary rulemaking].

	However, interested parties are invited to submit risen comments 
to the Department of State, Director, office of Defense trade Controls,  
attention: regulatory change, personal use cryptographic products, Rome 
200, SA-6, Washington, DC 20520-0602.

  [The above was dictated using voice-recognition software, so beware of  
strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From declan+ at CMU.EDU  Fri Feb 16 11:46:20 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sat, 17 Feb 1996 03:46:20 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602140542.VAA18716@news1.best.com>
Message-ID: 


Excerpts from internet.cypherpunks: 13-Feb-96 Re: Spin Control Alert (LI
.. by jamesd at echeque.com 
> Not obvious to me.
>  
> While the religious right clearly supported the push to regulate the
> internet, the main push seemed to me to come from the existing mass
> media, primarily the three big TV channels.

The religious right did not *support* the "push to regulate the
Internet" -- they drafted, defended, and pushed through the damn CDA!

Did you *read* the message I posted, with information about how the
religious right/anti-porn groups created and then worked to push this
legislation through Congress?

Did you *read* the files in my Rimm archive, detailing how an editor at
the Georgetown Law Journal worked to get Rimm's "research" approved for
publication? Did you know that he's a leading anti-porn activist?

Did you *read* Mike Godwin's collection of articles about how the
religious right organied the anti-porn scare?

Certainly the mass media were complicit, but they served a supporting role.

-Declan






From jbaber at mi.leeds.ac.uk  Fri Feb 16 11:48:46 1996
From: jbaber at mi.leeds.ac.uk (jbaber at mi.leeds.ac.uk)
Date: Sat, 17 Feb 1996 03:48:46 +0800
Subject: Looking for GSM A5 info
Message-ID: <8118.9602161648@misun2.mi.leeds.ac.uk>



 writes... 
> I'm looking for information about the A5 encryption algorithm used in
> GSM phones. Specifically:
> 
[...........deleted............]
> 
> Any related information, or pointers to related information,
> appreciated greatly.
> 
> ________________________________________________________________________
> Stephan Somogyi                Mr Gyroscope                Digital Media
> 
> 

I have a post to sci.crypt from Jun 1994 stored on my web pages that has a fair
amount of information on A5 along with an implementation. I can not guarentee
that the details are accurate but they may well be of some use. Try:

http://chem.leeds.ac.uk/ICAMS/people/jon/a5.html

Jon C. Baber
jbaber at mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon/





From rah at shipwright.com  Fri Feb 16 12:11:57 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 17 Feb 1996 04:11:57 +0800
Subject: DCSB: Tales from the Dark Side: Non-Anonymous Digital Cash?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                             Mark Bernkopf

                        Tales from the Dark Side:
                       Non-Anonymous Digital Cash?


                        Tuesday, March 5, 1995
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



This past autumn, Mark wrote a couple of studies on electronic money.  He
will offer some general thoughts on likely winners and losers of the
cash-card competition.  Mark opposes totally untraceable electronic cash.  He
is skeptical of private currencies, although he concedes one type of private
currency that might succeed.


Since late 1993, Mark Bernkopf has been an economic and financial policy
analyst at Bruce Morgan Associates, Inc., a small international consultancy
in Arlington, VA.  He prepares a semi-annual World Economic Outlook, and
writes on such subjects as central banking and monetary policy, currency
boards, the economics of Korean reunification, derivatives, bancassurance,
and industrial policy.  His firm's clients are mostly Middle Eastern
governments and large East Asian corporations and thinktanks.

In previous "incarnations" Mark served at the Clinton White House Office of
Communications and at the Open Market Operations Department of the Federal
Reserve Bank of New York.  He is a Wharton grad and a clandestine contributor
to Pasi Kuoppam�ki's "Jokes about Economists and Economists"
http://www.etla.fi/pkm/joke.html



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, March 5, 1995 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, March 2, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 April       Donald Eastlake  CyberCash
 May         Perry Metzger    Security Consultant and Cypherpunk
 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah at shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo at ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo at ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSS2l/gyLN8bw6ZVAQEtHQP9GoForXlqC37poPqWsXJmjTM+4oNuxrt6
uWDxNeshrJcn1bzwr3pumKQo/5ep+2x0+SSK4Ay2DMmNZwt/vYI/UvaWsfQoRQVg
t4vJ3cZQ4/ESuZ5lMbDORPUoUFwcxcJf0qcw0AXT0asZBFfaqRajg98bSqIQECYO
6mNXIuGtoqk=
=pR6y
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From jya at pipeline.com  Fri Feb 16 12:12:48 1996
From: jya at pipeline.com (John Young)
Date: Sat, 17 Feb 1996 04:12:48 +0800
Subject: LUP_hol
Message-ID: <199602161658.LAA05879@pipe2.nyc.pipeline.com>


   Two TWP reports on the future of US intelligence and
   use of nonofficial cover (NOC):

   "Don't Hobble Intelligence Gathering," 2-15-96.

      An op-ed by Richard Haass, principal author of a just
      released report on the future of intelligence by the
      Council on Foreign Affairs, which, among other things,
      proposes lifting the ban on use of journalists and
      clergy as cover. [We expect to get this report shortly
      and will offer it here; CoFA says the first printing was
      snapped up so there should be more news reports.]

   "Loophole Revealed in Prohibition on CIA Use of
   Journalistic Cover," 2-16-96.

      Which reports that by special waiver the CIA continues
      to use journalists as covert agents despite the 1977 
      ban. Ex-National Security Council staffer Haass and 
      an ex-DCI panelist of the CoFA study claim they were 
      unaware of the loophole OKable only by the DCI. Hmm.

   LUP_hol













From lane at sutm.2sprint.net  Fri Feb 16 12:20:07 1996
From: lane at sutm.2sprint.net (Lane Maxwell)
Date: Sat, 17 Feb 1996 04:20:07 +0800
Subject: hawkenet.com
Message-ID: <9602161704.AA18970@sutm.2sprint.net>


I have been trying to log into hawkenet.com for the past few days. Does
anyone know what is wrong with it? It seems to have some pretty interesting
stuff on it. 
                                                        Lane






From jimbell at pacifier.com  Fri Feb 16 12:30:26 1996
From: jimbell at pacifier.com (jim bell)
Date: Sat, 17 Feb 1996 04:30:26 +0800
Subject: Cypherpunks Decency Act
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 02:50 AM 2/16/96 -0500, t byfield wrote:
>At 9:43 PM 2/15/96, jdoe-agamemnon at alpha.c2.org wrote:
>
>>>Perry sent me a polite note asking why I had posted the original post, and
>>>He suggested that in the future I make it clear why I think my posts are
>>>relevent to the subject of the list.
>>
>>Is this what we call the chilling effect?
>
>        No.
>        bell at pacifier--surely not a coincidence--has indulged himself
>excessively. Anyone checked out the LD angle on him?

Hey, I resent the implication, here!  Three months ago I wouldn't have known 
what you meant by that, but "comparatively" long ago I learned that "LD" is 
Detweiler, who apparently has a long and established history of using 
aliases.  It sounds like you're trying to imply that I am either a Detweiler 
"tentacle" (yet another term of art that I learned in the last couple of 
months) or am somehow in league with him.  Right?!?

Well, "It ain't so."  Now, I realize how difficult it is for me to prove 
that I'm not some other particular person, but from the snippets I've 
managed to see over the last few months on Internet, this Detweiler 
character appears to know FAR more about the use of Internet than I do. (He 
apparently is a sleazy bastard, but then you probably know much more about 
that than I do...)  Hell, it was only a couple of months ago that I even 
learned how to use PGP with Eudora.  I've only had a full SLIP account for a 
few months before that.

In fact, so far (luckily for me, I guess) my only contact with LD is that I 
was flamed by him, actually under the Detweiler name, when I first posted 
"Assassination Politics" to various USENET areas.  At that point, I had no 
idea of his checkered history (still don't know much; I'd appreciate hearing 
more) and he apparently assumed that I was some Tim May clone.  He even 
referred to May as "TCM," a set of initials that mystified me for a week, 
until some kind soul sent me a small snippet of the Cybernomicon, the part 
dealing with "net-killings."

At that point, he ignored me, probably classifying me as a clueless newbie.  
His flaming ceased when he discovered that I was not only not "in the TCM 
camp," but I hadn't even heard of May and Cypherpunks.

In any case, as I understand it from vague commentary, some of you people 
"out there" know a lot more about LD, and it should be possible for me to 
show my history in enough detail to convince anybody that I'm not Detweiler. 
 Hell, somebody posted my correct address just a few hours ago (it was no 
secret; I am well aware of USENET indexing, and I've freely published my 
address and the correct, current phone number in a USENET area within the 
last couple of months, and I've never had an unlisted telephone number.

Jim Bell, N7IJS, 7214 Corregidor, Vancouver, WA, USA 98664, 360-696-3911  
(they changed area codes from 216 last year),  MIT Class of 1980, Course 5, 
Chemistry major.

"James Dalton Bell"  (yes, THOSE Daltons!)


jimbell at pacifier.com


Klaatu Burada Nikto.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSSvq/qHVDBboB2dAQG89AP8D+Wv6oXk3Yj0gcLg6pPP7DNvEhQCQG1j
q8UzCvz/lA0d2Pv+DR5KCAsgCeWD3H2b5435GrYt4jsUhOSBmwZ4C1KFdogBon5D
ELvbNwLyNtf6GGaqeAxlD/ztJ/MMuoPAaohi4tZuUhEnMGe7JMV5UlMHgnSfyRQ+
SKyM7bHg2io=
=qC3l
-----END PGP SIGNATURE-----






From sasha1 at netcom.com  Fri Feb 16 12:49:07 1996
From: sasha1 at netcom.com (Alexander Chislenko)
Date: Sat, 17 Feb 1996 04:49:07 +0800
Subject: Computer unmasks Anonymous writer...
Message-ID: <199602161720.JAA05092@netcom.netcom.com>


  I ran my essays through Word grammar checker a while ago,
and was surprised how stable the grammar statistics were.
Complexity of the text (grade level) was the same to the decimal point,
average length of sentences was consistent, etc.
People also use the same styles of smileys or *highlights*, make
consistent spelling errors, have their habits of indentation, etc.

My suggestion at the time was to have randomizing output filter that
would substitute synonyms, change spelling, modify paragraph formatting,
etc.  - Style anonymizer, I'd call it.  Also, if small random changes are
applied to every copy of the message you send out, and you keep track of
what recipient got which version, you will find it easier to identify
the leaks if you send private messages.  A dishonest recipient, to
protect himself, would have to further randomize the message, which
has apparent consequences for the ease of your identification and attributability of the message.

  Of course there are  more subtle consistencies of style one can't easily
mask with a filter - but they are not easy to detect either.

-----------------------------------------------------------
| Alexander Chislenko | sasha1 at netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------





From tedwards at Glue.umd.edu  Fri Feb 16 13:09:35 1996
From: tedwards at Glue.umd.edu (Thomas Grant Edwards)
Date: Sat, 17 Feb 1996 05:09:35 +0800
Subject: Libertarians and crypto and such
Message-ID: 



>Isn't it the libertarian types on the list who are into mass killings of
>civilians with nukes and the "socialist statists" who tend to oppose it? 
 
Libertarians do not believe in killing civilians with nukes.  Libertarians
do not believe in murder, period.  We're not the ones calling for the
death penalty for drug lords.  We're not the ones calling for military
force in foreign countries, be they Kuwait or Bosnia.  Infact, the
Libertarian Party has often called for nuclear disarmament. 

Libertarians are interested in democratic change, not violent 
revolution.  

ObCrypto:  

William Winter, Director of Communications of the Libertarian Party, not
only ordered the Libertarian Party web site to go dark for "Black
Thursday," he also delivered an empassioned speech at the anti-CDA rally
in Washington, D.C., last saturday.

(http://www.wam.umd.edu/~tedwards/rally.html for pictures and links to
audio)

The Libertarian Party has consistantly sent out the strongest statements 
of any political party in support of cryptographic freedom and freedom of 
expression on the Internet.  
 
-Thomas







From cp at proust.suba.com  Fri Feb 16 13:14:53 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sat, 17 Feb 1996 05:14:53 +0800
Subject: Computer unmasks Anonymous writer...
In-Reply-To: <199602161525.KAA28647@access1.digex.net>
Message-ID: <199602161745.LAA16950@proust.suba.com>


> The Feb 16, 96 edition of the Baltimore Sun announces that a computer
> program similar to one used to attribute unknown poems to William
> Shakespeare has been turned to solving the mystery of who wrote
> the best selling book, _Primary Colors._

Suppose you didn't trust the from fields in usenet articles, and you
wanted to index everything so that you could pull up articles that appear
to have been written by the same person.  How would you go about doing
this?  Would you set up n statistical measures for text, assign each
article an n-tuple, and look for points that are near each other? 

Isn't this a similar problem to indexing satellite photos or 
fingerprints?  How good are the spooks at doing that sort of thing?






From hkhenson at netcom.com  Fri Feb 16 13:21:08 1996
From: hkhenson at netcom.com (Keith Henson)
Date: Sat, 17 Feb 1996 05:21:08 +0800
Subject: (fwd) Fishman > Pest Control
Message-ID: <199602160751.XAA10419@netcom.netcom.com>


I know there are services which can recover at least some of the data
on a formated disk.  Does anyone have a pointer to them?  Keith Henson

PS, Please reply by email.  I used to read this list, but it has been
some time since I was here.  I already asked the victum to quit using
the disk.  

Xref: netcom.com alt.religion.scientology:150246
Path: netcom.com!ix.netcom.com!netnews
From: xenu at ix.netcom.com(STEVEN FISHMAN )
Newsgroups: alt.religion.scientology
Subject: Fishman > Pest Control
Date: 15 Feb 1996 02:58:35 GMT
Organization: Netcom
Lines: 190
Message-ID: <4fu7gr$f07 at cloner4.netcom.com>
NNTP-Posting-Host: ix-ftl5-11.ix.netcom.com
X-NETCOM-Date: Wed Feb 14  6:58:35 PM PST 1996

DECLARATION OF STEVEN FISHMAN

	1.	I, STEVEN FISHMAN, am a plaintiff and co-plaintiff along
with Dr. Uwe W. Geertz in the case before the Superior Court of the
State of
California, in and for the County Los Angeles, known as �Uwe Geertz and
Steven Fishman vs. Church of Scientology International et. al.�, Case
Number BC 122 467.

	2.	On Thursday, February 8, 1996, I received a phone call from
a
woman in a mature voice who said she was from Sonny�s Pest Control
Services.  She said that she was introducing her company to the
Sunshine
Ranches subdivision of Fort Lauderdale and offered me a free pest
control
spraying of both inside and outside the house, at no cost or
obligation.  As I
had not had a spraying done in five months due to my financial
situation, I
told her to send her representative to spray the house on Saturday
afternoon,
February 10, 1996.

	3.	On Saturday afternoon, about 3:00 P.M., two pest control
workers arrived at the house.  They introduced themselves as Eddie and
Amy,
and said they were from Sonny�s Pest Control.  They were very clean cut
and
had canisters of pest control spray.  They both wore white shirts. 
Eddie had a
tie on, and Amy was wearing denim shorts.  Eddie shook my hand and told
me that Amy was his sister.  They were very friendly and knowledgeable
about pest control.  Eddie seemed genuinely concerned about my parrot,
and
said that the spray his company used would not hurt the bird, and also
began
describing three kinds of carpenter ants which his spray would contain.
 

	4.	Eddie began spraying the inside of the house and Amy
suggested
I show her which plants outside had the most ants.  She was also very
knowledgeable about plants and was very friendly and congenial.  She
was
smiling a lot and I found her attractive so we spoke for about ten
minutes
outside.

	5. 	We then went back inside and I told Eddie I liked their
work and
I would call them in a month if I were financially able to afford their
services
because I was currently looking for a job.  Eddie asked me to write
down his
phone number so I could call him.  I asked him for a business card but
he said
they were not ready yet.  Amy asked if I was pleased with their service
and I
said it was very well done.  I left a few minutes after they did to go
pick up
my daughter who was a hostess at the Renaissance Festival.

	6.	When I returned around 5:30 P.M., I turned on my computer
and
I found the screen blank except for the words c:\format c: and
underneath it
100% formatted.  Everything on my hard drive had been erased, including
the
rough drafts of my opposition motion to defendants� notice of motion to
quash service of process of David Miscavige and my opposition motion to
defendants� notice of motion and special motion to strike the second
amended
complaints of plaintiffs pursuant to C.C.P. � 425.16 (SLAPP Suit). 
Furthermore, all of my research, including my original complaint and
all of
my Internet files were simultaneously destroyed when my hard drive was
formatted.

	7.	I checked the house and nothing had been taken.  I had $ 40
in
my wallet which was on a table in plain view in my bedroom and nothing
was
stolen from out of it.  The sole purpose of these two pest control
sprayers was
to re-format my hard drive and render it impossible for me to send in
my
motions and also go on the Internet.  I also had important
correspondence on
my hard disk with the Internal Revenue Service about my effort to
overturn
the tax exempt status of the Church of Scientology, as well as letters
of
complaints to the Food and Drug Administration regarding the Church of
Scientology�s Super VII E-Meter not being an approved device for the
treatment of mental illness, and my complete file on the criminal
activities of
Church officials including Defendant Eugene Ingram is now gone.

	8.	At no time did Eddie and Amy mention anything about
Scientology.  They only talked about pest control, my bird, and the
outdoor
plants and their services.  I tried calling the number Eddie gave me
but it was
not the number for Sonny�s Pest Control Services, and the party who
answered it said she has had that number for many years and I reached a
trailer park near the Seminole Bingo on State Road 7.  The woman said
it was
a wrong number and she never heard of Eddie or Amy.

	9.	I had been working on the preparation of two motions for
the
Status Conference for nearly a month, doing legal research and typing
between 14 and 16 hours a day, without the benefit of legal help.  When
I lost
all of my data, I had chest pains and became physically sick and
depressed
for several days and I remained in bed.  All of the work I had done was
gone
and I was unable to locate these two people.

	10.	I cannot prove that these individuals were Scientologists
or
connected with the Office of Special Affairs.  I do not even have their
last
names or even know if Eddie and Amy are their correct first names.  I
never
thought of putting a password system on my computer because the only
two
people who use the computer are myself and my daughter Elysia.  I had
no
backup of my data.  

	11.	I called the Microsoft help line at (206) 646-5104 and
spoke to a
support engineer named David.  I explained to David what had happened,
and
he assigned my problem a task number 14803868, and told me to use a
recovery disk to get my DOS prompt back, so I could re-install Windows
and
the word processor software (Works for Windows).  I was finally able to
get
the word processor loaded on Tuesday evening at 11:23 P.M.  There was
no
time to re-write the opposition motions since the replies had to be in
the Court
file by Friday, February 16, 1996.

	12.	I am therefore joining with Dr. Geertz�s two opposition
motions
because there is insufficient time to re-write my own opposition
motions, and
I do not want to ask the Court for a delay in order to prepare the
motions over
again, because I would have to pay a penalty for changing my
non-refundable
airline tickets for the Status Conference, which I can�t afford.  

	13.	I just wanted the Court to take notice of what happened to
me as
I believe it was a deliberate attempt to sabotage my legal work, and/or
to
keep me off the Internet because I have been a vocal critic of the
Church of
Scientology on the newsgroup alt.religion.scientology and on the
International
Relay Chat Channel #scientology as of late.  And, as I said before,
even
though I believe I know who is responsible, I can�t prove it.  However,
I
would like the Court to take judicial notice of it in the event this
type of
operation occurs again or in a similar fashion to interfere with my
right to
litigate this case.  

	14.	I declare under penalty of perjury that the aforementioned
facts
set forth are true and correct.



Respectfully Submitted,			Dated:  February 14, 1996


___________________________
Steven Fishman
Plaintiff Pro Se
12980 S. W. 48th Street
Fort Lauderdale, Florida  33330-2339





From mccoy at communities.com  Fri Feb 16 13:23:35 1996
From: mccoy at communities.com (Jim McCoy)
Date: Sat, 17 Feb 1996 05:23:35 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: 


Bill Franz writes:
> Adam Shostack wrote:
[...]
>>IP numbers are not portable, DNS names are.  You can move toad.com
>>anywhere on the network, but you can't move 140.174.2.1 anywhere on
>>the network.
>
>FYI - IP portability, both in the sense of disconnecting in one place and
>reconnecting in another and in the sense of keeping a TCP connection alive
>while moving from place to place are design goals of IPv6

But IPv6 also brings link-level encryption and makes subliminal
communications channels trivial; Big Brother (now does anyone know
what that that translates to in Chinese?) won't stand for that...

The enhancements of IPv6 make a lot more possiblities for
secure channels and untracable packet-level communications
available.  Instead of needing to jump through many hoops
you just have to subvert one of the new goodies IPv6 gives
you for free :)

jim







From tbyfield at panix.com  Fri Feb 16 13:35:23 1996
From: tbyfield at panix.com (t byfield)
Date: Sat, 17 Feb 1996 05:35:23 +0800
Subject: Cypherpunks Decency Act
Message-ID: 


bell at pacifier:

>Hey, I resent the implication, here!

        This maybe isn't the best forum for your feelings. Be a mensch and
ice the thread, OK? TIA.







From rsalz at osf.org  Fri Feb 16 13:38:57 1996
From: rsalz at osf.org (Rich Salz)
Date: Sat, 17 Feb 1996 05:38:57 +0800
Subject: MS CryptoAPI (fwd)
Message-ID: <9602140028.AA28117@sulphur.osf.org>


Okay, so how the hell did Microsoft get export approval for this? I mean,
this is the classic crypto-with-a-hole; a service-provider interface (SPI)
with DLL's means "plug your crypto here".  This is usually considered an
"anciliary" device in ITAR language, and therefore export controlled.  I
mean, how long until you see MSWord with "full privacy" option?

Word I've heard is that the office of Export Control has had a lot of
turnover and "nobody knows anything" anymore.  Anyone here any other good
rumors?
	/r$





From jya at pipeline.com  Fri Feb 16 14:18:56 1996
From: jya at pipeline.com (John Young)
Date: Sat, 17 Feb 1996 06:18:56 +0800
Subject: PUR_ple
Message-ID: <199602161848.NAA21959@pipe1.nyc.pipeline.com>


   2-16-96. FinTim:

   "First world smartcards and third world pensioners."

      Each month, a thin line of grandparents and
      great-grandparents shuffles across the rural wilderness
      clutching fresh banknotes dished out by the most
      sophisticated cash dispensers in the world. The machines
      are the hub of a thriving market economy. Mounted on
      unmarked pick-up trucks and escorted by armed guards,
      they are pursued across the hillsides by traders
      carrying buckets of freshly slaughtered meat, caged
      chickens, and an array of traditional medicines. The
      able-bodied carry the disabled and infirm with them in
      wheelbarrows. Under makeshift awnings, every pensioner
      swipes a plastic card through the machine, then rolls a
      weathered finger across a tiny scanner which checks the
      fingerprint against a digital template and dispenses a
      monthly allowance.

      Another machine, the "smartbox", keeps a tally of its
      contents and transmits an encrypted data stream with a
      constantly updated record of deposits to its destination
      bank. If tampered with, it sprays its contents with
      indelible purple ink like that with which the security
      police once sprayed anti-apartheid protesters. No
      reports yet of the graffiti inspired by the coloured ink
      in the 1980s, when township walls proudly proclaimed:
      "The Purple Shall Govern."

   PUR_ple







From WlkngOwl at UNiX.asb.com  Fri Feb 16 14:33:02 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Sat, 17 Feb 1996 06:33:02 +0800
Subject: "US Court: Communities Can Judge Cyber-Porn"
Message-ID: <199602161915.OAA19273@UNiX.asb.com>


>From LI Newsday, 2/16/96, p. A32:

"US Court: Communities Can Judge Cyber-Porn"
[Combined News Services]

  Memphis, Tenn. - In a court ruling that could have a wide impact on 
  cyberspace, a federal appeals court has decided that every community 
  can judge for itself the obscenity of material downloaded from 
  computer bulletin boards - no matter where those boards are based.

  That opinion, unless overturned by the US Supreme Courtm coult mean 
  that bulletin board material that might have been at the far edge 
  of  acceptable in New York or California could be judged by perhaps
  more conservative standards if downloaded in Tennessee or Iowa.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From vznuri at netcom.com  Fri Feb 16 14:37:42 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Sat, 17 Feb 1996 06:37:42 +0800
Subject: True democracy the electronic way
In-Reply-To: <199602152143.QAA27240@jekyll.piermont.com>
Message-ID: <199602161919.LAA09379@netcom15.netcom.com>


PM:

>For those not in the know, I will point out for the record that
>Vladimir Z. Nuri is actually L. Detweiler and that you are watching a
>form of strange masked dance in which everyone pretends that they
>don't know who the other person is. We now return you to the surreal
>dialog already in progress.

hmmmmm, sounds like a ridiculous conspiracy theory to me, concocted
mrely to further inflame TCM warefare by inciting both him and
those critical of him. (methinks you have been staring at crypto
code for sockets and slaving over a hot monitor a bit too long.)

note: I have absolutely no interest of playing the puerile cyberspatial
identity games the cypherpunks have come to be famous for.

but thanks for a great laugh (at you, not with you).

(but, shall I remind you, all these conspiracy theories you raise
are WHOLLY IRRELEVANT to the cypherpunks list.)

say PM, you are into capitalism and the free market economy as
transcendent and sacred and all that-- what would you
charge to not post to this list for say several months? a little
vacation for someone clearly overworked and fatigued? I'd be
willing to take up a collection. you might be surprised how much
people donate ... there even maybe one or two "wealthy contributors"
who really up the ante. don't take it personally-- I really am
concerned for your welfare and serenity of mind, something that seems
to endlessly elude you as much as the perfectly relevant cypherpunk post..

p.s. a little note to everyone here who doesn't "get it"-- a 
guerilla measures his effectiveness by the presence of *any* response.







From gbroiles at darkwing.uoregon.edu  Fri Feb 16 14:57:38 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Sat, 17 Feb 1996 06:57:38 +0800
Subject: Carrying the Bible an Offense?
Message-ID: <199602162012.MAA13658@darkwing.uoregon.edu>


At 01:24 PM 2/15/96 -0600, Sten Drescher wrote:
>tcmay at got.net (Timothy C. May) said:
>
>TCM> There are two further points which need clearing up:
>
>TCM> 1. Private citizens (the atheist in this case) do not file
>TCM> criminal charges. They may swear out a complaint ("I witnessed
>TCM> John Doe carrying a Bible"), but they do not file criminal
>TCM> charges.
>
>	OK, how about `press charges`?  And please, don't try telling
>me that private citizen's don't `press charges`, because one of the
>well reported problems in fighting domestic violence has been the
>battered spouse (almost always the wife) refusing to press charges.

The "pressing charges" question is essentially about evidence. At certain
stages in a criminal proceeding, the prosecution must produce enough
evidence of the right kind (e.g., sworn testimony which reaches the level of
probable cause, for instance) in order for the proceedings to continue.
There are smaller hurdles pretrial (in order to create the prosecution
itself, and to hold the defendant while waiting for trial) and a bigger
hurdle at trial. The sworn testimony of a victim can be strong evidence to
help a prosecutor get over those hurdles. If there is no other evidence, the
prosecution may fail. But prosecutors and investigators who see the
reluctant victim problem coming can sometimes work around it by collecting
other evidence which can be used instead of the victim's testimony. The
victim can also be subpoenaed to testify even if they don't want to. (Of
course, their testimony may not be especially helpful under those
circumstances.) 

Thus, no, the victim does not have veto power over a prosecution, except in
those circumstances where they're fortuitously in possession or control of
the evidence the prosecution needs to prove its case. And that's a matter of
luck and circumstance, not law. 

>TCM> No prosecutor can be "forced" to prosecute, absent approval by a
>TCM> grand jury. (And if a prosecutor doesn't want to indict a ham
>TCM> sandwich, it won't be indicted.)
>
>	OK, how about this.  J Random Atheist, Jr, comes across the
>Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
>and swears out a complaint.  The AUSA refuses to investigate.  Could J
>Random Atheist, Sr, file a lawsuit against the AUSA because he is
>being denied equal treatment under the law?

No. J Random Atheist has no right to expect prosecutors to share his
priorities re enforcement of the laws. His remedy is to elect people with
different prosecutorial priorities.
 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From samman-ben at CS.YALE.EDU  Fri Feb 16 15:36:02 1996
From: samman-ben at CS.YALE.EDU (Rev. Ben)
Date: Sat, 17 Feb 1996 07:36:02 +0800
Subject: news of the world (fwd)
Message-ID: 


  China orders Internet users to register



   BEIJING - In its latest move to control the flow of information, China
   on Wednesday ordered all those who use the Internet and other
   international computer networks to register with the police within 30
   days. China embarked on a broad crackdown on Internet users and other
   sources of information potentially harmful to government interests in
   December.

Oh well.

Ben.
____
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman at powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume






From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb 16 15:38:41 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 17 Feb 1996 07:38:41 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <01I18USFWHX0A0V2IC@mbcl.rutgers.edu>


From:	IN%"declan+ at CMU.EDU"  "Declan B. McCullagh" 15-FEB-1996 01:33:25.17

>Since you don't understand the way Federal criminal charges work,
>there's no reason I should take your argument seriously. (Hint: The
>*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
>"athiest.")

	How about a lawsuit by the atheist against the site? Since the CDA
claims that such material is harmful, and tries to make it illegal, such a
lawsuit would appear to have grounds - especially if the atheist has a child
that is "surfing the Net." Now, they're unlikely to _win_, but the atheist
can cost them some money _and_ make the CDA look stupid. If I were in the
American Atheist Foundation or some such, I'd do such a lawsuit against a
Christian Right organization that had supported the CDA.
	Of course, the selective enforcement will be a good argument in favor
of the law being unconstitutional.
	Crypto relevance? Criminal laws aren't the only things that a
crypto-anarchial system will make less effective. Civil lawsuits (under things
like libel) also will be. I'd call this a good change.
	-Allen





From stend at grendel.texas.net  Fri Feb 16 15:41:16 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sat, 17 Feb 1996 07:41:16 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: <199602161631.IAA25897@news1.best.com>
Message-ID: <199602161957.NAA02481@grendel.texas.net>


jamesd at echeque.com said:

j> 1.  President Clinton declared CDA unconstitutional and directed
j> the Justice department to refrain from enforcing it.

	Then why is the Justice Department defending it?  Sorry, but
unless you can give us a citation, I can't buy this one.  I believe
that Clinton did, however, direct the Justice Department to not
enforce the abortion gag rule that got tacked on at the very end, so
maybe that's what you are thinking of.  But that wasn't part of the
CDA.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From vanhorn at hks.net  Fri Feb 16 15:48:27 1996
From: vanhorn at hks.net (Kevin S. Van Horn)
Date: Sat, 17 Feb 1996 07:48:27 +0800
Subject: The Internet Party
Message-ID: <199602162100.QAA18002@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

talon57 at well.com (Brian D Williams) wrote:
>
>Now all we need is a candidate who stands for free speech, personal
>privacy and the right to encrypt.......
>

Best-selling author Harry Browne fits the bill.  He's seeking the Libertarian
Party nomination.

Kevin S. Van Horn
vanhorn at excite.com

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSTwUyoZzwIn1bdtAQESiAGAuGYmFY81oZxFNuU/88nK4RBKWwnL7JVu
MHZp3Bm60vdyfx7MF18xwC7X/KMy3IVm
=KuMC
-----END PGP SIGNATURE-----





From mab at research.att.com  Fri Feb 16 15:54:36 1996
From: mab at research.att.com (Matt Blaze)
Date: Sat, 17 Feb 1996 07:54:36 +0800
Subject: ITAR personal use exemption
Message-ID: <199602162112.QAA17479@nsa.tempo.att.com>


I just happen to be heading to the airport shortly, and am looking
forward to being among the first exports under the new rule...

-matt

------- Forwarded Message

Received: from research.att.com by nsa.tempo.att.com (8.6.10/4.7)
	id OAA17078; Fri, 16 Feb 1996 14:15:37 -0500
Received: from cs.cosc.georgetown.edu by research; Fri Feb 16 14:16:40 EST 1996
Received: from chair.georgetown.edu (chair.cosc.georgetown.edu) by cs.cosc.georgetown.edu (4.1/1a-eef)
	id AA00958; Fri, 16 Feb 96 14:13:43 EST
Date: Fri, 16 Feb 96 14:13:43 EST
From: denning at cs.cosc.georgetown.edu (Dorothy Denning)
Message-Id: <9602161913.AA00958 at cs.cosc.georgetown.edu>
To: mab at research.att.com
Subject: ITAR Amended to Allow Personal Use Exemption
Cc: denning at cs.cosc.georgetown.edu

In case you haven't heard ...

Best regards,
Dorothy
- --------

Today's Federal Register contains a notice from the Department of
State, Bureau of Political Military Affairs, announcing final rule of
an amendment to the International Traffic in Arms Regulation (ITAR)
allowing U.S. persons to temporarily export cryptographic products for
personal use without the need for an export license.  The product must
not be intended for copying, demonstration, marketing, sale, re-export,
or transfer of ownership or control.  It must remain in the possession
of the exporting person, which includes being locked in a hotel room or
safe.  While in transit, it must be with the person's accompanying
baggage.  Exports to certain countries are prohibited -- currently
Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
must maintain records of each temporary export for five years.  See
Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
Notice 2294, pp. 6111-6113.

Dorothy Denning 

------- End of Forwarded Message






From vanhorn at hks.net  Fri Feb 16 15:57:46 1996
From: vanhorn at hks.net (Kevin S. Van Horn)
Date: Sat, 17 Feb 1996 07:57:46 +0800
Subject: CDA Yes Votes; Collection
Message-ID: <199602162120.QAA18116@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

tallpaul at pipeline.com (tallpaul) wrote:
> 
>Isn't it the libertarian types on the list who are into mass killings of
>civilians with nukes and the "socialist statists" who tend to oppose it? 

No.

Tim May is the first person I've ever encountered who calls himself a
libertarian and yet thinks dropping the Bomb on Hiroshima and Nagasaki
was justified.  I think that, from a consistent libertarian perspective,
using the Bomb was equivalent to taking out a Mafia chieftain by napalming
the neighborhood in which he lived.  Perhaps the bad guy being targetted was
a killer who deserved to die, but that doesn't justify snuffing his neighbors.

Kevin S. Van Horn
vanhorn at excite.com

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMST1ESoZzwIn1bdtAQFCegGAyCaAyaqlvc9RH5spAgrCDdmDJZkZdLTP
S3xc/wODYWYfEiSPv0v5FPIMCZ7k2lj/
=0HrG
-----END PGP SIGNATURE-----





From walter at cithe302.cithep.caltech.edu  Fri Feb 16 16:04:51 1996
From: walter at cithe302.cithep.caltech.edu (Chris Walter)
Date: Sat, 17 Feb 1996 08:04:51 +0800
Subject: [NOISE] Patents and Trademarks invalid
In-Reply-To: <199602161118.GAA10682@opine.cs.umass.edu>
Message-ID: 


In article <199602161118.GAA10682 at opine.cs.umass.edu> lmccarth at cs.umass.edu writes:

   Zachary Amsden writes:
   > (please don't e-mail me about this - I have enough e-mail already.  
   > Post instead)

   I'm confused. Instead of you alone getting a copy of every reply, you'd
   prefer the scenario where you get a copy of every reply, and so does 
   everyone else on the cypherpunks list, because _you_ get too much mail ?
   How does this scheme reduce the amount of email you get ?  Are you not in
   fact subscribed to cypherpunks ?

I suspect that he (like me) reads cypherpunks in News.  Here at
Caltech anyway the mailing list is gated into our NNTP news service.
This is a big improvement over having mailing list stuff in your normal
mail box.

-Chris

walter at cithe501.cithep.caltech.edu





From froomkin at law.miami.edu  Fri Feb 16 16:48:16 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Sat, 17 Feb 1996 08:48:16 +0800
Subject: Text of personal use exemption
Message-ID: 


http://www.law.miami.edu/~froomkin/personal-use.txt

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From schneier at winternet.com  Fri Feb 16 17:04:49 1996
From: schneier at winternet.com (Bruce Schneier)
Date: Sat, 17 Feb 1996 09:04:49 +0800
Subject: ITAR Amended to Allow Personal Use Exemptions
Message-ID: <199602162229.QAA28245@parka>




Today's Federal Register contains a notice from the Department of
State, Bureau of Political Military Affairs, announcing final rule of
an amendment to the International Traffic in Arms Regulation (ITAR)
allowing U.S. persons to temporarily export cryptographic products for
personal use without the need for an export license.  The product must
not be intended for copying, demonstration, marketing, sale, re-export,
or transfer of ownership or control.  It must remain in the possession
of the exporting person, which includes being locked in a hotel room or
safe.  While in transit, it must be with the person's accompanying
baggage.  Exports to certain countries are prohibited -- currently
Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
must maintain records of each temporary export for five years.  See
Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
Notice 2294, pp. 6111-6113.






From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb 16 17:13:00 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 17 Feb 1996 09:13:00 +0800
Subject: anonymous age credentials, sharing of
Message-ID: <01I1AFAUEXFKA0V3BM@mbcl.rutgers.edu>


From:	IN%"samman-ben at CS.YALE.EDU"  "Rev. Ben" 15-FEB-1996 20:05:34.89

>The only REAL way of authentication is biometrics.  Anything else can be 
>swapped.  But if you amputate someone's hand or retinas then they won't 
>work(check for things like blood flow, etc.)

	Actually, a simulation ought to work pretty well at fooling most extant
devices, and any devices likely to be developed soon. Now, fooling the guards
watching you at a secure site may be a problem (a hand up your sleeve?), as
may getting someone else's biometric information in the first place. The
latter gets into the area of cryptography since whoever has such information
(other than the original possessor) is likely to hash it anyway.
	-Allen





From tighe at spectrum.titan.com  Fri Feb 16 17:22:45 1996
From: tighe at spectrum.titan.com (Mike Tighe)
Date: Sat, 17 Feb 1996 09:22:45 +0800
Subject: DES_ono
In-Reply-To: <199602151707.MAA24559@pipe2.nyc.pipeline.com>
Message-ID: <199602162252.QAA27785@softserv.tcst.com>


John Young writes:

>   Citing the crypto-expert BSA study noted here by Matt
>   Blaze, Computerworld of 2-12-96:

>   "Standard Encryption Vulnerable To Attack. Banking's most
>   trusted technique for funds transfer questioned."

So the banker's finally figured out what the NSA told us 14 years ago?
Great.





From sandfort at crl.com  Fri Feb 16 17:26:21 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 17 Feb 1996 09:26:21 +0800
Subject: True democracy the electronic way
In-Reply-To: <199602161919.LAA09379@netcom15.netcom.com>
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 16 Feb 1996, L. Det^H^H^H^H^H^HVladimir Z. Nuri wrote:

> p.s. a little note to everyone here who doesn't "get it"-- a 
> guerilla measures his effectiveness by the presence of *any* response.

Only stupid guerillas who have forgotten why they got in the biz.


 S a n d y

P.S.	Here we have a perfect example of a win-win-win
	situation.  Larry gives himself an attaboy for
	getting my response ("*any* response").  I get
	to poke fun at his rationalization.  The list
	gets another data point on this fruitcake.

P.P.S.	Well, almost perfect.  My friend, Perry, for
	whom I have a great deal of respect will not
	appreciate the noise.  On this point, I have
	agreed to disagree with Perry.  I would still
	gladly take 100 more Perrygrams in exchange 
	for yet another Detweiler rant.  Perry makes
	a great deal of sense.  LD is a loon (oh yeah,
	and a great guerilla warrior...yeah right).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From samman-ben at CS.YALE.EDU  Fri Feb 16 17:33:35 1996
From: samman-ben at CS.YALE.EDU (Rev. Ben)
Date: Sat, 17 Feb 1996 09:33:35 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: <199602160754.XAA17607@news1.best.com>
Message-ID: 


> >The only REAL way of authentication is biometrics.  Anything else can be 
> >swapped.  
> 
> For that matter, if you can replace an amputated finger, how about
> transplanting a hand?   

Um.  With a password or keycard, its difficult to know if its been
stolen--if the keycard drops out of my pocket, I might not notice until I
need it again.  If my hand gets amputated, I'm fairly certain that I would
notice quite quickly... 

Ben.
Ben Samman..............................................samman at cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then 
I will never know happiness. For I am possessed by a fever for knowledge, 
experience, and creation."                                      -Anais Nin
Want to give a soon-to-be college grad a job?         Mail me for a resume






From spock at RSA.COM  Fri Feb 16 17:36:14 1996
From: spock at RSA.COM (spock (Steve Dusse))
Date: Sat, 17 Feb 1996 09:36:14 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: <9601168245.AA824511993@snail.rsa.com>


Hello Ralph,

Thanks for your interest in S/MIME.  A couple of minor corrections to your 
comparison seem to be in order.

>S/MIME is an attempt to graft MIME support onto underlying PEM
>standards. See http://www.rsa.com/rsa/S-MIME/ for more info.

S/MIME integrates PKCS #7 and #10 message services (not PEM) into MIME.

>Probably the most controversial aspect of S/MIME is its signature
>format. An S/MIME signed message is a MIME multipart in which the 
>first part is the data to be signed, and the second part is a 
>complete PKCS #7 (section 10) signed message.

Although the description of this format is accurate, this format is 
only documented as an option, not the primary signature format.  This 
option has been supplied for backward compatability to address a mixed 
(S/MIME-aware and non-S/MIME aware) audience of recipients.  The 
primary signature format is a PKCS #7 signed message (including signed 
MIME content) carried in a single body part: application/x-pkcs7-mime.







From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb 16 17:46:50 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 17 Feb 1996 09:46:50 +0800
Subject: Computer unmasks Anonymous writer...
Message-ID: <01I1AH3BILHOA0V3BM@mbcl.rutgers.edu>


From: sasha1 at netcom.com (Alexander Chislenko)

>  I ran my essays through Word grammar checker a while ago,
>and was surprised how stable the grammar statistics were.
>Complexity of the text (grade level) was the same to the decimal point,
>average length of sentences was consistent, etc.
>People also use the same styles of smileys or *highlights*, make
>consistent spelling errors, have their habits of indentation, etc.

	I'd like suggestions from people on what style/grammar checker is best
for reducing this kind of interpersonal variablity (and increasing the
intrapersonal variety by only using it sometimes). I use Grammatik 5 on some
posts, and it does seem to help.

>My suggestion at the time was to have randomizing output filter that
>would substitute synonyms, change spelling, modify paragraph formatting,
>etc.  - Style anonymizer, I'd call it.  Also, if small random changes are

	At least for the synonyms, I'd hope that a good grammar checker was
seeing if you weren't using a very large vocabulary. That's one problem I have
with Grammatik 5, in that it doesn't do this very well.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb 16 17:48:40 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 17 Feb 1996 09:48:40 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <01I1AG4SXLR6A0V3BM@mbcl.rutgers.edu>


From:	IN%"tallpaul at pipeline.com" 16-FEB-1996 01:02:01.32

>Why oh why am I getting the idea that "cypherpunks" would better be called
>"cryptoauthoritarians." From murder-as-political-liberation, to the
>universalization of the libertarians "feelings" onto everyone else in the
>world, to the mass nuclear bombings of civilians to the mass nuclear
>elimination of religions. 

	I'm a libertarian, and I mailed TCMay about that post - in private
email. I preferred not to clutter up the list, and am only doing so now in
case of political newbies otherwise believing you. I would point out that
Islam is currently noticeable for wrongdoing _when in control of a government_;
the same tends to be true of any religion, including my own of Christianity.
An example of such wrongdoing is the restriction of women in countries such as
Saudi Arabia (and, of course, Iran). Have you seen any libertarians advocating
banning the chador in the United States?

>My, my. For a group of people so uspet at taxes you certainly have faith in
>the ability of private individuals to generate the capital for things like
>the Manhattan Project and high-cost nuke delivery systems! 
 
	Unfortunately, neither of these would take that much. A university with
competent physics, engineering, and chemistry departments could do the first;
smuggling could do the second.
	-Allen





From llurch at networking.stanford.edu  Fri Feb 16 18:10:33 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Sat, 17 Feb 1996 10:10:33 +0800
Subject: Any cpunks around San Diego, CA want to chat this weekend?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I'll be down through Tuesday morning looking up public records on my new
Neo-Nazi friends (and their opposition, some of which is also unseemly),
stuff like that. I'll be talking to Ingrid, Zundel's press secretary, on
Tuesday, I hope. I'd love to do lunch with someone who knows the local San
Diego/North County/Fallbrook ISP environment, especially a level-headed
libertarian type. I'll buy. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSUan43DXUbM57SdAQHuzgP+Knsdtctdm7wcQAXKPFRlcBLqvJYK0CTT
i48kermENQgioYMqUgvXJ5H7CVO8I7+0r76TsBBv3oK9ffFUrtoqJqW5CmjTnF7y
yxIgPAVyebYPD34lIIWX7kVAPzcJL0E8M3qDO3Gty+T7Q7nj1s54tAMAdKH7V4tH
EbpQo/+9u5w=
=sX7i
-----END PGP SIGNATURE-----





From adam at lighthouse.homeport.org  Fri Feb 16 18:19:59 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sat, 17 Feb 1996 10:19:59 +0800
Subject: ITAR Amended to Allow Personal Use Exemptions
In-Reply-To: <199602162229.QAA28245@parka>
Message-ID: <199602170028.TAA03679@homeport.org>


Since we don't need a license, what records are we supposed to keep?


| Today's Federal Register contains a notice from the Department of
| State, Bureau of Political Military Affairs, announcing final rule of
| an amendment to the International Traffic in Arms Regulation (ITAR)
| allowing U.S. persons to temporarily export cryptographic products for
* personal use without the need for an export license.  The product must
| not be intended for copying, demonstration, marketing, sale, re-export,
| or transfer of ownership or control.  It must remain in the possession
| of the exporting person, which includes being locked in a hotel room or
| safe.  While in transit, it must be with the person's accompanying
| baggage.  Exports to certain countries are prohibited -- currently
| Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
* must maintain records of each temporary export for five years.  See
| Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
| Notice 2294, pp. 6111-6113.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From lgl at qualcomm.com  Fri Feb 16 19:05:09 1996
From: lgl at qualcomm.com (Laurence Lundblade)
Date: Sat, 17 Feb 1996 11:05:09 +0800
Subject: A brief comparison of email encryption protocols
In-Reply-To: <199602142049.MAA20108@infinity.c2.org>
Message-ID: 


Raph, your summary is very useful!  I would like to make a few comments and
suggest a model for breaking down an email encryption system into four
components: the trust model, the key/certificate distribution system, the
on-the-wire certificate data structure and the on-the-wire transport data
structure.  The comments:

At 12:49 PM 2/14/96, Raph Levien wrote:
>....
> An additional grave concern is key management. Contrary to some
>beliefs, key management is not a solved problem. All of the proposals
>contain some mechanism for key management, but none of them have been
>demonstrated to be scalable to an Internet-wide email system. My
>belief is that the problems with key management do not stem from the
>classic Web of trust/certification hierarchy split, but the
>nonexistence of a distributed database (with nice interfaces) for
>holding keys. The encryption protocols also stand in the way of such a
>database, with key formats that are either overly complex, inadequate,
>or both.

Here here! agreed!


>   S/MIME remains firmly grounded in the X.509 certification
>hierarchy, although the FAQ claims that the guidelines for hierarchies
>are "more flexible" than in PEM.

X.509 v3 explicitly does allow for more flexibility.  To quote from section
12.4.1:

 g) Complete flexibility in trust models is required.  A strict hierarchical
    model which is adequate for a single organization is not adequate when
    considering the needs of multiple interconnected enterprises.  Flexibility
    is required in the selection of the first trusted CA in a certification
    path.  In particular, it should be possible to require that the
    certification path start in the local security domain of the public-key
    user system.


>   Probably the most controversial aspect of S/MIME is its signature
>format. An S/MIME signed message is a MIME multipart in which the
>first part is the data to be signed, and the second part is a complete
>PKCS #7 (section 10) signed message.

It is certainly technically possible to use the multipart/signed format
from RFC-1847 (also used in PGP/MIME) with PKCS #7.  It certainly seems
superior is almost every way to the multipart/alternative in the current
S/MIME draft.  Also Steve D. pointed out that the multipart/alternative
format is not the primary signature format.


Going back to breaking things down into four parts, these are some points I
know about.  Please correct me if I say something wrong and pardon some of
the details most of us already know:

The Trust Model
---------------
Any fully implemented system will have to choose some form of a trust
model.  Some possibilities are:
  * web of trust
  * strict hierarchy
  * web of hierarchies or some other hybrid

The important thing here is that there are many trust models that are valid
and useful and it may be useful for other components of the system to be
neutral to the trust model as is clearly the case with MOSS.

The Key Distribution System
---------------------------
A lot of components may go into this (protocols, client/server
architectures, local key stores) and it is probably the most complicated
part of any system.  Some options are:
  * distribution of keys manually via e-mail
  * automatic non-interactive lookup of keys from a server
  * interactive browsing of a key store for keys
  * revocation lists or none
  * online certificate verification via a secure channel
  * certificate caching

Probably the best thing to say, is that there's a lot of work to do here.

The Certificate format
----------------------
It seems possible to pick a certificate format independent of the other
issues.  Doing so would allow us to leverage components like we do with
other data objects like MIME.  There probably only two major contenders:
  * X.509 v3
     + broadly supported by standard bodies
     + supported by several industries (e.g., banking)
     + very rich and flexible
     + ASN.1
     - ASN.1 (tough for a student to get an ASN.1 compiler)
     - complicated
  * PGP keys
     + widely deployed
     + simple to write code for
     - difficult to lookup (linear search on key id required)
     - too simple to support many trust models and distribution systems

Note that both use the RSA algorithms, so they are interchangeable at some
very basic level.

The Transport of Content format
-------------------------------
This is the format of the actual message that is sent from one user to the
next.  I'm going to discard anything that doesn't handle MIME because I
don't think they are important any more.  Raph described a lot of this so
I'll just mention a few considerations explicitly about transport formats.
   * PGP/MIME
       From a data structure format this is a compact binary format.  It
       seems reasonable to implement, is documented and requires no special
       tools.  There is a performance problem with key look ups
       for signed message because a linear search is required unless the
       key or other data is always included with the message.

   * S/MIME  (PKCS + MIME)
       Uses PKCS format with some MIME formatting.  The main problems here
       are the multipart/alternative format for signatures and the ASN.1
       requirement.  An ASN.1 compiler is required to implement this.  PKCS
       has actually been around for a while and has been used for a number
       of cryptographic systems.

   * MOSS
       MOSS is perhaps the easiest to implement and the most flexible since
       it is an ASCII text protocol like other Internet protocols and because
       it explicitly supports several trust models.

I think the most important observation is that PGP/MIME and MOSS share the
security multiparts structure from RFC 1847.  It is also possible to use
the security multiparts format with PKCS #7 and thus S/MIME could be
changed to support it.  If this happened we'd have something in common for
all formats and it would make life much easier for all e-mail client
authors.  An added bonus is that RFC-1847 support allows an e-mail client
to support encryption and signing of full MIME entities with an external
program that can be configured like MIME content viewers are with something
like the mailcap facility.  It can be something as simple as a UNIX pipe to
a command like pgp.

Laurence Lundblade      
QUALCOMM Inc.           619-658-3584











From jdoe-agamemnon at alpha.c2.org  Fri Feb 16 19:15:47 1996
From: jdoe-agamemnon at alpha.c2.org (jdoe-agamemnon at alpha.c2.org)
Date: Sat, 17 Feb 1996 11:15:47 +0800
Subject: Cypherpunks Decency Act
Message-ID: <199602160543.VAA05938@eternity.c2.org>


Bill Frantz wrote:
>Perry sent me a polite note asking why I had posted the original post, and
>He suggested that in the future I make it clear why I think my posts are
>relevent to the subject of the list.

Is this what we call the chilling effect?








From frantz at netcom.com  Fri Feb 16 19:16:21 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 17 Feb 1996 11:16:21 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <199602160514.VAA22111@netcom7.netcom.com>


At  9:23 PM 2/15/96 -0500, Adam Shostack wrote:
>DNS names are not IP numbers.
>
>IP numbers are not portable, DNS names are.  You can move toad.com
>anywhere on the network, but you can't move 140.174.2.1 anywhere on
>the network.

FYI - IP portability, both in the sense of disconnecting in one place and
reconnecting in another and in the sense of keeping a TCP connection alive
while moving from place to place are design goals of IPv6


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz at netcom.com             Los Gatos, CA 95032, USA







From cmcurtin at gatekeeper.cb.att.com  Fri Feb 16 19:19:36 1996
From: cmcurtin at gatekeeper.cb.att.com (C Matthew Curtin)
Date: Sat, 17 Feb 1996 11:19:36 +0800
Subject: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160505.AAA24625@boaz>


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Sentient1" == Sentient1   writes:

Sentient1> Esteemed GentlePersons, Could you settle a dispute?  Is it,
Sentient1> or Is it not, legal to take PGP source code and the like
Sentient1> out of the country if it is written on paper?

Yes, it is legal to export cryptographic source code in printed form -
the exact same code that is illegal to carry out on a floppy
disk. (See the preface to Zimmermann's book "PGP Source Code and
Internals," published by MIT Press.)

- --
C Matthew Curtin    [AT&T|Bell] Labs     Internet Gateway Applications Group
http://www.att.com/homes/matt_curtin.html PGP OK cmcurtin at gatekeeper.att.com

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
Comment: Have you encrypted your data today?

iQCVAwUBMSQQqRhyYuO2QvP9AQEGIwP8DpMGvtZi2pWeFlicArVNyhAoeJxq+oR0
mXQN0E3EWW5GBujfd7TSJhMsPddXXJOaO+4HDoV8E7Q6D4kE3/GiHx6E8uBJ0Zdb
8Q77oXChYWrSB/p5HTwDoxGyk4svFMkey88X+Y/9JYia2ZBtoSEPl2WAJd8mhkTZ
FPNugHTdfMg=
=8y6/
-----END PGP SIGNATURE-----





From thad at hammerhead.com  Fri Feb 16 19:25:29 1996
From: thad at hammerhead.com (Thaddeus J. Beier)
Date: Sat, 17 Feb 1996 11:25:29 +0800
Subject: PGP
Message-ID: <199602160551.VAA16645@hammerhead.com>



> Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on
> paper?

It is unclear.  Up until recently, there was never any restriction imposed
on taking code out of the country.  Technical papers are presented, the book
Applied Cryptography as explicitly allowed to be exported.

Then MIT came out with the PGP book.  The book contains the entire source, in a easy
to scan font.  I don't know for a fact, but it seems to me that it was designed
to push the line a little bit.

A CJR request was filed for the book.  There is a statutory requirement that the
response come back within some small number of weeks.  So far it's been over a
year, and while it has not been rejected, it has not been approved either.

So, it is unclear.  Check out Phil Karn's web page.  If you are interested in
just how far the gov't will go; how foolish they are willing to look; it's all there.

http://www.qualcomm.com/people/pkarn/export/index.html#govt

thad
-- Thaddeus Beier                     thad at hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 





From jimbell at pacifier.com  Fri Feb 16 19:35:08 1996
From: jimbell at pacifier.com (jim bell)
Date: Sat, 17 Feb 1996 11:35:08 +0800
Subject: Computer unmasks Anonymous writer...
Message-ID: 


At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
>  I ran my essays through Word grammar checker a while ago,
>and was surprised how stable the grammar statistics were.
>Complexity of the text (grade level) was the same to the decimal point,
>average length of sentences was consistent, etc.
>People also use the same styles of smileys or *highlights*, make
>consistent spelling errors, have their habits of indentation, etc.

What's the next step?  Writing a program which "fakes" somebody's style, right?







From jcr at idiom.com  Fri Feb 16 20:51:21 1996
From: jcr at idiom.com (John C. Randolph)
Date: Sat, 17 Feb 1996 12:51:21 +0800
Subject: CDA Yes Votes; Collection
In-Reply-To: <199602162120.QAA18116-wVB1@bb.hks.net>
Message-ID: 


"Kevin S. Van Horn"  writes:

>-----BEGIN PGP SIGNED MESSAGE-----

>tallpaul at pipeline.com (tallpaul) wrote:
>> 
>>Isn't it the libertarian types on the list who are into mass killings of
>>civilians with nukes and the "socialist statists" who tend to oppose it? 

>No.

>Tim May is the first person I've ever encountered who calls himself a
>libertarian and yet thinks dropping the Bomb on Hiroshima and Nagasaki
>was justified.  I think that, from a consistent libertarian perspective,
>using the Bomb was equivalent to taking out a Mafia chieftain by napalming
>the neighborhood in which he lived.  Perhaps the bad guy being targetted was
>a killer who deserved to die, but that doesn't justify snuffing his neighbors.

Well, you can count me as the second.

I also consider myself a hard-line libertarian, and I'm not going to second
guess Truman on the use of the bomb.  His duty was to save American and
allied lives.  He had no duty whatsoever to limit the destruction that
was visited upon the japanese mainland, particularly in view of the 
fact that Japan's war against the United States of America began in an
unprovoked, suprise attack.

Japan suffered for allowing their government to run amok.  So did Germany.
Germans who were paying attention during the thirties fled their country,
and those who were unfortunate enough to be trapped, and yet still loved
freedom, became members of an anti-NAZI underground.

Japan, Germany, Italy, and other countries like Iraq, where people place
obedience to their leaders above their own moral responsiblity, will
suffer mass destruction.  Think of it as evolution in action.

-jcr






From markm at voicenet.com  Fri Feb 16 20:54:56 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 17 Feb 1996 12:54:56 +0800
Subject: Computer unmasks Anonymous writer...
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 16 Feb 1996, jim bell wrote:

> At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
> >  I ran my essays through Word grammar checker a while ago,
> >and was surprised how stable the grammar statistics were.
> >Complexity of the text (grade level) was the same to the decimal point,
> >average length of sentences was consistent, etc.
> >People also use the same styles of smileys or *highlights*, make
> >consistent spelling errors, have their habits of indentation, etc.
> 
> What's the next step?  Writing a program which "fakes" somebody's style,
> right?

It's been done already.  A program was posted here a while ago that could
actually fake a person's writing style by analyzing word patterns.  It does
a pretty good job, too.  I can e-mail it to anyone who is interested.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSVSmbZc+sv5siulAQEbTwQAh8+e51WN10DN6P4aLYoWrmLKLN3NWAJa
TW6hvckc/zq8SnFvsRg9TbwLgVon3uxi+OByYyBR98tLEOSKjNVwv/5XZ5M216Zs
UFk/a4fwWq/eJ2qnYkA9ultP7YQjPovJQCI+r+orJ6uLgoMiw4oLCbggpkpqET+X
lADi5zJncaY=
=+wAT
-----END PGP SIGNATURE-----





From tcmay at got.net  Fri Feb 16 21:02:07 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 17 Feb 1996 13:02:07 +0800
Subject: LP infiltration of ballot boxes
Message-ID: 


At 3:58 AM 2/17/96, "A. Padgett Peterson P.E. Information Security"

>BTW voted for Ed Clark once since "none of the above" was not an option.
>Spent the next year getting beg letters from various libertarian groups.

You clearly did more than merely vote, as even the LP has no way of knowing
who you voted for. Maybe you registered formally as a member of the LP,
maybe you made a donation, maybe you volunteered your name. Whatever.

But suggesting that by voting for Ed Clark you got on a mailing list is
unlikely in the extreme.

-Tim May, who once dreamed about Geraldine Ferrarro and got beg letters
from the Democratic Party for the next year!

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ses at tipper.oit.unc.edu  Fri Feb 16 21:16:15 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sat, 17 Feb 1996 13:16:15 +0800
Subject: CDA Yes Votes; Collection
In-Reply-To: 
Message-ID: 


So, if the US were to end up with a President Buchanan elected by 25% of 
all eligible voters, would you advocate seeking exile, or armed rebellion?

---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From tallpaul at pipeline.com  Fri Feb 16 22:09:49 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Sat, 17 Feb 1996 14:09:49 +0800
Subject: Libertarians and crypto and such
Message-ID: <199602170543.AAA21054@pipe11.nyc.pipeline.com>


On Feb 16, 1996 12:34:42, 'Thomas Grant Edwards '
wrote on libertarians and the Libertarian Party. 
 
I am able to draw a distinction between people whose primary political
identification is with the Libertarian Party (LP) and "small el"
libertarians just as I am able to draw similar distinctions between people
in the Communist Party U.S.A. and "small c" communists or members of the
Socialist Party U.S.A. and "small s" socialists. 
 
While I have an enormous number of disagreements with the LP I have never
presented any critique on the list of the LP. I've spent many evenings with
LP members in bars or coffee shops arguing over politics. On more than one
occasion I've been at the same demos with LPers, generally over issues like
"reform" (i.e. total elimination) of the drug laws. 
 
On the basis of my personal observations in the 1980s and 90s I consider
LPers to be far more honest and well-informed than libertarians, just as I
consider old-style Randian Objectivists far more principled that today's
libertarian "Subjectivists." 
 
You are far more able than I to state with certaintude what the general
policies of the LP are. 
 
But the LP is not the total class of libertarians nor all of the individual
libertarians. 
 
While the LP or its majority may not call for the things I've critiqued,
certainly libertarians have. Nor, as far as I can recall, have LPers
repeatedly posted to the cypherpunk list material that is on-the-surface at
least significantly off-topic; libertarians have. And I responded. 
 
--tallpaul 
 





From jf_avon at citenet.net  Fri Feb 16 22:41:41 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 17 Feb 1996 14:41:41 +0800
Subject: Patents and Trademarks invalid
Message-ID: <9602170607.AA15430@cti02.citenet.net>


>Here's an idea: whenever someone uploads something like the RC2 source code,
>why not have everyone attach it to their .signature?  Is criminal justice
>seriously going to pursue tracking down millions of people that did this?
>Or would they pull the plug.

Man's survival tool is his mind.

Patents and copyright are establishing the ownership and protection
the result of the exercise of his survival tool.

Therefore they are good.

To try to eliminate them is equivalent to promote slavery.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From jimbell at pacifier.com  Fri Feb 16 22:51:36 1996
From: jimbell at pacifier.com (jim bell)
Date: Sat, 17 Feb 1996 14:51:36 +0800
Subject: CDA Yes Votes; Collection
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 04:12 AM 2/17/96 GMT, John C. Randolph wrote:
>"Kevin S. Van Horn"  writes:

>I also consider myself a hard-line libertarian, and I'm not going to second
>guess Truman on the use of the bomb.  His duty was to save American and
>allied lives.  He had no duty whatsoever to limit the destruction that
>was visited upon the japanese mainland, particularly in view of the 
>fact that Japan's war against the United States of America began in an
>unprovoked, suprise attack.
>
>Japan suffered for allowing their government to run amok.  So did Germany.
>Germans who were paying attention during the thirties fled their country,
>and those who were unfortunate enough to be trapped, and yet still loved
>freedom, became members of an anti-NAZI underground.
>
>Japan, Germany, Italy, and other countries like Iraq, where people place
>obedience to their leaders above their own moral responsiblity, will
>suffer mass destruction.  Think of it as evolution in action.
>-jcr

On the other  hand, there may be an alternative...

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSVt+PqHVDBboB2dAQFlpAP9GKNp2zRKHK1l8es1h4mp3YNEo1cQt0+e
Y6NwwavHCdtsGy4/xV0i3QVclmlx3Ffm+b6HMFpv/YPbWyQ+BUOz1GIMzAr7TzDB
SxQqZaH9Ezkv9dDExCfwZmGNIoXLGOzYjusWq3dsLpilf01mLNGLxlS8QK4XNg8H
RuHr91Axn20=
=TH0l
-----END PGP SIGNATURE-----






From jf_avon at citenet.net  Fri Feb 16 22:51:44 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 17 Feb 1996 14:51:44 +0800
Subject: True democracy in America.
Message-ID: <9602170604.AA15355@cti02.citenet.net>


Isaac Hopkins  wrote:

[ Crypto Relevancy: Hey, if you cannot figure it out, too bad for you...]
[[ Sorry, I am in a bitchin mood today.  It happens not too often]]


>A truly Democratic society is only feasible when you have an educated
>society that can act outside of their own self interest. 

This is why we do not need a "true" democracy.  Why should any individual act in a way
that is not in his best interest?

The blanked-out concept here is the concept of "best-interest"

It would be *very* interesting to drag the collectivists into such a debate.

But they are wise enough to thread away from what is, to them, quicksand...
 

>In a democratic society you must be accepted by
>the majority in order to survive.  

>Think about all of the greatest minds in
>history, most of them were very controversial.  A democracy is just the
>tyranny of the majority.

Then, why strive for it?  Apparently, it is not in the best *long term* interest
of the vast majority of individual in that society...

JFA
Selfishness is a fundamental Virtue.
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From btmoore at iquest.net  Fri Feb 16 23:01:29 1996
From: btmoore at iquest.net (Benjamin T. Moore)
Date: Sat, 17 Feb 1996 15:01:29 +0800
Subject: Ben T. Moore "Mr. Anonymous"
Message-ID: 


At 09:33 PM 2/14/96 -0800, hochiminh at alpha.c2.org wrote:
><<<>>>

                                           ***** SNIP *****
                                 (Much deleted for brevity)

>Well, Mr. Anonymous, let's see how well YOU have used your own advice.  With
>just a little effort using WEB search engines available to everyone on the net I
>have found the following:
>
>Yes you have no credit history, at least not a positive history and you have no bank
>account.  However, these "accomplishments" were not the result of your "goal" to be "invisible to the system".  You have a credit history, a VERY poor one.  This and the fact that you have no bank account stems from the fact that you are a deadbeat not some cyber-hero looking to "drop-out" of the system.  You are approximately $13,000.00 behind in child support.  In fact a search of the records available to the general public reveals you were recently arrested for failure to pay child support.  A fund rasing campaign was instituted in several USENET and FIDONET newsgroups to raise your bail when your attorney-employer abandoned you in jail.  In fact you have been arrested several times in the last 12 months for some rather abberant behavior.

Ok I'll respond to this first paragraph:

As I said in my privious post. I have *NO* credit history! I don't know who you ran
but whoever it was... it wasn't me. As for having poor credit, when I did have a 
credit history, it was quite good... New car and house, never late on a payment.
I've *NEVER* been arrested! So I don't have a police record either! I don't have 
any kids... So what you've said is specious as regards myself... EVIDENTLY, MY
SYSTEM WORKS PRETTY WELL! Wouldn't you say? :-)

>Let me list the things I have been able to find out about you:
>
>1) You are an African-American Male, age 36.

Nope... I'm an American of African and Native American descent. I'm a bit older
than 36... 

>2) You live in Indianapolis, Indiana.

I do not live in Indianapolis, Indiana

>3) You are the on-again off-again bodyguard for Militia-Patriot attorney Ms. Linda         Thompson and was with her when she was arrested (again)12-23-95.

I am not Ms. Thompson's bodyguard... I'm in another line of work entirely. :-)

>4) You were arrested for attempting to smuggle weapons (bullets?) into the Indianapolis     County Jail 07-22-95.

Not true... Don't know who you ran but it obviously wasn't me...

>5) You are about 6'4" tall and weigh 260#.

I'm flattered! Wish I was 6'4" and I definitely don't weigh 260#

>6) You also use the IRC name "Shaka".

I am on IRC... which is a good guess, but I've never used the moniker "Shaka."

>7)  You are a deabeat dad being $13,000.00 in arrears in child support.

Don't have kids... you figure it!

>8)  You recovered some property for Ms. Thompson and filed a Police Report
>     # 9531780A.

Again, wrong person!

>9)  You wrote a letter to the editor in the Indianapolis Post Spotlight lamenting you "child      support" woes.  Pathetic, very pathetic.

Called Indianapolis, The don't have a newspaper called the Post... Again Not me.

>So while you are off being a cool anonymous dude the rest of us are paying for the AFDC you ex-wife has to use to feed the kids.  How do you justify an internet account while being $13,000.00 in arrears on child support?  You are a disgrace to your race, the Militia-Patriot movement and men in general.

You wouldn't perchance be a bigoted law enforcement officer would you? 
I understand there are plenty in the Indianpolis area... :-)

>BTM> I just have never felt warm and fuzzy knowing that any government agency,
>BTM> business, or whoever can get my personal information off a computer could come
>BTM> knock on my door some dark night. If you're interested in fortifying your privacy,
>BTM> I can give you a few pointers.
>
>BTM> 1.) Go to your local DMV and inform them you've had a change of address. I
>BTM>      selected a high rise apartment building with 15 floors and selected an address
>BTM>      on a non-existant 23rd floor. Getting your Driver's License address changed
>BTM>      should cost less than $10.00.
>
This is a violation of Indiana Code but breaking the law is of no concern to you, huh?

As I don't live in Indianapolis... that's really of no concern of mine... 

>BTM> 2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
>BTM>      nominal compared to the added privacy and security. The distinction between
>BTM>      a mailbox and a Post Office Box is with a mailbox you have an actual street
>BTM>      address. You can receive deliveries from UPS and Federal Express at a 
>BTM>      mailbox. You can't at a P.O. Box.
>
>BTM> 3.) This part requires some skill... befriending a graphic artist is a good idea for 
>BTM>      this one. But what you need is a phony work identification.  Pick a name! A 
>BTM>      couple of "Pass Port Photos" and some lamination and you're good to go.
>
>This is a violation of Indiana and Federal Laws depending on how they are used.

How they are used? I'm specificaly telling you how to use them! Obviously you
are a plant and a spy in this mailing list for the government! It is people of your
ilk we want, need and demand protection from!

>BTM> 4.) Take your new persona down to your local utility companies and get the serv-
>BTM>      ice switched to the name of your new persona. Even get your phone switched
>BTM>      and have the number non-published. You'll be pleasantly surprised from now
>BTM>      on, everytime your phone rings, it will be someone you really want to talk to.
>
>Another violation of Indiana Code

Given the fact you ran the wrong person... my system must work extremely well!
You're just the nefarious type my system is designed to circumvent! Better luck
next time!

        Benjamin T. Moore
        (btmoore at iquest.net)






From erc at dal1820.computek.net  Fri Feb 16 23:05:51 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sat, 17 Feb 1996 15:05:51 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: 
Message-ID: 


On Fri, 16 Feb 1996, Rev. Ben wrote:

> Um.  With a password or keycard, its difficult to know if its been
> stolen--if the keycard drops out of my pocket, I might not notice until I
> need it again.  If my hand gets amputated, I'm fairly certain that I would
> notice quite quickly... 

Reminded me of that scene in "Sneakers" where they steal the guy's keycard
to get in.  Risks of leaving that sort of thing in one's jacket pocket. 
Also, lots of high-tech places have at least one automated
unattended/unmonitored entrance, so if you get a keycard, it's easy to get
into the place (my current employer has unattended entrances with
cameras).  Even with the manned entrances, the ones with just a
receptionist/secretary, they seldom check that the picture matches the one
on the badge, so even if they've invalidated the badge, the receptionist
will still more than likely let you into the place if you wave your
keycard/badge around. Highlights the need to *still* concentrate on
physical security and authentication - all the electronic toys just make
security folks lazy. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From bdavis at thepoint.net  Fri Feb 16 23:30:18 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Sat, 17 Feb 1996 15:30:18 +0800
Subject: Carrying the Bible an Offense?
In-Reply-To: <199602151924.NAA24235@grendel.texas.net>
Message-ID: 


On Thu, 15 Feb 1996, Sten Drescher wrote:
>... 
> 	OK, how about this.  J Random Atheist, Jr, comes across the
> Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
> and swears out a complaint.  The AUSA refuses to investigate.  Could J
> Random Atheist, Sr, file a lawsuit against the AUSA because he is
> being denied equal treatment under the law?
> 
Can he file suit?  Sure.  I can sue you for stealing my pig.
Can he win?   No.  Prosecutorial immunity.

EBD 

> -- 
> #include                                /* Sten Drescher */
> Unsolicited email advertisements will be proofread for a US$100/page fee.
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!






From erc at dal1820.computek.net  Fri Feb 16 23:31:16 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sat, 17 Feb 1996 15:31:16 +0800
Subject: Ben T. Moore "Mr. Anonymous"
In-Reply-To: 
Message-ID: 


If all you want to do is hide, not commit fraud, you're pretty safe. 
There's nothing that says that you can't change your name or use an MBE
mailbox or refuse to give out your phone number or even fake an employee
ID - as long as you're not trying to defraud someone. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From bruce at aracnet.com  Fri Feb 16 23:37:05 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sat, 17 Feb 1996 15:37:05 +0800
Subject: Libertarians and crypto and such
Message-ID: <2.2.32.19960217070627.0069dcf4@mail.aracnet.com>


At 12:43 AM 2/17/96 -0500, tallpaul wrote:

>While the LP or its majority may not call for the things I've critiqued,
>certainly libertarians have. Nor, as far as I can recall, have LPers
>repeatedly posted to the cypherpunk list material that is on-the-surface at
>least significantly off-topic; libertarians have. And I responded. 

So you get the fun of attacking this straw man called "libertarians" without
any responsibility to identify any actual people it might include other than
a handful of folks that the vast majority of us think are kooks. And you've
also acquired the remarkable mental power, apparently, to discern who is or
is not an LP member based on their posts here.

Neat tricks.

But until they're joined with a willingness to look at a wider range of
libertarian posts than the fragment that feeds your pet peeves, I reserve
the right to be impressed.

And yes, this is off-topic. So this is all I have to say about it.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From jamesd at echeque.com  Fri Feb 16 23:38:30 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sat, 17 Feb 1996 15:38:30 +0800
Subject: Using lasers to communicate
Message-ID: <199602170708.XAA03191@blob.best.net>


At 12:03 AM 2/16/96 -0800, gw wrote:
> 50% mirrors picking off
> those laser beams would do it, and you could not detect the resulting
> attenuation as distinct from naturally ocurring attenuation and variation.  

Assume, as seems reasonable, that I point my laser from the roof of my house
to an ISP relay station located on a tall building or a nearby mountain.

An interception device will stick out like dogs balls.  Whoever wants to tap
my line is going to have to build a tower.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From blancw at accessone.com  Sat Feb 17 00:21:21 1996
From: blancw at accessone.com (blanc)
Date: Sat, 17 Feb 1996 16:21:21 +0800
Subject: Libertarians and crypto and such
Message-ID: <01BAFCCD.00AC5860@blancw.accessone.com>


A note on the arguments disintegrating into granular accusations & counter accusations:

Some of you ought to realize that no matter what category of political/philosophical inclinations a person has, or deems themselves to have, or is deemed to have by others, they as individuals are still going to have their own peculiar perspective, their own version, of these views.   

Meaning, that it is not 100% predictable that *all* libertarians will think & do the same as all other so-called "libertarians".  "Democrats" or "Republicans" or even "wiccans" will have their own variations on the same themes and disagree among themselves over what the most correct policy for action could be/should be/shall be.

These labels for philosophical & political stands are really only general indicators of an individual's conclusions about worldy events or the direction in which they tend to orient their sympathies;  when the "rubber meets the road" and real action or some real support is required, it can be quite surprising to see their actual responses to events.

Whether one person or a like-minded group is aligned philosophically correctly (suitable to one's own preferences) or not, is info that is useful only for determining trends; no matter what combination of beliefs a particular group concocts into a world-view, it is still required of the individual person that they deal effectively with whatever threats arise in *their own* immediate Present, regardless of what anyone else did in the History of Mankind or what "those other groups" extol as being The Right Thing for All (tm).

Aren't one's own actions more important and telling than any group affiliations?

The ideals which motivate one to seek the use of encryption are very significant to the need to justify the use of it.  The most valid ideals will relate to the real world in which we all actually work and play.   And The Truth Which Does Not Go Away is the indispensable Fact of the Matter that when the NSA proposes to open your personal files you are going to want to prevent it, no matter what political party or program you claim to support the rest of the time.

   ..
Blanc






From talon57 at well.com  Sat Feb 17 00:22:07 1996
From: talon57 at well.com (Brian D Williams)
Date: Sat, 17 Feb 1996 16:22:07 +0800
Subject: The Internet Party
Message-ID: <199602142101.NAA25866@well.com>



If I see one more ad for some dumb ass politician running for
president I'm going to puke.



Say, why not pick our own candidate?

Why not form our own Party?

The Internet party........

It would be the ultimate write in campaign.

Now all we need is a candidate who stands for free speech, personal
privacy and the right to encrypt.......

"I nominate John Perry Barlow. Who will second the nomination?"

No, I'm not kidding.....

Brian

"Communicate globally, Censor locally."
"Only a fool would let children play alone on a superhighway."





From lmccarth at cs.umass.edu  Sat Feb 17 01:29:27 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sat, 17 Feb 1996 17:29:27 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: <199602121635.IAA11515@shell1.best.com>
Message-ID: <199602161022.FAA10566@opine.cs.umass.edu>


I wrote:
# I'm afraid I'm not willing to take [vulnerability of the state] on faith. 

James Donald writes:
> You delete my arguments, and then say:  "I am not willing to take this on
> faith", implying that I made no arguments.

Frankly, I though much of what you said was not really in the form of an
argument, and thus did not bear response. At any rate, see my message prior
to this, in which I have gone back and responded to everything I didn't
explictly address before.

I wrote:
# Strata made some good observations about the tangible vulnerability of 
# the net-as-we-know-it to government intervention.

James Donald writes:
> During the American revolution, the British troops could go where they
> pleased, and destroy whatever they wished, but they could not obtain
> political control by so doing.

It helped that Americans formed an army and otherwise took up arms against
the limeys. (ObImpunity: I'm a limey by birth.) Ah, I see you are about to
address the difference between flying-lead wars and flying-electron wars
below....

> Yes, we are vulnerable, and so are they.  If they used the measures
> proposed by Strata, the measures proposed by Jim Bell would gather 
> wide support.

I disagree. I presume that Jim Bell will now pounce, call me a "fucking
statist" or some such, and induce many folks to killfile the remainder of
this thread. I don't plan to respond to anything he says about this. 

(Are we witnessing the birth of a new corollary to Godwin's Law ?)

> Ob Crypto:
> 
> They cannot obtain political control by mere acts of destruction, because 
> they cannot be sufficiently selective in who they silence.

I disagree. (This level of debate seems rather unproductive.) 

> For destruction to be effective, you must not only harm those who oppose
> you, you must refrain from harming those who do not oppose you.  

I disagree. It seems to me that all sorts of "innocent bystanders" etc.
get mowed down, usually at no noticeable detriment to the mowers. Since
this thread is already doomed, I'll plough ahead and suggest that lots of
people who didn't oppose the U.S. were obliterated by Fat Man and Little
Boy, and yet the Enola Gay's mission(s?) was/were effective for the USG. 

> The destructive acts proposed by Strata conspicuously fail to do this.

Probably true.

> Under the extreme conditions that Strata envisages, the measures proposed 
> by Jim Bell would be effective in obtaining politically desired consequences,
> because they are selective and targeted, and the measures that Strata fears
> would be ineffective in obtaining the politically desired consequences, 
> because they are unselective and untargeted.

See my comments above.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From carboy at hooked.net  Sat Feb 17 02:05:34 1996
From: carboy at hooked.net (Michael E. Carboy)
Date: Sat, 17 Feb 1996 18:05:34 +0800
Subject: COO_kie
Message-ID: <01BAF957.48ABCE80@chum-3.ppp.hooked.net>



So, Folks, how does one manipulate the cookie in Netscape so that the user can control what Netscape sees???

Michael E. Carboy
carboy at hooked.net


   2-12-96. FinTim:

   "This bug in your PC is a smart cookie."

      Netscape Navigator contains a little-known wrinkle that
      increases the power of companies to find out who their
      customers are and what they are up to. It allows
      companies to track which Web pages an individual looks
      at, when, for how long, and in what order. The
      information is stored on the customer's computer as
      "persistent client-state hypertext transfer protocol
      cookies".

   2-12-96. WSJ:

   "Consumer Privacy on Internet Goes Public."

      The advertising industry's response to the volatile
      issue of consumer privacy is drawing howls of protest
      from consumer advocates. The battle is over what should
      marketers be allowed to do with personal information
      they gather from consumers visiting Web sites. Marketers
      "want to have dossiers on people with incredible detail
      so they can pick and choose what they send to you."

   "Invention Machine's Software Wins Orders for Picking
   Brains of Inventors."

      A software program is being snapped up by a growing
      number of America's biggest companies to provide
      inventing partners for their engineers. The program
      codifies the invention principles behind some two
      million international patents and the inventive
      techniques of some of the world's greatest inventors.
      Mr. Tsourikov said the product grew out of his early
      studies under Genrich Altshuller, who posited that
      invention isn't a random process but has a certain
      algorithm which drives it.


   COO_kie














From wlkngowl at unix.asb.com  Sat Feb 17 03:31:10 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sat, 17 Feb 1996 19:31:10 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <0l8IS0K00YUvFgy1tJ@andrew.cmu.edu>
Message-ID: <199602160334.WAA12990@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

BTW, the same insipid viewpoint from June Cleaver was printed in the 
Houston Chronicle on 2/11...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP7YSoZzwIn1bdtAQHAxAF/RaG/tuyDazedDGz4rCtcDJD4e05CQf2d
tG+QGq896zlp83HhM9yxxuEMgsJc319D
=lfto
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Sat Feb 17 03:31:17 1996
From: wlkngowl at unix.asb.com (Defanged Fruit-Ant)
Date: Sat, 17 Feb 1996 19:31:17 +0800
Subject: Netscrape's Cookies
In-Reply-To: <3122F324.285@netscape.com>
Message-ID: <199602160341.WAA13022@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Jeff Weinstein wrote:
> Defanged Fruit-ant wrote:  (Hey, he called us Netscrape :-) )

Actually it would make a nice name for a web robot.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP83yoZzwIn1bdtAQEelwF/UGGWqSJFtwfy481DREcwLCNtFLPC1YOT
TdOTtw0k0QAAGaCMkgjiH6IeHsDuGVaw
=g33q
-----END PGP SIGNATURE-----





From nobody at REPLAY.COM  Sat Feb 17 03:35:33 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 17 Feb 1996 19:35:33 +0800
Subject: OECD international crypto policy
Message-ID: <199602160340.EAA24430@utopia.hacktic.nl>



gnu at toad.com (John Gilmore) wrote:


>It would be interesting to see notes from other 
>participants in the  same OECD meeting(s).  Another 
>1-hour meeting was scheduled in  Canberra on Feb 9.  
>Anyone know what happened there?


The Feb 9 session of the "Group of Experts" Mr. Gilmore 
mentions was restricted to official OECD delegations.  See:


     http://www.nla.gov.au/gii/programl.html


Papers of the open conference on Feb 7 and 8 were promised 
posting on the Web concurrently but none have yet appeared at:


     http://www.nla.gov.au/gii/papers.html


Cryptographers Quisquater, Denning and Diffie (and others at 
the Paris December sessions) were scheduled for Feb 7 and 8. 
Professor Denning was listed to give "The Future of 
Cryptography" discussed on cypherpunks a while back.


Perhaps a public-spirited participant will share the fruits of 
the open and restricted events, as with the Paris gathering.








From sandfort at crl.com  Sat Feb 17 05:41:04 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 17 Feb 1996 21:41:04 +0800
Subject: Selling-Candy[TM] Politics
In-Reply-To: 
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 15 Feb 1996, t byfield wrote:

> . . . KILL THIS THREAD (assassination politics), NOT POLITICIANS.

Hey, they aren't mutually exclusive.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From alanh at infi.net  Sat Feb 17 05:41:11 1996
From: alanh at infi.net (Alan Horowitz)
Date: Sat, 17 Feb 1996 21:41:11 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Thu, 15 Feb 1996, Sean Gabb wrote:

> where Islam is concerned, there 
> are so many individuals behaving badly that we are justified in thinking 
> the whole religion a force for bad.

> But the fact is that most Moslems 
> venerate old men in beards, who think that anyone who disagrees 
> with them about God should be put to death, that a woman with a 
> clitoris is a kind of devil, and that Western classical music is evil.


    And your travels in the Islamic world consist of?   And you 
personally know how many Muslims?  And you have read how much Islamic 
sources?





From tcmay at got.net  Sat Feb 17 22:52:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 17 Feb 1996 22:52:40 -0800
Subject: CyberAngels
Message-ID: 

At 5:30 AM 2/15/96, Medea wrote: >  I bet if you use the word "cryptology" 
in a sentence, the CyberAsses
 >would have no idea what you were taking about. "Cripology?" "Oh, yeah, 
dat be da study of da Crips, one of da gangs we be protectin' da
peeples against." --Curtis Sliwa

E. ALLEN SMITH wrote:
 >
 >
 >>My, my. For a group of people so uspet at taxes you certainly have faith in
 >>the ability of private individuals to generate the capital for things like
 >>the Manhattan Project and high-cost nuke delivery systems!
 >
 >Unfortunately, neither of these would take that much. A university with
 >competent physics, engineering, and chemistry departments could do the first;
 >smuggling could do the second.
 >-Allen Actually, I have enough background in all these areas, to the 
point where I
think if I were given a plutonium "pit," I could probably implement the bomb
in about 6 months of part-time tinkering.  The main engineering problem
would be finding/producing two different homogeneous explosives with
reliably defined/measured detonation velocities, and calculating the shape
of the "lenses" required to cover the pit, and then machining or casting the
parts.  (I'd probably also want to simulate the mechanical "impedance match"
of the chemical explosive to the (dense) plutonium; and as I understand it
they use the mechanical equivalent of a transformer to do the matching.
Sorry, but I think in terms of electronics, not mechanics.  Sue me.) BTW, I 
think I've already solved the problem of producing a few dozen
absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the
periphery at the lens foci, without using multiple electronic detonators.
(in fact, a single blasting cap would do nicely.)  "But the margins of this
book are too small to contain it"  Heh heh! Jim Bell




From stend at grendel.texas.net  Sat Feb 17 07:24:30 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sat, 17 Feb 1996 23:24:30 +0800
Subject: CDA Yes Votes; Collection
In-Reply-To: 
Message-ID: <199602171501.JAA01539@grendel.texas.net>


jim bell  said:

jb> At 04:12 AM 2/17/96 GMT, John C. Randolph wrote:

>> I also consider myself a hard-line libertarian, and I'm not going
>> to second guess Truman on the use of the bomb.  His duty was to
>> save American and allied lives.  He had no duty whatsoever to limit
>> the destruction that was visited upon the japanese mainland,
>> particularly in view of the fact that Japan's war against the
>> United States of America began in an unprovoked, suprise attack.
>> 
>> Japan suffered for allowing their government to run amok.  So did
>> Germany.  Germans who were paying attention during the thirties
>> fled their country, and those who were unfortunate enough to be
>> trapped, and yet still loved freedom, became members of an
>> anti-NAZI underground.
>> 
>> Japan, Germany, Italy, and other countries like Iraq, where people
>> place obedience to their leaders above their own moral
>> responsiblity, will suffer mass destruction.  Think of it as
>> evolution in action.  -jcr

jb> On the other hand, there may be an alternative...

	And that alternative was killing many hundreds of thousands of
people, Americans and Japanese, military and civilians, in an invasion
of Japan.  Have you looked at how many Japanese soldiers fought to the
death while the US was 'island hopping' toward Japan?  Do you think
that they would have been less willing to fight to the death when it
was the home islands themselves?  Especially since many of the
military leaders were arguing against surrender after the _second_
bomb was dropped?  Sorry, but 'war is hell'.

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From tien at well.sf.ca.us  Sat Feb 17 07:57:33 1996
From: tien at well.sf.ca.us (Lee Tien)
Date: Sat, 17 Feb 1996 23:57:33 +0800
Subject: Debrauschie (SP?) wavelets
Message-ID: <199602171535.HAA16287@well.com>


Perhaps a dumb question, but is this kind of analysis relevant to crypto? 
(I read an article about it in Discover)

Lee Tien







From dlv at bwalk.dm.com  Sat Feb 17 08:05:21 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 18 Feb 1996 00:05:21 +0800
Subject: CDA Yes Votes; Collection
In-Reply-To: <199602171501.JAA01539@grendel.texas.net>
Message-ID: 


Sten Drescher  writes:
> jb> On the other hand, there may be an alternative...
>
> 	And that alternative was killing many hundreds of thousands of
> people, Americans and Japanese, military and civilians, in an invasion
> of Japan.  Have you looked at how many Japanese soldiers fought to the
> death while the US was 'island hopping' toward Japan?  Do you think
> that they would have been less willing to fight to the death when it
> was the home islands themselves?  Especially since many of the
> military leaders were arguing against surrender after the _second_
> bomb was dropped?  Sorry, but 'war is hell'.

This has no cryptographic relevance, but...

One alternative was to complete the blockade Japanese islands, then sit
and wait for them to surrender (while possibly fighting in China).

Japan is very vulnerable to blockades. You may recall that the attack on
Pearl Harbor came as a retaliation of the U.S. oil embargo which the
Japanese government viewed as an act of war.

A blockade could have lasted for years and caused millions of Japanese
civilians to starve to death.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tnaggs at cddotdot.mikom.csir.co.za  Sat Feb 17 09:35:39 1996
From: tnaggs at cddotdot.mikom.csir.co.za (Anthony Naggs)
Date: Sun, 18 Feb 1996 01:35:39 +0800
Subject: (fwd) Fishman > Pest Control
In-Reply-To: <199602160751.XAA10419@netcom.netcom.com>
Message-ID: 


> 
> I know there are services which can recover at least some of the data
> on a formated disk.  Does anyone have a pointer to them?  Keith Henson

OnTrack are one of the biggest data recovery companies in the US, there
are probably many others ... but some of the smaller operators are 
less well equipped with (software) tools ...
 
> PS, Please reply by email.  I used to read this list, but it has been
> some time since I was here.  I already asked the victum to quit using
> the disk.  

The biggest problem is that the guy has already re-installed DOS &
his wordprocessor, this has likely destroyed much of the residual
information about his disk layout *unless* the format operation left
'unformat' recovery information on the disk.  (Deliberate attackers
would likely know how to disable this.)


Regards,
--
Anthony Naggs	- Computer Security & Anti-Virus Engineer, CSIR, South Africa
Disclaimer: these are my personal views and opinions, and do not represent
	my employers; past, present or future.





From deepthroat at alpha.c2.org  Sat Feb 17 09:51:40 1996
From: deepthroat at alpha.c2.org (Deep Throat)
Date: Sun, 18 Feb 1996 01:51:40 +0800
Subject: China
Message-ID: <199602160237.SAA00778@eternity.c2.org>




Even if the Chinese make this work for a few years and the
US does the same, it doesn't matter in the long run.  People can run
short lived remailers out of accounts that don't belong to them.  They
can buy service over an encrypted link from a seller outside of China.
They can use steganography.

Given this, how can a Chinese or other represive government crack
down?  They can't turn off all the computers.  They can try to allow
access to only 'aproved' sites.  They can arrest people.  But will the
war on encryption be as easily won as the war on drugs?  Drugs are
physical things; they emit odors, require bulky transport, guards,
etc.  Binary code doesn't emit a smell.  You can't train a dog to find
PGP.  Yes they can crack down, but all that will do is make the
information economy move underground and offshore.

In time, those states that declare war on encryption will become
police states.  Police states can kill a lot of people, but they tend
not to last more than a few generations.


Jon Lasser wrote:

| Not if it's just a proof-of-concept for US implementation of the same.
| 
| The US version might be ostensibly only "anti-indecency" or 
| "anti-cryptography," but I'm betting that if the Chinese are successful, 
| many other nations follow.
| 
| It's the naval blockade to JPB's Independant Cyberspace.  And I think JPB 
| is... a little overoptimistic this time... but I still don't like the 
| blockade.








From rickt at psisa.com  Sat Feb 17 09:56:57 1996
From: rickt at psisa.com (Rick Tait)
Date: Sun, 18 Feb 1996 01:56:57 +0800
Subject: Credit cards - Privacy - Unique Situation
Message-ID: 


Being a British guy recently moved to the USA, I may be in a unique
situation in being able to protect my privacy, and I was wondering if
fellow cypherpunks may be able to give me some hints in being to "protect"
myself...

Since my SSN is barely a month old, since I don't yet have a credit card
over here, since I won't (yet?) be in many of those beloved databases, what
steps can I take to "hide" myself before it's too late? Too all intents and
purposes, I have metamorphed from a newborn US baby into an adult,
overnight. Thus I have an SSN, I pay tax (etc), but I'm not on anyone's
direct mailing lists.

Are there certain things I can do and say to absolve myself from being
assimilated into the thousands of pointless and harmful databases out there
in the USA? When and where and why do I have to give my SSN to seemingly so
many?

HELP!

Thanks,
/rickt

________________________________
Rick Tait   rickt at psa.pencom.com







From dsmith at midwest.net  Sat Feb 17 09:59:19 1996
From: dsmith at midwest.net (David E. Smith)
Date: Sun, 18 Feb 1996 01:59:19 +0800
Subject: Using lasers to communicate
Message-ID: <2.2.32.19960217173350.0067d5b4@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

At 11:05 PM 2/16/96 -0800, jamesd at echeque.com wrote:
>At 12:03 AM 2/16/96 -0800, gw wrote:
>> 50% mirrors picking off
>> those laser beams would do it, and you could not detect the resulting
>> attenuation as distinct from naturally ocurring attenuation and variation.  
>
>Assume, as seems reasonable, that I point my laser from the roof of my house
>to an ISP relay station located on a tall building or a nearby mountain.
>
>An interception device will stick out like dogs balls.  Whoever wants to tap
>my line is going to have to build a tower.

Depends upon how paranoid you want to be.  A small radio-controlled
helicopter is available cheaply at Radio Shack, and might even be
capable of holding a receiver, re-transmitter and recorder.

(This is my official meaningless random thought for today.)

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSYNFDVTwUKWHSsJAQHpzwf+MELhjQZ1QR3hIQ6Dfiz06MroX2mm79U1
FseepeDYR9bdFqeo9MD29ZufPpsye48fjwNuP1mDqoRFG/cSD0Jn2Ph3lBSeqRwA
Dv+B+YVXay1GQy3S/ted3J+snHxcjq6ChJbbGnMIcTWf1Q83pVabAhWOKgF9C8Mc
a5kqPJxVSyNVa1tXgRm1dOz42/n+XanHTZScgylaUE+4YkmK4l8fu3LxQIjfFqUq
B287Oe1OTbf18dWSBFG5aLj3kyZC0+NsmX/t97fE4/hKwgoYSSRdcVMLg1FGawv/
MYgwnsKEAG5xIOu1GZ1SXTZy2M1do9Q5R9BFI4JTp9N00AafxsBIvw==
=rBhz
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From blancw at accessone.com  Sat Feb 17 10:16:47 1996
From: blancw at accessone.com (blanc)
Date: Sun, 18 Feb 1996 02:16:47 +0800
Subject: Libertarians and crypto and such
Message-ID: <01BAFD1F.A0A08D80@blancw.accessone.com>


(I was alerted to the fact that my post came out strangely formatted, so I'm re-sending hoping it looks better this time).
---------------------------

A note on the arguments disintegrating into granular accusations & counter accusations:

Some of you ought to realize that no matter what category of political/philosophical inclinations a person has, or deems themselves to have, or is deemed to have by others, they as individuals are still going to have their own peculiar perspective, their own version, of these views.   

Meaning, that it is not 100% predictable that *all* libertarians will think & do the same as all other so-called "libertarians".  "Democrats" or "Republicans" or even "wiccans" will have their own variations on the same themes and disagree among themselves over what the most correct policy for action could be/should be/shall be.

These labels for philosophical & political stands are really only general indicators of an individual's conclusions about worldy events or the direction in which they tend to orient their sympathies;  when the "rubber meets the road" and real action or some real support is required, it can be quite surprising to see their actual responses to events.

Whether one person or a like-minded group is aligned philosophically correctly (suitable to one's own preferences) or not, is info that is useful only for determining trends; no matter what combination of beliefs a particular group concocts into a world-view, it is still required of the individual person that they deal effectively with whatever threats arise in *their own* immediate Present, regardless of what anyone else did in the History of Mankind or what "those other groups" extol as being The Right Thing for All (tm).

Aren't one's own actions more important and telling than any group affiliations?

The ideals which motivate one to seek the use of encryption are very significant to the need to justify the use of it.  The most valid ideals will relate to the real world in which we all actually work and play.   And The Truth Which Does Not Go Away is the indispensable Fact of the Matter that when the NSA proposes to open your personal files you are going to want to prevent it, no matter what political party or program you claim to support the rest of the time.

   ..
Blanc
   ..
Blanc





From jya at pipeline.com  Sat Feb 17 10:20:05 1996
From: jya at pipeline.com (John Young)
Date: Sun, 18 Feb 1996 02:20:05 +0800
Subject: DOG_lyz
Message-ID: <199602171804.NAA13797@pipe1.nyc.pipeline.com>


   2-17-96. TWP:

   "CIA to Retain Right to Use Journalistic Cover."

      DCI John M. Deutch told a forum yesterday that the
      agency maintained the right to use U.S. journalists or
      their organizations as cover for intelligence activities
      but only under restrictive regulations. The staff
      director of the Senate intelligence committee, said the
      panel considers questions about non-official cover to be
      "a great problem" and expects members will want to take
      "a hard look at what extraordinary circumstances led to
      the use of journalistic cover."


   "Ethics On-Line..." [Editorial]


   DOG_lyz













From allyn at allyn.com  Sat Feb 17 10:43:15 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sun, 18 Feb 1996 02:43:15 +0800
Subject: Differnent Sizes of Public PGP Keys
Message-ID: <199602171821.KAA03934@mark.allyn.com>


Hello:

I have been noticing that the sizes of the Public PGP Key Block
on some of your messages are different sizes. 

When I set up my PGP key pair, I selected the largest key size
which was 1024. It then gave me a public key block that look
like this:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzD5t24AAAEEALSR4OvQ9lfGpTjqDsuYgtCtI9eYC82E29VO6tL6cBDNCWc/
KgJiPUvqV3ZSDLEbGy4t3FTDIguKITUxCJwtaMhZyOUFvjP51noFw1lhP3y1GW8J
9sHW+M8eo/F6S5OSUuw6P7yYU2+4cO3lBASFA2aL0JoUIwS2bT+5LqLYocENAAUR
tBxNYXJrIEFsbHluIDxhbGx5bkBhbGx5bi5jb20+
=Q3/s
-----END PGP PUBLIC KEY BLOCK-----

This is only 4 lines and a few characters long.

I have noticed that some others have public keys that are
larger than this. I have noticed one public key that is about
10 lines long.

What is happening here? Are there keys that are bigger than
1024?

I am using the latest PGP that is available from MIT.

Please help!

Thank you!

Mark Allyn
allyn at allyn.com
http://mark.allyn.com
http://clearplastic.com





From tcmay at got.net  Sat Feb 17 10:57:34 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 02:57:34 +0800
Subject: China -- the fragile glimmer of freedom
Message-ID: 


At 12:10 AM 2/16/96, Bryce wrote:
...
>For people who spewed forth hundreds of articles of rants
>when the toothless CDA outlawed lewdity and advice about
>abortion, and for people who bravely and promptly took
>action to protect the free speech of a Holocaust
>denier, the cpunks have been noticeably silent
>about this much more cruel and widespread repression.

>
>Perhaps you think that the compliant Chinese person is
>satisfied with his or her role as lackey of his government?
>Or is it that we and the Asians inhabit such different
>worlds that we will have to make do without each other's
>help?

Well, where are the posts from outraged Cypherpunks living in the People's
Republic of China?

Some countries are so far gone, so deep in the muck of statism, that
nothing their governments do is very surprising.  Ranting about how bad
things are in some country is not very meaningful. Supplying them with
tools is more meaningful. However, given that I know of no list members
living in the PRC, nor even any in soon-to-be-assimilated Hong Kong, I'm
not sure what the point is.

I don't know about others, but I think the focus should be on the folks who
are salvageable, not the billion or so Chinese or the hundreds of millions
of Islamic women awaiting their clitorectomies and bowing toward Mecca for
guidance.

Fact is that 90%+ of all list members are in the United States, and 97%+
are in the so-called "Western world." We have a chance to deploy strong
crypto, the residents of Nepal and Singapore do not.

(By mentioning Singapore, I will get insulting e-mail, as I did last time,
furiously declaring Singapore to be a haven of freedom, free from the
corrupt thoughts of decadent imperialist empires, and secure in the
knowledge that Lee Kuan Yu (sp?) knows what is best for all of his
children.)

But if a branch of Cypherpunks wants to start up in Beijing, I'll send them
some complimentary copies of my "Crypto Anarchist Manifesto" to pass out to
local Party members!

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From mab at crypto.com  Sat Feb 17 11:00:44 1996
From: mab at crypto.com (Matt Blaze)
Date: Sun, 18 Feb 1996 03:00:44 +0800
Subject: DES_ono
In-Reply-To: <199602162252.QAA27785@softserv.tcst.com>
Message-ID: <199602171829.NAA02360@crypto.com>


> John Young writes:
> 
> >   Citing the crypto-expert BSA study noted here by Matt
> >   Blaze, Computerworld of 2-12-96:
> 
> >   "Standard Encryption Vulnerable To Attack. Banking's most
> >   trusted technique for funds transfer questioned."
> 
> So the banker's finally figured out what the NSA told us 14 years ago?
> Great.

Actually, that article concludes that they *haven't* figured it out yet.

The report that the bankers haven't figured out yet, by the way,
is available online at:
  ftp://ftp.research.att.com/dist/mab/keylength.txt  [ASCII text]
or
  ftp://ftp.research.att.com/dist/mab/keylength.ps   [PostScript]

-matt






From tallpaul at pipeline.com  Sat Feb 17 11:01:30 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Sun, 18 Feb 1996 03:01:30 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: <199602171820.NAA12476@pipe11.nyc.pipeline.com>


On Feb 15, 1996 15:17:51, '"Robichaux, Paul E" ' wrote: 
 
 
> 
>Now that all information has a recognizable source, dissidents in China  
>can be arrested, and unacceptable information never makes it into the  
>country. 
> 
>Registering IP addresses of course won't block out thoughtcrime
originating  
>outside China, but unless everyone else adopts the packet signing scheme
you  
>outline the censors will still have to filter incoming material  
>semi-manually. As far as I can tell their government is at least as  
>interested in keeping things in as they are keeping out the Four Horsemen.

> 
 
Assuming this system is estabished, then we would want to modify our
remailers to strip IP packet information as well as normal header, no? 
 
--tallpaul





From jimbell at pacifier.com  Sat Feb 17 11:04:22 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 18 Feb 1996 03:04:22 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 05:56 PM 2/16/96 EDT, E. ALLEN SMITH wrote:
>
>
>>My, my. For a group of people so uspet at taxes you certainly have faith in
>>the ability of private individuals to generate the capital for things like
>>the Manhattan Project and high-cost nuke delivery systems! 
> 
>	Unfortunately, neither of these would take that much. A university with
>competent physics, engineering, and chemistry departments could do the first;
>smuggling could do the second.
>	-Allen

Actually, I have enough background in all these areas, to the point where I 
think if I were given a plutonium "pit," I could probably implement the bomb 
in about 6 months of part-time tinkering.  The main engineering problem 
would be finding/producing two different homogeneous explosives with 
reliably defined/measured detonation velocities, and calculating the shape 
of the "lenses" required to cover the pit, and then machining or casting the 
parts.  (I'd probably also want to simulate the mechanical "impedance match" 
of the chemical explosive to the (dense) plutonium; and as I understand it 
they use the mechanical equivalent of a transformer to do the matching.  
Sorry, but I think in terms of electronics, not mechanics.  Sue me.)


BTW, I think I've already solved the problem of producing a few dozen 
absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
periphery at the lens foci, without using multiple electronic detonators.  
(in fact, a single blasting cap would do nicely.)  "But the margins of this 
book are too small to contain it"  Heh heh!

Jim Bell

jimbell at pacifier.com

Klaatu Burada Nikto

Something is going to happen.              Something....Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSYVWfqHVDBboB2dAQH8KAP+PBsKYf6J94hU1FLMn/vny1IU827srMPz
Hvr7CRuHwPmGKc6VkKwIRBHRZ9adRd9c75HNhi4T+JA/qO1sZX8Qxk+xQUy6Z0pS
fx2HoPBQvEXjqkKpCfWWBKg/sXzu1J0XCmyqM3HXt8Cw0upYsHemQD/x+llDfYRM
GDV+B/Wt8pw=
=vyDu
-----END PGP SIGNATURE-----






From honey at citi.umich.edu  Sat Feb 17 11:28:38 1996
From: honey at citi.umich.edu (peter honeyman)
Date: Sun, 18 Feb 1996 03:28:38 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <9602171909.AA09463@toad.com>


> If the Feds pulled the plug on the backbone, I can see that there
> are a lot of people who would drag UUCP and pathalias out of the
> closet, and the UUCP Mapping Project would live again.

i don't know whether to laugh or cry over the prospect.

	peter





From cea01sig at gold.ac.uk  Sat Feb 17 11:47:43 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Sun, 18 Feb 1996 03:47:43 +0800
Subject: Carrying the Bible an Offense?
In-Reply-To: <199602162012.MAA13658@darkwing.uoregon.edu>
Message-ID: 


Is it not possible in the US jurisdictions to mount private 
prosecutions?  There is a common law right to do so in England.  Indeed, 
before the Crown Prosecution Service was established in 1984 - a fine 
year for bad laws in this country - prosecutions were usually handled by 
the Police, and were in theory private prosecutions.  They are quite 
often started even now by private individuals; and the Attorney General 
has an old statutory authority to take them over or to stop them.  But I 
do remember a number of recent cases of private prosecution for murder.  
None of these, I think, has succeeded:  the reason the CPS refused to get 
involved was because of a lack of good evidence to get cases through the 
committal (grand jury) process.

If this right doesn't exist in American common law, I shall think far 
less of your laws than I have so far.

Sean Gabb
Editor
Free Life.





From gbroiles at darkwing.uoregon.edu  Sat Feb 17 12:30:31 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Sun, 18 Feb 1996 04:30:31 +0800
Subject: Carrying the Bible an Offense?
Message-ID: <199602172010.MAA24896@darkwing.uoregon.edu>


At 07:31 PM 2/17/96 +0000, you wrote:
>Is it not possible in the US jurisdictions to mount private 
>prosecutions?  There is a common law right to do so in England.

I'm not aware of a corresponding right in the US, and am pretty sure that
none exists. The victim of a crime can likely sue civilly for whatever
damages s/he suffered, and can sometimes also recover attorney's fees &
punitive damages (e.g., RICO). But I'm not aware of any procedure by which a
citizen could bring a real criminal prosecution, with the corresponding risk
of incarceration for the defendant, court-appointed counsel for indigent
defendants, and so forth. 

Some statutes (the ones which spring to mind immediately are environmental
statutes) allow private citizens to sue to enforce compliance with the law,
if the government has been given notice of the violation and has failed to
bring its own action for enforcement; but I don't think that those are
criminal prosecutions.

(I think we're wandering away from anything on-topic for C-punks, so further
comments from me on this thread, if any, will likely be in private mail.) 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From cea01sig at gold.ac.uk  Sat Feb 17 12:35:09 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Sun, 18 Feb 1996 04:35:09 +0800
Subject: Computer unmasks Anonymous writer...
In-Reply-To: 
Message-ID: 


I wish I could give more information on this matter than I have, but here 
goes.  In the early 80s, when I was at York Universiy, a friend of mine 
in the Mathematics Department took part in a statistical analysis of the 
Letters of Junius, which appeared anonyously in the Morning Advertiser in 
London in the early 1760s.  They were ascribed to almost every writer of 
the age, from Birke to Gibbon.  Macaulay was convinced on external 
evidence that they were by Philip Francis.  Byu analysing the Letters and 
other writings acknowledged by Francis, my friend assured me that 
Macaulay was right.

I believe that similar tests have been run on works ascribed to 
Shakespeare, though I don't know what conclusions were reached.  It would 
be interesting to be able to write software that could mimic a style.  I 
hope that won't happen, since it would strip me of what small advantage I 
have when writing.

Sean Gabb,
Editor
Free Life.

On Fri, 16 Feb 1996, jim bell wrote:

> At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
> >  I ran my essays through Word grammar checker a while ago,
> >and was surprised how stable the grammar statistics were.
> >Complexity of the text (grade level) was the same to the decimal point,
> >average length of sentences was consistent, etc.
> >People also use the same styles of smileys or *highlights*, make
> >consistent spelling errors, have their habits of indentation, etc.
> 
> What's the next step?  Writing a program which "fakes" somebody's style, right?
> 
> 
> 





From maruishi at netcom.com  Sat Feb 17 12:47:02 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Sun, 18 Feb 1996 04:47:02 +0800
Subject: True random numbers
Message-ID: <199602172002.MAA09152@netcom20.netcom.com>



I was trying to think of a way to come up with true random numbers...
And knowing a bit of UNIX socket TCP/IP programming I made a small little
program that generates random numbers by measuring the mili-second timing ies a TCP packet to bounce back, from another network. 
  My program simply send some data to port 7 (echo port) of a network on an internal list. Then timing it, randomly picks a different network to send to. 

 I was wondering if this would be helpful to anyone for generating random key or whatever.

If you want the source code please post a request or e-mail me. If you think for some reason that using this method is a bad idea, I would like to know.

maruishi at netco.com





From tcmay at got.net  Sat Feb 17 13:14:16 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 05:14:16 +0800
Subject: True random numbers
Message-ID: 


At 8:02 PM 2/17/96, maruishi at netcom.com wrote:
>I was trying to think of a way to come up with true random numbers...
>And knowing a bit of UNIX socket TCP/IP programming I made a small little
>program that generates random numbers by measuring the mili-second timing
>ies a TCP packet to bounce back, from another network.
>  My program simply send some data to port 7 (echo port) of a network on
>an internal list. Then timing it, randomly picks a different network to
>send to.
>
> I was wondering if this would be helpful to anyone for generating random
>key or whatever.
>
>If you want the source code please post a request or e-mail me. If you
>think for some reason that using this method is a bad idea, I would like
>to know.

To paraphrase, anyone who thinks he can get truly random numbers from Unix
boxes and network timing info is living in a state of sin.

More helpfully, I suggest you do several things:

1. Several textbooks discuss the problems implicit in generating
pseudorandom and "pretty random" numbers. Easier to read what others have
thought about than to spend time writing code that is flawed conceptually.

2. The CP list has discussed RNGs many, many,..., many times. Consult the
archives for a sampling.

3. If network and machine timings have to be used, other people have
written programs that do this. I think Matt Blaze's package includes at
least one such program.

4. I'd avoid altogether phrases such as "generates random numbers," unless
your method uses radioactive decay or Johnson noise measurements, for
example, and maybe not even then.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From lwp at conch.aa.msen.com  Sat Feb 17 13:28:06 1996
From: lwp at conch.aa.msen.com (Lou Poppler)
Date: Sun, 18 Feb 1996 05:28:06 +0800
Subject: Using lasers to communicate
In-Reply-To: <199602160803.AAA17730@news1.best.com>
Message-ID: 


} At 10:38 AM 2/14/96 -0500, you wrote:   [i.e. lwp at mail.msen.com == me]
} >
} >Eavesdropping and channel-blocking and physical-location-discovery are 
} >related threats to which most traditional data channels are susceptible.  
[snip]
} >larger mirror.  Then (under computer control) the various small mirrors
} >on the laser table are rapidly inserted and withdrawn from the light beam,
} >causing the laser beam to follow first one path, then another, then another
} >through the (smoky) air -- all to the delight of the audience.
} >
} >This technology could easily be adapted to make a communication channel
} >safer from the various threats of eavesdropping, interruption, and tracing.
} >A single point-to-point channel could be made to follow various paths 
} >having common elements only VERY close to the endpoints.  Better still,
} >a network of more than two nodes could be constructed without needing to
} >provide multiple transceivers at each node (and with possibly multiple 
} >beam paths between each pair).  With known methods of routing and
} >collision avoidance, we could thus not only route around any known opposition
[snip] 

On Fri, 16 Feb 1996 00:03:38 -0800, gw  wrote:

} KNOWN opposition ... hmmm.  you're back to obscurity=security.
} It's always expensive to eavesdrop (tapped any fiber cables in pressure
} jackets recently?) ... 
[snip]

I was also thinking about security by redundancy.  It is fairly 
inexpensive for an opponent simply to cut a fiber run.  The scheme
I'm talking about allows you to provide additional signal paths much more
cheaply than the opponent can interrupt them.

::::::::::::::::::::::::::::::::::::::   "He who buys for price alone is
:: Lou Poppler   ::     [the suits'] lawful prey."
::      http://www.msen.com/~lwp/   ::  
::::::::::::::::::::::::::::::::::::::     --  John Ruskin





From PADGETT at hobbes.orl.mmc.com  Sat Feb 17 14:19:32 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Sun, 18 Feb 1996 06:19:32 +0800
Subject: Credentials ?
Message-ID: <960217165743.20220a2a@hobbes.orl.mmc.com>


Ed rites:
> Even with the manned entrances, the ones with just a
>receptionist/secretary, they seldom check that the picture matches the one
>on the badge, so even if they've invalidated the badge, the receptionist
>will still more than likely let you into the place if you wave your
>keycard/badge around. 

People have *always* been the weak link in spite of the fact that "personal
recognition" is considered best.

Back in the days of high compression engines measured in hundreds of cubic 
inches rather than bottle sizes, everyone who worked at the Cape (Canaveral,
Kennedy, whatever) had a pack of Winstons in the car. The back entrance
was through a drawbridge, a sweeping right turn, and then a short straight
to the guardboxes at the entrance. 

When the bridge was up, a considerable amount of 28 cents/gal Sunoco 260 
waited for the bars to raise. Unleashed, a small block could be wound up
pretty good by the gate. Seems that a pack of Winstons (white rectangle over
red rectangle) at 40+ looked just like a Secret badge.

							Warmly,
								Padgett

ps Tim was correct, believe I *registered* Libertarian that year - do remember
   not getting invited to vote in any primaries.





From declan+ at CMU.EDU  Sat Feb 17 14:19:35 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 18 Feb 1996 06:19:35 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602150552.VAA09945@news1.best.com>
Message-ID: <8l9Ysoa00bkSQ_u5Ft@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 14-Feb-96 Re: Spin Control Alert (LI
.. by jamesd at echeque.com 

> Name this Christian rightist who drafted or defended the CDA!

It wasn't one member of the religious right who supplied the legal
arguments to defend the CDA. Multiple religious righters were involved.
Try Deen Kaplan, John McMickle, and Bruce Taylor, for starters.

McMickle, a protege of Taylor's, *wrote* Sen. Chuck Grassley's
net.indecency legislation. McMickle is a longtime anti-porn activist and
worked in an office shared by the National Law Center, the National
Coalition Against Pornography, and Enough is Enough! McMickle now works
for Grassley.

> The primary anti porn activists involved in the effort to regulate the net
> were Donna Reed, and Marty Rimm, neither of whom are members of the
Christian 

Wrong. You are confusing what Enough is Enough! *purports* to be with
what it really is. I have written in earlier messages how Dee Jepsen
(Donna Rice's boss at Enough is Enough!) is affiliated with Pat
Robertson and other right-wing religious fanatics. (Robertson, the
founder of the Christian Coalition, said in 1993 that separation of
church and state is "a lie of the left," and "there is no such thing in
the Constitution.")

As for Marty, he's *not* an anti-porn activist. He loves porn! He was
used by the anti-porn activists to promote their agenda, and he used
them to promote himself. (If you have *any* evidence that he's an
anti-porn activist himself, I need to see it ASAP. His study was
attached to the DoJ's reply brief in our CDA lawsuit.)

> right, and Bill Arms, who is not only not a member of the Christian right,
> but who in additon is a PC academic.

Wrong. Incredibly wrong. Do you *know* who Bill Arms is? Have you ever
spoken with him, met with him, or debated him? I have. Arms is a former
vice president for computing services at CMU and was in *no* way
involved with the "effort to regulate the net." At best, he was a fall
guy for the censorship attempts here at CMU. (He had already been forced
to resign.)

James, to say anything else is a fantasy. Please tell me how exactly
Arms was involved in this telecom legislation's "effort to regulate the
net." Documentation, please.

> While their campaigns received assistance, encouragement, and free labor
> from the Christian right, it was not the Christian right that enabled these
> people to exercise the disproportionate power and influence that they did.

The media's gullibility allowed the religious right to promote their
agenda. Cyberporn scares play better than arguments about free speech.

> It was not the Christian right that obtained totally undeserved publicity 
> for Rimm's spurious findings.

Wrong. Kaplan was an editor at the Georgetown Law Journal and pushed
through the approval of Rimm's study, bypassing normal channels, which
prompted TIME to run the cover. Kaplan is a vice president at the
National Coalition for Children and Families (with McMickle and Taylor),
formerly called the National Coalition Against Pornography. Oh, and the
NCAP/NCCF folks wrote Rimm's footnotes for his study.

> Rimm's study had connections both with the right and the left, but the real
> question is where the big muscle came from.  If the big muscle came from

Wrong. Rimm's study had only minor connections with the left. Catharine
MacKinnon was the only substantial "left" contact Rimm had, and she has
spoken *against* the CDA! If you know more, please share it with us.

> the Christian right they would have let us know by now, because they always
> tend to exaggerate their influence and power.

Wrong. The big muscle did come from the religious right, but it is *not*
in their interests to advertise it since it would invalidate Rimm's
study even more. (Grassley called Rimm's study, on the Senate floor, an
impartial one by a respected university, not by an advocacy group.)
Since Rimm's study still has legs, the religious right has kept their
mouths shut.

> While the effort to regulate the net had *links* to the Christian right, it
> is simply untrue to say that it was composed of the Christian right, or even
> to say that the Christian right played a significant role in the
effort.  Thei
> r
> role is scarcely visible.  They were minor foot soldiers.

Wrong. James, I'm afraid you just don't know what you're talking about.
The religious right orchestrated and organized the effort. Check out:
     http://www.cs.cmu.edu/~declan/rimm/docs/godwin.3

In that article, Mike writes that Bruce Taylor "continues to spearhead
the attempts to pressure Congress into censoring the Internet" and "in
the long run, one thing has become certain -- that the 'problem' of
pornography on the Net is essentially one that was constructed by Rimm
and the antiporn activists, differing in agendas but united in their
tactics." Mike also has an article in an upcoming Penthouse that will
reveal even more.

I've also written at length about the Rimm study at:
     http://www.cs.cmu.edu/~declan/

-Declan






From sinclai at ecf.toronto.edu  Sat Feb 17 14:32:00 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Sun, 18 Feb 1996 06:32:00 +0800
Subject: Using lasers to communicate
In-Reply-To: <2.2.32.19960217173350.0067d5b4@204.248.40.2>
Message-ID: <96Feb17.170738edt.666@cannon.ecf.toronto.edu>


> >An interception device will stick out like dogs balls.  Whoever wants to tap
> >my line is going to have to build a tower.
> 
> Depends upon how paranoid you want to be.  A small radio-controlled
> helicopter is available cheaply at Radio Shack, and might even be
> capable of holding a receiver, re-transmitter and recorder.


If I wanted to intercept a laser beam I'd spray an aerosol mist
into the beam and look at the scatter.  On a dusty or humid day I
might not need the aerosol.

Why not just encrypt the link?  Then anyone can tap and it doesn't matter.
I'm in the process of building a tightbeam microwave link that can carry
2 Mbps over 50Km.  Anybody got any gunn transceivers they don't need?





From wilcoxb at taussky.cs.colorado.edu  Sat Feb 17 14:34:37 1996
From: wilcoxb at taussky.cs.colorado.edu (Bryce)
Date: Sun, 18 Feb 1996 06:34:37 +0800
Subject: ANNOUNCE (a cypherpunks exclusive!)
Message-ID: <199602171511.IAA09432@taussky.cs.colorado.edu>



-----BEGIN PGP SIGNED MESSAGE-----

I've added a couple of features to BAP (mainly being able to
quote an encrypted message that you are replying to, and a 
command-line interface for script-writers.) and called it 
v1.1 and I'm distributing the 1.1beta at  the Niche  for 
20 cents payable in Mark Twain Bank Ecash.  If you are too
technologically backwards or miserly to pay 20 cents for
this then you can probably convince me to e-mail a copy.


BAP is "Bryce's Easy PGP"-- my own PGP<->Unix programs 
integrator script.  When I set out to write it, my goal was 
to make it easy enough to use that my mother could do so.  
She does now, so I consider it a success!  Here is what some
other people have said about BAP:


   "Great job!  Much better than the hacked sendproc 
    I used to use with MH!"
           - Philip R. Moyer 

   "I've tried competing products and found this to be the 
    cleanest, smoothest and easiest to install.  I have no 
    personal, commercial or financial interest in this 
    product.  It does 'auto-pgp' for pine, elm and tin."
           - Henry W. Farkas 

   "So far, I've been absolutely _thrilled_ with BAP and how
    easily it integrates with both elm and trn.  As you can 
    see, I actually have it running on almost everything 
    I post or email from this site."
           - Alexander Williams 

   "I have just 'bought' copies of your bap_in and bap_out
    software, and I'm just letting you know so that you can 
    add me to your user list.
      You may be interested to know that this is the first 
    thing that I've found worthwhile 'buying' using 
    [cyberbuck trial] ecash since I joined the digicash 
    ecash scheme just after it started.  I've been wanting 
    to incorporate pgp into email (I use elm) for a while 
    now, and your software has enabled me to do so easily.  
    Good on you, keep up the good work."
           - Glen Pringle 



I'm not going to be available to work on BAP for a little
while so all the glaring security holes, uglies, crashing
errors and so forth that come with 1.1b1 are just going to
stay there for a week or two unless someone else fixes them.


People who give me complaints, bug reports and feature 
suggestions have the privilege of being added to the

"Hall of BAP Contributors" .   tag available upon
request.


Oh yeah-- and I've marked down the price of "BAP classic"
(v1.0whatever) to US$0.50 for each piece.  Come and get 'em!

:-)



Bryce


                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b1

iQCVAwUBMSXwNPWZSllhfG25AQGHVQP/e5csq/Kw5yJOrIHLw8eFtNCd4Wa6A5ta
JYZinIMhVpXSaoOwt9Wktu+6F3DKfY8qIMYXIEKWcF6LaUUoqtnP+ul/Ilcgp2ft
xrA2jTjoa4U12oCLYgwxRZHAtV+LGCTWp5qekU9bbj9rdIG1L0TRdcm/LfhEz+4f
xE2EOaoLAyg=
=j7/+
-----END PGP SIGNATURE-----





From maruishi at netcom.com  Sat Feb 17 14:36:46 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Sun, 18 Feb 1996 06:36:46 +0800
Subject: True random numbers
In-Reply-To: 
Message-ID: 



I think you are probably right when you say that it is not truely random.
I don't think I thought about it very much, but this method does produce
a kind of a pseudo random numbers. 
    But I think it would be really hard to simulate this method because
if you send data to a network way out there in Europe then all the 
machines in between can cause the tranmission to slow down or spend up
depending on the type of lines nad CPU load etc...
    There are so many variables that although this may not "random", it
"appears" to have a good engough entropy and I don't think there is a 
cycle or period, at least none that I can notice.

maruishi at netcom.com





From tcmay at got.net  Sat Feb 17 14:48:20 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 06:48:20 +0800
Subject: True random numbers
Message-ID: 


At 10:13 PM 2/17/96, maruishi at netcom.com wrote:
>I think you are probably right when you say that it is not truely random.
>I don't think I thought about it very much, but this method does produce
>a kind of a pseudo random numbers.

Yes, it produces a "kind" of pseudo random number...the problem is
determining which "kind" it is and whether it is sufficient for the planned
use. The Netscape RNG also produced a "kind" of pseudo random number
generator...but it was insufficient, as events showed.

>    But I think it would be really hard to simulate this method because
>if you send data to a network way out there in Europe then all the
>machines in between can cause the tranmission to slow down or spend up
>depending on the type of lines nad CPU load etc...

If by "simulation" you mean "prediction," I agree. I agree that predicting
the next bit in a sequence might be hard. (But "hard" is a slippery term,
and the history of crypto is littered with the corpses of systems that
seemed to be hard but weren't.)

However, even predicting the next bit with 50.0001% accuracy might be
sufficient to reduce the work factor in an attack by many orders of
magnitude.

And some attacks might rely on the overall statistics of the bits, not just
the ability to predict the nth bit.

Again, there's a huge literature on this.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sat Feb 17 14:50:58 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 06:50:58 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: 


At 6:00 PM 2/15/96, Carl Ellison wrote:
>At 12:31 2/15/96, Jon Lasser wrote:
>>How would packets coming into the country be marked / passed on?
>
>Presumably, you'd need a Chinese-approved identity key in order to get
>packets into the country.

Chinese web surfers are tracked by a special "cookie," a la the Netscape
cookie, but with special features. The "Chinese fortune cookie."

(The crypto block managers open your cookies and tell you your fortune.)

Packets are laundered, of course, in a Chinese packet laundry.

Fat Fong say man who write in code get run over by tank.


--Tim May


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From wlkngowl at unix.asb.com  Sat Feb 17 15:21:31 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 07:21:31 +0800
Subject: True random numbers
Message-ID: <199602172254.RAA23828@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

maruishi at netcom.com wrote:
> 
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]

I wouldn't trust the samples taken from networked sources.  You're better
off with a kernel patch that samples from local sources directly like 
disk or keyboard timing variations... such patches already exist, with 
similar drivers developed for DOS and OS/2 systems as well.

Check the archives.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZciyoZzwIn1bdtAQFhJgF+Pu/sPUlHoppfz8ZVp9Fb5vRgERuw+cIL
eabKLlR6wN6Ey+HukIxdWNAVBDuIjDa0
=C8h7
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Sat Feb 17 15:40:05 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 07:40:05 +0800
Subject: Credit cards - Privacy - Unique Situation
Message-ID: <199602172258.RAA23847@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Rick Tait wrote:
> 
> Being a British guy recently moved to the USA, I may be in a unique
> situation in being able to protect my privacy, and I was wondering if
> fellow cypherpunks may be able to give me some hints in being to
> "protect" myself...
> 
> Since my SSN is barely a month old, since I don't yet have a credit card
> over here, since I won't (yet?) be in many of those beloved databases, what
> steps can I take to "hide" myself before it's too late? Too all intents and
> purposes, I have metamorphed from a newborn US baby into an adult,
> overnight. Thus I have an SSN, I pay tax (etc), but I'm not on anyone's
> direct mailing lists.[..]

Depends on how much you're in British databases. I imagine that when
those who desire to track your movements feel the need they'll check
with UK and European sources.

A lot of the databases are already linked up and shared. An acquaintance
from the UK who came here several years ago was able to use his debit
card in local ATMs, for instance.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZdiSoZzwIn1bdtAQERMQF+KW+TYNLJA5GO1VLxonngp0bEHx80OVOn
Y3+dr1f/did4h1VkFsyqpy0a3ZI7hnEe
=KF7W
-----END PGP SIGNATURE-----





From dsmith at midwest.net  Sat Feb 17 15:41:09 1996
From: dsmith at midwest.net (David E. Smith)
Date: Sun, 18 Feb 1996 07:41:09 +0800
Subject: Using lasers to communicate
Message-ID: <2.2.32.19960217230344.006adfa0@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

At 05:07 PM 2/17/96 -0500, cypherpunks at toad wrote:

>> Depends upon how paranoid you want to be.  A small radio-controlled
>> helicopter is available cheaply at Radio Shack, and might even be
>> capable of holding a receiver, re-transmitter and recorder.
>
>If I wanted to intercept a laser beam I'd spray an aerosol mist
>into the beam and look at the scatter.  On a dusty or humid day I
>might not need the aerosol.
>
>Why not just encrypt the link?  Then anyone can tap and it doesn't matter.
>I'm in the process of building a tightbeam microwave link that can carry
>2 Mbps over 50Km.  Anybody got any gunn transceivers they don't need?

If you have a secure link you don't need encryption.  Arguably, the
converse is true; if you have secure encryption you don't need
a secure link.  Isn't the ability to transmit secure data over
insecure channels one of the primary justifications for encryption?

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSZeJjVTwUKWHSsJAQEhswf/Xm1QwUTrBkzYWmbBu0+c4qkBXUfZR1Ck
DEzgpuBMhGV/2YO+654AwEKBMK7u91J/I8mkl6h84UIclrBUydmmh2N0m34qlZRi
4R6KdFR0w80WsvTAcX+qJoACLrf9JsrLq03Y1lytSdVYxax6NWIY+OXOQBf36xCp
aSq5+HYe3498+9QQEho+LpKw3A84bWPYjh5sFBheffgf6mpbsY+Tu3/fhDOESuGc
ZjBLcjNlUtZ9IYnD+dzlAJBH04Lpgigfqjj5ZkGV04Q+jgumO8+HZbE+ymJnhfX7
G4KcPESnkpcK0JaiEVJtiKA5Eh2Ur8J8MUXxou4QY4j44md22v8aZw==
=qyyj
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From declan+ at CMU.EDU  Sat Feb 17 15:54:33 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Sun, 18 Feb 1996 07:54:33 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <01I18USFWHX0A0V2IC@mbcl.rutgers.edu>
Message-ID: 


A lawsuit against the atheist would not be effective and could result in
a countersuit for abuse of process.

-Declan


Excerpts from internet.cypherpunks: 15-Feb-96 Re: Spin Control Alert (LI
.. by "E. ALLEN SMITH"@mbcl.ru 
>         How about a lawsuit by the atheist against the site? Since the CDA
> claims that such material is harmful, and tries to make it illegal, such a
> lawsuit would appear to have grounds - especially if the atheist has a child
> that is "surfing the Net." Now, they're unlikely to _win_, but the atheist
> can cost them some money _and_ make the CDA look stupid. If I were in the
> American Atheist Foundation or some such, I'd do such a lawsuit against a
> Christian Right organization that had supported the CDA.
>         Of course, the selective enforcement will be a good argument in favor
> of the law being unconstitutional.
>         Crypto relevance? Criminal laws aren't the only things that a
> crypto-anarchial system will make less effective. Civil lawsuits
(under things
>  
> like libel) also will be. I'd call this a good change.







From wlkngowl at unix.asb.com  Sat Feb 17 15:55:50 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 07:55:50 +0800
Subject: Risks of a style anonymizer?
Message-ID: <199602172305.SAA23887@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

One risk of "style anonymizers", though: if the style becomes too generic
it's just another levelling of readability.  Usenet and mailing lists can
become that much more boring, if not stupidified with too many spelling
erros and grammatical abuses.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZfQyoZzwIn1bdtAQF47QGAkP5+ti0j6KyJg8KY1ei1dF9Yz8FAnz4b
EjB4r6nMXDW2wBG7ZnpFkX1YO6Aezmte
=vrAk
-----END PGP SIGNATURE-----





From jamesd at echeque.com  Sat Feb 17 16:05:27 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sun, 18 Feb 1996 08:05:27 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602172323.PAA01754@blob.best.net>


jamesd at echeque.com said:
>
>j> 1.  President Clinton declared CDA unconstitutional and directed
>j> the Justice department to refrain from enforcing it.

At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
>	Then why is the Justice Department defending it? 

Sorry:  My error.  As you pointed out he ruled *part* of the
CDA unconstitutional -- a part that no one expected to be
enforced anyway
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From anonymous-remailer at shell.portal.com  Sat Feb 17 16:11:27 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Sun, 18 Feb 1996 08:11:27 +0800
Subject: CyberManicheans (was Re: CyberAngels)
Message-ID: <199602172335.PAA06490@jobe.shell.portal.com>


"declan+ at CMU.EDU" or someone using that identity has written:

  I fear the so-called "CyberAngels" more than I do the Feds.
  At least with their brand of jackboots, there can be
  accountability.

  The CyberAngels are more like CyberCads, CyberFrauds, or   CyberCriminals.

Cyber-vigilantes?

Odd that their home page has a blue-ribbon.  They don't seem to
understand what the hell they are doing... it's not a requirement
that ISPs require online presence to be verifiable anyway.

Even if you're ISP operator knows who you are, it doesn't follow
that it's definitely YOUR presence in a usenet post or on IRC.
There's plenty of semi-anonymity on the net without using things
like remailers or "decense" protocols or DC-Nets.

Under their logic, we should all have little bar codes implanted
in our skulls and checked at every street crossing and doorway.

There's also a difference between rudeness and criminal activity.

Anonymity isn't a cause of crime.  It's icing on the cake, and
criminals will find a variety of other ways around validated
User-ID at the ISP level anyway.... which lulls one to a false
sense of security, since once you're got a legitimate-appearing
ID for your ISP, you can do quickie hit-and-run "cybercrimes"
and fall off the face of the earth anyway.

There's just so much an ISP or even a clerk at a department store
can do to verify your identity.  One store I know doesn't accept
checks from Post Boxes, believing that they are all-too-often
used for fraud... but a street address from a fly-by-night mail
box rental is undetectable by them.

The Cyber Angels are just as clueless as the authors of the
CDA.

Cheers,
[***CENSORED***]









From liberty at gate.net  Sat Feb 17 16:22:07 1996
From: liberty at gate.net (Jim Ray)
Date: Sun, 18 Feb 1996 08:22:07 +0800
Subject: China -- the fragile glimmer of freedom
Message-ID: <199602172346.SAA50832@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

[Warning! This post is not primarily about "writing code." Instead,
it's about cypherpunks "spreading crypto."]

Tim May [& usually I agree with him] wrote:

>At 12:10 AM 2/16/96, Bryce wrote:
>...



>>Perhaps you think that the compliant Chinese person is
>>satisfied with his or her role as lackey of his government?
>>Or is it that we and the Asians inhabit such different
>>worlds that we will have to make do without each other's
>>help?
>
>Well, where are the posts from outraged Cypherpunks living in the People's
>Republic of China?

Obviously, there aren't any. (Being an outraged cypherpunk in the PRC
would no-doubt be harmful to the outraged cypherpunk's health.)

>Some countries are so far gone, so deep in the muck of statism, that
>nothing their governments do is very surprising.  Ranting about how bad
>things are in some country is not very meaningful. Supplying them with
>tools is more meaningful. However, given that I know of no list members
>living in the PRC, nor even any in soon-to-be-assimilated Hong Kong, I'm
>not sure what the point is.

I think that the goal here is to try to generate just one small group of
cypherpunks in Hong Kong, who plan to stay on after the occupation. They
will necessarily be very brave people, but IMO brave people _are_ there.
I won't say bravery of that sort is common, but there are many people
in China, and we all remember the guy who stood there in front of the
tank...IMO remailer technology transfers will be _at least_ as important
to this [admittedly ambitious] goal as direct crypto transfers are, as
traffic-analysis is _VERY useful_ to the surveilance state. When the
"remailer-in-a-box" is finished by a friend of mine "Real Soon Now" (tm)
I hope that the directions to it are translated and that it is widely
distributed [legally, of course]. ;)

>I don't know about others, but I think the focus should be on the folks who
>are salvageable, not the billion or so Chinese or the hundreds of millions
>of Islamic women awaiting their clitorectomies and bowing toward Mecca for
>guidance.

Tim, you're giving up too quickly on most of the rest of the planet.
As long as repression ever works somewhere, statists will attempt to
(selectively) use annoying examples of how "orderly" it makes life.

It's a one-way ratchet: When a moron bombs a building here, the US
politicians cancel a repeal of the "assault weapons" ban. When some
moron plants a bomb in London (or Paris) their politicians' reaction
is not exactly the reverse...

>Fact is that 90%+ of all list members are in the United States, and 97%+
>are in the so-called "Western world." We have a chance to deploy strong
>crypto, the residents of Nepal and Singapore do not.

I think that these statistics are likely correct, but I think it's not
important, and we can't just give up this easily...We already know that
China will be swallowing Hong Kong, a haven of capitalism, and IMHO we
should work to make this process as "interesting" as possible. Anonymity
is likely to upset the Chinese authorities as much as it upset the CO$.

I know nobody in Hong Kong who will be staying, but I'm sure that some
people on this list do, and Hong Kong is likely to be a better place for
us to "infiltrate" than Beijing. Time is short, but if the fax machine
gave us Tienanmen(sp?) I am optimistic about e-mail. Singapore residents
(at least, those with a hankering for chewing-gum) might feel they have
a reason to help us, if we simply try to be polite when we ask for help
in putting together a good-looking Trojan Horse.
JMR [who is even now preparing for the flames.]



- ------------------------------------------------------------------------
Regards, Jim Ray  Boycott espionage-enabled software!

"If I had to summarize [Republican candidate Morry] Taylor's campaign
 message, I'd boil it down to two basic points:
1. The problem with this country is that the government is run by lawyers.
2. And these are *stupid* lawyers."  --  Dave Barry 2/17/96
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMSZoUG1lp8bpvW01AQGsrAP/QdUrjiSoZ5avWu7MvdNDS5BMhv/WJecR
MTbgwrAbrKa9TTw+kFifzdiMeJtldmwSyhAvskshfLHWtAl/RjWm7+Et6NcJeeZV
nDoAljQNmU+xDM0jPGSu4PvkxNxndqbd3TiDOkfYtjLO16T+yA31j16RPiqjnG4C
YWbM6iCvTJw=
=Sq8a
-----END PGP SIGNATURE-----






From anonymous-remailer at shell.portal.com  Sat Feb 17 16:23:49 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Sun, 18 Feb 1996 08:23:49 +0800
Subject: CyberManicheans (was Re: CyberAngels)
Message-ID: <199602172345.PAA07005@jobe.shell.portal.com>


"declan+ at CMU.EDU" or someone using that identity has written:

  I fear the so-called "CyberAngels" more than I do the Feds.
  At least with their brand of jackboots, there can be
  accountability.

  The CyberAngels are more like CyberCads, CyberFrauds, or   CyberCriminals.

Cyber-vigilantes?

Odd that their home page has a blue-ribbon.  They don't seem to
understand what the hell they are doing... it's not a requirement
that ISPs require online presence to be verifiable anyway.

Even if you're ISP operator knows who you are, it doesn't follow
that it's definitely YOUR presence in a usenet post or on IRC.
There's plenty of semi-anonymity on the net without using things
like remailers or "decense" protocols or DC-Nets.

Under their logic, we should all have little bar codes implanted
in our skulls and checked at every street crossing and doorway.

There's also a difference between rudeness and criminal activity.

Anonymity isn't a cause of crime.  It's icing on the cake, and
criminals will find a variety of other ways around validated
User-ID at the ISP level anyway.... which lulls one to a false
sense of security, since once you're got a legitimate-appearing
ID for your ISP, you can do quickie hit-and-run "cybercrimes"
and fall off the face of the earth anyway.

There's just so much an ISP or even a clerk at a department store
can do to verify your identity.  One store I know doesn't accept
checks from Post Boxes, believing that they are all-too-often
used for fraud... but a street address from a fly-by-night mail
box rental is undetectable by them.

The Cyber Angels are just as clueless as the authors of the
CDA.

Cheers,
[***CENSORED***]









From farber at central.cis.upenn.edu  Sat Feb 17 16:37:58 1996
From: farber at central.cis.upenn.edu (Dave Farber)
Date: Sun, 18 Feb 1996 08:37:58 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960217235252.00ce4398@linc.cis.upenn.edu>


The President can not rule anything unconstitutional. He can tell justice
not to enforce it but sometime local federal prosecutors do what they want
and some future administration can decide to enforce it. Only the courts or
the congress can change things for sure.

Dave

At 03:20 PM 2/17/96 -0800, jamesd at echeque.com wrote:
>jamesd at echeque.com said:
>>
>>j> 1.  President Clinton declared CDA unconstitutional and directed
>>j> the Justice department to refrain from enforcing it.
>
>At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
>>	Then why is the Justice Department defending it? 
>
>Sorry:  My error.  As you pointed out he ruled *part* of the
>CDA unconstitutional -- a part that no one expected to be
>enforced anyway
> ---------------------------------------------------------------------
>              				|  
>We have the right to defend ourselves	|   http://www.jim.com/jamesd/
>and our property, because of the kind	|  
>of animals that we are. True law	|   James A. Donald
>derives from this right, not from the	|  
>arbitrary power of the state.		|   jamesd at echeque.com
>
>
>






From tallpaul at pipeline.com  Sat Feb 17 16:39:54 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Sun, 18 Feb 1996 08:39:54 +0800
Subject: Libertarians and crypto and such
Message-ID: <199602180001.TAA03070@pipe9.nyc.pipeline.com>


On Feb 16, 1996 23:06:27, 'Bruce Baugh ' wrote: 
 
 
>At 12:43 AM 2/17/96 -0500, tallpaul wrote: 
> 
>>While the LP or its majority may not call for the things I've critiqued, 
>>certainly libertarians have. Nor, as far as I can recall, have LPers 
>>repeatedly posted to the cypherpunk list material that is on-the-surface
at 
>>least significantly off-topic; libertarians have. And I responded.  
> 
>So you get the fun of attacking this straw man called "libertarians"
without 
>any responsibility to identify any actual people it might include other
than 
>a handful of folks that the vast majority of us think are kooks. And
you've 
>also acquired the remarkable mental power, apparently, to discern who is
or 
>is not an LP member based on their posts here. 
> 
 
Libertarians are not "straw men." They actually exist. I've seen them with
my own eyes. 
 
If B. Baugh is upset that I have not mentioned any of the other
libertarians (olf the cypherpunk list) that I have criticized, I would be
happy to re-post to the list all of the related messages in other news
groups on this topic listing their names. My "sent mail" archives contain a
few thousand messages. (Aside to T.C. May: this is sarcasm and rhetorical
hyperbole.) 
 
The vast majority of the libertarians on the cypherpunk list *might* think
that the people I've criticized are "kooks" but I can find no evidence of
this. I do note that some people who call themselves "libertarians" have so
criticized the "kooks." 
 
The second point is, I think, either an error in logic. I have written
nothing about my ability to tell what political party someone belongs or
does not belong to. I infer that when someone tells me they are a member of
the LP, CPUSA, SPUSA, etc. that they are, until evidence dictates another
conclusion. If someone is a party member and decides not to make the
material public, then they, not I, are responsible for any transient
confusion that develops. But I do not demand or expect people to
automatically list their party affiliation. I do note that the declared
ability to "discern" unannounced party membership has historically been far
more a rightwing then leftwing "ability" in the U.S.A. 
 
>Neat tricks. 
> 
>But until they're joined with a willingness to look at a wider range of 
>libertarian posts than the fragment that feeds your pet peeves, I reserve 
>the right to be impressed. 
 
Again, these seems to reflect your ability to reach conclusions about other
people's behavior based on no evidence. I have read numerous posts by
libertarians on the net; who has not! 
 
The issues I have responded to have usually centered on thigs like the mass
killings of civilians, murder, and hatred of other people based on issues
like race, ethnicity, nationality, and/or religion. 
 
You may consider these nothing more than my "pet peeves." This is your
right. But in an era of increasing global hatred over such issues I do not
think many would agree with your accessment of the relative weight of these
issues. 
 
You need not be impressed; I was not posting to impress you. 
 
> 
>And yes, this is off-topic. So this is all I have to say about it. 
> 
 
I think then that you posted one message too many. 
 
--tallpaul





From nobody at REPLAY.COM  Sat Feb 17 16:42:57 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sun, 18 Feb 1996 08:42:57 +0800
Subject: Patents suck
Message-ID: <199602180006.BAA22725@utopia.hacktic.nl>


Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
> Man's survival tool is his mind.
> 
> Patents and copyright are establishing the ownership and protection
> the result of the exercise of his survival tool.
> 
> Therefore they are good.
> 
> To try to eliminate them is equivalent to promote slavery.

I take some disagreement with that.

With patents, there is a problem of large companies owning them yet
doing nothing with them except suing other companies or individuals.
For example, look at arithmetic coding: there are many patents owned
on it, yet a lot of software using this means of compression may be in
violation of the patents... are the patent-owners publishing software
or makingh efforts to license it widely?  If anything, such patents
are getting in the way of using many algorithms.

Patents would be better if there was a good-faith attempt on the
part of the holder to "use it or lose it".  Somebody sitting on a
patent and doing nothing with it deserves to lose it after a number
of years.








From rishab at best.com  Sat Feb 17 16:51:33 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Sun, 18 Feb 1996 08:51:33 +0800
Subject: Indian datacom freed?
Message-ID: <199602162339.PAA24210@shellx.best.com>


The Indian Techonomist: bulletin
Copyright (C) 1996 Rishab Aiyer Ghosh. All rights reserved

Indian datacom freed?
   by Rishab Aiyer Ghosh

February 16: Today, in a "brainstorming" session to discuss
the new datacom policy proposed by The Indian Techonomist,
the Department of Telecommunications indicated its
enthusiasm for a free datacom environment in India. As no
official decision has yet been taken, I cannot make the
details public for the moment. There is one exception: the
Telecom Secretary (and Chairman, Telecom Commission) R K
Takkar has made it quite clear that content providers in
cyberspace will receive all the free-speech protections
available to other media. 

Mr Takkar said that existing laws for obscenity and national 
security were enough for the Internet, and in any case were 
not the concern of the DoT. Mr Takkar said that there was no 
need to licence on-line content providers, and indicated that 
Internet service providers would not be responsible for illegal 
content, apparently implying common carrier status for ISPs.

The other parts of the proposal, relating to low entry
barriers for ISPs and free competition met with a largely
positive response. The full text of the proposal is now
available at http://dxm.org/techonomist/news/newdcom.html

Apart from Mr Takkar and myself, present at the meeting were
Telecom Commission Members P Saran and P Khan, as well as
some other senior DoT staff.

I would like to thank Vinton Cerf and Lawrence Landweber for
the support given by the Internet Society to the proposal.

The Indian Techonomist: bulletin. http://dxm.org/techonomist/
Copyright (C) 1996 Rishab Aiyer Ghosh (rishab at techonomist.dxm.org)
Tel +91 11 6853410; Fax 6856992; H-34-C Saket New Delhi 110017 INDIA
May be distributed electronically provided that this notice is attached





From nobody at REPLAY.COM  Sat Feb 17 16:53:00 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sun, 18 Feb 1996 08:53:00 +0800
Subject: Cybercrooks
Message-ID: <199602162322.AAA03497@utopia.hacktic.nl>


The Dream of the Internet Becomes Worst Nightmare


Manhasset, N.Y., Feb. 16 -- Technology managers, who
dreamed of the Internet as a new business tool and
championed their cause to senior management, are waking
up to nightmares of security gone awry, reports CMP's
InformationWeek in its February 19 issue.

"The incidence of cybercrook attacks to mine or sabotage
a company's information resources is rising rapidly,"
states Bob Violino, editor-at-large of InformationWeek.
"What is especially alarming is that despite the fact
that companies like Rockwell International and Merrill
Lynch and various government agencies employ the latest
firewall and encryption technology available, they are
experiencing security breaches on a regular basis."

Business users have been particularly skittish about the
Internet since last September, when two computer science
students at the University of California at Berkeley
cracked the public-key encryption code used by Netscape
Communications Corp.'s popular browser software.

"There are more experts than ever in the intruder
community who know the infrastructure of the Internet,"
explains Cathy Fithen, CERT's team leader of strategic
incident response.  "In the past we saw people breaking
into systems using passwords.  Now they look for flaws to
exploit involving networking protocols and source codes
for operating systems."

The fear of invasion is well founded, according to
federal law enforcement agencies, which have stepped up
their investigations of online intrusions.  "We're aware
that this is a serious problem for any industry using the
Internet," says Jim Freeman, special agent in charge of
the FBI's San Francisco office.

"Salvation from the government, or from vendors with new
security products, seems unlikely," says Violino.
"History shows that as soon as new security tools are
developed, hackers learn to crack them.  And while not
every company possesses trade secrets, security is still
a must for everyone in business.  For now, at least,
absolute security is one thing the Net can't offer."

But, companies are so focused on Internet intrusions from
outsiders that they often fail to consider the
possibility of an inside hacker.  According to John
Reinke, chief information security architect at Merrill
Lynch & Co., Inc. in New York, "There is no modern large
organization that I now of that does internal firewalls."

At Bell Laboratories, where an internal network links
some 300,000 host computers around the world, security is
a constant concern. "We're bigger than the entire
Internet was in the late 1980s," says Bill Cheswick,
technical staff manager at the labs' computer science
research department in Murray Hill, N.J.  "Our firewall
keeps the bad guys out but you can't say there aren't bad
guys inside the company."

--













From warlord at MIT.EDU  Sat Feb 17 17:27:34 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Sun, 18 Feb 1996 09:27:34 +0800
Subject: Differnent Sizes of Public PGP Keys
In-Reply-To: <199602171821.KAA03934@mark.allyn.com>
Message-ID: <199602180102.UAA17980@toxicwaste.media.mit.edu>


Key certificates also include signatures.  If you have many signatures
on your key, your key certificate can get very big.  For example, mine
is about 10k or more (I haven't checked recently) with all the
signature intact.

As for keysize, you can generate keys as large as 2048 bits with PGP
2.6.2; you just need to type "2048" when it asks you for a keysize.
Alternatively, you can type in any keysize you wish to use, rather
than using the default sizes.

I hope this helps.

-derek





From iang at cs.berkeley.edu  Sat Feb 17 17:33:26 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Sun, 18 Feb 1996 09:33:26 +0800
Subject: Berkeley ftp site moved again?
Message-ID: <199602180108.UAA24273@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

s1018954 at aix2.uottawa.ca wrote:
> 
> I've been unable to get through to ftp.csua.berkeley.edu
> and www.csua.berkeley.edu for the past two days.
> 
> Does anyone know if the site (and the cpunk archives with it)
> has moved or if it's just down? (I'd mail root, but what's the
> point if the machine's down?)
> 
> Sorry if I've missed this being mentioned before.

It's just down.

   - Ian
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZ7+SoZzwIn1bdtAQE74QF+LpQ4ArMpxZXxCF0HjKDkoa2oW8vMGUgP
igMRtrhpScWkQOuAcXWun4/T+2hIHxCk
=dKmJ
-----END PGP SIGNATURE-----





From erc at dal1820.computek.net  Sat Feb 17 17:36:15 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 18 Feb 1996 09:36:15 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Sat, 17 Feb 1996, jim bell wrote:

> BTW, I think I've already solved the problem of producing a few dozen 
> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
> periphery at the lens foci, without using multiple electronic detonators.  
> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
> book are too small to contain it"  Heh heh!

Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
more complicated method, but the idea was correct.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From iang at cs.berkeley.edu  Sat Feb 17 17:51:33 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Sun, 18 Feb 1996 09:51:33 +0800
Subject: Text of personal use exemption
Message-ID: <199602180126.UAA24366@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Michael Froomkin wrote:
> 
> http://www.law.miami.edu/~froomkin/personal-use.txt
> 
Interesting.  Note, however, the following proviso (123.27(a)(1)):

   (1) The software product(s) are to be used only on a simultaneously
temporarily exported Category XIII(b)(1) hardware product or a
simultaneously exported item on the Commerce Control List (CCL)

This seems to say a couple of things:

o I can't bring my copy of PGP or kerberos with me on a floppy,
  intending to use it abroad on a conveniently available computer; I must
  bring a computer with me.

o The computer I bring with me must be a Category XIII(b)(1) hardware
  product; that is, something that is illegal to export (now, except
  for personal use), or be on the CCL.

That second one seems weird.  Does the CCL have things like normal portable
computers on it?  Otherwise, this exemption seems pretty useless...

   - Ian
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSaALCoZzwIn1bdtAQHakAF+Lu9NxtqTvIobwT8epPPK/aWP38ldAO1m
zJpcRffvIUmcKjB+U+A2OxAnSFRGd6r7
=cvI8
-----END PGP SIGNATURE-----





From mianigand at unique.outlook.net  Sat Feb 17 18:06:56 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Sun, 18 Feb 1996 10:06:56 +0800
Subject: Remailers Pose Risk
Message-ID: <199602180141.TAA05719@unique.outlook.net>


>    Computerworld, February 12, 1996, Front page:
>    "Anonymous remailers have a lot of nasty potential," said
>    Stephen T. Kent, chief scientist for security technology at

>So do kitchen knives or automobiles.

So do brain-dead journalists and "security experts".  Oops, take that back, no 
probability involved, they are nasty problems.

[..]

>    One snowy day last month, for example, about 25% of the
>    workforce at a defense contractor in Rockville, Md., went
>    home after they received a bogus E-mail message dismissing
>    them for the day. The message originated from an anonymous
>    remailer that allowed the user to impersonate a senior
>    company official.

:Was that a remailer or simply forged mail?

How long have people been bitching about putting digital signatures on stuff 
like that.  If it was signed, it could of been verified if indeed it was legit 
or not.

Irregardless of where it came from, anybody stupid enough to believe everything 
they read, without checking out it's validity, deserves what they get.

[..]
>    "As in the case of smallpox, yellow fever, flu epidemics,
>    AIDS or malaria, it will take disasters before the public
>    may accept that some forms of restrictions on the
>    electronic freedom of speech and  that  privacy may be
>    worthwhile."FNORD!

What?? like anonymous electronic media spreads the disease somehow.  To the 
person who wrote the article, you have proved beond a shadow of a doubt that 
you are dense as a brick.  Wrong type of virus, you mean the other kind.

>    Do's and don'tsAhem
>    Unethical or illegal uses of anonymous remailers:[..]
>    -  To violate copyright laws ... Scientology...
>    -  To encourage others to commit unethical or illegal
>       behavior

Oh Boo Hoo, the moral decay of society, that is your problem shithead, not 
mine, some of us survive no matter what happens to the rest of you.
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From mianigand at unique.outlook.net  Sat Feb 17 18:09:53 1996
From: mianigand at unique.outlook.net (Michael Peponis)
Date: Sun, 18 Feb 1996 10:09:53 +0800
Subject: Legal status of Indian Reservations and CDA
Message-ID: <199602180141.TAA05716@unique.outlook.net>


If I remember correctly, are not American Indian reservations considered 
qusi-sovergin states under the law?

If this is true, what would stop me from negotiating with some tribe to 
establish an ISP on the reservation and then placing whatever material I wanted 
on that site without fear of reprisals from the US goverment.

After all, if they are a soveign state, decency is covered by whatever laws 
they have, if any, not the CDA.

If this is true, the Indians get the benift of having state-of-the-art 
telecommunications in thier communities, plus residual job creation, and 
everyone else gets freedom of speech.

Any comments?
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger





From tcmay at got.net  Sat Feb 17 18:22:29 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 10:22:29 +0800
Subject: Legal status of Indian Reservations and CDA
Message-ID: 


At 6:03 PM 2/17/96, Michael Peponis wrote:
>If I remember correctly, are not American Indian reservations considered
>qusi-sovergin states under the law?
>
>If this is true, what would stop me from negotiating with some tribe to
>establish an ISP on the reservation and then placing whatever material I
>wanted
>on that site without fear of reprisals from the US goverment.
>
>After all, if they are a soveign state, decency is covered by whatever laws
>they have, if any, not the CDA.
>
>If this is true, the Indians get the benift of having state-of-the-art
>telecommunications in thier communities, plus residual job creation, and
>everyone else gets freedom of speech.

"Bingo."

Actually, not. Despite the Indian bingo parlors, look at what is lacking in
this model: brothels, money-laundering banks, hash parlors, etc. (Not that
there aren't whorehouses operating semi-openly on Indian lands, as
elsewhere, just that the fiction that Indian reservations are
quasi-sovereign is just that, a fiction. Recall the case of Native American
uses of peyote.)

Of course, this fiction of sovereignty has been useful for the intelligence
community when they wanted it: Wackenhut and related CIA companies used the
Cabazon Band of Indians lands near Indio, California to develop products
that are illegal to develop in the nominal United States...despite being
less than a mile from the main freeway linking LA and Palm Springs.

And I was told that certain microwave (Long Lines?) lines were deliberately
routed through Indian reservations, allowing NSA-GCHQ monitoring without
violating the "no domestic interception" fiction.

So, it might be possible to eventually push through an exemption to the CDA
that is somewhat analogous to the way some Indian reservations can have
gambling facilities that are otherwise forbidden, but I expect the court
battle would be a long one, and would need big money to pursue. (Gambling
got pushed through for obvious financial reasons, and perhaps because of
some judicious payoffs to local officials, courts, etc. Yet another
convenient fiction.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From sharris at fox.nstn.ca  Sat Feb 17 18:47:16 1996
From: sharris at fox.nstn.ca (Sandy Harris)
Date: Sun, 18 Feb 1996 10:47:16 +0800
Subject: True random numbers
Message-ID: <86934.sharris@fox.nstn.ca>


Deranged Mutant   wrote:

>maruishi at netcom.com wrote:
>> 
>> I was trying to think of a way to come up with true random numbers...
>> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]
>
>I wouldn't trust the samples taken from networked sources.

Me neither, in general.

A possible exception: I wonder if the checksums on Ethernet or IP
packets use a reasonably strong CRC algorithm. If so, they might be
a decent source of randomness in an environment where you could be
sure the Black Hats couldn't see them. e.g. using only packets from
your own LAN, suitably protected by firewall & good administration.
 
>You're better
>off with a kernel patch that samples from local sources directly like 
>disk or keyboard timing variations... such patches already exist, with 
>similar drivers developed for DOS and OS/2 systems as well.

I'd be more inclined to hash the kernel's internal tables, e.g. process
& file descriptor tables. These should vary quite a lot & if the enemy
can see them, random number quality is the least of your worries.

RFC 1750 is a good reference on this problem.
 --
 Sandy Harris
 sharris at fox.nstn.ca





From tcmay at got.net  Sat Feb 17 19:10:11 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 11:10:11 +0800
Subject: Privacy and Information Disclosure
Message-ID: 


At 9:57 PM 2/17/96, "A. Padgett Peterson P.E. Information Security"

>ps Tim was correct, believe I *registered* Libertarian that year - do remember
>   not getting invited to vote in any primaries.

Thanks for confirming/acknowledging this.

The larger point, not directed at Padgett is this: people voluntarily
reveal information about themselves, get themselves placed on mailing lists
for like-minded people (such as this list, or the Rose Growers of Alberta
list, etc.), etc., and then they complain that others are compiling data on
them!

The classic example is borrowing money, whether via a credit card (you did
know you're borrowing, didn't you?) or for a conventional bank loan. Most
people who borrow money and then repay the money _want_ this to be known to
other potential lenders...this is what a "credit rating" is all about. Of
course, those who borrow money and then don't repay it are anxious not to
have others know about this situation!

If you don't want to be on a Libertarian Party mailing list, don't register
officially as an LP member. If you don't want a record with the credit card
companies, don't use their credit cards. If you don't want to be a list of
people who buy sexual devices, don't buy them through the mail (or use
money orders, mail drops, etc.). And so on.

What I can't imagine anyone on this list wanting (though apparently some
percentage do want them) are laws which give the illusion of enhancing
privacy by taking away the rights of others. I say "illusion" because The
Ones Who Really Matter will still have the goods on you.

(The Lotus CD-ROM of addresses being the canonical example of this. It was
hailed as a great victory that "the Net" rallied to get Lotus to abandon
plans to sell this CD-ROM to me and thee, where in actuality it just meant
that the sales remained to direct marketers, law enforcement, and the like.
But the Ostrich Syndrome prevailed.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From WlkngOwl at UNiX.asb.com  Sat Feb 17 19:20:31 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 11:20:31 +0800
Subject: Remailers Pose Risk
Message-ID: <199602180259.VAA06534@UNiX.asb.com>


Pitty the author of that article won't see replies to it on the list.

> From:          "Michael Peponis" 
> To:            cypherpunks at toad.com, wlkngowl at unix.asb.com
> Date:          Sat, 17 Feb 1996 18:03:09 +0000
> Subject:       Re: Remailers Pose Risk
[..]
> Oh Boo Hoo, the moral decay of society, that is your problem shithead, not 
> mine, some of us survive no matter what happens to the rest of you.
> Regards,
> Michael Peponis
> PGP Key Avalible form MIT Key Server,or via finger
 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From jis at mit.edu  Sat Feb 17 19:37:54 1996
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Sun, 18 Feb 1996 11:37:54 +0800
Subject: MIT Keyserver (at pgp@pgp.mit.edu) Mostly Operational
Message-ID: <9602180318.AA22007@big-screw>


(A copy of this message has also been posted to the following newsgroups:
alt.security.pgp)

-----BEGIN PGP SIGNED MESSAGE-----

The keyserver running at pgp at pgp.mit.edu is once again operational. It is
using new keyserver software. The old keyserver software was a collection
of perl scripts that invoked PGP to do its key management. The new server
is written in "C" and does its own key management, complete with appropriate
indices.

Not all email commands are implemented. However "GET", "ADD" and "INDEX" (when
given an argument to look for) do work. Response is immediate (plus or minus
e-mail delays).

The best on-line way to use the keyserver is via the World Wide Web at:

   http://bs.mit.edu:8001/pks-toplev.html

Enjoy.

                                  -Jeff



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSaaCcUtR20Nv5BtAQF76wQAmsuF4t43zIaNjW1lZS9fhYr/3UjIHqVT
V3jMSJ5W3gsEWkHzigP2VY5tfduiC4oQJOaGaHFSSI6jkhEFTpjOvVMIe6ye/GKh
pqiXNm/wBef4EFQ+NqKjPc/TW28odVGR50A5kneI/tyOjAYrFzetakOUlBeq+Qrv
1e4OamD65fo=
=FyXc
-----END PGP SIGNATURE-----





From sinclai at ecf.toronto.edu  Sat Feb 17 20:04:47 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Sun, 18 Feb 1996 12:04:47 +0800
Subject: Using lasers to communicate
In-Reply-To: <2.2.32.19960217230344.006adfa0@204.248.40.2>
Message-ID: <96Feb17.224435edt.950@cannon.ecf.toronto.edu>


> If you have a secure link you don't need encryption.  Arguably, the
> converse is true; if you have secure encryption you don't need
> a secure link.  Isn't the ability to transmit secure data over
> insecure channels one of the primary justifications for encryption?
> 

Of course.  My point, though I seem to have failed to state it,
is that encryption is a cheap software thing while laser beams
are expensive, complicated, and still not secure.






From wlkngowl at unix.asb.com  Sat Feb 17 20:25:06 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 12:25:06 +0800
Subject: True democracy in America.
Message-ID: <199602162006.PAA17743@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Michael Peponis wrote:
> In my opinion, only the most basic of services, trash collection, road
> maintenance, education (decided upon experts, not just people with opinions.
> I don't claime to be an expert on history, so why should I have a say on how it
> is tought, I have no expertise in that area).

An off-topic quickie rant regarding "essential services" and 
"qualification"... I notice in the current tax-cutting climate (at least 
in the US) that people who resent it when garbage collectors, janitors, 
teachers, train conductors, etc. are making a "decent" wage because they 
have to pay the taxes and fees (private as well as public) for these 
services.  They seem to view the fact that they have a college degree 
makes them more entitled to a reasonable standard of living than a 
high-school drop-out...

Yet in terms of supply and demand economics, perhaps garbage collectors 
etc. deserve to be paid more than accountants and salesmen...

This has nothing to do with cypherpunks or himalayan hackers in hot tubs, 
so back to the usual data trash.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSTjqCoZzwIn1bdtAQHcmwF+LJjO9Q+6GAKVPmWyfKGOiKvPfv3/9DiY
qqNhHIIUL1AH6wzq1ccTUg1i+dg+MMH7
=pIUZ
-----END PGP SIGNATURE-----





From sophi at best.com  Sat Feb 17 20:26:15 1996
From: sophi at best.com (Greg Kucharo)
Date: Sun, 18 Feb 1996 12:26:15 +0800
Subject: Indian Reservations
Message-ID: <312698F2.777F@best.com>


A indian reservation sure beats moving to the Turks and Caicos. 
Well maybe not the weather part, but anyway in recent times I 
believe that several local governments have challenged the indian 
gaming enterprises. I recall a report on NPR about a challenge in 
Deleware or New Hampshire by a group of townspeople that was on the 
edge of a reservation. The indians won the case and were allowed to 
continue. Because of the new wealth generated by the bingo parlors 
and poker tables, the various tribes have gotten lobbying power in 
Congress.
 So I think that indian reservation sovernignty has grown in recent 
years, and would be very intresting course to pursue.


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----





From sophi at best.com  Sat Feb 17 20:32:40 1996
From: sophi at best.com (Greg Kucharo)
Date: Sun, 18 Feb 1996 12:32:40 +0800
Subject: Indian Reservations Redux
Message-ID: <31269A1D.5299@best.com>


Here's a bit I turned up after a Alta Vista search.

http://www.wtp.net/bus-con/mimn/reservation.html

A sample from this page follows;
Why Indian Reservations Make Good Offshore
Manufacturing Sites for Foreign and Outside Investors

STATUS OF THE RESERVATION IN AMERICAN LAW
The reservation can be compared to as an Export Processing Zone. It 
represents an autonomous region
within the U.S.A.; wherein, Tribal law can stipulate the exemption 
from State taxes and from other laws
which otherwise exist in the State. The net result being... a cost 
savings to the investor


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----





From bdavis at thepoint.net  Sat Feb 17 20:40:13 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Sun, 18 Feb 1996 12:40:13 +0800
Subject: A Cyberspace Independence Refutation
In-Reply-To: <2.2.32.19960217235252.00ce4398@linc.cis.upenn.edu>
Message-ID: 


On Sat, 17 Feb 1996, Dave Farber wrote:

> The President can not rule anything unconstitutional. He can tell justice
> not to enforce it but sometime local federal prosecutors do what they want

U.S. Attorneys serve at the pleasure of the President.  U.S. Attorneys 
cannot fire their Assistants -- they can only recommend such action to 
the Attorney General or the Deputy Attorney General.

EBD

> and some future administration can decide to enforce it. Only the courts or
> the congress can change things for sure.
> 
> Dave
> 
> At 03:20 PM 2/17/96 -0800, jamesd at echeque.com wrote:
> >jamesd at echeque.com said:
> >>
> >>j> 1.  President Clinton declared CDA unconstitutional and directed
> >>j> the Justice department to refrain from enforcing it.
> >
> >At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
> >>	Then why is the Justice Department defending it? 
> >
> >Sorry:  My error.  As you pointed out he ruled *part* of the
> >CDA unconstitutional -- a part that no one expected to be
> >enforced anyway
> > ---------------------------------------------------------------------
> >              				|  
> >We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> >and our property, because of the kind	|  
> >of animals that we are. True law	|   James A. Donald
> >derives from this right, not from the	|  
> >arbitrary power of the state.		|   jamesd at echeque.com
> >
> >
> >
> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!






From ericd at shop.internet.net  Sat Feb 17 21:02:58 1996
From: ericd at shop.internet.net (Eric Davis)
Date: Sun, 18 Feb 1996 13:02:58 +0800
Subject: Using lasers to communicate
Message-ID: 



Woooa there....

Lasers are not exactly expensive or complicated....

Check out www.lasercomm.com. 4-15Mb/s lasers.
or Cannon 10-100Mb/s lasers.

I have installed these products *many* times and their setup and operation
is fast and efficient. (used to work for Interop)

Exmaple:
We used a pair of these, and MBONE, to provide a 2 way real time video
confrence link joining an IETF session between a room of
users at Japan Interop (local) and a group in Sweeden (IETF). The setup
a was last minute point to point Ethernet link from the confrence center
to a local hotel acress the road. We had 1.5 hours to perform ALL
of the work, from wiring both roofs, seting up the lasers, wiring
the internal hotel/confrence center, and setting up systems and projectors.
!!The Laser setup took about :15 minutes, tops!!

BTW: With this system the transmit "beam" is focused into a "spot" half
way between the sending and receiving units. The receiving unit
is tuned to look for that focused "spot". This means that there is a
very large (area wise) low power laser pattern behind each of the
receivers! With a sensitive enough receiver, it is possible to hear
this signal!

When you need to transport a data stream (1-155Mb/s) to a remote
site, this solution works out to be *MUCH* cheaper than leasing
circuits from bell, bypass folks, etc..

Another case in point: We (ISN) needed to transport a 100Mb/s (FDDI) between \
2 sites. Upon checking, the price of PacBell "dim" fiber was outrageous!
We had no MFS/TCG/etc fiber in the man hole to latch onto. The choice was
clear.

As for security, the bottom line is that encryption devices are cheap.

Last plus for these units is that most foreign countries do not prevent
the use of these point to point optical devices. This is not the case
for spread spectrum multipoint or microwave point to point radio devices.

Eric Davis



At 10:44 PM 2/17/96, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>>
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

-------------------------------------------------------------
Eric Davis -- ericd at internet.net
Director, Information Systems
Internet Shopping Network -- http://www.internet.net/
415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
-------------------------------------------------------------
- One by one our rights are taken, One by one we loose our
- freedom. Step by step we're coming for them, One by one
- we're coming. - Inka Inka - Myth of the Machine - Step Back








From lmccarth at cs.umass.edu  Sat Feb 17 21:07:30 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 18 Feb 1996 13:07:30 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: <199602171820.NAA12476@pipe11.nyc.pipeline.com>
Message-ID: <199602180435.XAA24397@thor.cs.umass.edu>


tallpaul writes: 
[re: hypothetical Chinese IP address-based filtering]
> Assuming this system is estabished, then we would want to modify our
> remailers to strip IP packet information as well as normal header, no? 

I'm not entirely sure what you mean. Present remailers don't save anything
except for (parts of) RFC 822 message bodies, and occasionally some SMTP
mail headers. Certainly no packet-level headers (like IP) are saved at all.

Presumably The Chinese Wall (and many other gateways, routers, etc.) would
simply drop any packets that managed to arrive without originating IP address
information. You could use something that emits packets with "incorrect" /
"forged" IP headers, but that crosses an ethical line that I consider rather
important not to cross. The IPsec WG has been working on interhost 
authentication that should render the point moot, anyway.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From wlkngowl at unix.asb.com  Sat Feb 17 21:10:34 1996
From: wlkngowl at unix.asb.com (Deranged Mutant)
Date: Sun, 18 Feb 1996 13:10:34 +0800
Subject: Legal status of Indian Reservations and CDA
Message-ID: <199602180433.XAA25416@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Michael Peponis wrote:
> If I remember correctly, are not American Indian reservations considered
> qusi-sovergin states under the law?

Yes and no. Sometimes states are able to go after then for taxes in terms 
of money made from non-Indians.  NYS complains about people going to
reservations to buy cheap cigarettes, for instance, and wants taxes
collected from non-Indians.

I think the Iran-Contra flap involved using a reservation in Calif.
to get around some weapons manufacturing or exporting laws. Not sure,
though.

> If this is true, what would stop me from negotiating with some tribe to
> establish an ISP on the reservation and then placing whatever material I wanted
> on that site without fear of reprisals from the US goverment.

The tribe.  They may not be too happy about an ISP on their territory
carrying porno, neo-nazi literature or even crypto...

Actually, they may look down upon any business deal meant to circumvent
US laws, since it can get them into an unpleasant conflict with the
gov't.  It would be an altogether different situation if they wanted to
start their own ISP though...

Beware of exploiting poor people on Indian reservations or elsewhere
on the planet just to be outside of the laws.  Even if it seems for a
good cause to you, the locals may not look to favorably.

> After all, if they are a soveign state, decency is covered by whatever laws
> they have, if any, not the CDA.

Their own laws may be stricter. Much stricter.

Also, what about the receiver? Or the receiver's ISP?  Erotic materials
are legal in plenty of countries, but can't the receiver get in trouble?
As soon as people see the flawed logic in the Amateur Action BBS case,
that's the take they'll go for... and it's back to square one.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSasCCoZzwIn1bdtAQFwZgGAyPIqr9h4dKNfPFgt/3I3n8qIRvoe4lM7
Lcd6Zsp12hcO9Dbckn202L6O1Qjxy+yi
=dY6I
-----END PGP SIGNATURE-----





From sophi at best.com  Sat Feb 17 21:16:14 1996
From: sophi at best.com (Greg Kucharo)
Date: Sun, 18 Feb 1996 13:16:14 +0800
Subject: Indian Reservations USC cites
Message-ID: <3126A024.7E6B@best.com>


Ok, one last thing on indian reservations. There is a searchable 
database of the United States Code at the following address;

http://www.law.cornell.edu/uscode/25/

Title 25 covers Indians.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----





From maruishi at netcom.com  Sat Feb 17 21:44:54 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Sun, 18 Feb 1996 13:44:54 +0800
Subject: True random numbers
In-Reply-To: <86934.sharris@fox.nstn.ca>
Message-ID: 




On Sat, 17 Feb 1996, Sandy Harris wrote:

> Deranged Mutant   wrote:
> 
> >maruishi at netcom.com wrote:
> >> 
> >> I was trying to think of a way to come up with true random numbers...
> >> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]
> >
> >I wouldn't trust the samples taken from networked sources.
> 
> Me neither, in general.
> 
> A possible exception: I wonder if the checksums on Ethernet or IP
> packets use a reasonably strong CRC algorithm. If so, they might be
> a decent source of randomness in an environment where you could be
> sure the Black Hats couldn't see them. e.g. using only packets from
> your own LAN, suitably protected by firewall & good administration.
>  
> >You're better
> >off with a kernel patch that samples from local sources directly like 
> >disk or keyboard timing variations... such patches already exist, with 
> >similar drivers developed for DOS and OS/2 systems as well.
> 
> I'd be more inclined to hash the kernel's internal tables, e.g. process
> & file descriptor tables. These should vary quite a lot & if the enemy
> can see them, random number quality is the least of your worries.
> 
> RFC 1750 is a good reference on this problem.
>  --
>  Sandy Harris
>  sharris at fox.nstn.ca
> 

Although using other networks probably isn't as safe as using your own LAN,
.....
If you send the packets across the US then there are more variables to
determine time they took to get back. This is obviously becuase each
and every machine in between well vary in speed, line connections etc...
And the timing even on the same machine well change, because of CPU laod
etc..

Maybe another "random" source XORed with this?
I don't know, just a though.

maruishi at netcom.com





From frantz at netcom.com  Sat Feb 17 21:59:10 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 13:59:10 +0800
Subject: True random numbers
Message-ID: <199602180459.UAA02275@netcom7.netcom.com>


At  9:25 PM 2/17/96 -0400, Sandy Harris wrote:
>A possible exception: I wonder if the checksums on Ethernet or IP
>packets use a reasonably strong CRC algorithm.

The algorithm used with IP packets isn't even particulary good for error
detection.  It was designed for easy computation on slow, narrow chips.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz at netcom.com             Los Gatos, CA 95032, USA







From frantz at netcom.com  Sat Feb 17 22:03:38 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 14:03:38 +0800
Subject: Using lasers to communicate
Message-ID: <199602180459.UAA02278@netcom7.netcom.com>


At 10:44 PM 2/17/96 -0500, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>> 
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

Ah yes, but software without hardware doesn't do much.  Wires are
expensive, and in many places you can't string them across public
right-of-ways.  The distance from my house to my neighbor across the street
is less than 200 feet.  I suspect some form of optical link would work
fairly well.  I also think it would be hard to tap.

I think my point is, don't throw something out of your tool bag just
because you can't use it everywhere.

Bill







From frantz at netcom.com  Sat Feb 17 22:04:39 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 14:04:39 +0800
Subject: Legal status of Indian Reservations and CDA
Message-ID: <199602180459.UAA02282@netcom7.netcom.com>


At  6:03 PM 2/17/96 +0000, Michael Peponis wrote:
>If I remember correctly, are not American Indian reservations considered 
>qusi-sovergin states under the law?
>
>If this is true, what would stop me from negotiating with some tribe to 
>establish an ISP on the reservation and then placing whatever material I
>wanted 
>on that site without fear of reprisals from the US goverment.

In the last Indian war (the Modoc war), the Indian leaders were hanged as
common criminals when the war was over.  The current law allows small sins
on the reservation.  I suspect that if you tried to sell porn from a
reservation or thru the mail you would find out the limits of Indian
nationhood.

Bill







From Mailer-Daemon at ig4.att.att.com  Sat Feb 17 22:05:46 1996
From: Mailer-Daemon at ig4.att.att.com (Mailer-Daemon at ig4.att.att.com)
Date: Sun, 18 Feb 1996 14:05:46 +0800
Subject: Returned mail: Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)
Message-ID: <199602180505.AAA01560@ncrhub7.attgis.com>


The original message was received at Sun, 18 Feb 1996 00:05:33 -0500 (EST)
from ncrgw1 at localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks at toad.com
Received: from ncrgw1.UUCP (ncrgw1 at localhost) by ncrhub7.attgis.com (8.7.3/8.7.3) with UUCP id AAA01559 for sandiegoca.ncr.com!chris.claborne; Sun, 18 Feb 1996 00:05:33 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 18 Feb 96 00:05:15 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadkd19489; Sat, 17 Feb 1996 23:59:52 -0500 (EST)
Received: by toad.com id AA23859; Sat, 17 Feb 96 20:35:58 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA23846; Sat, 17 Feb 96 20:35:53 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA00548; Sat, 17 Feb 1996 23:35:51 -0500
Received: (from lmccarth at localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id XAA24397 for cypherpunks at toad.com; Sat, 17 Feb 1996 23:35:50 -0500
From: lmccarth at cs.umass.edu
Message-Id: <199602180435.XAA24397 at thor.cs.umass.edu>
Subject: Re: Some thoughts on the Chinese Net
To: cypherpunks at toad.com (Cypherpunks Mailing List)
Date: Sat, 17 Feb 1996 23:35:50 -0500 (EST)
Reply-To: cypherpunks at toad.com (Cypherpunks Mailing List)
In-Reply-To: <199602171820.NAA12476 at pipe11.nyc.pipeline.com> from "tallpaul" at Feb 17, 96 01:20:06 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk

   ----- Message body suppressed -----






From frankw at in.net  Sat Feb 17 22:07:01 1996
From: frankw at in.net (Frank Willoughby)
Date: Sun, 18 Feb 1996 14:07:01 +0800
Subject: DES_ono
Message-ID: <9602180502.AA03842@su1.in.net>


Two brief questions about DES, if I may.

I have heard of a couple of rumours that DES is considered to be fairly weak.  
Specifically, the rumors mentioned that there were some questions about the 
design of the S-boxes and the possibility that there was a trap door which 
would permit the NSA or other gov't agency to quickly obtain the cleartext.

Another rumour was that the French & Israeli intelligence agencies downgraded
the classification of DES to one of the lowest strengths of encryption
algorithms.

I have been wondering about these issues off & on for a while & have tried to 
do some research on them, but have come up with nothing which would amount to 
more than hearsay.  It's tough to tell if the rumours stem from urban legends 
or are based on fact.

If it isn't too much trouble, I'd appreciate an expert opinion of the two 
rumours mentioned above.

Assuming the rumours of the weakness of DES are true, which symmetric
encryption algorithms would you recommend which are substantially more
secure than DES (and which are obtainable from Internet or commercial
sources)?  (It doesn't haver to be exportable).

Thanks in advance for your help.

Best Regards,


Frank

The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist








From tcmay at got.net  Sat Feb 17 22:22:07 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 14:22:07 +0800
Subject: CyberAngels
Message-ID: 


At 5:30 AM 2/15/96, Medea wrote:

>  I bet if you use the word "cryptology" in a sentence, the CyberAsses
>would have no idea what you were taking about.

"Cripology?"

"Oh, yeah, dat be da study of da Crips, one of da gangs we be protectin' da
peeples against."


--Curtis Sliwa








From asgaard at sos.sll.se  Sat Feb 17 22:28:14 1996
From: asgaard at sos.sll.se (Asgaard)
Date: Sun, 18 Feb 1996 14:28:14 +0800
Subject: CDA outside US (Including Indian Reservations)
In-Reply-To: <312698F2.777F@best.com>
Message-ID: 



> So I think that indian reservation sovernignty has grown in recent 
> years, and would be very intresting course to pursue.

The problem with the CDA in this regard is that it doesn't seem to
respect other jurisdictions. It's very irritating for us in other
countries to know that if we put 'indecent' material on our world
readable sites, then we commit a crime in the US punishable with
2 years detention, even if chances of prosecution, extradition or
Noriega-style international arrest are minimal - so far; we all
know that there is now only one de-facto superpower, and that power
could do anything it really wishes to do. But USA still wants to
look good and possibly law-abiding on the global market of morality,
so I think the international legal system ought to be investigated,
by lawyers knowledgeable in the field, for possible processing of
the CDA in the International Court in the Hague (by a non-US person
or organization).

Asgaard





From jimbell at pacifier.com  Sat Feb 17 22:28:59 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 18 Feb 1996 14:28:59 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
>On Sat, 17 Feb 1996, jim bell wrote:
>
>> BTW, I think I've already solved the problem of producing a few dozen 
>> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
>> periphery at the lens foci, without using multiple electronic detonators.  
>> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
>> book are too small to contain it"  Heh heh!
>
>Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
>more complicated method, but the idea was correct.
>--
>Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com

You might be surprised:  I have never read anything by Clancy.  Tell me,
what method did HE use?

Jim Bell, N7IJS

jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSayU/qHVDBboB2dAQF6rQP9F3LRvxn5bSu4MQqlyfy8AjgEkef5csyV
kwRIYSJn4A0LmMJSzb+lfuAG5wyOQ26HsTXChmojfpjaY5cdXnPSmYhfwxUPqFPX
33Ymjm/Nd+AROIrd/nqlc8Vib9aqtaJP6oXdN9m30xwVXCok3HwPYWVac24aqh5R
+gDvMsxrAWE=
=MMYU
-----END PGP SIGNATURE-----






From norm at netcom.com  Sat Feb 17 22:29:21 1996
From: norm at netcom.com (Norman Hardy)
Date: Sun, 18 Feb 1996 14:29:21 +0800
Subject: Counting bits Fast
Message-ID: 


I hear that there may be those out there burning many compute cycles
counting one bits in piles of data.  There is code at
http://www.MediaCity.com/~norm/Hamming.html
that might provide a factor of ten over more obvious bit counting code.







From erc at dal1820.computek.net  Sat Feb 17 22:36:31 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 18 Feb 1996 14:36:31 +0800
Subject: CDA outside US (Including Indian Reservations)
In-Reply-To: 
Message-ID: 


On Sun, 18 Feb 1996, Asgaard wrote:

> The problem with the CDA in this regard is that it doesn't seem to
> respect other jurisdictions. It's very irritating for us in other
> countries to know that if we put 'indecent' material on our world
> readable sites, then we commit a crime in the US punishable with
> 2 years detention, even if chances of prosecution, extradition or
> Noriega-style international arrest are minimal - so far; we all

Another problem - if you ever want to get into the US, you can kiss that
chance goodbye.  They might not even let you into the country as a
visitor.  Stupid.  A fair number of Western countries have laws that say,
in effect, that if you do something in your country that isn't illegal in
your country but is in country X, then country X can bar you entry or PR
status or citizenship based on the fact that is *is* a crome in country X. 

Never mind that you may not even be aware that it *is* a crime in another
country, etc.  I suspect that it's intended to bar war criminals and such,
but it could just as easily be used against the common immigrant. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From erc at dal1820.computek.net  Sat Feb 17 22:37:43 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Sun, 18 Feb 1996 14:37:43 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


On Sat, 17 Feb 1996, jim bell wrote:

> At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
> >On Sat, 17 Feb 1996, jim bell wrote:
> >
> >> BTW, I think I've already solved the problem of producing a few dozen 
> >> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
> >> periphery at the lens foci, without using multiple electronic detonators.  
> >> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
> >> book are too small to contain it"  Heh heh!
> >
> >Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
> >more complicated method, but the idea was correct.
> 
> You might be surprised:  I have never read anything by Clancy.  Tell me,
> what method did HE use?

A single electronic timer.  The lengths of wire from the timer/detonator
to each piece of explosive was exact - thus, the pulse reached each piece
of explosive at the same time. 

I think Clancy used multiple timers, each triggered at the same time.  I
don't think that one would need but one timer, though. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From tcmay at got.net  Sat Feb 17 23:33:59 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 15:33:59 +0800
Subject: Denying Entrance Visas to Troublemakers
Message-ID: 


At 12:08 AM 2/18/96, Ed Carp wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.  A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X.
>
>Never mind that you may not even be aware that it *is* a crime in another
>country, etc.  I suspect that it's intended to bar war criminals and such,
>but it could just as easily be used against the common immigrant.

Oh, but it is done very, very often. That is, it is not something reserved
for "war criminals" (not that war criminals are excluded, as shown by the
Dayton Accords, and other visits.)

"Denied entry" and "undesirable" are the operative words. The offense may
be writing materials critical of the U.S. (poetry, novels, etc....so far,
not Net stuff). Various flavors of activists, writers, critics, etc. are
often denied visas to enter the U.S.

I don't believe the Net has yet registered on the Richter scale of visa
grantings, but I suspect it will within a couple of years, both because the
Net will become a more important media channel and because it will be so
easy to compile lists of folks who will be denied entrance visas.

(And the same applies in reverse. I have no doubt that I will be denied
visas to enter various countries, including the freedom-loving countries of
the mullahs and sheiks, and that country which sent Pollard to spy on the
U.S. Good thing I don't want to visit any of them, except Iraq.)

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From gbroiles at darkwing.uoregon.edu  Sat Feb 17 23:45:50 1996
From: gbroiles at darkwing.uoregon.edu (Greg Broiles)
Date: Sun, 18 Feb 1996 15:45:50 +0800
Subject: Legal status of Indian Reservations and CDA
Message-ID: <199602180722.XAA02079@darkwing.uoregon.edu>


At 06:03 PM 2/17/96 +0000, you wrote:
>If I remember correctly, are not American Indian reservations considered 
>qusi-sovergin states under the law?

Indian tribes no longer function as sovereigns - they're considered domestic
dependent nations. The lack of *state* (CA, OR, WA, etc) jurisdiction over
Indian country comes from federal preemption. Tribes retain some civil
regulatory jurisdiction, but it does not function to exclude federal
regulation. (see http://darkwing.uoregon.edu/~gbroiles/torres.html for more
re tribal regulatory jurisdiction)

>If this is true, what would stop me from negotiating with some tribe to 
>establish an ISP on the reservation and then placing whatever material I
>wanted on that site without fear of reprisals from the US goverment.

The problem with this is that the feds have jurisdiction over crimes
occurring within Indian country. Tribes may also exercise jurisdiction over
tribal members who violate tribal law. ( * Modulo PL-280, modulo the civil
rights act of 1968, which gave and took away and gave back (sort of)
criminal jurisdiction to the states in 5 states - CA, OR, WA, MN, NE (?),
and other states/tribes who choose to opt into PL-280's framework. Yow.)

Doing business within Indian country won't help you escape Federal law;
Federal law enforcement is often the local law enforcement. 

(State jurisdiction over gambling, jurisdiction over taxation of economic
transactions, and criminal jurisdiction should be considered independently;
they are all created or extinguished by different Federal statutes,
sometimes state-by-state, sometimes tribe-by-tribe. Also, the Pueblos of New
Mexico and Arizona(?) may have a different status because they gained their
land from the government of Mexico.)

Jurisdictional questions under Federal Indian law are always messy. If it
was as easy as "do it on a reservation", people would've been doing it for
years with drugs & alcohol. But the Feds thought of that already. 

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles at netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 






From ericd at shop.internet.net  Sat Feb 17 23:55:38 1996
From: ericd at shop.internet.net (Eric Davis)
Date: Sun, 18 Feb 1996 15:55:38 +0800
Subject: Using lasers to communicate
Message-ID: 




That URL should be: httpd://www.lasercomm/lasercomm

Eric

P.S. Thanks John for pointing this out!

At 8:42 PM 2/17/96, Eric Davis wrote:
>Woooa there....
>
>Lasers are not exactly expensive or complicated....
>
>Check out www.lasercomm.com. 4-15Mb/s lasers.
>or Cannon 10-100Mb/s lasers.
>
>I have installed these products *many* times and their setup and operation
>is fast and efficient. (used to work for Interop)
>
>Exmaple:
>We used a pair of these, and MBONE, to provide a 2 way real time video
>confrence link joining an IETF session between a room of
>users at Japan Interop (local) and a group in Sweeden (IETF). The setup
>a was last minute point to point Ethernet link from the confrence center
>to a local hotel acress the road. We had 1.5 hours to perform ALL
>of the work, from wiring both roofs, seting up the lasers, wiring
>the internal hotel/confrence center, and setting up systems and projectors.
>!!The Laser setup took about :15 minutes, tops!!
>
>BTW: With this system the transmit "beam" is focused into a "spot" half
>way between the sending and receiving units. The receiving unit
>is tuned to look for that focused "spot". This means that there is a
>very large (area wise) low power laser pattern behind each of the
>receivers! With a sensitive enough receiver, it is possible to hear
>this signal!
>
>When you need to transport a data stream (1-155Mb/s) to a remote
>site, this solution works out to be *MUCH* cheaper than leasing
>circuits from bell, bypass folks, etc..
>
>Another case in point: We (ISN) needed to transport a 100Mb/s (FDDI) between \
>2 sites. Upon checking, the price of PacBell "dim" fiber was outrageous!
>We had no MFS/TCG/etc fiber in the man hole to latch onto. The choice was
>clear.
>
>As for security, the bottom line is that encryption devices are cheap.
>
>Last plus for these units is that most foreign countries do not prevent
>the use of these point to point optical devices. This is not the case
>for spread spectrum multipoint or microwave point to point radio devices.
>
>Eric Davis
>
>
>
>At 10:44 PM 2/17/96, SINCLAIR  DOUGLAS N wrote:
>>> If you have a secure link you don't need encryption.  Arguably, the
>>> converse is true; if you have secure encryption you don't need
>>> a secure link.  Isn't the ability to transmit secure data over
>>> insecure channels one of the primary justifications for encryption?
>>>
>>
>>Of course.  My point, though I seem to have failed to state it,
>>is that encryption is a cheap software thing while laser beams
>>are expensive, complicated, and still not secure.
>
>-------------------------------------------------------------
>Eric Davis -- ericd at internet.net
>Director, Information Systems
>Internet Shopping Network -- http://www.internet.net/
>415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
>-------------------------------------------------------------
>- One by one our rights are taken, One by one we loose our
>- freedom. Step by step we're coming for them, One by one
>- we're coming. - Inka Inka - Myth of the Machine - Step Back

-------------------------------------------------------------
Eric Davis -- ericd at internet.net
Director, Information Systems
Internet Shopping Network -- http://www.internet.net/
415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
-------------------------------------------------------------
- One by one our rights are taken, One by one we loose our
- freedom. Step by step we're coming for them, One by one
- we're coming. - Inka Inka - Myth of the Machine - Step Back








From watson at tds.com  Sun Feb 18 00:34:33 1996
From: watson at tds.com (watson at tds.com)
Date: Sun, 18 Feb 1996 16:34:33 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: <01I1AFAUEXFKA0V3BM@mbcl.rutgers.edu>
Message-ID: 


Did anybody see the movie Demolition Man?  Biometrics were "hacked" 
there.  I guess it's hard to be sure, but it seems something in your 
brain is tougher to extract than a finger or an eyeball.  The texts say a 
combination is a good idea.

On Fri, 16 Feb 1996, E. ALLEN SMITH 
wrote:

> From:	IN%"samman-ben at CS.YALE.EDU"  "Rev. Ben" 15-FEB-1996 20:05:34.89
> 
> >The only REAL way of authentication is biometrics.  Anything else can be 
> >swapped.  But if you amputate someone's hand or retinas then they won't 
> >work(check for things like blood flow, etc.)
> 
> 	Actually, a simulation ought to work pretty well at fooling most extant
> devices, and any devices likely to be developed soon. Now, fooling the guards
> watching you at a secure site may be a problem (a hand up your sleeve?), as
> may getting someone else's biometric information in the first place. The
> latter gets into the area of cryptography since whoever has such information
> (other than the original possessor) is likely to hash it anyway.
> 	-Allen
> 





From mixmaster at anon.alias.net  Sun Feb 18 01:02:02 1996
From: mixmaster at anon.alias.net (Mr. Nobody)
Date: Sun, 18 Feb 1996 17:02:02 +0800
Subject: None
In-Reply-To: <9602180318.AA22007@big-screw>
Message-ID: <199602180835.CAA12858@fuqua.fiftysix.org>


In article <9602180318.AA22007 at big-screw> jis at mit.edu (Jeffrey I. Schiller) writes:

> The keyserver running at pgp at pgp.mit.edu is once again operational. It is
> using new keyserver software. The old keyserver software was a collection
> of perl scripts that invoked PGP to do its key management. The new server
> is written in "C" and does its own key management, complete with appropriate
> indices.

Is source code for this C server available?





From an5877 at anon.penet.fi  Sun Feb 18 01:02:07 1996
From: an5877 at anon.penet.fi (deadbeat)
Date: Sun, 18 Feb 1996 17:02:07 +0800
Subject: Nyms with keys
Message-ID: <9602180836.AA18364@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

        Perhaps while you're lurking, you should consider downloading
	and installing a more recent version of PGP than version 2.4
	which you're still using.

WHat advantage is there to the more recent versions?  I'll tell you
what I like most about this version, it is paid for.

DEADBEAT 


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBFAgUBMSYqT/FZTpBW/B35AQHlvQF8CULa2WkotQ29t7OaVduq8geDybE+PAcT
icDe5Ho59EWS+t3OqjsHJc/ECv+bthJY
=PNsK
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From olmur at dwarf.bb.bawue.de  Sun Feb 18 04:18:34 1996
From: olmur at dwarf.bb.bawue.de (Olmur)
Date: Sun, 18 Feb 1996 20:18:34 +0800
Subject: True random numbers
In-Reply-To: <86934.sharris@fox.nstn.ca>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "M" == maruishi   writes:

M> Maybe another "random" source XORed with this? I don't know, just a
M> though.

Somewhere during developement of the Linux 1.3.* kernel a
"(pseudo-)random-number device" was introduced.  Perhaps the sources
of this can give you some ideas.

Have a nice day!

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl at eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMScG1Q9NARnYm1I1AQENqgP+O0qeiuyzYDBDsEgLxcy4e5eC1VVgskda
G45Gow9JHXzLuK+rV9SRLJFXRppM6mgQySop6SvikI+aCraKQK+XsqQEatQPdBHd
cGm5cw9wHf5PGEjmOksmRonbeh+y7AoNqkdwnSLD8NW4823pEKR7fPMB+UCcZj/g
xyhY42kUWvs=
=CSca
-----END PGP SIGNATURE-----





From olmur at dwarf.bb.bawue.de  Sun Feb 18 04:18:37 1996
From: olmur at dwarf.bb.bawue.de (Olmur)
Date: Sun, 18 Feb 1996 20:18:37 +0800
Subject: ITAR Amended to Allow Personal Use Exemptions
In-Reply-To: <199602162229.QAA28245@parka>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Adam" == Adam Shostack  writes:

Adam> Since we don't need a license, what records are we supposed to
Adam> keep?

When IBM internally transfer crypto-software to locations outside US
they have to keep

* Name of sender + receiver
* date of transmission
* method of transmission


I'd assume that with this personal-use exection you have to keep the
date of your travel and the location(s) you traveled to.  (Your name
might be something you remember without keeping track of it ;-)

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl at eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMSb/fw9NARnYm1I1AQEz+gP/XWKkdOt0fAqj5YMqeME1c0dspXtxAVdx
/2vaXbZORJmqN2gSfqrgQ58F936vd2dDbBHa7pzxOpZ3OzXu/JsrhWvOEpyZI+bg
na0F2W4jjxvpS3h/2D6Aq92Q9zCsbQ0DC8Mz1N6auCk073M5oAvLcVeQFzMwEbWO
9dX/OuMwYjU=
=jWbc
-----END PGP SIGNATURE-----





From sinclai at ecf.toronto.edu  Sun Feb 18 04:33:37 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Sun, 18 Feb 1996 20:33:37 +0800
Subject: Using lasers to communicate
In-Reply-To: 
Message-ID: <96Feb18.071921edt.1172@cannon.ecf.toronto.edu>


> That URL should be: httpd://www.lasercomm/lasercomm
http://www.lasercomm.com/lasercomm works for me.

I stand corrected.  I didn't realize that laser products like this
were available off-the-shelf.






From PADGETT at hobbes.orl.mmc.com  Sun Feb 18 05:06:30 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Sun, 18 Feb 1996 21:06:30 +0800
Subject: credential "borrowing"
Message-ID: <960216225818.2021f6a7@hobbes.orl.mmc.com>


>Did anybody see the movie Demolition Man?  Biometrics were "hacked" 
>there.  I guess it's hard to be sure, but it seems something in your 
>brain is tougher to extract than a finger or an eyeball.  The texts say a 
>combination is a good idea.

Well, for a well funded adversary, the first step is to buy a duplicate
to the system to be subverted and analyze it. Usually is nnot difficult.
Problem with biometrics is the cost/speed. To do it right is going to
be slow/expensive. Few are.

However the traditional rule has been "something you have/something you know"
two factors are good, three are better.

In that line, along with one of my primary tasks (securing of notebooks)
have been warning people that if the information is valuable enough to require
that level of protection then the user is put at added risk the same way that
better automobile locks spawned carjackings. Duress codes are not difficult
to impliment.

BTW voted for Ed Clark once since "none of the above" was not an option.
Spent the next year getting beg letters from various libertarian groups.

						Warmly,
							Padgett

   





From bruce at aracnet.com  Sun Feb 18 05:10:35 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sun, 18 Feb 1996 21:10:35 +0800
Subject: China -- the fragile glimmer of freedom
Message-ID: <2.2.32.19960218125403.00692de4@mail.aracnet.com>


At 11:46 AM 2/17/96 -0800, Timothy May wrote:

>Well, where are the posts from outraged Cypherpunks living in the People's
>Republic of China?

In many cases, exercising the prudence appropriate to people whose friends
have been run over by tanks in recent years.

In other cases, doing things in venues that happen not to cross this list.
In much of China the central government is already a dead letter, with
effective power being wielded at the municipial and provincial level.
Friends of my family who do business in China report that the major question
at this point is making sure that local military authorities don't decide to
confiscate all the assets of prospering businesses. Part of this is very
strong security for sensitive transactions.

I can't know for sure, obviously, but I'd be unsurprised to find as many
copies of PGP running in regions like Shanghai, Shenzen, and Guangzhou as
there are in the United States.

A lot of these folks don't have good net connectively, and won't for a long
time. Some of them have it but are leery of posting critical stuff that will
attract hostile attention. Others are, for all I know, protesting in
relevant soc.culture groups and such places. It's very easy to develop an
inflated sense of the importance of the forums one happens to belong to -
Cypherpunks isn't all that widely known, and even though it is, or at least
has been, an outstanding gathering of folks making crypto happen, there are
other vectors for these things.

>are in the so-called "Western world." We have a chance to deploy strong
>crypto, the residents of Nepal and Singapore do not.

As it happens, I _do_ know for a fact of at least one copy of PGP running in
Nepal, in the hands of a agricultural broker.

Tim, you're beyond your knowledge here.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bruce at aracnet.com  Sun Feb 18 05:15:43 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sun, 18 Feb 1996 21:15:43 +0800
Subject: Monthly Remailer Perfs, Prelims
Message-ID: <2.2.32.19960218125834.0067933c@mail.aracnet.com>


I'm in the process of running what I guess will be my monthly series of
remailer tests, where I send posts through a given remailer to a nym at c2
and then back through the remailer to me. While it'll be most of a week
before I'm done, some preliminary observations.

- armadillo and hroller are sorely missed.

- remailer at valhalla.phoenix.net is, so I'm told, not a valid address. And I
get a failure to find the host name at wmono at spook.alias.net. Anyone want to
shed light on this?

- performance is noticeably slower throughout. In January I routinely got
messages back in five to ten minutes. Now the shortest round trip is about
fifty minutes. Is the load on the remailers that much higher, or are other
factors at work?

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From maruishi at netcom.com  Sun Feb 18 05:35:43 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Sun, 18 Feb 1996 21:35:43 +0800
Subject: True random numbers
In-Reply-To: 
Message-ID: 




On Sun, 18 Feb 1996, Olmur wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >>>>> "M" == maruishi   writes:
> 
> M> Maybe another "random" source XORed with this? I don't know, just a
> M> though.
> 
> Somewhere during developement of the Linux 1.3.* kernel a
> "(pseudo-)random-number device" was introduced.  Perhaps the sources
> of this can give you some ideas.
> 
> Have a nice day!
> 
> Olmur
> - --
> "If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
>       Please encipher your mail!  Contact me, if you need assistance.
> 
> finger -l mdeindl at eisbaer.bb.bawue.de for PGP-key
>          Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: latin1
> Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
> 
> iQCVAwUBMScG1Q9NARnYm1I1AQENqgP+O0qeiuyzYDBDsEgLxcy4e5eC1VVgskda
> G45Gow9JHXzLuK+rV9SRLJFXRppM6mgQySop6SvikI+aCraKQK+XsqQEatQPdBHd
> cGm5cw9wHf5PGEjmOksmRonbeh+y7AoNqkdwnSLD8NW4823pEKR7fPMB+UCcZj/g
> xyhY42kUWvs=
> =CSca
> -----END PGP SIGNATURE-----
> 


thanx I'll keep that in mind.

maruishi at netcom.com





From packrat at ratbox.rattus.uwa.edu.au  Sun Feb 18 06:32:36 1996
From: packrat at ratbox.rattus.uwa.edu.au (Bruce Murphy)
Date: Sun, 18 Feb 1996 22:32:36 +0800
Subject: True random numbers
In-Reply-To: <199602172002.MAA09152@netcom20.netcom.com>
Message-ID: <199602181409.WAA01614@ratbox.rattus.uwa.edu.au>


In message <199602172002.MAA09152 at netcom20.netcom.com>, 
  maruishi at netcom.com wrote:
> 
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small little
> program that generates random numbers by measuring the mili-second timing ies
>  a TCP packet to bounce back, from another network. 
>   My program simply send some data to port 7 (echo port) of a network on an i
> nternal list. Then timing it, randomly picks a different network to send to. 

Interesting idea. Trends may be externally visible, You would probably
want to normalize it, and you would find that there was quite a few
deterministic elements of network load -> delay.

Oh, did I mention clock granularity?

In short you really aren't going to get 'random numbers' from such a
scheme, but that's not to say you couldn't have fun playing with it,
you might even find some use for the ways of calculating immediate
network load around a node. Especially with regard to interception of
packets and allowing for time discrepancies whilst doing so.

Altogether off topic, but could maybe be developed into an idea with,
maybe a 30% change of being Perrygrammed. Keep working.


Bounce me the code, could be interesting


--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.





From um at c2.org  Sun Feb 18 06:38:48 1996
From: um at c2.org (Ulf Moeller)
Date: Sun, 18 Feb 1996 22:38:48 +0800
Subject: Computer unmasks Anonymous writer...
In-Reply-To: 
Message-ID: 


>in the Mathematics Department took part in a statistical analysis of the 
>Letters of Junius, which appeared anonyously in the Morning Advertiser in 
>London in the early 1760s.  They were ascribed to almost every writer of 

You can find some more information by searching for "stylometry" or
"forensic stylometry" on the net, and probably more in libraries.





From awestrop at crl.com  Sun Feb 18 06:57:12 1996
From: awestrop at crl.com (Alan Westrope)
Date: Sun, 18 Feb 1996 22:57:12 +0800
Subject: Denver area meeting today, 2/18, 2 pm
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

The Usual Suspects will congregate today at the Tivoli, and may
visit Majordomo's Net Cafe or other sites of interest.  Anyone
who's not hanging out with Steve Jackson, Larry Niven, et al, at
the Lakewood Sheraton is welcome to drop by; send me a note if
you need directions.

N. B. -- The Tivoli was built in 1890 to brew Denver beer, Aspen
beer, Tivoli beer, etc., and is NOT affiliated with IBM!$%#&@! :-)


Alan Westrope     PGP public key:  http://www.nyx.net/~awestrop


PGP 0xB8359639:   D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSc0hFRRFMq4NZY5AQEvvAQAqPy2YsGsbjiLz2vWvB0RPvdpcURCytRS
hgCNlbNdMIA5upDzIjhRW4YlkM73cfwl/PQBRy+maXNrNM1QYXVh4wh3khcJoRh1
kVPUNYycz3HaDIH/PFGojgzJXUFhcDhRvEtTsywfhkK8OvifnkFCXAOST8rrygip
n+FYY4taFTc=
=OhuU
-----END PGP SIGNATURE-----





From jya at pipeline.com  Sun Feb 18 07:08:06 1996
From: jya at pipeline.com (John Young)
Date: Sun, 18 Feb 1996 23:08:06 +0800
Subject: PUF_fup
Message-ID: <199602181438.JAA11773@pipe1.nyc.pipeline.com>


   2-18-96. NYT:

   "Nerds' Revenge: A How-To Manual. Silicon Valley Is Paved
   with Paper Fortunes, And Quick Ways To Enjoy them."

      A long look at how Netscapers are able to quickly get
      around stock locks and gorge on roadkills while
      predatory Wall Street and vulture banks eat their guts.
      Fancy cars and tacky houses are lampooned.

   "Internet Dreams: from $.10 to $30."

      A squint at creating instant wealth in the Cybercash
      puff-up.


   PUF_fup








From wb8foz at nrk.com  Sun Feb 18 07:39:59 1996
From: wb8foz at nrk.com (David Lesher)
Date: Sun, 18 Feb 1996 23:39:59 +0800
Subject: Using lasers to communicate
In-Reply-To: 
Message-ID: <199602181513.KAA32731@nrk.com>


Lasers DO accomplish one task.

They force the interceptor to commit vulnerable forces to the attack.
It's pretty damn hard to get into room 24Z6 @ the Fort & prove that they
are working on YOUR text -- snatched in a phonetap.

It's a lot easier to catch the two guys on a bucket truck, or the Feebs
doing a black bag job on Ames' PC. That's exactly why TPTB prefer 
Option A, the FBI wiretap act, to B.

But a more interesting question, maybe for Brian. How DO the wiretap
laws treat non common-carrier communications -- be it YOUR wire strung
from Tom to Jerry's house, or such? And where does the FCC authority
stop, and whoever regulates laser-safety start? 

I vaguely recall that some BBC competitor was going to use the
wavelength loophole to get around the Beeb's monopoly... so the Crown
immediately raised the bar up to the gamma ray level or such.



-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From markm at voicenet.com  Sun Feb 18 07:50:28 1996
From: markm at voicenet.com (Mark M.)
Date: Sun, 18 Feb 1996 23:50:28 +0800
Subject: DES_ono
In-Reply-To: <9602180502.AA03842@su1.in.net>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 18 Feb 1996, Frank Willoughby wrote:

> Two brief questions about DES, if I may.
> 
> I have heard of a couple of rumours that DES is considered to be fairly weak.  
> Specifically, the rumors mentioned that there were some questions about the 
> design of the S-boxes and the possibility that there was a trap door which 
> would permit the NSA or other gov't agency to quickly obtain the cleartext.

DES has been scrutinized for about 20 years.  If there are any trap doors in
the code, then they were built in very well.  DES is weak because of its short
key length, not because of any flaws in its design.  AFAIK, there is no
efficient way to crack 3des (encrypt, decrypt, encrypt).  3des has a 168-bit
key, so brute-force is not efficient.

>[...]
> 
> Assuming the rumours of the weakness of DES are true, which symmetric
> encryption algorithms would you recommend which are substantially more
> secure than DES (and which are obtainable from Internet or commercial
> sources)?  (It doesn't haver to be exportable).

IDEA and RC4 (with at least 128 bits) seem to be pretty secure.  If you really
don't trust DES or 3DES, IDEA is probably currently the best symmetric
encryption algorithm.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSdFYrZc+sv5siulAQFclwP8C2KdGYd8ABRC3pTUV3Lvh6BIvq7Nxqf2
JELlEHqipX47PbBZkLSHqJOTFjcVxalZuXi3f0wthfpQXnTCcuo0msjKEyFuZZSp
wxDNysMzLkA5WyXw/XbPOVDgtSSoTNefR6Y3Wz593wkXAtg/GwtL4vjCAQFtKUhb
ngdgaIO9z8o=
=lEht
-----END PGP SIGNATURE-----





From markm at voicenet.com  Sun Feb 18 08:02:54 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 19 Feb 1996 00:02:54 +0800
Subject: Style Analyzer (was Re: Computer unmasks Anonymous writer)
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Since I got more e-mails asking for the "style faking" program then I
expected, I have decided to put it on my homepage (mentioned in my .sig).
I will try to compile it for DOS, but I don't know how system dependant it is.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSdJnbZc+sv5siulAQEVEgQAj4/HEorDRAHl8ncOfEYekRWo0/3a5357
FMQZn7ABpqxOXnVSAxlYeb84Y6yKg73gEeZUfbnn2LVCxBLr3lW5EeIpUgjI9AMt
fXTA6ExqcIEk+5249YKx9h+9eHbV+8iK/fAzVzV5oHoTyCV0K8B+Lmx2hCtYZPyG
fW2WSyW+ML8=
=iQO+
-----END PGP SIGNATURE-----





From PADGETT at hobbes.orl.mmc.com  Sun Feb 18 08:39:13 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Mon, 19 Feb 1996 00:39:13 +0800
Subject: Numbers don't lie...
Message-ID: <960218111857.202256bd@hobbes.orl.mmc.com>


Have finally gotten around to reading the Jersey Seven paper on keylengths.
Is rather amazing since if anything they are being conservative with some
of their numbers - are using 30 Mhz for the FPGA where I have been using 40 
& using 200 Mhz for ASICs where I would use 300 (year and a half ago I used
150mhz based on what I knew *had* been built, not what I knew X-ray 
lithography is capable of.

In their figures, they do seem to gloss over a couple of minor points:

The most compelling to me is "how do you know when you broke it ?". Bruce
has always used the "known plaintext" approach, however using modern 
techniques for messaging, *every* message has a different session key,
negotiated using assymetric keying so the only message that will be broken
is one that you already have - not terribly helpful.

The second point is that their scalability seems to be based on costs per
chip alone, cost for which the engineering cost has been recovered and for
which the yeild is significant, hardly givens when you are talking pushing
the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
(well, maybe U$25.00).

Finally, no cost is allocated to the sustem required to program/evaluate
the ponderings of these 100's of ASICs. As anyone who has ever programmed
a massively parallel computer (which is what they are talking about in their
brute force machine, it is the boundary communications that kill you.

True, each machine could operate on a specific portion of the keyspace with
bits fixed as a function of its address, but each will need to be loaded
with the plaintext to match and have some means to communicate success.

You also have to consider that dividing the keyspace may result in some
processors running slower than others due to the values used. Another minor
problem in parallel processors.

The cost is given of U$300,000 to build a SOA machine that could break DES
in 3 hours. Using the 200 Mhz (2*10^8) figure and assuming 1 trial per 
clock (being nice), a single chip will test 2.2*10^12 keys in that period.
2^55 is otoa 3.6*10^16 so will require 16,680 thingies running
in parallel. If they can get the chips for U$10, they will be able to 
allocate another whole U$10.00 per chip to the support structure and basic
programming to stay inside the budget. Since this will hardly be a 
production process, I suspect that the cost might be a tad higher.

Now often banking and EDI (as opposed to EC) does make the mistake of using 
the same key for more than one message. Similarly a firewall<>firewall
connection might beep a single keyed channel open for multiple sessions.
This would be at risk. But for individual messages.

The paper does make an appropriate observation: the cost is essentially
fixed per key (scaling is not perfect but can ignore that for the moment
- has to do with why Crays are circular and Grace's "nanosecond"). This means
that the strength of cryptography should be appropriate to the value of
the information protected. If less than U$10,000, the message is individually
encrypted, and has value only today, then DES is probably "good enough".

Strategic information of higher value arguably needs "more" but how much ?
64 bits is 256 times stronger than DES. This would indicate effective
security up to say U$2.5 million. More is better but I would not be quite
so alarmist nor would I dismiss the cost of engineering. Non-trivial.

Do agree that 40 bits is the same as no crypto at all (reminds me of Bob
Clampett's "No Bikini Atoll" but is another hobby entirely).

Still, at what point is it simply easier/cheaper to buy someone who knows 
the secret ?

						Warmly,
							Padgett

ps calculation made with a Sharp EL-5806 "scientific" calculator that is 
   probably older than some readers. If I dropped a digit, please let me know.






From dougr at skypoint-gw.globelle.com  Sun Feb 18 08:44:34 1996
From: dougr at skypoint-gw.globelle.com (Douglas B. Renner)
Date: Mon, 19 Feb 1996 00:44:34 +0800
Subject: legality of forwarded packets (was: PING packets illegal?)
In-Reply-To: <199602150341.TAA16668@jobe.shell.portal.com>
Message-ID: 



> >> that ...... but if those ping packets contained little pieces of something
> >> like PGP ...... would the host being pinged be breaking the law? Would
> 
[zap!]
> 
> > the destination are violating the law.  Since it is impossible to monitor the
> > contents of every packet being transmitted over a network, I seriously doubt
> > that any intermediate host would be considered to be in violation of ITAR.

On an ecouraging note, I recall a Packet Radio case where someone posted 
what amounted to an advertisement for a 1-900 service.  Commercial 
advertisements being prohibited on all Ham Radio, the FCC moved to 
censure ALL of the dozen-or-so packet stations which had automatically 
forwarded the offending message.

Great alarm was raised in the packet community, and I believe it was the 
ARRL which enlightened the FCC that enforcement in such a manner would 
destroy packet radio by requiring each message to be manually inspected 
prior to retransmission - an obvious impracticality.  (Even though the 
letter of the law may have permitted such a strict enforcement by the FCC.)

In the end, only the ORIGINATOR of the message was "punished."

-Doug





From adam at lighthouse.homeport.org  Sun Feb 18 08:47:56 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 19 Feb 1996 00:47:56 +0800
Subject: DES_ono
In-Reply-To: <9602180502.AA03842@su1.in.net>
Message-ID: <199602181633.LAA09963@homeport.org>


Frank Willoughby wrote:
| Specifically, the rumors mentioned that there were some questions about the 
| design of the S-boxes and the possibility that there was a trap door which 
| would permit the NSA or other gov't agency to quickly obtain the cleartext.

	This seems not to be true.  The design of the S boxes seems to
be to foil differential cryptanalysis, where pairs of similar texts
are encrypted to find information about the key.

| Another rumour was that the French & Israeli intelligence agencies downgraded
| the classification of DES to one of the lowest strengths of encryption
| algorithms.

	I wouldn't be suprised; major intelligence agencies are likely
to have DES cracking custom hardware.

| I have been wondering about these issues off & on for a while & have tried to 
| do some research on them, but have come up with nothing which would amount to 
See Schneier's Applied Cryptography, 2nd ed.

| Assuming the rumours of the weakness of DES are true, which symmetric
| encryption algorithms would you recommend which are substantially more
| secure than DES (and which are obtainable from Internet or commercial
| sources)?  (It doesn't haver to be exportable).

	I'd use IDEA or 3DES.  Again, see Schneier.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From dlv at bwalk.dm.com  Sun Feb 18 09:16:31 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 19 Feb 1996 01:16:31 +0800
Subject: DES_ono
In-Reply-To: <199602181633.LAA09963@homeport.org>
Message-ID: 


Adam Shostack  writes:
> | Assuming the rumours of the weakness of DES are true, which symmetric
> | encryption algorithms would you recommend which are substantially more
> | secure than DES (and which are obtainable from Internet or commercial
> | sources)?  (It doesn't haver to be exportable).
>
> 	I'd use IDEA or 3DES.  Again, see Schneier.

Or perhaps GOST 28147-89.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From adam at lighthouse.homeport.org  Sun Feb 18 09:53:36 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 19 Feb 1996 01:53:36 +0800
Subject: Numbers don't lie...
In-Reply-To: <960218111857.202256bd@hobbes.orl.mmc.com>
Message-ID: <199602181735.MAA10219@homeport.org>


A. Padgett Peterson P.E. Information Security wrote:

| The second point is that their scalability seems to be based on costs per
| chip alone, cost for which the engineering cost has been recovered and for
| which the yeild is significant, hardly givens when you are talking pushing
| the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
| (well, maybe U$25.00).

	Government agencies don't need to recover costs, they stick it
to the taxpayer.  Why was Clipper so cheap before it bombed?

| Finally, no cost is allocated to the sustem required to program/evaluate
| the ponderings of these 100's of ASICs. As anyone who has ever programmed
| a massively parallel computer (which is what they are talking about in their
| brute force machine, it is the boundary communications that kill you.
|
| True, each machine could operate on a specific portion of the keyspace with
| bits fixed as a function of its address, but each will need to be loaded
| with the plaintext to match and have some means to communicate success.
| 

	You just need to flag riase, not do real communication.  You
could use a tree structure to pass data back.  No need for 11
dimensional hypercube interconnects.  (Side note: Thinking Machines is
out of Chapter 11.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From stewarts at ix.netcom.com  Sun Feb 18 10:07:50 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Mon, 19 Feb 1996 02:07:50 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: <199602181745.JAA08925@ix5.ix.netcom.com>


At 05:38 PM 2/14/96 -0500, Perry wrote:
>Jon Lasser writes:
>> The more complex portion (from my perspective, at any rate) is a 
>> modification of the standard TCP/IP protocol, requiring that each packet 
>> be signed by its originating user. This would require lots of software 
>> modification on the Chinese end, as well as a conversion process at the 
>> National firewall.
>
>They could use no stock software, and they would grind every machine
>in the country to its knees doing the signatures. RSA signatures
>aren't cheap.

Could you use IPv6 / IPSP authentication to do the job?  You'd obviously
need to create network software for the various operating systems,
but for most of them it's not a big change and various well-known people
are working on implementations :-)  You could get by with something
cheap like an RSA-signed key used for a MAC with either RC4 or MD5,
reducing the problem to one RSA signature per connection plus faster algorithms.
For email, that's probably still one signature per mail message, but it's
a manageable load...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From stewarts at ix.netcom.com  Sun Feb 18 10:14:38 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Mon, 19 Feb 1996 02:14:38 +0800
Subject: PING packets illegal?
Message-ID: <199602181745.JAA08949@ix5.ix.netcom.com>


At 03:20 PM 2/14/96 -0500, markm at gak [cute machine name :-] wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>> Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
>> say, England, decided to ICMP-ping a host in America? Nothing wrong with
>> that ...... but if those ping packets contained little pieces of something
>> like PGP ...... would the host being pinged be breaking the law? Would
>> all the hosts in the route between that host and the host in England that
>> was doing the ping also be breaking the law?
>
>Exporting encryption to the U.S. from another country is not illegal, only
>exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
>does not matter if TCP packets or ICMP-ping packets are used to transmit the
>data. 

You missed the fun part of his post - it's that ping packets return the
data they were pinged with, so the US-end host is re-exporting components of
PGP.
>From a legal perspective, it's tough to assert that the US user had scienter,
given that it pings scarcely reach the machine's consciousness, much less
the human users', since they're handled by ICMP rather than by a user-space
TCP or UDP
socket.  (Obviously, if there's a sniffer around this is slightly different.)

Is it possible to send out forged ping packets, pinging machine B with a From
address of C (fake) instead of A (real), so that Alice can talk to China via
Bob?
If so, it might be an interesting method for traversing some firewalls,
and also (if you write a ping-collector program) for back-channel
communications.

If you want to really abuse the protocols, 53 bytes probably fits into the
64 you can send in a ping, so you could implement ATM-over-ICMP :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From adam at lighthouse.homeport.org  Sun Feb 18 10:46:05 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 19 Feb 1996 02:46:05 +0800
Subject: PING packets illegal?
In-Reply-To: <199602181745.JAA08949@ix5.ix.netcom.com>
Message-ID: <199602181819.NAA10431@homeport.org>


Bill Stewart wrote:

| >From a legal perspective, it's tough to assert that the US user had scienter,
| given that it pings scarcely reach the machine's consciousness, much less
| the human users', since they're handled by ICMP rather than by a user-space
| TCP or UDP
| socket.  (Obviously, if there's a sniffer around this is slightly different.)
| 
| Is it possible to send out forged ping packets, pinging machine B with a From
| address of C (fake) instead of A (real), so that Alice can talk to China via
| Bob?
| If so, it might be an interesting method for traversing some firewalls,
| and also (if you write a ping-collector program) for back-channel
| communications.

It should be possible to fake a source address.

Also, if you want to traverse a firewall from the inside, its usually
pretty easy to do with mail, or over telnet.  Stego in ping would show
up in a firewalls logs more prominently than a lot of mail.

| If you want to really abuse the protocols, 53 bytes probably fits into the
| 64 you can send in a ping, so you could implement ATM-over-ICMP :-)

Err, you can put up to 1500 bytes into an ICMP echo request, if its
properly implemented.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From acg at mandrake.cen.ufl.edu  Sun Feb 18 10:47:07 1996
From: acg at mandrake.cen.ufl.edu (Alexandra Griffin)
Date: Mon, 19 Feb 1996 02:47:07 +0800
Subject: Science News - article on Quantum Crypto
In-Reply-To: 
Message-ID: <199602181818.NAA21065@mandrake.cen.ufl.edu>


Bob writes:

> Does anyone know if the new in-line optical amplifiers (not switches!) have
> any effect on quantum crypto messages?

Yes, any active devices in your communications path would be unable to
function without making some kind of classical measurement on the
photons involved (e.g. measuring phase relative to a definite test
angle, if phase is what's being modulated), thereby collapsing the
wavefunction and spoiling any special properties afforded by being
able to send photons down the line without "looking at them."  Optical
repeaters have to pass your signal through an intermediate electronic
stage anyway, since we have no purely optical valve/transistor
equivalents (bosons don't interact with each other at all).

Can someone think of a reason why this wouldn't necessarily be so?

> Cheers,
> Bob Hettinga

- alex





From jf_avon at citenet.net  Sun Feb 18 10:56:04 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Mon, 19 Feb 1996 02:56:04 +0800
Subject: Patents suck
Message-ID: <9602181823.AA20368@cti02.citenet.net>


>I take some disagreement with that.
>
>With patents, there is a problem of large companies owning them yet
>doing nothing with them except suing other companies or individuals.

If you reject that possibility, you imply that the result of your work 
for yourself might not be your own property.  It does not matter if the
idea patented was originated be the patent holder of was purchased by the
patent holder.  Money is equivalent to personnal work.

And the property rights *are* fundamentals (even if not implemented in 
Biiieauuuutifull Canada...).

You can not have your cake and eat it too...


>Patents would be better if there was a good-faith attempt on the
>part of the holder to "use it or lose it".  Somebody sitting on a
>patent and doing nothing with it deserves to lose it after a number
>of years.

AFAIK, such clause already exists in Canada.  But again, I am not a layer.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From erc at dal1820.computek.net  Sun Feb 18 10:58:11 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Mon, 19 Feb 1996 02:58:11 +0800
Subject: Off-topic, but pertinent...
Message-ID: 


---------- Forwarded message ----------
Date: Sun, 18 Feb 1996 01:00:06 -0800
From: Sun Angel Innovations 
To: quotes at sun-angel.com
Subject: Daily Quote for Sunday, 18 February 1996

   If you resist reading what you disagree with, how will you ever
   acquire deeper insights into what you believe? The things most worth
   reading are precisely those that challenge our convictions.
   
                unknown
--
Sun Angel Innovations | http://www.sun-angel.com/ | info at sun-angel.com





From maruishi at netcom.com  Sun Feb 18 12:03:03 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Mon, 19 Feb 1996 04:03:03 +0800
Subject: pseudo random: THE CODE
In-Reply-To: <199602181409.WAA01614@ratbox.rattus.uwa.edu.au>
Message-ID: 




On Sun, 18 Feb 1996, Bruce Murphy wrote:

> In message <199602172002.MAA09152 at netcom20.netcom.com>, 
>   maruishi at netcom.com wrote:
> > 
> > I was trying to think of a way to come up with true random numbers...
> > And knowing a bit of UNIX socket TCP/IP programming I made a small little
> > program that generates random numbers by measuring the mili-second timing ies
> >  a TCP packet to bounce back, from another network. 
> >   My program simply send some data to port 7 (echo port) of a network on an i
> > nternal list. Then timing it, randomly picks a different network to send to. 
> 
> Interesting idea. Trends may be externally visible, You would probably
> want to normalize it, and you would find that there was quite a few
> deterministic elements of network load -> delay.
> 
> Oh, did I mention clock granularity?
> 
> In short you really aren't going to get 'random numbers' from such a
> scheme, but that's not to say you couldn't have fun playing with it,
> you might even find some use for the ways of calculating immediate
> network load around a node. Especially with regard to interception of
> packets and allowing for time discrepancies whilst doing so.
> 
> Altogether off topic, but could maybe be developed into an idea with,
> maybe a 30% change of being Perrygrammed. Keep working.
> 
> 
> Bounce me the code, could be interesting
> 
> 
> --
> Packrat (BSc/BE;COSO;Wombat Admin)
> Nihil illegitemi carborvndvm.
> 
Here is the code. Its pretty quick and dirty.

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define NET_NUM 1/*change this to the number of networks in
				the list below******************************/
struct timezone tz;
struct sockaddr_in addr;
unsigned int bits;

main(int argc, char **argv)
{
struct timeval tv;
register FILE *fin, *key, *nets;
int sock, c, dt, i, net;
unsigned char *packet;
unsigned char ch;

if(argc != 3)
{
printf("Usage: %s [key.file.path] [number of bits in key]\n", argv[0]);
exit(1);
} 
		if((key = fopen(argv[1], "wb")) == NULL)
		{
			perror("file open");
			exit(1);
		}
net = 1;
packet = (unsigned char *)malloc(16);/*you can of course change this value*/
memset(packet, "X", 16);
bits = atoi(argv[2]);
bits = bits / 8; /*how many bytes?*/
	for(i = 0; ih_addr, (char *)&addr.sin_addr, 
host_->h_length);
		else
			{
			printf("Host not found.\n");
			exit(1);
			}
	}
	addr.sin_family = AF_INET;
	addr.sin_port = htons(7);
		
		sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
		if (sock < 0) {
			fprintf(stderr,"error: socket() failed\n");
			perror("socket");
			return;
		}
	if(connect(sock, (struct sockaddr*) &addr, sizeof(addr))<0)
	{
		close(sock);
		fprintf(stderr, "socket connection error\n");
		perror("connection");
		exit(1);
	}
	return sock;
}

/**************put your network list down here************/
char *getn(int num)
{
char *nets[] = 
	{
	"127.0.0.1"
	};
return nets[num];
}

/*This part is taken from traceroute.*/
deltaT(tp)
struct timeval *tp;
{
	struct timeval tv;

	(void) gettimeofday(&tv, &tz);
	tvsub(&tv, tp);
	return (tv.tv_sec*1000 + (tv.tv_usec + 500)/1000);
}

tvsub(out, in)
register struct timeval *out, *in;
{
	if ((out->tv_usec -= in->tv_usec) < 0)   {
		out->tv_sec--;
		out->tv_usec += 1000000;
	}
	out->tv_sec -= in->tv_sec;
}





From frissell at panix.com  Sun Feb 18 12:15:39 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 19 Feb 1996 04:15:39 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960218195648.009940e8@panix.com>


At 06:13 AM 2/16/96 -0500, lmccarth at cs.umass.edu wrote:

>> I'm waiting.  Then I'll have to call all the way to Montreal to log on.
>
>So much for the-net-as-I-know-it, where people don't have to call outside
>the country just to log in to the net. Most of the people I want on the net
>are very unlikely to do this.

But what we think of as "phone calls" are likely to be digital and flat rate
as well so calling distant points won't involve much of a hit.

>I'd be interested to see the documentation of the number of peasants in 
>the U.S. (or elsewhere) who have done anything like this. Documentation of
>the number of peasants who could manage the technical details would also
>be interesting.

Actually, it only takes a million or so out of the world population to make
restrictions impossible.  That will certainly be achievable.  Configuration
need not be difficult if the technically aware produce easy installation
software and  I think this is being done.  In any case, once Windows
96/Windows NT is stable enough with genuine multithreading we'll be able to
do a nice background TCP/IP setup with a point and click interface.  If the
capability to do something people want to do (communicate freely) exists, it
*will* be used.  Enforcement doesn't work.  The Great Enemy would need to
remove the capability.  But they are not doing that.  They are encouraging
the move towards a more communications rich environment not towards a lesser
one.

>And of course, all peasants have plenty of disposable income to spend on
>long-distance phone charges....

No more long distance.  Haven't you heard.  The "production cost" of a New
York to London call is currently less than 2 cents a minute (most of that
for billing) AT&T charges about 50-100 cents a minute.  That sort of markup
can't survive.

>Duncan Frissell writes:
>> We (some of we) don't want the housing or the school funding either.  I
>> certainly consider slave schools to be the most common form of child abuse
>> in the world today.
>
>That's nice, but are you seriously claiming that the portion of the average
>set of voters in a Congressional district that strongly agrees with you on 
>those issues matters a whit in a Congressional election ?

No.  But I do claim that their view doesn't mean much in an age in which
politics is being replaced by markets.

Look.  Coercion-based systems like government depend on a power balance
tipped far in their direction.  They start to break down as individuals and
small groups gain levels of power that are more equal to theirs.  If we can
overturn one of their commands with five minutes of keyboarding, that
command can't stand.  The stability of past systems was based on the fact
that 90% of the population couldn't do anything no matter what happened.
They had to stay where they were and grow food or they would starve.  It's
not hard to rule people in that situation.  We aren't in that situation any
more.  We can move and communicate and buy and sell and the government can't
do much about most of it.  They depend on our acquiescence and the freedom
of communication we have weakens their hold on that acquiescence.

DCF






From jcobb at ahcbsd1.ovnet.com  Sun Feb 18 12:28:28 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Mon, 19 Feb 1996 04:28:28 +0800
Subject: True random numbers
Message-ID: 


 
 
  Friend, 
 
 
                            (1) 
 
 
  The Centre de Recherches Mathematique is hosting a year-long 
  program in combinatorics and group theory in 1996-1997.  The 
  year will be organized around a number of workshops spread 
  throughout the year. 
 
  Among the workshops: 
 
 
        WORKSHOP ON PSEUDORANDOM NUMBER GENERATION 
 
                       06 03 / 28 96 
 
 
  The CRC's at the University of Montreal. 
 
  Details: 
 
               ACTIVITIES at CRM.UMontreal.CA 
  
                          or 
 
               http://www.CRM.UMontreal.CA 

 
 
                           (2) 
 
 
  If you'd like to read RFC 1750, "Randomness Recommendations 
  for Security," but you're too busy to ftp, email 
 
                mailserv at ds.internic net 
 
 
  and in the body of the message include the command 
 
                document-by-name rfc1750 
 
 
  In due time it will arrive in 2 parts. 
 
  At the end of the 2d part: 
 
  References

   [ASYMMETRIC] - Secure Communications and Asymmetric Cryptosystems,
   edited by Gustavus J. Simmons, AAAS Selected Symposium 69, Westview
   Press, Inc.

   [BBS] - A Simple Unpredictable Pseudo-Random Number Generator, SIAM
   Journal on Computing, v. 15, n. 2, 1986, L. Blum, M. Blum, & M. Shub.

   [BRILLINGER] - Time Series: Data Analysis and Theory, Holden-Day,
   1981, David Brillinger.

   [CRC] - C.R.C. Standard Mathematical Tables, Chemical Rubber
   Publishing Company.

   [CRYPTO1] - Cryptography: A Primer, A Wiley-Interscience Publication,
   John Wiley & Sons, 1981, Alan G. Konheim.

   [CRYPTO2] - Cryptography:  A New Dimension in Computer Data Security,
   A Wiley-Interscience Publication, John Wiley & Sons, 1982, Carl H.
   Meyer & Stephen M. Matyas.

   [CRYPTO3] - Applied Cryptography: Protocols, Algorithms, and Source
   Code in C, John Wiley & Sons, 1994, Bruce Schneier.

   [DAVIS] - Cryptographic Randomness from Air Turbulence in Disk
   Drives, Advances in Cryptology - Crypto '94, Springer-Verlag Lecture
   Notes in Computer Science #839, 1984, Don Davis, Ross Ihaka, and
   Philip Fenstermacher.

   [DES] -  Data Encryption Standard, United States of America,
   Department of Commerce, National Institute of Standards and
   Technology, Federal Information Processing Standard (FIPS) 46-1.
   - Data Encryption Algorithm, American National Standards Institute,
   ANSI X3.92-1981.
 
   (See also FIPS 112, Password Usage, which includes FORTRAN code for
   performing DES.)

   [DES MODES] - DES Modes of Operation, United States of America,
   Department of Commerce, National Institute of Standards and
   Technology, Federal Information Processing Standard (FIPS) 81.
   - Data Encryption Algorithm - Modes of Operation, American National
   Standards Institute, ANSI X3.106-1983.

   [D-H] - New Directions in Cryptography, IEEE Transactions on
   Information Technology, November, 1976, Whitfield Diffie and Martin
   E. Hellman.

   [DoD] - Password Management Guideline, United States of America,
   Department of Defense, Computer Security Center, CSC-STD-002-85.
 
   (See also FIPS 112, Password Usage, which incorporates CSC-STD-002-85
   as one of its appendices.)

   [GIFFORD] - Natural Random Number, MIT/LCS/TM-371, September 1988,
   David K. Gifford

   [KNUTH] - The Art of Computer Programming, Volume 2: Seminumerical
   Algorithms, Chapter 3: Random Numbers. Addison Wesley Publishing
   Company, Second Edition 1982, Donald E. Knuth.

   [KRAWCZYK] - How to Predict Congruential Generators, Journal of
   Algorithms, V. 13, N. 4, December 1992, H. Krawczyk

   [MD2] - The MD2 Message-Digest Algorithm, RFC1319, April 1992, B.
   Kaliski
 
   [MD4] - The MD4 Message-Digest Algorithm, RFC1320, April 1992, R.
   Rivest
 
   [MD5] - The MD5 Message-Digest Algorithm, RFC1321, April 1992, R.
   Rivest

   [PEM] - RFCs 1421 through 1424:
   - RFC 1424, Privacy Enhancement for Internet Electronic Mail: Part
   IV: Key Certification and Related Services, 02/10/1993, B. Kaliski
   - RFC 1423, Privacy Enhancement for Internet Electronic Mail: Part
   III: Algorithms, Modes, and Identifiers, 02/10/1993, D. Balenson
   - RFC 1422, Privacy Enhancement for Internet Electronic Mail: Part
   II: Certificate-Based Key Management, 02/10/1993, S. Kent
   - RFC 1421, Privacy Enhancement for Internet Electronic Mail: Part I:
   Message Encryption and Authentication Procedures, 02/10/1993, J. Linn

   [SHANNON] - The Mathematical Theory of Communication, University of
   Illinois Press, 1963, Claude E. Shannon.  (originally from:  Bell
   System Technical Journal, July and October 1948)

   [SHIFT1] - Shift Register Sequences, Aegean Park Press, Revised
   Edition 1982, Solomon W. Golomb.

   [SHIFT2] - Cryptanalysis of Shift-Register Generated Stream Cypher
   Systems, Aegean Park Press, 1984, Wayne G. Barker.

   [SHS] - Secure Hash Standard, United States of American, National
   Institute of Science and Technology, Federal Information Processing
   Standard (FIPS) 180, April 1993.

   [STERN] - Secret Linear Congruential Generators are not
   Cryptograhically Secure, Proceedings of IEEE STOC, 1987, J. Stern.

   [VON NEUMANN] - Various techniques used in connection with random
   digits, von Neumann's Collected Works, Vol. 5, Pergamon Press, 1963,
   J. von Neumann.
 
 
  Of course you'd get the 2d edition of Schneier's Applied 
  Cryptography. 
 
  Something a little different at the introductory level: 
 
 
      J C G Lesurf 
       Physics and Astronomy Department 
       University of St Andrews 
       Scotland 
 
      Information and Measurement 
 
      Institute of Physics Publishing 
       US Editorial Office 
       The Public Ledger Building    Suite 1035 
       Independence Square 
       Philadelphia  PA    19106 
 
      1995 
 
      ix + 243 
 
      ISBN: 0 7503 0308 5 
 
 
 
  Cordially, 
 
  Jim 
 
 
 





From frissell at panix.com  Sun Feb 18 12:54:09 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 19 Feb 1996 04:54:09 +0800
Subject: CDA Yes Votes; Collection
Message-ID: <2.2.32.19960218204024.00b89dc8@panix.com>


At 08:54 PM 2/16/96 -0800, Simon Spero wrote:
>So, if the US were to end up with a President Buchanan elected by 25% of 
>all eligible voters, would you advocate seeking exile, or armed rebellion?

Well, few rebelled or left when William Jefferson Blythe Clinton won with
23% of the eligible vote.

DCF






From frantz at netcom.com  Sun Feb 18 13:49:48 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 05:49:48 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <199602182116.NAA21283@netcom7.netcom.com>


At  2:56 PM 2/18/96 -0500, Duncan Frissell wrote:
>At 06:13 AM 2/16/96 -0500, lmccarth at cs.umass.edu wrote:
>>I'd be interested to see the documentation of the number of peasants in 
>>the U.S. (or elsewhere) who have done anything like this. Documentation of
>>the number of peasants who could manage the technical details would also
>>be interesting.
>
>Actually, it only takes a million or so out of the world population to make
>restrictions impossible.  That will certainly be achievable. ...

My wife attended the World Women's Conference in Hai Rou, China (as staff
supporting their Apple computers).  She reports that the "killer
application" demonstrated there was email.  Women in extreemly poor
countries of the world were interested in communicating with each other
about solving local problems (e.g. Clean water supplies).

The demand is there.  These people are not stupid.  They can learn.  I
expect to see the village email computer build on "obsolete" donated
machines start to become a force in the next century, the same way the
village TV and cassette player have played a role in the last decade.

Regards - Bill







From tbyfield at panix.com  Sun Feb 18 13:55:45 1996
From: tbyfield at panix.com (t byfield)
Date: Mon, 19 Feb 1996 05:55:45 +0800
Subject: [NOISE] Re: CDA Yes Votes; Collection
Message-ID: 


At 3:40 PM 2/18/96, Duncan Frissell wrote:

>Well, few rebelled or left when William Jefferson Blythe Clinton won with
>23% of the eligible vote.

        This fact seems to pique you, Duncan, as though it were somehow
unjust. If you feel so strongly, maybe you should get out and organize
those oceans of people who're waiting to think and vote just like you do.
Or is "organizing" too gauche for your finer sensibilities?
        I'm no fan of the man myself, but he _did_ win.
        Don't like it? Change it.

Ted







From hal9001 at panix.com  Sun Feb 18 14:20:14 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Mon, 19 Feb 1996 06:20:14 +0800
Subject: CDA outside US (Including Indian Reservations)
Message-ID: 


At 19:08 2/17/96, Ed Carp wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.  A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X.

Of course there are other Western Countries that will let you in with the
intent of Arresting you (and possibly extradite you to a 3rd Country since
you are not Guilty of anything in the Extraditing Country except for being
on the 3rd Country's "Wanted List". There was a big stink a while ago about
someone being shipped to Germany on one of these International Pick-Up
Warrants.







From jya at pipeline.com  Sun Feb 18 14:22:11 1996
From: jya at pipeline.com (John Young)
Date: Mon, 19 Feb 1996 06:22:11 +0800
Subject: Gustave Solomon
Message-ID: <199602182159.QAA15216@pipe1.nyc.pipeline.com>


   Mathematician Gustave Solomon died on January 31 in Los
   Angeles. He was 65. Dr. Solomon was a co-inventor with
   Irving S. Reed of the Reed-Solomon codes, which have come
   into increasingly widespread use as a way of combatting the
   inevitable errors that occur in the transmission and
   storage of information. He did early work concerning the
   algebraic theory of error-correcting codes, and, with H. F.
   Mattson, was co-author of the powerful tool for analyzing
   such codes known as the Mattson-Solomon polynomial. His
   other interests included composing popular songs and
   folksongs and teaching voice and movement.

   Excerpted from NYT obituary, February 18, 1996.







From jimbell at pacifier.com  Sun Feb 18 14:36:40 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 06:36:40 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----


At 01:18 PM 2/18/96 -0500, Alexandra Griffin wrote:
>Bob writes:
>
>> Does anyone know if the new in-line optical amplifiers (not switches!) have
>> any effect on quantum crypto messages?
>
>Yes, any active devices in your communications path would be unable to
>function without making some kind of classical measurement on the
>photons involved (e.g. measuring phase relative to a definite test
>angle, if phase is what's being modulated), thereby collapsing the
>wavefunction and spoiling any special properties afforded by being
>able to send photons down the line without "looking at them."  Optical
>repeaters have to pass your signal through an intermediate electronic
>stage anyway, since we have no purely optical valve/transistor
>equivalents (bosons don't interact with each other at all).

I love to be picky about such things.  Yes, I think bosons _DO_ interact 
with each other.  Before all you physics nerds flame me, hear me out:  
Photons, while they have no "rest mass" do indeed "gravitate" (they are 
energy, recall?).  In a reference I can no longer find in my 1970 
Encyclopedia Brittanica, it stated that a cubic mile of sunshine "weighs" 
1/100,000,000 of a milligram.    From another source (or maybe the same 
one?) it stated that the photon "weight" in a cubic centimeter of volume at 
the core of a star such as our sun (or at the core of a nuclear explosion) 
is about 1 gram per cubic centimeter.

Thus, presumably photons self-gravitate, and thus, SOME bosons "interact," 
although admittedly this kind of interaction is a few dozen orders of 
magnitude lower than what you probably intended when you said "Bosons don't 
interact with each other at all."

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSeY6fqHVDBboB2dAQG7XwQAoGeWJgkUf2Ton5ptuAgps23RN1YVrdS8
MB0t9DIRrmCqNlFOf8c5b3I9ljxpY0JvEMyWG0LYVqp6+ZYBfBwaSEQ9YGI+uzRJ
vDIWg/83sBlHDraNiV5f6VBjZNExgvk2N4j1FIploB0SFOBEH3W7ymVa6Z/IZ6fs
kYaIKiXp+ns=
=YPqX
-----END PGP SIGNATURE-----






From scmayo at rsc.anu.edu.au  Sun Feb 18 14:50:53 1996
From: scmayo at rsc.anu.edu.au (Sherry Mayo)
Date: Mon, 19 Feb 1996 06:50:53 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: <9602182222.AA17134@toad.com>


> 
> Bob writes:
> 
> > Does anyone know if the new in-line optical amplifiers (not switches!) have
> > any effect on quantum crypto messages?
> 
> Yes, any active devices in your communications path would be unable to
> function without making some kind of classical measurement on the
> photons involved (e.g. measuring phase relative to a definite test
> angle, if phase is what's being modulated), thereby collapsing the
> wavefunction and spoiling any special properties afforded by being
> able to send photons down the line without "looking at them."  Optical
> repeaters have to pass your signal through an intermediate electronic
> stage anyway, since we have no purely optical valve/transistor
> equivalents (bosons don't interact with each other at all).

I am not sure this is correct. In-line optical amplifiers work by
stimulated emission like a laser rod. There is no intermediate
electronic stage. The amplifier is a section of fibre that is doped
with a rare earth element. The rare earth atoms are boosted into a metastable
high energy state using a power source around the fibre. Passing signals
(photons) stimulate the decays of the metastable states releasing more
photons and boosting the signal. I am not sure what the effect of this on the
polarisation characteristics of the signal is but my *hunch* is that the
polarisation characteristics would be preserved in the amplified signal.

Sherry

ps Any laser physicists in the house?






From frissell at panix.com  Sun Feb 18 14:51:59 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 19 Feb 1996 06:51:59 +0800
Subject: Ben T. Moore "Mr. Anonymous"
Message-ID: <2.2.32.19960218222556.00d635bc@panix.com>


At 09:33 PM 2/14/96 -0800, hochiminh at alpha.c2.org wrote:

>So while you are off being a cool anonymous dude the rest of us are paying
for >the AFDC you ex-wife has to use to feed the kids.

No individual is responsible for the fact that AFDC exists and steals wealth
from others.  The government and its supporters are responsible for that
crime.  
>This is a violation of Indiana Code but breaking the law is of no concern
to you, huh?

Hardly ever prosecuted.  In addition, if you use a mail drop for a DMV
address and the authorities ever "call" you on it, you can use the Homeless
Defense.  As far as I know, the homeless have the right to drive.  Also, if
your license/registration is in a jurisdiction other than the one in which
you find yourself, your "lies" to the foreign jurisdiction do not violate
local law.

>This [opening a mail drop in a false name] is a violation of Indiana and
>Federal Laws depending on how they are used.

Has never been prosecuted.  Very hard to prove in any case since the mailbox
clerk is unlikely to remember the person who opened the box account and if
you are really worried, you can just add a second phony name to the first
name without any false ID having to be presented.  You can then collect mail
under the second name and ignore the name in which the account was opened.

>Another violation of Indiana Code [opening utility accounts in false names].

I doubt that if there is no intent to defraud (hide bad credit for example).
If you can later prove that your credit was good and the account would have
been opened in any case, then there is no misrepresentation of a material
fact and you can fall back on the common law right to call yourself by any
name you choose.  No prosecutions in any case.

It never ceases to amaze me that people invoke never used laws to try and
control the behavior of others.  Did you know that sodomy is illegal in
(circa) 22 states?  Does this reduce the incidence of same.  Use it or lose it.

DCF






From tcmay at got.net  Sun Feb 18 15:01:17 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 07:01:17 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: 


At 9:28 PM 2/18/96, jim bell wrote:

>I love to be picky about such things.  Yes, I think bosons _DO_ interact
>with each other.  Before all you physics nerds flame me, hear me out:

I won't "flame you," just correct you.

It is well-known that photons are affected by gravitation...from the
Mossbauer effect to the bending of light by the sun (seen in eclipses) to
the gravitational lensing effects.

....
>Thus, presumably photons self-gravitate, and thus, SOME bosons "interact,"
>although admittedly this kind of interaction is a few dozen orders of
>magnitude lower than what you probably intended when you said "Bosons don't
>interact with each other at all."

What is being referred to is a term of art related to Bose-Einstein
statistics (the origin of the term boson, as contrasted to fermions, which
are affected by the Pauli Exclusion Principle, while bosons are not).

No list relevance that I can see, but then neither do nuclear triggers have
anything to do with the list.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From maruishi at netcom.com  Sun Feb 18 15:38:12 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Mon, 19 Feb 1996 07:38:12 +0800
Subject: True random numbers
In-Reply-To: 
Message-ID: 


thanx a lot for that info..... 

maruishi at netcom.com





From nobody at REPLAY.COM  Sun Feb 18 16:04:00 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 19 Feb 1996 08:04:00 +0800
Subject: Piracy Bests ITAR
Message-ID: <199602182345.AAA07577@utopia.hacktic.nl>



The Economist, 17 Feb 1995, p. 17.

Should foreigners' intellectual property always be
protected? [Excerpts]


Is it right to expect governments, especially poor ones,
to honour new World Trade Organization rules on
intellectual property?

Some economists have made a good case that slack
enforcement of such rules may sometimes do little harm.
Local firms benefit by acquiring pirated technology more
cheaply than the real thing; consumers acquire affordable
high-tech products and close copies of branded goods.

Although the original producers of the intellectual
property lose out, it is sometimes hard to tell how much.
They might anyway have sold nothing in a poor country at
rich prices. And provided that counterfeiters make
reasonably faithful copies, piracy is free publicity: how
many Chinese would know about Microsoft's latest
programs, or listen to Michael Jackson's new album, had
they not been able to buy illegal imitations? ...

It is not always obvious what theft is. Much in patent
and copyright law is arbitrary. But who says American
copyright law is correct? More to the point, why should
China accept America's view of how a drug design, say,
should be accorded patent protection?

In some cases, the interests of rich and poor countries
are clearly at odds: one side has all the property. There
seems to be no objective standard to appeal to.
Eventually, this may change: as poor countries produce
more innovations themselves, their own inventors will
demand greater protection. Meanwhile, the lot of many
intellectual-property producers will not be a happy one.








From c043484 at narwhal.cc.metu.edu.tr  Sun Feb 18 16:15:34 1996
From: c043484 at narwhal.cc.metu.edu.tr (yesim ozben)
Date: Mon, 19 Feb 1996 08:15:34 +0800
Subject: No Subject
Message-ID: 


Some news from Turkey. Up to now all connections to Internet were 
established and managed by TR-NET the collaboration of a university 
(METU) and the the national scientific research center (Tubitak). 
Recently the phone company opened a tender for this task and I think the 
same group or some company or foundation they were part of won it. Today 
I read that they are trying to pass some law for the net to be controlled 
by a monopoly and the reason is to be able to control things. So it's 
spreading.

Yesim





From nobody at REPLAY.COM  Sun Feb 18 16:26:52 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 19 Feb 1996 08:26:52 +0800
Subject: patents suck
Message-ID: <199602182353.AAA07801@utopia.hacktic.nl>


jf_avon at citenet.net wrote:

>>With patents, there is a problem of large companies owning them 
>>yet oing nothing with them except suing other companies or
>>individuals.

>If you reject that possibility, you imply that the result of
>your work for yourself might not be your own property.  It does
>not matter if the idea patented was originated be the patent
>holder of was purchased by the patent holder.  Money is
>equivalent to personnal work.

Bullshit. Corporations do not work; their employees do. The
creativity of employees is sat upon as net worth, but nothing
is produced.  Money is only worth something if it is circulating
in an economy; a corporation only has worth if it produces
something.

Instead corporations produce nothing.  They sit on resources,
preventing anyone else from producing, because the current system
favors non-production and an inflationary and wasteful economy
based on speculation.

Economic equivalent of people who sit around and talk but don't
get off their asses and do something.

>And the property rights *are* fundamentals (even if not

No, they are not fundamental anything. They are taken for granted
in the modern West as a rationale. It's a nice one, and I don't
have too many arguments... except when people claim a false
dilemma of either total private property or total socialism.

Why not a form of property based on use?  If you don't use your
property, after a while you cease owning it.  It was originally
a rationale in Europe and early American colonies because so
many people claimed to own land that they never saw, despire the
fact that natives and settlers lived there.

Extended to patents... corporations do a lot of R but no D, but
legally no one else can make use of it either.  Unisys didn't
market LZW compression and let everyone else use it... then they
decided they should have been making losts of mulah and wanted
to pull the plug and get royalities.  IBM has done negligable
production on arithmetic coding, so a lot of independ developers
ignore the patents.  Similar arguments can be made about PK
crypto.


>You can not have your cake and eat it too...

Huh? What does that have to do with this argument?








From jimbell at pacifier.com  Sun Feb 18 16:35:42 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 08:35:42 +0800
Subject: Using lasers to communicate
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 10:44 PM 2/17/96 -0500, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>> 
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

I tend to agree.  But my position is a bit more "middle of the road":  We 
_should_ use laser/LED links, but we should encrypt the link with encryption 
sufficiently strong (IDEA/1024-bit RSA key) to make interception of the beam 
pointless.

I think what's needed from the IC companies is a chip somewhat analogous to 
the UARTS (TR1602/AY5-1013) (which were "new" in about the 1975 time frame), 
but one which maintains one half of a bidirectional link with NSA-proof 
encryption.  It wouldn't matter what the physical medium was, it would 
"handle it."  They'd be given "authority" over link signal amplitude, and 
would be able to monitor link integrity/error rate to anticipate incipient 
link failures.  (caused by electronic/mechanical  failure, growth of 
vegetation, corrosion, and other items.)  (I know, I know, shades of 2001!  
"Open the pod bay door, Hal!")

During periods of low usage, it would occasionally automatically engage in 
link margin testing, etc, and automatically generate/transmit extremely-long 
period pseudorandom data to  prevent snoopers from doing any sort of
traffic-density analysis 
on the working link.  If the chip was given mechanical authority over 
beam-pointing, the chip could also do auto-align test functions to
compensate for 
misalignment, etc.  Alignment would be kept "perfect."

While I'm no IC-design expert, considering the fact that chips commonly 
possess at least 1000 times as many transistors as they did in 1974, they 
SHOULD be able to implement such a chip easily enough.

Lazy bastards.

Jim Bell
jimbell at pacifier.com



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSezPPqHVDBboB2dAQGu1gP+J1t3aagiHVoSE0ETiid2TPYw1wCBxi5H
znvWIHbic9VNMnBo1ZkeSiR86Xi/C311CB526vRZnzNyUNuk8vF55MxGY7FRf1sn
xGvH0n+b3Y4XR3NsJP0cazLhmDZocjTTjiRDGMSFt4wwLt0SqiLbrxQ/WkcB6ee+
/17ORpzAafk=
=klc5
-----END PGP SIGNATURE-----






From tcmay at got.net  Sun Feb 18 16:42:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 08:42:19 +0800
Subject: Turkey says: "But even the U.S. censors its Net!"
Message-ID: 


At 10:46 PM 2/18/96, yesim ozben wrote:
>Some news from Turkey. Up to now all connections to Internet were
>established and managed by TR-NET the collaboration of a university
>(METU) and the the national scientific research center (Tubitak).
>Recently the phone company opened a tender for this task and I think the
>same group or some company or foundation they were part of won it. Today
>I read that they are trying to pass some law for the net to be controlled
>by a monopoly and the reason is to be able to control things. So it's
>spreading.

I'm sorry to hear this, but it's predictable.

One of the worst aspects of the Communications Decency Act is that it
undermines criticism of similar acts in other countries. If Germany,
Turkey, Singapore, or China censor their computer users and establish
controls, critics will be met with a pointer to the U.S. policies. If even
the country that spends the most effort bragging about its love of liberty
is seen as censoring the Net, then surely it is a reasonable thing to do.

(We've seen similar cases in other contexts, where the United States boasts
about its free trade policies while forcing Canadians to reduce production,
or limits the amount of crops grown, etc. Other examples are readily
apparent.)

If the U.S. sees the need to control thoughtcrime, so will other countries.


--Winston Smith

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From sean at lucifer.com  Sun Feb 18 16:47:57 1996
From: sean at lucifer.com (Sean Morgan)
Date: Mon, 19 Feb 1996 08:47:57 +0800
Subject: True democracy in America.
Message-ID: <2.2.32.19960219002159.00681c98@lucifer.com>


Isaac Hopkins  wrote:

>A truly Democratic society is only feasible when you have an educated
>society that can act outside of their own self interest [...] A democracy
>is just the tyranny of the majority.

Democracy works because it recognizes the power of a majority.  If a
leader's policies are at odds with the will of the majority, sooner or later
they will rise up against him/her.  If you will allow me to throw a cliche
back at your "tyranny of the majority", how about "might makes right"?  Or
as Churchill said (more or less), "Democracy is the worst possible form of
government, except for all the others."

Notice that "might makes right" does not imply that any education is necessary.
-------------------------------+-----------------------------------------
Sean Morgan (sean at lucifer.com) | Let me tell you a few bits about myself:  
                               |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...






From jimbell at pacifier.com  Sun Feb 18 17:16:38 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 09:16:38 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 04:01 PM 2/18/96 -0800, Timothy C. May wrote:
>At 9:28 PM 2/18/96, jim bell wrote:
>
>>I love to be picky about such things.  Yes, I think bosons _DO_ interact
>>with each other.  Before all you physics nerds flame me, hear me out:
>
>I won't "flame you," just correct you.

Hmmmm.  Last thing I saw, you claimed you put me in your "killfile."  Glad 
to see I'm off.  (This makes me wonder why...)   Hope I don't do anything 
else to offend you. B^)

>It is well-known that photons are affected by gravitation...from the
>Mossbauer effect

Hey, you're a sharp guy!  Not too many people are aware of the Mossbauer 
effect.  I'll bet you read the same Scientific American article I did, 
decades ago.  Here's a question:  How hard is 
it to make a gamma detector?  I'd like to experiment with the Mossbauer 
effect, but aside from the difficulty of obtaining the radioactive nuclides, 
I don't know to make a crystal detector.  And is that the best an amateur 
could do?

> to the bending of light by the sun (seen in eclipses) to
>the gravitational lensing effects.
>
>....
>>Thus, presumably photons self-gravitate, and thus, SOME bosons "interact,"
>>although admittedly this kind of interaction is a few dozen orders of
>>magnitude lower than what you probably intended when you said "Bosons don't
>>interact with each other at all."
>
>What is being referred to is a term of art related to Bose-Einstein
>statistics (the origin of the term boson, as contrasted to fermions, which
>are affected by the Pauli Exclusion Principle, while bosons are not).

Yes, yes, yes, I know this stuff.  But my pickiness was based on the fact 
that the term "interact" can vary over many orders of magnitude.  For 
example, as I recall the ratio of the electrical repulsion  between two 
protons exceeds the gravitational attraction by a factor of about 10**40.  I 
just object to the use of the term "interact" in a cavalier way, as if 
quantum mechanical "interaction" was the only kind of interaction that 
"mattered."  (no pun intended...well, maybe just a little.) 

>No list relevance that I can see, but then neither do nuclear triggers have
>anything to do with the list.

Okay, maybe not, but my idea is substantially better than anything I've 
heard published in the open lay press.  I just heard from a friend that even 
that hack Clancy used krytrons and capacitors; my system would use _trivial_ 
components to do the timing.  

Jim Bell, N7IJS


jimbell at pacifier.com

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSe8AfqHVDBboB2dAQFUQwP/fcsCsqydcEFdxnBqWuFeFrqoumUtg5NR
5SSTPs1dX7SZ2A1eBNo1Up9JodqShnJtce464rrW7kleX5bHSGG5mY327D1X9+Nw
O/UcI7yfKdHidUK7Z7YUn5zeBnZzVqsTStXPX4SECg8bfvo9Ey/OjEQ/bVi0Qi4C
fiwJD8skIE4=
=DaGm
-----END PGP SIGNATURE-----






From die at pig.die.com  Sun Feb 18 17:35:10 1996
From: die at pig.die.com (Dave Emery)
Date: Mon, 19 Feb 1996 09:35:10 +0800
Subject: No Subject
In-Reply-To: <199602181818.NAA21065@mandrake.cen.ufl.edu>
Message-ID: <9602190113.AA23991@pig.die.com>



> 
> Bob writes:
> 
> > Does anyone know if the new in-line optical amplifiers (not switches!) have
> > any effect on quantum crypto messages?

  Optical
> repeaters have to pass your signal through an intermediate electronic
> stage anyway, since we have no purely optical valve/transistor
> equivalents (bosons don't interact with each other at all).

	This is not true.   There is now a whole technology of optical
amplifiers for fiber communications systems that used Ettrium doped
fibers pumped with strong light from a laser at a slightly shorter
wavelength. These fiber optical amplifiers have gains in the order of
10-12 db in a section of special doped fiber only about 10 feet long.

	The current generation of undersea cables from the US to Europe
use these amplifiers instead of the more traditional regenerating
repeaters that convert the light to electronic signals, reclock the data
stream and convert it back to light with another laser diode.   There is
no conversion from light to digital electronic signals all the way from
Rhode Island to England - the same light pulses that go into the fiber
on one side of the Atlantic come out on the other end without ever
having been converted to electronic form in between.

	 These amplfiers have enourmous bandwidth, and can be used to
amplify several slightly different wavelengths of light allowing
wavelength division multiplexing of multiple streams of light flashes of
slightly different "colors" (all the current technology works at around
1500 nm which is well into the infrared).   This can expand the capacity
of a single fiber to four to six times the 5 Gb/sec that is the current
state of the art.

							Dave Emery
							die at die.com


























                                        

> 
> Can someone think of a reason why this wouldn't necessarily be so?
> 
> > Cheers,
> > Bob Hettinga
> 
> - alex
> 






From sean at lucifer.com  Sun Feb 18 17:47:41 1996
From: sean at lucifer.com (Sean Morgan)
Date: Mon, 19 Feb 1996 09:47:41 +0800
Subject: CDA outside US (Including Indian Reservations)
Message-ID: <2.2.32.19960219012151.006a34c4@lucifer.com>


Ed Carp  wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.

This is not an idle threat.  When Pierre Trudeau was elected prime minister
of Canada (1969?) there was some scrambling in the US to get him off the
_persona non grata_ list.  Seems that in his student days he had been busted
for trying to kayak from Florida to Cuba.  Canadian author Farley Mowatt
(sp?) was turned back at the border for imagined pinko associations (best
guess was that it was because he had traveled to the USSR to research _Sibir_).

Such a blacklisting would really hurt me in my current job.  I made about 15
business trips to the US (from Canada) last year.

>A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X. 

That makes no sense.  "Country Y would pass a law saying that country X may
bar you for something country X doesn't like"??  That's unnecessary on two
counts: Country Y has no jurisdiction in X, and X doesn't need Y permission
anyway.  Example, so called "sex tourist" from western countries travel to
the far east to have sex with minors.  You can't do it back home, but there
nothing to stop you from doing it abroad.  Or if you want an example closer
to home, how about Californians traveling to Nevada to gamble?
-------------------------------+-----------------------------------------
Sean Morgan (sean at lucifer.com) | Let me tell you a few bits about myself:  
                               |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...






From rah at shipwright.com  Sun Feb 18 17:57:35 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 19 Feb 1996 09:57:35 +0800
Subject: (DaveMail Fwd) Today's Proposal: Webmasters
Message-ID: 



--- begin forwarded text

Mime-Version: 1.0
Date: Sun, 18 Feb 1996 09:09:07 -0800
To: malcolm at interval.com, ginas at hooked.net (Gina Smith -- SF Examiner),
        mark at wired.com (Mark Frauenfelder),
        RayHeizer at value.net (Heizer Software), davenetworld at wired.com,
        louise.link at applelink.apple.com (Louise Velazquez -- Oracle),
        Dan_Scherlis.ZIFF-DAVIS%LNGATE at zdmis.ziff.com (AT&T),
        Roz_Ault at bmugbos.org (Roz Ault), CummingsBu at aol.com,
        280-0309 at mcimail.com (Tim Bajarin),
        CHAHIL at applelink.apple.com (Chahil, Satjiv)
From: dwiner at well.com (DaveNet email)
Subject: Today's Proposal: Webmasters
Sender: owner-davenetworld at wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/18/96; 8:58:20 AM PST
---------------------------------------

  ***I'm not too proud

  If I have to beg and plead for sympathy.

  I don't mind because it means that much to me.

  If I have to sleep on your doorstep all night and day.

  Let my friends laugh -- even this I can stand!

  I'm not ashamed to come and plead with you baby.

  ***I ain't too proud to beg!

  The Temptations. Motown.

  The Internet. Now.

  What goes around.

  No, I ain't too proud to beg.

  Here's why!

  ***Why am I working on a Sunday morning?

  We're at a crossroads for the Internet medium. Will it be a
  narrow-channel one-way medium as the east coast people glibly claim
  it will be? Soap commercials, sensationalism, imitation
  friendship -- a continuation of the suburban culture of isolation,
  lies, dysfunction and unhappiness?

  Or will it be the medium of "Great Hair"? Of speaking and being heard?

  They're telling us to shut up! The chill is real. What are you prepared
  to do about it?

  ***I've made a proposal

  I decided to do something about it. I believe every voice makes a
  difference. I believe in the power of the Internet. It just needs a bit
  of organization. It needs someone to stick his or her neck out first.

  I listened to Howard Rheingold when he asked what we will tell our
  children ten years from now. I listened to Howard and I heard him. It
  gives me a chill! What *will* we tell them?

  Speaking for your kids, Mom and Dad -- what were you doing the week of
  February 18, 1996 that you couldn't spare some space on your home
  page, or spare a few hours to write down your own thoughts about
  freedom of speech?

  If not for the rest of us, do it for your kids. Write them a letter and put
  it in a time capsule. Show them later what you stood for today.

  People want to be spoon-fed. They're looking for mommy! I think the
  kids have more guts than us adults do. It's their future we're
  fighting for. Do you care enough to get involved? It's time to grow up.
  The opportunity is great, but so is the threat.

  No one spoon-fed the founders of our country. They fought a
  revolution for our right to free speech. You don't have to die for
  freedom, at least not yet. You just have to say you're in favor of it. A
  right that's not practiced is lost. Once it's gone, you *will* have to
  die to get it back, or worse, your kids will have to die!

  It's really simple. On February 22, everyone who cares about
  freedom, write an essay so everyone can see it. I don't care if you
  agree with me. It isn't a Dave Winer fan club. It's about numbers and
  voters. This is a two-way medium. We need to demonstrate that before
  it's too late.

  Companies like Microsoft and Netscape have a stake in the
  two-way-ness of this medium. Microsoft has FrontPage and Netscape
  has Navigator Gold. Both products are based on the assumption that
  lots of people will speak thru the worldwide web.

  Is it safe to do speak in this medium if the community standards of
  Memphis US apply to the writing of people in Paris FR? Judges in the US
  are deciding that every community's standards apply to every bit of
  writing on the web! Man. Talk about a chilling idea.

  How much do French people know about Tennessee? How much do they
  *want* to know? That's not a joke!

  They say it can't happen here. Over and over. It can. It's happening!

  Look, I'm angry with Bill Clinton for putting us in bed with the
  bible-thumpers. I feel very strongly about this. You may think
  Clinton did the right thing. Say so. Thanks to the work of some very
  fine people, it's easy to get your ideas on the web -- this week. Take
  advantage of this opportunity to really speak your mind. You may not
  get another chance.

  ***Today's proposal: Webmasters

  As the week goes by I will have more proposals. Today's message is
  directed at webmasters -- people who manage websites.

  Please learn about the 24 Hours project.

  It's totally non-commercial. We will share all the software we've
  developed for the project. There won't be any ads on this site.

  Browse around the website. Listen to me, then listen to your heart.
  Does free speech belong on your home page? Does your site support
  democracy? If so, link to the 24 Hours website so your users know where
  you stand. If you decide to link in at the last minute, say February 21,
  your users will complain that they didn't have enough time to prepare
  their essays. And they will be right!

  Honestly, right now, Sunday morning, the project looks like a
  failure. We've attracted some honest hardworking people who really
  care. The site you're looking at is a group effort. We had fun doing it.
  It was hard work for a good cause. I will be able to sleep knowing that I
  did everything I could for the cause of free speech. What about you?

  Dear webmaster, if you have to sell this inside your company -- sell
  it! Your president will thank you later, as Bud Colligan of
  Macromedia thanked me a few days ago. You can't afford to not stand up
  for free speech on the Internet.
  Your future, my future, their shareholder's future, the next
  generation's future -- they all depend on what you do right now.

  No, I'm not too proud to beg.

  So webmasters, I'm down on my hands and knees, begging -- get behind
  the 24 Hours of Democracy project! Today.

  Put a link on your home page.

  Give us a chance to organize free speech on the Internet.

  

  Dave Winer

  PS: The next message is to reporters and editors, leaders and
  celebrities. It's the right time to write!

---------------------------------------------------------------
Webmasters: 

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From jf_avon at citenet.net  Sun Feb 18 18:03:24 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Mon, 19 Feb 1996 10:03:24 +0800
Subject: patents suck
Message-ID: <9602190134.AA08699@cti02.citenet.net>


nobody at REPLAY.COM (Anonymous) wrote:

>Bullshit. Corporations do not work; their employees do.  The
>creativity of employees is sat upon as net worth, but nothing
>is produced.  Money is only worth something if it is circulating
>in an economy; a corporation only has worth if it produces
>something.
>
>Instead corporations produce nothing.  They sit on resources,
>preventing anyone else from producing, because the current system
>favors non-production and an inflationary and wasteful economy
>based on speculation.

Mmmmmhhh.  Although the state of affairs you point out in the above paragraph
unfortunately exist, your first paragraph denotes your vision of the world...

In today's economy, with a monetary system not backed by a physical standard,
it is true, in a sense.  Unfortunately.  


>>And the property rights *are* fundamentals (even if not

>No, they are not fundamental anything. They are taken for granted
>in the modern West as a rationale. It's a nice one, and I don't
>have too many arguments... except when people claim a false
>dilemma of either total private property or total socialism.

So, what other dilemna do you have to oppose to my false one?


>Why not a form of property based on use?
It is a contradiction in term.

>It was originally
>a rationale in Europe...  ...despire the
>fact that natives and settlers lived there.

The fact that they might have rationalized thugish behaviour 400years ago 
is not relevant to the discussion.  Would you rape the next village's girls?
After all, it was certainly current practice 400 years ago, *somewhere* ...


>Extended to patents... corporations do a lot of R but no D, but
>legally no one else can make use of it either.  Unisys didn't
>market LZW compression and let everyone else use it... then they
>decided they should have been making losts of mulah and wanted
>to pull the plug and get royalities.  IBM has done negligable
>production on arithmetic coding, so a lot of independ developers
>ignore the patents.  Similar arguments can be made about PK
>crypto.

I won't comment on this one, since I do not accept that my morality be held hostage
by the actions of others.  I do not mean to absolve Corp. Inc that just tries to make
money through speculation rather than production.  But the argument does not even 
desserve an answer.  I am not a psycho-epistemologist...


>>You can not have your cake and eat it too...
>Huh? What does that have to do with this argument?

You cannot makes rules that protect a basic principle and at the same time have 
exceptions based on whims.  Because the latter will destroy the first.

**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From carson.chittom at starnetbbs.com  Sun Feb 18 18:07:43 1996
From: carson.chittom at starnetbbs.com (Carson Chittom)
Date: Mon, 19 Feb 1996 10:07:43 +0800
Subject: Books
Message-ID: <9602181915317383@starnetbbs.com>


-----BEGIN PGP SIGNED MESSAGE-----


To all:
        I have a deep interest in my privacy, and, therefore, in cryptography.
However, I do not know the slightest thing about encryption.  Could anyone
recommend any sources that would be understandable?  Ideally, I'd like to
have books, but I can bum off a friend's account if necessary (mine is an
e-mail only deal).  Many thanks.

                                Carson Chittom

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSa83o+Yy0SubePBAQH0QQP/fC8w+IFsNF9azJ8NscZ02ET0Va3BBwKW
NoO+Z6+xJ3dEwFp9IBfNksUXGZ8fEOYikgtXxl6+PBz8Uui1Tr2uvqix9JuaJ75e
A5F6mGsj8kxXq/Q2gE6/AbDyAR21NqC6sNqr9q9sxXbGgcLy7h/G118bOW4foIK7
iPFnr9vTHRo=
=3m8H
-----END PGP SIGNATURE-----



~~~ PGPBLUE 3.0 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
               Dulcene decorumque pro patria mori?
Carson Chittom                                  carson.chittom at starnetbbs.com

"Tangerines?"               The amazing place was a seething, fertile
   Joseph Heller, _Catch-22_    cornucopia of female nipples and navels.
                                  Joseph Heller, _Catch-22_
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

... 43% of all statistics are totally worthless !!!

___ Blue Wave/QWK v2.20 [NR]





From Alan.Pugh at internetMCI.COM  Sun Feb 18 18:19:48 1996
From: Alan.Pugh at internetMCI.COM (amp)
Date: Mon, 19 Feb 1996 10:19:48 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: <01I1DEYY5X76985M5A@MAIL-CLUSTER.PCY.MCI.NET>


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

LL> The Key Distribution System
LL> ---------------------------
LL> A lot of components may go into this (protocols, client/server
LL> architectures, local key stores) and it is probably the most
complicated
LL> part of any system.  Some options are:
LL>   * distribution of keys manually via e-mail
LL>   * automatic non-interactive lookup of keys from a server
LL>   * interactive browsing of a key store for keys
LL>   * revocation lists or none
LL>   * online certificate verification via a secure channel
LL>   * certificate caching

i would add, 
      * key expiration

LL> Probably the best thing to say, is that there's a lot of work to do
LL> here.

yup.


amp at pobox.com
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0


From:	IN%"declan+ at CMU.EDU"  "Declan B. McCullagh" 17-FEB-1996 18:07:51.71

>A lawsuit against the atheist would not be effective and could result in
>a countersuit for abuse of process.

	Huh? You seem to have misinterpreted what I said. The atheist, who has
a child that reads the net, sues a Christian Fundamentalist organization (say,
one of the Southern Baptist seminaries) for having a copy of the Bible - which
contains material that is among the "seven dirty words" or whatever - online,
where the child can read it. The CDA essentially says that a child reading
indecent materials is doing harm to the child (a nice bit of nonsense), which
gives the government the (undeserved) power to regulate such interactions.
A countersuit will be somewhat difficult, since the organization in question
(the one with the Bible online) is breaking the law; while there have been
burglar suing because of broken leg cases, I believe that such are generally
thrown out - possibly due to laws on the subject.
	Now, the jury won't find the seminary or whoever liable... but it would
create some publicity and tie the sued organization up for a while. It's
something that I'd encourage an atheist organization to sponsor.
	-Allen





From winkjr at teleport.com  Sun Feb 18 20:02:38 1996
From: winkjr at teleport.com (Wink Junior)
Date: Mon, 19 Feb 1996 12:02:38 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602190320.TAA15431@julie.teleport.com>


This culled from comp.security.firewalls.  I've edited out the blathering ad
copy and just left the "technical details".  Sounds like POTP Jr. to me; I'm
certainly not interested in the "buy our company" schtick.	-- Wink

         Wichita Falls, Texas
         February 16, 1996
         For immediate Release:
         Internet.Privacy.Guaranteed

	 [Long blathering sales prose elided.]

            If You Break our System, You've Bought our Company!

         Internet.Privacy.Guaranteed, IPG, today announced a new
         product line that guarantees privacy for 2, or privacy
         networks of 20,000 or more people on Internet. We back up our
         Guarantee with the Corporate motto, 'If You Break our System,
         You Have Bought our Company.'

         IPG Guarantees Absolute Privacy on Internet. Using the
         trademark CRE transform, the IPG PCX Nvelopes system
         translates any intelligible digitized information into
         utterly random gibberish. Only one other user, or more in
         certain instances where there is a need to know,  will have
         the Nvelopener required to transform the random gibberish
         back into intelligible digitized information. CRE Transforms,
         trademark IPG, are the only acknowledged unbreakable method
         of so transforming digitized information. There are no
         passwords, encryption keys, or anything like that to conjure
         up, remember, and perhaps forget. PCX Nvelopes usage is
         automatic, similar to PKZIP and PKUNZIP.   Easy to install,
         use, add to, and administer.

                        It is Unbreakable

         If an individual, or any group of individuals, break the IPG
         Privacy System, IPG will sell them the company for $1.00, and
         even give them the dollar to buy it with. If you think you
         can, just try and you find out that it is impossible. There
         may be rumors that someone has broken the system, but that is
         not possible, it will never happen.

                     Don't Waste your time !

         How dare IPG have the unmitigated gall? When you are certain,
         then you are certain, and IPG is certain! Others dare not
         make such a brazen boast because they cannot possibly back it
         up, but IPG most certainly can.  Every informed expert of the
         technology will confirm, without reservation, that the IPG
         system is not breakable, as many already have!  There, we
         have thrown down that gauntlet, dare you pick it up?

                               CRE Transforms

         The system uses CRE transforms, metaphorically called
         Nvelopes, to translate any meaningful digitized information
         into absolutely random gibberish.  In order to convert that
         random gibberish back into intelligible usable form, a
         Nvelopener is required, and only the rightful recipient(s)
         has the required Nvelopener.

                          Nvelopes and Nvelopeners

         Every Nvelope and Nvelopener pair is absolutely and totally
         unique - they bear no resemblance whatsoever to any other
         Nvelope - Nvelopener pair in existence, anywhere ay anytime.
         Every time a user wants to transmit information to another
         user, they utilize a new unique Nvelope.

                      No Passwords or Keys or the Like

         As an added bonus, there are NO MESSY, INTRUSIVE PASSWORDS or
         ENCRYPTION KEYS to conjure up, remember, fool around with,
         and perhaps forget. None of that sort of thing to bother with
         at all. Nothing to get in your way of using the system.

           Transforms Internet from Least Private to Most Private

         The System, called PCX Nvelopes, for Private Communications
         eXchange, transforms Internet from being the least private,
         utterly without any privacy at all, system for conducting
         communications, into the most private system possible, an
         elegant fast system that unequivocally insures privacy.

                         Privacy Network

         PCX Nvelopes serves 2 individuals who want to communicate
         with each other in private, as it serves equally well a
         corporate organization, or any other organization, privacy
         network, of 9 or 90,000 or more people, who want to keep
         customer, trade secret, strategy and plans, financial, and
         other confidential information privy to those with the need
         to know. For both in house and external usage.

                   Guaranteed Easy to Install, Use and Upgrade

         Potential users beset by a paranoia that the PCX Nvelopes
         system must be complex, difficult to configure, laborious to
         install, administratively burdensome, arduous to upgrade and
         add users, are in for a computer cultural shock.  As you will
         find, PCX is the exact antithesis of all of those things.  It
         is so simple to install, use, upgrade and add users to, that
         it will completely blow your mind away. There is nothing to
         do, installation and adding users are totally load and go
         operations - if you can operate a computer, you can install
         and use PCX Nvelopes within minutes, it is absolutely duck
         soup to any computer literate, even marginal ones.

                               Prices

         Prices are $19.96, including shipping and handling,
         for a full blown 12 user Demonstration system, unconditional
         moneyback guarantee and may be applied to your first order -
         the Demo system can be used by 2 people, or all the way up to
         12 users in a privacy network. For $39.95, two users can set
         up a two user privacy system with 500 Nvelopes.  A fully
         operational integrated multi-user system costs approximately
         $140.00 per user, ready to load and go, with thousands, or
         millions of Nvelopes and Nvelopeners. IPG also offers full
         turnkey leases at $15.00 per user, per network, per
         month, which includes all software, upgrades, administration,
         and unlimited Nvelopes and Nvelopeners.

         As a reference to its unbreakability, we refer you to an
         article by Paul Leyland on Internet at:

             http://dcs.ex.ac.uk/~aba/otp.html

         For more information visit our Web Site at:

             http://www.netprivacy.com/ipg

         or E-Mail at ipgsales at cyberstation.net,

         or by phone at 817-691-1081


                  Trademarks & Copyrights

         Nvelopes, Nvelopeners, CPX and CRE Transforms are trademarks
         of Internet.Privacy.Guaranteed, IPG.   Copyrighted 1995,1996
         by: Internet.Privacy.Guaranteed.  All rights reserved.





From frantz at netcom.com  Sun Feb 18 20:06:55 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 12:06:55 +0800
Subject: Req. for soundbites
Message-ID: <199602190323.TAA19893@netcom7.netcom.com>


>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

After following the information on the cda96-l mailing list I have a new
one for you, "The CDA means lost jobs and dead teenagers".

The lost jobs result from content providers going overseas and the dead
teenagers result from the loss of anonymously accessible information about
homosexuality (suicides) and AIDS prevention (AIDS).

OBcrypto - Strong anonymity can save lives.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From EALLENSMITH at ocelot.Rutgers.EDU  Sun Feb 18 20:11:28 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Mon, 19 Feb 1996 12:11:28 +0800
Subject: Risks of a style anonymizer?
Message-ID: <01I1DHUB7FOMA0V3WD@mbcl.rutgers.edu>


From:	IN%"wlkngowl at unix.asb.com"  "Deranged Mutant" 17-FEB-1996 18:49:54.40

>One risk of "style anonymizers", though: if the style becomes too generic
>it's just another levelling of readability.  Usenet and mailing lists can
>become that much more boring, if not stupidified with too many spelling
>errors and grammatical abuses.

	Having style anonymizers that didn't create spelling problems, but just
filtered them out would be a solution to the latter. The former problem can be
taken care of by having many different styles that can be used. For instance,
it might notice that your sentence length variation wasn't enough for a given
style of writing, and prompt you to write some shorter (and/or longer)
sentences - including via breaking up the ones you've written already. One
would use a different style setting for each nym.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Sun Feb 18 20:12:06 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Mon, 19 Feb 1996 12:12:06 +0800
Subject: A Cyberspace Independence Refutation
Message-ID: <01I1DI16BLXCA0V3WD@mbcl.rutgers.edu>


From:	IN%"bdavis at thepoint.net"  "Brian Davis" 17-FEB-1996 23:44:32.70

>On Sat, 17 Feb 1996, Dave Farber wrote:

>> The President can not rule anything unconstitutional. He can tell justice
>> not to enforce it but sometime local federal prosecutors do what they want

>U.S. Attorneys serve at the pleasure of the President.  U.S. Attorneys 
>cannot fire their Assistants -- they can only recommend such action to 
>the Attorney General or the Deputy Attorney General.

	As I understand it, what the President can do is order them not to
defend its constitutionality - making it _real_ easy to remove in court. BTW,
why (other than political cowardice) hasn't Clinton done so with respect to
gays in the military?
	-Allen

P.S. Since that last question is getting off the subject, feel free to do it in
private email.





From merriman at arn.net  Sun Feb 18 20:16:11 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 19 Feb 1996 12:16:11 +0800
Subject: Sound Bites (finale)
Message-ID: <2.2.32.19960218153528.00676ab8@arn.net>


Many thanks to those that posted/emailed sound bites, observations, information, etc. Some were used, some weren't (did what I could with what I had :-).

When asked why I was protesting the CDA the way I was, I just told them what popped into my head on the spot: 
"Because it's *my* Constitution, too."

Dave Merriman-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From die at pig.die.com  Sun Feb 18 20:43:30 1996
From: die at pig.die.com (Dave Emery)
Date: Mon, 19 Feb 1996 12:43:30 +0800
Subject: 
In-Reply-To: <2.2.32.19960219013349.0068799c@lucifer.com>
Message-ID: <9602190415.AA28189@pig.die.com>


> 
> >Ettrium 
> 
> Yttrium?

	My lord you've caught me with my rare earths down - its
Erbium not Yttrium.  Sorry about that ...

					Dave 


> -------------------------------+-----------------------------------------
> Sean Morgan (sean at lucifer.com) | Let me tell you a few bits about myself:  
>                                |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
> http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...
> 






From frantz at netcom.com  Sun Feb 18 20:49:59 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 12:49:59 +0800
Subject: 
Message-ID: <199602190417.UAA23975@netcom7.netcom.com>


At  8:13 PM 2/18/96 -0500, Dave Emery wrote:
>> 
>> Bob writes:
>> 
>> > Does anyone know if the new in-line optical amplifiers (not switches!) have
>> > any effect on quantum crypto messages?
>
>  Optical
>> repeaters have to pass your signal through an intermediate electronic
>> stage anyway, since we have no purely optical valve/transistor
>> equivalents (bosons don't interact with each other at all).
>
>        This is not true.   There is now a whole technology of optical
>amplifiers for fiber communications systems that used Ettrium doped
>fibers pumped with strong light from a laser at a slightly shorter
>wavelength. These fiber optical amplifiers have gains in the order of
>10-12 db in a section of special doped fiber only about 10 feet long.

I don't think that it matters whether you convert to electronics or amplify
with laser techniques.  The cryptographic secret is kept in the quantum
uncertainity of the state of the (single) photon.  Anything that collapses
that quantum uncertainity acts as a man-in-the-middle and stops the key/OTP
generation.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From declan+ at CMU.EDU  Sun Feb 18 20:52:09 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Mon, 19 Feb 1996 12:52:09 +0800
Subject: Anonymous remailers are a virus spreading online! (Replies)
In-Reply-To: <199602171622.KAA02514@blatz.cs.uwm.edu>
Message-ID: 


Forwarded from Computer Privacy Digest. These messages are in reply to
the Strassmann/Marlow paper archived at:
     http://fight-censorship.dementia.org/fight-censorship/dl?num=1159

-Declan

---------- Forwarded message begins here ----------

From: cnordin at vni.net (Craig Nordin)
Date: 15 Feb 1996 15:02:16 -0500
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: Virtual Networks 
References: 

Note the SAIC name in the byline.  Note that CIA folk have often
published stuff and not fessed up to having a CIA background.

Anonymous remailers are the number one threat to total control via
government.

If you read something anonymous you can discard it simply because the
writer is unwilling to stand beside his words.  Or, you can see if it
is an apt piece of writing and decide that it does apply, even without
an author.

This thread is part of a "school" of such topics now reaching us
through various media.  Note the recent news made by an internet
announcement that a girl was being abused by her mother. Kids are said
to be making bombs from instructions via the Internet (and why were
they making so many bombs learned from libraries and colleges before
and not even making it past the local news?).

Some people don't like utterly free speech.

-- 
http://www.vni.net/
cnordin at vni.net                Fly VNI:  Send E-Mail to  info at vni.net


------------------------------

From: "Prof. L. P. Levine" 
Date: 15 Feb 1996 16:22:41 -0600 (CST)
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Wisconsin-Milwaukee

My most serious question about anonymous remailers is this:  How can we
be sure that the operator of such a remailer is not a federal or other
governmental agent?  That person is trusted with our privacy and has
all the data needed to identify a user.

If I were the Feds I would already have set up such a "sting"
operation, the temptation is just too great.

--
Leonard P. Levine               e-mail levine at cs.uwm.edu
Professor, Computer Science        Office 1-414-229-5170
University of Wisconsin-Milwaukee  Fax    1-414-229-6958
Box 784, Milwaukee, WI 53201     
         PGP Public Key: finger llevine at blatz.cs.uwm.edu


------------------------------

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy at uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request at uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine at cs.uwm.edu                 | Web:           gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V8 #015
******************************







From frissell at panix.com  Sun Feb 18 20:54:59 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 19 Feb 1996 12:54:59 +0800
Subject: Turkey
Message-ID: <2.2.32.19960219042345.00b6c274@panix.com>


At 01:46 AM 2/19/96 +0300, yesim ozben wrote:
>I read that they are trying to pass some law for the net to be controlled 
>by a monopoly and the reason is to be able to control things. So it's 
>spreading.
>
>Yesim
>

But if Turkey joins the EU, they will have to give up national
communications monopolies.  I knew the Treaty of Rome was good for something.

DCF






From wendigo at pobox.com  Sun Feb 18 20:59:01 1996
From: wendigo at pobox.com (Mark Rogaski)
Date: Mon, 19 Feb 1996 12:59:01 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190320.TAA15431@julie.teleport.com>
Message-ID: <199602190432.XAA28530@apollo.gti.net>


-----BEGIN PGP SIGNED MESSAGE-----

- From the node of Wink Junior:
: 
:          IPG Guarantees Absolute Privacy on Internet. Using the
:          trademark CRE transform, the IPG PCX Nvelopes system
:          translates any intelligible digitized information into
:          utterly random gibberish.

Which makes one wonder what this ad actually said BEFORE they passed
it through the "CRE transform".

- -- 
    Mark Rogaski     | wendigo at gti.net | wendigo at pobox.com |  I use PGP, so
System Administrator |   http://www.pobox.com/~wendigo/    |    should you!
Global Telecom, Inc. | Why read when you can just sit and  | finger for pubkey
  http://w3.gti.net/ |          stare at things?           | wendigo at pobox.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSf9JMajO20pqAytAQF8GQP/ducu8Gf1Y91LecmRbEng9Hl9qjI70nsR
7xL9jKE72A2zifolwsYuzyifmrhNnjxVYnRzGCCKX/qvY3bWvLTpH2S9i9oDx2/2
89rfkvMsyo+P9QqIjqvPpN59BlVOFAcOtnRyJjJWrpkGVmCh5wYi+dLzptqtaRwp
gj/73ZiisVo=
=qdMW
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Sun Feb 18 21:21:49 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 13:21:49 +0800
Subject: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:13 PM 2/18/96 -0500, Dave Emery wrote:
>
>> 
>> Bob writes:
>> 
>> > Does anyone know if the new in-line optical amplifiers (not switches!) have
>> > any effect on quantum crypto messages?
>
>  Optical
>> repeaters have to pass your signal through an intermediate electronic
>> stage anyway, since we have no purely optical valve/transistor
>> equivalents (bosons don't interact with each other at all).
>
>	This is not true.   There is now a whole technology of optical
>amplifiers for fiber communications systems that used Ettrium doped
>fibers pumped

The proper name is "Erbium."  But the rest of Dave Emery's commentary is
accurate.

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

Something is going to happen.    Something.....Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSfqOPqHVDBboB2dAQH9vgP/X8sK3BdAwqf3clXxP31DZJqH6xLjMX3l
UxZSDsLOJ7MRrkJ3h2WV+cBXtu6ZA/zOOjmjh+o+U+b4rEPQrVWfj10LyV5uYC7l
Du9Sq6S3/qD9MVJLG5dTB3rnaLRh0alBWInyJBIJZz2Y7cjHJ+LCu7u++u39uLzv
V5WV2DSdWW8=
=QJ7q
-----END PGP SIGNATURE-----






From declan+ at CMU.EDU  Sun Feb 18 21:45:08 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Mon, 19 Feb 1996 13:45:08 +0800
Subject: Internet newspaper censorship in Zambia
In-Reply-To: 
Message-ID: 




---------- Forwarded message begins here ----------

Date: Sun, 18 Feb 1996 21:07:14 -0800 (PST)
From: Declan McCullagh 
Subject: Internet newspaper censorship in Zambia
To: fight-censorship+ at andrew.cmu.edu
cc: dlush at ingrid.misa.org.na, mbennett at zamnet.zm, mkakanda at zamnet.zm,
        neil at zamnet.zm, ftema at zamnet.zm, fsh95s at Timon.ACU.EDU, post at zamnet.zm

Attached is disturbing information about state censorship of the physical
and online editions of The Post newspaper in Zambia. 

If anyone reading this emails me the complete text of the banned February
5 edition of the newspaper, I'll put it on my web site. Or, send me email
for an address of an anonymous FTP site where you can upload it. I promise
to keep your identity confidential.

(I'm already hosting a book banned by the French government:
    http://www.cs.cmu.edu/~declan/le-secret/)

Please redistribute this message as appropriate.

Best,

Declan
declan at well.com


---------- Forwarded message ----------

>ACTION ALERT UP-DATE - ZAMBIA
>FEBRUARY 16, 1996
>
>INTERNET EDITION OF THE POST ALSO BANNED
>
>
>The Internet edition of The Post newspaper of February 5 - banned by
>President Frederick Chiluba in terms of Section 53 of the Penal Code - has
>been removed from the paper's World Wide Web (WWW) site.
>
>Mark Bennet of Zamnet Communications, the privately-owned Internet service
>provider which hosts The Post's WWW site, says Zamnet was left with little
>choice but to make the February 5 edition of The Post inaccessible on the
>Internet.
>
>Bennet says Zamnet kept the banned version of The Post on the WWW for two
>days after it was published, but was then warned by a "someone senior in
>the police" that the company was liable to be raided and charged with
>possession of a prohibited publication.  The President's ban of edition 401
>of The Post covered "all forms" of the paper, says Bennet.
>
>Visit The Post's WWW site (http://www.zamnet.zm) and you will find the
>February 5 edition listed in the paper's archive of back editions, but
>click on the edition and the file will not open. However, following
>editions of the paper - containing stories about the banning, the police
>raid on The Post's offices, and subsequent arrest and charging of
>Editor-in-Chief Fred M'membe, Managing Editor Bright Mwape and Special
>Projects Editor Matsautso Phiri with contravening the State Security Act -
>can be read. The State Security Act charges relate to a report published in
>the February 5 edition of The Post revealing the government's plans to hold
>a referendum on the adoption of a new constitution.
>
>A recent addition to the Zamnet WWW site is "Zambia Today" - stories from
>the state-run news agency ZANA, which are up-dated every couple of hours.
>"State House was very keen that the world didn't see The Post newspaper
>alone," said Bennet. "We kept telling them that we were going to keep The
>Post, but that we were happy to put up a State House page, or a page for
>ZANA. We are trying to actively encourage them to be positive."
>
>Bennet stresses Zamnet was an independent company and would not succumb to
>self-censorship as a result of political pressure. Zamnet is housed at the
>University of Zambia, which has a 52 per cent share holding in the company.
>Although funded by the government, the University enjoys academic autonomy,
>says Bennet, "so there is no possibility of pressure (being exerted on
>Zamnet) through the University".
>
>M'membe, Mwape and Phiri are due to appear in the High Court today to hear
>whether or not their bail - granted last week Wednesday (February 7) after
>initially being turned down by a magistrate - can be reviewed. If the court
>decides their bail can be reviewed, the three stand a chance of returning
>to jail to await trail on the charges of contravening Section 4 of the
>State Security Act, which prohibits the publication of classified
>information. If convicted, the journalists could be jailed for up to 25
>years.
>
>However, speaking on Namibian Broadcasting Corporation (NBC) news this
>morning (February 16), Mwape said he was not deterred by the prospect of a
>lengthy term in jail if convicted. "It is about time such a challenge was
>made," said Mwape. "The freedom we are talking about will only come if we
>are prepared to make sacrifices for it."
>
>ends
>
>David Lush
>Media Institute of Southern Africa (MISA)
>Private Bag 13386
>Windhoek, Namibia
>Tel. +264 61 232975, Fax. 248016
>e-mail: dlush at ingrid.misa.org.na








From wlkngowl at unix.asb.com  Sun Feb 18 21:48:20 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Mon, 19 Feb 1996 13:48:20 +0800
Subject: True random numbers
Message-ID: <199602190524.AAA00158@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

James M. Cobb wrote:
> 
> 
> 
>   The Centre de Recherches Mathematique is hosting a year-long
>   program in combinatorics and group theory in 1996-1997.  The
>   year will be organized around a number of workshops spread
>   throughout the year.

Thanks for the tip...
[..]
>   If you'd like to read RFC 1750, "Randomness RecommendationsGood...
[..]
>   References

[...Lots of references, some with not much clear relation
 to randomness deleted...]

Overdoing it a bit, aren't we?


Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgJnCoZzwIn1bdtAQGjRQF/bP9RUW9899uIPBaUEJpXOjuEQ3goYroI
AspHda8KpO4DfbYA6uecyCtTS15N9u8y
=pzpK
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Sun Feb 18 21:56:21 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 13:56:21 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 12:12 AM 2/18/96 +0000, Ed Carp wrote:
>On Sat, 17 Feb 1996, jim bell wrote:
>
>> At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
>> >On Sat, 17 Feb 1996, jim bell wrote:
>> >
>> >> BTW, I think I've already solved the problem of producing a few dozen 
>> >> absolutely simultaneous trigger explosions (+/- 100 nanoseconds)
around the 
>> >> periphery at the lens foci, without using multiple electronic
detonators.  
>> >> (in fact, a single blasting cap would do nicely.)  "But the margins of
this 
>> >> book are too small to contain it"  Heh heh!
>> >
>> >Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
>> >more complicated method, but the idea was correct.
>> 
>> You might be surprised:  I have never read anything by Clancy.  Tell me,
>> what method did HE use?
>
>A single electronic timer.  The lengths of wire from the timer/detonator
>to each piece of explosive was exact - thus, the pulse reached each piece
>of explosive at the same time. 
>
>I think Clancy used multiple timers, each triggered at the same time.  I
>don't think that one would need but one timer, though. 
>--
>Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com

   It really isn't as simple as that!  What I mean is this:  It sounds
like Clancy doesn't really understand much about the requirements to trigger
explosives to detonate an atomic bomb.  

Where do I begin?  The big problem is getting all the explosions to occur at
basically the same instant; ideally, well under a microsecond accuracy.
Well, it turns out that if you just want to trigger a single blasting cap,
only a little current does it.  But the exact time delay of the explosion is
related to the amount of energy applied to the cap.  Put "just enough" power
into it, and it goes in a few hundred milliseconds, but you don't know
EXACTLY when.  Put A LOT MORE into it and the delay is not only shorter, but
also better defined.  While I've never been exposed to specific numbers, in
order to get the explosions REALLY simultaneously normally is thought to
require two types of unusual devices not normally encountered:  High voltage
coaxial capacitors and krytron tubes.  The combination of the two puts a
HUGE amount of energy into each cap, essentially instantaneously, and they
all go off more or less simultaneously.

All this is sophisticated and difficult to deal with.  I've developed a
method that uses materials commonly available in the average medium-size
city, and with the exception of a single blasting cap, are extremely
innocuous to purchase.  I'd be happy to share the information, if there are
no strong objections from the peanut gallery.

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSbjMvqHVDBboB2dAQG0AAQAkO+D4mzyaBNOVaKbaQ/wMBB/l1U3qHI4
lESrdffXQp1FdwYN7DxesUNR88772MloAiumu8oXFnwPV8+OSr/E7ZBhFZzDuF9V
LHuWgZIRoCazbsa82HAHG/YTBqLB7Lf/Hg+9DlKXGSMf+x7oJFnfMXb/rn8r8gzL
toc+Qj9w0D4=
=rx0O
-----END PGP SIGNATURE-----






From jcobb at ahcbsd1.ovnet.com  Sun Feb 18 22:02:11 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Mon, 19 Feb 1996 14:02:11 +0800
Subject: Books
In-Reply-To: <9602181915317383@starnetbbs.com>
Message-ID: 


 
 
  Carson, 
 
 
  I recommend: 
 
 
      Bruce Schneier 
 
      E-Mail Security. How to Keep Your Electronic Messages Private. 
 
      John Wiley & Sons 
 
      1995 
 
      ISBN: 0 471 05318 X 
 
      1 800 22 559 4539 
 
 
 
  Cordially, 
 
  Jim 
 
 
 
  INCLOSURE: 
 
  [excerpt from your message] 

  ...I do not know the slightest thing about encryption.  Could anyone 
  recommend any sources that would be understandable?  Ideally, I'd like 
  to have books.... 
 
 






From wlkngowl at unix.asb.com  Sun Feb 18 22:11:32 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Mon, 19 Feb 1996 14:11:32 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602190539.AAA00231@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

What the hell. That's pretty realistic in one sense... "if you break our
code, we'll sell you the company for $1.00, because that's about all
it'll be worth..."

The One-time-pad reference doesn't make me feel secure about it at all.

In fact I'm quite suspicious now...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgNICoZzwIn1bdtAQECwgGAo06UUpUrpQr8MitBjIqgvf5avX9EPSDt
0MxWA0Csmwd2bNYG2Ro4KavnxR69Xhoi
=XTPi
-----END PGP SIGNATURE-----





From alanh at infi.net  Sun Feb 18 22:18:57 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 19 Feb 1996 14:18:57 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


Sean,

Women's place in Islam is just fine. The problem is that _Arabs_ like to 
define their ages-old cultural suppression of woman as Islamic. Which it is
not.

YOu in England are dealing with an unrepresentative sample of the Islamic 
world. May I suggest a few weeks of traveling through Java and Mindanao, 
to see another side of the coin.

The crusaders liked to define their thuggery and thievery in the Balkans 
and middle East as being driven by Christian imperatives. Should we say 
that the Crusader's *actions* were a good definition of "christian 
principles"?

Alan Horowitz
alanh at norfolk.infi.net






From jiri at baum.com.au  Sun Feb 18 22:25:28 1996
From: jiri at baum.com.au (Jiri Baum)
Date: Mon, 19 Feb 1996 14:25:28 +0800
Subject: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
Message-ID: <199602190556.QAA21493@mail.mel.aone.net.au>


-----BEGIN PGP SIGNED MESSAGE-----

Hello Bryce and Cypherpunks,

#ifdef CDA

In case I ever want to visit the US, here's a warning I've swiped
off the top of some poetry:

                    Leganto, se vi estas pruda
                    Kaj na`uzas vin la amo nuda,
                    Se indignigas vin la bolo
                    De la temperamento suda,
                    Se ^genas vian delikaton
                    La grimaceto am-aluda,
                    Pripensu bone anta`u lego:
                    Tute ne estas mi altruda,
                    For^jetu min, retiru vin
                    Al via dika ^sel' testuda.

                    Leganto! Jen la lasta voko!
                    Tuj sekvos jam dan^gera loko!
                    For^jetu min! Beda`urus mi,
                    Se vin mortigus nervo-^soko!

                    -------------------------------

                    Leganto! Mi avertas due!
                    Pripensu, ^cu vi legos plue!
                    Pilate levas mi la manojn,
                    Se mi efikos misinflue.
                    Neniu vin devigas legi,
                    Anstata`u indigni^gi brue,
                    For^jetu min, for^jetu min,
                    Ankora`u estas ne malfrue.

                           -- from: Peter Peneter, Sekretaj Sonetoj

OK, so maybe my post is nowhere near as good as said poetry, but
better safe than sorry :-)

#endif


Somebody wants us to think that Bryce Wilcox wrote:

...
>This quotes some mail sent directly to me by (probably) an 
>entity calling itself "Jiri Baum".  I apologize in advance
>if said probable entity is offended at my broadcasting his
...

No problem; being unsubscribed at the moment, could you please
forward to me any replies? Thanks!

...
>  +---+---- Bryce
>  |   |
>+---+------ Probably an entity calling itself Jiri
>| | | |
>v v v v
>> > > > An entity calling itself Jiri Baum 
>> > > >  probably wrote:
>> > > ...
>> > > 
>> > > Probably? Didn't I sign it? :-)
...
>> I guess it depends on whether we are talking about "Jiri Baum
wrote"
>> (about which you'd be perfectly right) or "An entity calling
itself
>> Jiri Baum wrote". Witness:
...
>Well now let's say that an active attacker had supplanted
>your public key with his own.  He is not, really, an entity
>who calls himself "Jiri".  I mean, sure by using a public 
>key which he controls and which has "Jiri" on it he is 
>calling himself "Jiri", but he rarely if ever actually talks
>to people and says things which those people associate with 
>the name "Jiri".
...

Hold on - yes she does! That's the point of a MITM: she wants people
to associate things she says with the name "Jiri". (I'll use a female
MIMT to distinguish her from the real McCoy.)

The question asked by PGP when key-signing is: "Based on your own
direct first-hand knowledge, are you absolutely certain that you are
prepared to solemnly certify that the above public key actually
belongs to the user specified by the above user ID?". 

There is no exception for self-signing. The MIMT controlling the
public key would be prepared to solemnly certify that the key belongs
to the entity called "Jiri", in other words, that she is "Jiri".

...
>More significantly, he never thinks of
>*himself* as "Jiri".  So in this most fundamental sense he
>does not "call himself Jiri".
...

Well, she may not *think* of herself as "Jiri", but she is prepared
to swear (solemnly certify) that she is. Isn't that "calling herself
Jiri"?

...
>*You* are the entity who calls yourself Jiri, and I can only
>say that you "probably" wrote the above because I'm not sure
>if you actually control the public key associated with your 
>name.
...

Well, I control *a* key associated with my name (undisputed, last I
checked the keyservers). There may be other persons using the name
"Jiri Baum" (though I don't know of any except pre-WW2).

...
>mouth and so forth?  Maybe I should say "An entity who calls
>itself 'Jiri Baum' and is more or less unaware of any nym
>collision regarding that nym...".
...

Hmm, "John Smith" is going to have trouble signing that one... many
people have nym collisions they are aware of, without any malicious
intent (eg son named after father).

...
>Yeah, that one seems bulletproof...
...

Except you don't know whether I'm aware of any nym collision. You
could say "An entity who calls itself 'Jiri Baum' and claims to be
more or less unaware of any nym collision regarding that nym..." but
then you'll have to ask each key-holder whether or not he is aware of
such a collision.

...
>> True - I guess that's another use - a time-stamping service could
>> sign any page that asks for it. Time to whip up yet another CGI
...
>Wei Dai  and Matthew Richardson 
> have both done this.  I suspect
...

But I thought there were only e-mail timestampers, not web-page
timestampers... (ie, a form would ask for a URL and output just a
detached signature).

...
>I myself use Usenet and mailing lists as a sort of poor
>man's time-stamping service.  If I invent an idea or some
...

I suppose that'll probably work (especially if the idea is worth
saving); a thing I've heard of in the traditional world is to put it
in an envelope, send it to yourself registered and keep the sealed
envelope; but I'm not a lawyer so I wouldn't have a clue to what
extent it works... Besides, it's off-net.


Please Cc any replies to me as I'm off-cypherpunks at present.


ObConspiracyTheory: CoS & CDA ?


ObCDA:
        Jes, ^caste, sen malpuro de pasio
        Mi vin ornamis per admira kron'...
        Kio okazis do en subkonscio,

        Ke, ne timante brilon de l'salon',
        Levante kapon sin anoncis io:
        Fripona bub' en mia pantalon'.

                           -- ibid.

(I'm *sure* that's indecent somewhere.)


Hope I'm making sense, and sorry about the excessive head and tail
matter...

Jiri

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMSggaRQ9DWdGOhTVAQGJdwP+IxJ3AxuNUOcDpppoKqtH3ovGeqDcupGu
f6KzVxsRCxEESvwwo9s9Chg50+OqAwjHiloiLJY1CCKe1cjFU4/oZi6lBmHqCbrb
Zui1caNRMYUHCNpAc6QBrDc4DmZ6y1ymg+lNjzvq2fNAQxOMPRwBZx/h3w8Jftze
c7sWILGw6bI=
=nGwO
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Sun Feb 18 22:28:05 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 19 Feb 1996 14:28:05 +0800
Subject: Easy Nuclear Detonator
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>	I've been kind of busy recently (the reason I haven't responded to
>the more recent Assasination Politics stuff), but I'm curious what your method
>is for achieving simultaneous explosions.


"Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
homogenous liquid 
explosive (for example, pure nitromethane), length accurately cut to produce 
the exactly desired delay.  Kept separated from each other by foam spacers 
to avoid inter-fiber detonations. Detonated from a single cap, with an 
intermediary chamber of liquid explosive to stabilize the shock front, the 
detonation wave travels along each tube simultaneously at (presumably) 
identical velocity."

It's a race, designed so that the detonation waves reach their targets (the
foci) at 
the same time.  If the detonation velocity was, say, 5,000 meters per 
second, an accuracy of 0.5 millimeter in length would produce a delay accuracy 
of 100 nanoseconds.

Whatcha think?

Now where did I put that pit...   


Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSgFwvqHVDBboB2dAQGzYAQAksCklKTJ80tr+YuASwzt6KRMVgqivydf
wjYP9GL5Bo3HeXxEgOB8Xg6gnO9aOdDxMfMKiR0SdodE4V4kiy2y671jPofNz800
Y0YHzKnLcLuZzvnExGkhtLDQLigqDdNWSdPgFItkJ/5TVXHrEfL7+paOmo2hbYKO
5hbuG7wZ9Hg=
=6qoY
-----END PGP SIGNATURE-----






From alanh at infi.net  Sun Feb 18 22:51:37 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 19 Feb 1996 14:51:37 +0800
Subject: Legal status of Indian Reservations and CDA
In-Reply-To: 
Message-ID: 


The Peyote US Supreme Court decision was based on an off-reservation 
arrest. The defense argued freedom of religion, not jurisdiction.

Alan Horowitz
alanh at norfolk.infi.net






From alanh at infi.net  Sun Feb 18 22:57:04 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 19 Feb 1996 14:57:04 +0800
Subject: Piracy Bests ITAR
In-Reply-To: <199602182345.AAA07577@utopia.hacktic.nl>
Message-ID: 



> From: Anonymous 
> Some economists have made a good case that slack
> enforcement of such rules may sometimes do little harm.
> Local firms benefit by acquiring pirated technology more
> cheaply than the real thing; consumers acquire affordable
> high-tech products and close copies of branded goods.

   Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he 
shouldn't complain when the taxi driver takes him, not to his requested 
destination, buit some dark alley where Mr Anon gets clunked over the 
head and his wallet removed. The locals need the money more than Mr 
rich-tourist-on-vacation Anon.  They're only doing socialist justice, 
after all.

Property is property. Theft is theft.





From tcmay at got.net  Sun Feb 18 23:00:21 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 15:00:21 +0800
Subject: Online Zakat Payment: Religious tithe.
Message-ID: 


At 5:54 AM 2/19/96, Alan Horowitz wrote:
>The crusaders liked to define their thuggery and thievery in the Balkans
>and middle East as being driven by Christian imperatives. Should we say
>that the Crusader's *actions* were a good definition of "christian
>principles"?

Yes.

Next question?


--TCM

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From alanh at infi.net  Sun Feb 18 23:06:20 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 19 Feb 1996 15:06:20 +0800
Subject: Risks of a style anonymizer?
In-Reply-To: <199602172305.SAA23887@bb.hks.net>
Message-ID: 


When did it become the style to have a clause, a colon, and another 
clause as the title of things? This seems to be universal in govt and 
university and highbrow blue-paper reports nowadays!

<>

Alan Horowitz
alanh at norfolk.infi.net






From wlkngowl at unix.asb.com  Sun Feb 18 23:15:43 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Mon, 19 Feb 1996 15:15:43 +0800
Subject: Piracy Bests ITAR
Message-ID: <199602190657.BAA00505@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Alan Horowitz wrote:
>    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he
> shouldn't complain when the taxi driver takes him, not to his requested
> destination, buit some dark alley where Mr Anon gets clunked over the
> head and his wallet removed. The locals need the money more than Mr
> rich-tourist-on-vacation Anon.  They're only doing socialist justice,
> after all.
> 
> Property is property. Theft is theft.

Such absolutism! And an awful analogy (not entirely worthless, but
not very good either).

Has nothing to do with socialism... even works nice in a capitalist
as in the case where people try the software, decide they like it,
and then buy it latter when they can afford it. Sidekick and WordStar
became popular because of this "borrowing".  MS-DOS probably would not
be so widespread if it weren't pirated.

Oh yeah, patents as well... I assume from your post that you didn't
use PGP before the MIT version (assuming you're in the US...).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgfQSoZzwIn1bdtAQFVKwGA2lngCVinsxHtw45XdbNfTHc/Whv3BGey
IvKs3cspDmvLe4cdyHWNXfzaw/u3aoCm
=JClJ
-----END PGP SIGNATURE-----





From WlkngOwl at UNiX.asb.com  Sun Feb 18 23:32:50 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Mon, 19 Feb 1996 15:32:50 +0800
Subject: Risks of a style anonymizer?
Message-ID: <199602190719.CAA04302@UNiX.asb.com>



> When did it become the style to have a clause, a colon, and another 
> clause as the title of things? This seems to be universal in govt and 
> university and highbrow blue-paper reports nowadays!

...always has been in the scientific literature.  Also quite popular 
in Usenet and mailing list posts.

My comment was in jest anyway. Yeesh.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From ses at tipper.oit.unc.edu  Sun Feb 18 23:58:31 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 19 Feb 1996 15:58:31 +0800
Subject: Risks of a style anonymizer?
In-Reply-To: <199602190719.CAA04302@UNiX.asb.com>
Message-ID: 


On Mon, 19 Feb 1996, Deranged Mutant wrote:

> 
> > When did it become the style to have a clause, a colon, and another 
> > clause as the title of things? This seems to be universal in govt and 
> > university and highbrow blue-paper reports nowadays!
> 
> ...always has been in the scientific literature.  Also quite popular 
> in Usenet and mailing list posts.

Not forgetting such mysterious works of science as "Manos: The Hand of Fear"

---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From maruishi at netcom.com  Mon Feb 19 00:00:37 1996
From: maruishi at netcom.com (maruishi at netcom.com)
Date: Mon, 19 Feb 1996 16:00:37 +0800
Subject: True random numbers
In-Reply-To: 
Message-ID: 


Thanks for all the information. 
Thanks for everyones insightful comments.

maruishi at netcom.com






From lmccarth at cs.umass.edu  Mon Feb 19 01:04:31 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 19 Feb 1996 17:04:31 +0800
Subject: Anonymous remailers are a virus spreading online! (Replies)
In-Reply-To: 
Message-ID: <199602190842.DAA30682@thor.cs.umass.edu>


Leonard P. Levine wrote somewhere:
> My most serious question about anonymous remailers is this:  How can we
> be sure that the operator of such a remailer is not a federal or other
> governmental agent?  That person is trusted with our privacy and has
> all the data needed to identify a user.
> 
> If I were the Feds I would already have set up such a "sting"
> operation, the temptation is just too great.

You will be pleased to hear that this problem was anticipated at least 15
years ago (in David Chaum's paper on "digital mixes"). Briefly, the solution
is to use multiple layers of encryption to distribute trust among several
remailer operators. Before it is remailed, a message is encrypted with public
keys belonging to each of a sequence of remailers. As each remailer receives
a message, it removes the outer layer of encryption using its private key,
revealing another encrypted message and the next address to which it should
be sent. Cooperation of all the remailers in the chain is needed to link the
originating address to the message that is eventually delivered to a 
recipient. 

For a longer exposition on the current state of the art in deployed
mail anonymizers, see http://www.obscura.com/~loki/remailer/remailer-essay.html

Note that the availability of strong anonymity critically depends upon the
availability of strong cryptography. If the Department of the Treasury 
Automated Systems Division holds all the remailers' private keys, then it can
easily determine the originators of all anonymously remailed messages.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From a.brown at nexor.co.uk  Mon Feb 19 01:52:19 1996
From: a.brown at nexor.co.uk (Andy Brown)
Date: Mon, 19 Feb 1996 17:52:19 +0800
Subject: Windows 95 encryption shell extension
Message-ID: <312843A2.5D7C@nexor.co.uk>


http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm

Haven't tried it myself since I don't use Windows 95, just thought
I'd report what I saw.


- Andy





From lmccarth at cs.umass.edu  Mon Feb 19 01:59:50 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 19 Feb 1996 17:59:50 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190320.TAA15431@julie.teleport.com>
Message-ID: <199602190942.EAA30761@thor.cs.umass.edu>


"Internet.Privacy.Guaranteed (IPG)" writes:
>	   CRE Transforms,
>          trademark IPG, are the only acknowledged unbreakable method
>          of so transforming digitized information. There are no
>          passwords, encryption keys, or anything like that to conjure
>          up, remember, and perhaps forget. 

Neat trick, unless they're using biometrics, which doesn't appear to be the
case :}

[...]
>                      Don't Waste your time !

I think they just said it best themselves, but I'll comment a bit more....

[...]
>          Every informed expert of the
>          technology will confirm, without reservation, that the IPG
>          system is not breakable, as many already have!  

All under NDA, I suppose. Note that they don't even name an "informed expert of
the technology"; at least the POTP people gave some names.

[...]
>          A fully
>          operational integrated multi-user system costs approximately
>          $140.00 per user, ready to load and go, with thousands, or
>          millions of Nvelopes and Nvelopeners. IPG also offers full
>          turnkey leases at $15.00 per user, per network, per
>          month, which includes all software, upgrades, administration,
>          and unlimited Nvelopes and Nvelopeners.
>
>          As a reference to its unbreakability, we refer you to an
>          article by Paul Leyland on Internet at:
> 
>              http://dcs.ex.ac.uk/~aba/otp.html

Clearly they (claim to) offer some sort of system using One Time Pads.
Notice the price quote of "$15.00 per user, per network, per month" including
"unlimited Nvelopes and Nvelopeners". I suspect this means that they're
basically selling chunks of (pseudo- ?)random data for as much as $15/person 
each month !  I guess it's nice work if you can get it. At that price, one
would hope that they're at least generating truly random bits from a hardware
source. But their skimpy details on their proprietary processes don't
inspire confidence....

>          For more information visit our Web Site at:
> 
>              http://www.netprivacy.com/ipg

In case you didn't get enough hyperbole from the press release, they have
extra helpings on the Web. This site has numerous pages containing precious
little real information. I found a few tidbits in unlikely places, though:

In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
that they "can help you to make some big bucks through the PCX Nvelopes
Multi - Level - Marketing Plan", it says:

> With our manufacturing process it is relatively easy for us
> to manufacture a ready to go system, for 25 users, or for
> 2,500 users.  All the user has to do is to prepare a
> DIR.LST, a Directory Listing of the users. We use that as
> the template and manufacture the system. 

This is actually a little scary. According to one of their other web pages, 
the DIR.LST file is a numbered list of user names and email addresses. So it
appears that a customer hands over a list of names and addresses, and IPG
assigns a set of one-time pads (or something) to each pair of users on the 
list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
will be used between any pair of email addresses on the list it has !  
The EES is starting to look attractive by comparison. 

> It becomes a load
> and go installation at each of the user sites. 

Gee, why are we all so worried about key management ?  It's just a load and
go installation at each of the user sites !  ;)

> We will even prepare, or help prepare, the DIR.LST for users.
>
> While we have the software and manufacturing facility to do
> that quickly, it is not easily transportable, to say the
> least, and certain aspects of it, we consider highly proprietary.

"not easily transportable, to say the least" ???  
Any ideas to what this might refer ?

OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
about their proprietary, immobile RNG methods:
(from http://www.netprivacy.com/ipg/comp.html)

>         How do we Achieve such High Standards?
>                  First Class Quality Control!
>
> We achieve unusually high standards of excellence because
> of the manufacturing process. Over 30%, sometimes as high as 
> 50% or more of our Nvelopes, Nvelopeners, are discarded 
> because they cannot meet our rigid standards. Also our 
> Nvelopes and Nvelopeners are subjected to a battery of 
> performance tests to insure that when used, they will meet the 
> high standards that you would expect.

 It's a jungle out there....

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From merriman at arn.net  Mon Feb 19 02:16:34 1996
From: merriman at arn.net (David K. Merriman)
Date: Mon, 19 Feb 1996 18:16:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <2.2.32.19960218215936.006b4120@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 04:42 AM 02/19/96 -0500, Futplex wrote:

>> We will even prepare, or help prepare, the DIR.LST for users.
>>
>> While we have the software and manufacturing facility to do
>> that quickly, it is not easily transportable, to say the
>> least, and certain aspects of it, we consider highly proprietary.
>
>"not easily transportable, to say the least" ???  
>Any ideas to what this might refer ?
>

Disk duplicating hardware? CDROM mass duplicator? (gotta put all those bits *somewhere* :-) Maybe it's the fission pile they're using as a RNG.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSeExMVrTvyYOzAZAQEKkQQAs/MfDsFq0YHiP0D40LnJ4E2Sbe1hkx64
vLngAmZMgck7Hl6XiSjkuGJFYQrFzalOMhl7PH5FLcnGM/THDxhsMZo6K4ygZZmf
MZO5P0fJ4hfnBEjHp/Uv3407ITj2kJ51bf6Ct6npNmmPghLRhakotoD4IqbYy8Ii
iYWP6H1fQX8=
=WB2C
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From jah at alien.bt.co.uk  Mon Feb 19 03:35:34 1996
From: jah at alien.bt.co.uk (jah at alien.bt.co.uk)
Date: Mon, 19 Feb 1996 19:35:34 +0800
Subject: Science News - article on Quantum Crypto
Message-ID: <9526.199602191103@orb.alien.bt.co.uk>



> I am not sure this is correct. In-line optical amplifiers work by
> stimulated emission like a laser rod. There is no intermediate
> electronic stage. The amplifier is a section of fibre that is doped
> with a rare earth element. The rare earth atoms are boosted into a 
metastable
> high energy state using a power source around the fibre. Passing signals
> (photons) stimulate the decays of the metastable states releasing more
> photons and boosting the signal. I am not sure what the effect of this on 
the
> polarisation characteristics of the signal is but my *hunch* is that the
> polarisation characteristics would be preserved in the amplified signal.
> 
> Sherry
> 
> ps Any laser physicists in the house?

Dr. Simon Phoenix (my resident quantum crypto guru) says no, you can't
use em - you have to build secure repeaters. Simon has been doing this
sort of thing in the Lab for years. He's simon at alien.bt.co.uk if you want
to probe him gently.

/.J

BTW: You can build  an Erbium doped amp that is 'transparent' to your
secure channel.





From tallpaul at pipeline.com  Mon Feb 19 05:30:39 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 19 Feb 1996 21:30:39 +0800
Subject: Req. for soundbites
Message-ID: <199602191257.HAA09741@pipe12.nyc.pipeline.com>


On Feb 18, 1996 19:27:04, 'frantz at netcom.com (Bill Frantz)' wrote: 
 
 
>>A local TV station has asked me for an interview, after I sent a graphic 
>>of a mono-digital hand gesture with the phrase "censor this!" to the
Prez, 
>>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
>>station), accompanied by a 'confession' and demand for swift prosecution.

>> 
>>Anyone got any nifty sound bites I can try to toss in? 
> 
 
I do not think that sound bites are the way to deal with these complex
issues. 
 
"Sound bites," (a.k.a. bumper stickers, advertising jingles, or more
accurately "magical thinking") contribute to the problem where
emotionally-charged issues are able to bypass the critical facilities. So
many of the attacks on crypto and the net are based exactly on sound bites
around the "Four Horsemen" coupled with magical incantations on simple ways
to defeat the problem. 
 
One does not fight magic with magic but with science; one does not fight
bad hysteria with good hysteria but with adult thinking. 
 
--tallpaul





From tallpaul at pipeline.com  Mon Feb 19 05:53:47 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Mon, 19 Feb 1996 21:53:47 +0800
Subject: Should *WE* Sue Under CDA
Message-ID: <199602191314.IAA10758@pipe12.nyc.pipeline.com>


On Feb 18, 1996 22:15:00, '"E. ALLEN SMITH"
' wrote: 
 
 
>From:	IN%"declan+ at CMU.EDU"  "Declan B. McCullagh" 17-FEB-1996 18:07:51.71 
> 
>>A lawsuit against the atheist would not be effective and could result in 
>>a countersuit for abuse of process. 
> 
>	Huh? You seem to have misinterpreted what I said. The atheist, who has 
>a child that reads the net, sues a Christian Fundamentalist organization
(say, 
>one of the Southern Baptist seminaries) for having a copy of the Bible -
which 
>contains material that is among the "seven dirty words" or whatever -
online, 
>where the child can read it. The CDA essentially says that a child reading

>indecent materials is doing harm to the child (a nice bit of nonsense),
which 
>gives the government the (undeserved) power to regulate such interactions.

>A countersuit will be somewhat difficult, since the organization in
question 
>(the one with the Bible online) is breaking the law; while there have been

>burglar suing because of broken leg cases, I believe that such are
generally 
>thrown out - possibly due to laws on the subject. 
>	Now, the jury won't find the seminary or whoever liable... but it would 
>create some publicity and tie the sued organization up for a while. It's 
>something that I'd encourage an atheist organization to sponsor. 
>	-Allen 
> 
 
On a personal and emotional level I *love* the idea of watching a group of
pro-CDA fundie christers having to sweat in court explaining how their
support for things like incest and murder are protected under the First
Amendment but other people's speech is not. 
 
But on a logical level, should we use (or advocate) the court system under
CDA-related topics. 
 
I think not. 
 
Allen's post has great emotional appeal, but it creates at least one
danger. 
 
The first is the hypocrisy involved in advocating something with which we
disagree, like asking the courts to support CDA and use CDA to punish those
we don't like. 
 
The second is creating an Orwellian doublethink in politics where we first
advocate something, like useing the courts. Then, when challenged (about
hypocrisy or anything else) turn around and state that we really did not
adovate what we so clearly did advocate or that we did not "mean" what we
so clearly said. 
 
Ultimately, we reinforce a form of political behavior where nobody is
responsible for their political behavior and nobody expects to be held
accountable for it. 
 
Witness the behavior of people like Rep. Shroeder who voted for CDA etc.
including the anti-abortion aspects, but does not want this to count among
the pro-choice crowd because she didn't "really" vote for CDA etc. to get
it to limit abortions. 
 
--tallpaul 
"Encryption? It is a Satanic drug thing. You wouldn't understand."





From jya at pipeline.com  Mon Feb 19 05:55:37 1996
From: jya at pipeline.com (John Young)
Date: Mon, 19 Feb 1996 21:55:37 +0800
Subject: NET_run
Message-ID: <199602191315.IAA19551@pipe1.nyc.pipeline.com>


   2-19-96. NYT:

   "In this new game, you'll never play with a full deck."

      Sometime next month a game will be played on the
      Internet, challenging surfers to leap between sites,
      solving puzzles and cracking codes that will give them
      access to secret data hidden behind firewalls and
      software barriers. The new game is Netrunner, set in the
      "dark techno-future" in which "ruthless corporations
      scheme to accomplish secret agendas as they build
      elaborate fortresses of data." In opposition to such
      plots, "anarchistic netrunners hack the system,
      infiltrating data forts to liberate information." It was
      created by Richard Garfield, who applied his doctoral
      training in combinatorial mathematics -- a field that
      studies the interaction of objects in complex systems.


   " 'Magic' Casts a Spell on Players."

      Magic was invented by Richard Garfield, who revels in
      his shoelessness. "I like to wear socks or slippers
      indoors," he said, padding around the Puck Building in
      thick. off-white socks. Developing the game took Mr.
      Garfield, who has a doctorate in combinational
      mathematics, all of a week.


   NET_run







From frissell at panix.com  Mon Feb 19 05:59:04 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 19 Feb 1996 21:59:04 +0800
Subject: Windows 95 encryption shell extension
Message-ID: <2.2.32.19960219132610.00b67238@panix.com>


At 09:32 AM 2/19/96 +0000, Andy Brown wrote:
>http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
>
>Haven't tried it myself since I don't use Windows 95, just thought
>I'd report what I saw.
>
>
>- Andy
>
>

"CodedDrag encrypts your personal data using the highly safe DES-code
algorithm."

I'll wait.

DCF






From rah at shipwright.com  Mon Feb 19 06:21:26 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 19 Feb 1996 22:21:26 +0800
Subject: Anonymous remailers are a virus spreading online! (Replies)
Message-ID: 



>From: "Prof. L. P. Levine" 

>My most serious question about anonymous remailers is this:  How can we
>be sure that the operator of such a remailer is not a federal or other
>governmental agent?

*Prove* to me I'm *not* a martian...

Don't you love the use of simple informal fallacies in supposedly logical
argument by supposedly rigorous scientists?

ObCrypto:

A: By using chained encryption, of course!

Cheers,
Bob

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From packrat at ratbox.rattus.uwa.edu.au  Mon Feb 19 06:32:16 1996
From: packrat at ratbox.rattus.uwa.edu.au (Bruce Murphy)
Date: Mon, 19 Feb 1996 22:32:16 +0800
Subject: Piracy Bests ITAR
In-Reply-To: <199602190657.BAA00505@bb.hks.net>
Message-ID: <199602191326.VAA00595@ratbox.rattus.uwa.edu.au>


In message <199602190657.BAA00505 at bb.hks.net>, 
  Mutant wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Alan Horowitz wrote:
> >    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he
> > shouldn't complain when the taxi driver takes him, not to his requested
> > destination, buit some dark alley where Mr Anon gets clunked over the
> > head and his wallet removed. The locals need the money more than Mr
> > rich-tourist-on-vacation Anon.  They're only doing socialist justice,
> > after all.
> > 
> > Property is property. Theft is theft.
> 
> Such absolutism! And an awful analogy (not entirely worthless, but
> not very good either).

True, there is a certain amount of indicision in my mind as to the
value of keeping software valuable through sale, and obtaining it
virtually free of charge. Yes I develop software.

> Has nothing to do with socialism... even works nice in a capitalist
> as in the case where people try the software, decide they like it,
> and then buy it latter when they can afford it. Sidekick and WordStar
> became popular because of this "borrowing".  MS-DOS probably would not
> be so widespread if it weren't pirated.

Uh huh? And you are saying that there were *heaps* of computers out
there which could run MS-DOS which didn't come with it? And how much
more would those companies have made had the products been *forced* to
be sold rather than pirated.

*chuckle*

Of course these days, with M$ having the monopoly over all software on
PC's and Billy being worth what he is, it's a moot point...



Intellectual property is all very well to develop, but it should
really be considered a limited resource at any point in time, and as
such be ownership restricted in much the same way as natural resources
are in Oz.

Mining licenses are only kept where the owner can show a certain
amount of development. In the same way patents of "intellectual" or
developing technology should be granted under a license to develop
principle only. (with the option to lose)

I'm not saying that intellectual property should come any more under
the banner of Big Sibling[1], but the existing regulatory bodies
should probably be forced to adopt these measures.

[1] This might be in an archive by the time that the CDA Mk II comes
out with the politically correct clauses.[2]
[2] I'm not laughing. My country's regulatory body sat this week to
start on our 'net legislational recommendations. I hope to hell you
people get your CDA sorted out before our lot uses it as a precedent.
--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.








From wlkngowl at unix.asb.com  Mon Feb 19 08:30:26 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 1996 00:30:26 +0800
Subject: Piracy Bests ITAR
Message-ID: <199602191507.KAA01812@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Bruce Murphy wrote:

> > Has nothing to do with socialism... even works nice in a capitalist
> > as in the case where people try the software, decide they like it,
> > and then buy it latter when they can afford it. Sidekick and WordStar
> > became popular because of this "borrowing".  MS-DOS probably would > 
> be so widespread if it weren't pirated.
> 
> Uh huh? And you are saying that there were *heaps* of computers out
> there which could run MS-DOS which didn't come with it? And how much
> more would those companies have made had the products been *forced* to
> be sold rather than pirated.

The point of the original article was that those products probably would 
*not* have been sold.  What life would be like in other circumstances is
hard to consider... and rather moot (a friend of mine has an expression
for describing hypotheticals... "What is my grandfather had four arms?").

FSF/GNU and projects like FreeDOS, if they were several years earlier, 
would have made things quite interesting....

A point NOT in the orig. article but hinted at in the subject, though: if 
people cannot *buy* the software because of regs like ITAR, they'll steal 
it.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSiSGioZzwIn1bdtAQHIzwF+NiBHyvvJRviXZv91iqEnMKc0LQWGok+z
m8TiKOspP7wAZgGNmeRXWFXwrt2BV7sO
=LEUO
-----END PGP SIGNATURE-----





From raph at CS.Berkeley.EDU  Mon Feb 19 08:42:45 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Tue, 20 Feb 1996 00:42:45 +0800
Subject: List of reliable remailers
Message-ID: <199602191450.GAA00933@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = " cpunk pgp special";
$remailer{"portal"} = " cpunk pgp hash";
$remailer{"alumni"} = " cpunk pgp hash";
$remailer{"bsu-cs"} = " cpunk hash ksub";
$remailer{"c2"} = " eric pgp hash reord";
$remailer{"penet"} = " penet post";
$remailer{"ideath"} = " cpunk hash ksub reord";
$remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = " cpunk pgp hash filter";
$remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = " cpunk pgp hash ksub ek";
$remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = " cpunk hash mix";
$remailer{"replay"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = " mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = " cpunk mix";
$remailer{"wmono"} = " cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = " cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = " cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = " cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = " cpunk pgp hash latent cut ?";
$remailer{'alpha'} = ' alpha pgp';
$remailer{'gondonym'} = ' alpha pgp';
$remailer{'nymrod'} = ' alpha pgp';
$remailer{"lead"} = " cpunk pgp hash latent cut ek";
$remailer{"treehole"} = " cpunk pgp hash latent cut ek";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 19 Feb 96 6:46:32 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
alumni   hal at alumni.caltech.edu           #-###-**#*#+     4:52  99.99%
lead     mix at zifi.genetics.utah.edu            +++++++    40:29  99.97%
treehole remailer at mockingbird.alias.net        ++--+++  1:38:55  99.95%
nymrod   nymrod at nym.alias.net             **#* **+--+*    16:15  99.89%
c2       remail at c2.org                    +*** +****++    15:58  99.84%
gondolin mix at remail.gondolin.org          -__.--------  7:43:33  99.83%
gondonym alias at nym.gondolin.org           -__--------   7:15:55  99.81%
portal   hfinney at shell.portal.com         #*###-## ###     2:07  99.76%
flame    remailer at flame.alias.net         ++++ ++++++     54:43  99.72%
extropia remail at extropia.wimsey.com       -._.--.----  12:10:04  99.65%
vishnu   mixmaster at vishnu.alias.net       -*** ------   1:12:38  99.60%
mix      mixmaster at remail.obscura.com     ..-- -+-+--   2:32:14  99.56%
ecafe    cpunk at remail.ecafe.org           *### +#*###*     1:01  99.47%
alpha    alias at alpha.c2.org               ***  -+* ++*    46:19  99.34%
hacktic  remailer at utopia.hacktic.nl       **** +******     7:46  98.96%
replay   remailer at replay.com              +*** +*+****     5:47  98.41%
shinobi  remailer at shinobi.alias.net        ##* *.-++**  1:29:59  97.16%
penet    anon at anon.penet.fi                . **------  18:48:16  90.53%
rahul    homer at rahul.net                  ***#*+#+####     1:26  99.94%
tjava    remailer at tjava.com                      # -*#    41:23  80.93%
pamphlet pamphlet at idiom.com               ++++ ++         42:17  42.14%
ford     remailer at bi-node.zerberus.de                   4:33:06   6.65%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From gorkab at sanchez.com  Mon Feb 19 08:50:43 1996
From: gorkab at sanchez.com (Brian Gorka)
Date: Tue, 20 Feb 1996 00:50:43 +0800
Subject: Windows 95 encryption shell extension
Message-ID: <01BAFEAE.63BB64E0@loki>


On Monday, February 19, 1996 4:32 AM, Andy Brown[SMTP:a.brown at nexor.co.uk] 
wrote:
>http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
>
>Haven't tried it myself since I don't use Windows 95, just thought
>I'd report what I saw.
>
>
>- Andy
>

I downloaded this, AND installed it.  It displays your password right on 
the screen!!!  No *s, no blind typing.  Anyone looking over ytour shoulder 
can see what you type as your passphrase!  Come on.




----------
Brian Gorka
Key fingerprint =  ED 7D 78 7E 95 E8 05 01  27 01 A1 74 FA 4B 86 53 






From J.D.Stumbles at reading.ac.uk  Mon Feb 19 08:51:25 1996
From: J.D.Stumbles at reading.ac.uk (John Stumbles)
Date: Tue, 20 Feb 1996 00:51:25 +0800
Subject: CPF: Feb-17-1996.cpf
In-Reply-To: <199602170527.AAA20807@yakko.cs.wmich.edu>
Message-ID: 


On Sat, 17 Feb 1996, Damaged Justice wrote:

> Date: Fri, 16 Feb 1996 09:20:30 -0800
> From: sasha1 at netcom.com (Alexander Chislenko)
> Subject: Re:  Computer unmasks Anonymous writer...
> 
>   I ran my essays through Word grammar checker a while ago,
> and was surprised how stable the grammar statistics were.
> Complexity of the text (grade level) was the same to the decimal point,
> average length of sentences was consistent, etc.
> People also use the same styles of smileys or *highlights*, make
> consistent spelling errors, have their habits of indentation, etc.
> 
> My suggestion at the time was to have randomizing output filter that
> would substitute synonyms, change spelling, modify paragraph formatting,
> etc.  - Style anonymizer, I'd call it.  Also, if small random changes are
> applied to every copy of the message you send out, and you keep track of
> what recipient got which version, you will find it easier to identify
> the leaks if you send private messages.  A dishonest recipient, to
> protect himself, would have to further randomize the message, which
> has apparent consequences for the ease of your identification and attributability of the message.

A similar method was (is?) allegedly used by H.M. Government depts (and no
doubt others) in restricted documents: the apparently even spacing of
letters along a line to acheive proportional spacing was in fact slightly
uneven and different on each copy, so a whistleblower (or spy) who
photocopied and leaked a document in their posession could be identified
if the copied document were examined. 


--
John Stumbles                                      j.d.stumbles at reading.ac.uk
Computer Services, University of Reading       http://www.rdg.ac.uk/~suqstmbl 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Just pray that there's intelligent life somewhere out in space
 - because there's bugger all down here on earth!





From usura at replay.com  Mon Feb 19 08:52:05 1996
From: usura at replay.com (Alex de Joode)
Date: Tue, 20 Feb 1996 00:52:05 +0800
Subject: Piracy Bests ITAR
Message-ID: <199602191456.AA00738@xs1.xs4all.nl>


Alan Horowitz sez:

: > From: Anonymous 
: > Some economists have made a good case that slack
: > enforcement of such rules may sometimes do little harm.
: > Local firms benefit by acquiring pirated technology more
: > cheaply than the real thing; consumers acquire affordable
: > high-tech products and close copies of branded goods.

:    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he 
: shouldn't complain when the taxi driver takes him, not to his requested 
: destination, buit some dark alley where Mr Anon gets clunked over the 
: head and his wallet removed. The locals need the money more than Mr 
: rich-tourist-on-vacation Anon.  They're only doing socialist justice, 
: after all.

: Property is property. Theft is theft.

Then the question arises is software property ..

If I steal your money, you don't have it any more;
if I copy your software, you still have it so one 
can't simply conclude that copying is theft.

Besides copyright law, patent law et al. are all rip offs
designed to suck money out of Citizen-Units. I you create
a new and improved methode to do accounting your idea will 
not be protected, also concepts and principles are unprotected.

Intelectual Property Law is only designed to protect the
investor, publishers/authors wanted copyright laws, the industrial
age brought us patent laws, bio-genetics are patenting 'dna strings', 
the computer age brought us patenting of mathematic principles,
and soon databases will be protected.

Copying software isn't theft, copying software is a vote against rip offs, 
copying software is the first step in liberating the Citizen-Unit !

!noitulover
--

" The way to combat noxious ideas is with other ideas.  
  The way to combat falsehoods is with truth. " 

	-- Justice William O. Douglas, 1958





From froomkin at law.miami.edu  Mon Feb 19 09:36:43 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Tue, 20 Feb 1996 01:36:43 +0800
Subject: Russian Crypto Laws
Message-ID: 


Does anyone know whether

1) the russians have issued any crypto licenses to either russians or
foreigners?

2) whether anyone has been prosecuted for unlicensed crypto use in
Russia?  or even been charged or warned?

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From perry at piermont.com  Mon Feb 19 09:57:50 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 01:57:50 +0800
Subject: Patents and Trademarks invalid
In-Reply-To: <9602170607.AA15430@cti02.citenet.net>
Message-ID: <199602191722.MAA06585@jekyll.piermont.com>



This isn't AynRandPunks either, Mr. Avon.

.pm

Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Man's survival tool is his mind.
> 
> Patents and copyright are establishing the ownership and protection
> the result of the exercise of his survival tool.
> 
> Therefore they are good.
> 
> To try to eliminate them is equivalent to promote slavery.





From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 19 10:04:14 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 20 Feb 1996 02:04:14 +0800
Subject: Pentagon net-trolling (from RRE)
Message-ID: <01I1EB3MZ2BEA0V4SL@mbcl.rutgers.edu>


	People should find this interesting. It looks like the Pentagon, at
least publically, may be a bit behind the CIA/NSA/etcetera in Internet stuff.
	-Allen

From:	IN%"rre at weber.ucsd.edu" 19-FEB-1996 01:13:01.46

[I've removed the header, but the author's e-mail address is in the text.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



The following is an article from The Nation magazine (March 4, 1996) that
reports on a Pentagon study on how the military can exploit the Internet.
The Pentagon paper suggests using the Internet for the routine interception
of global e-mail, for covert operations and propaganda campaigns, and for
tracking domestic political activity, particularly that of the left. The
article was written by David Corn, the Washington editor of The Nation. If
you have any comments or leads for follow-up stories, please contact him at

202-546-2239/ph
202-546-1415/fx
dacor at aol.com

To subscribe to The Nation, a magazine of politics and culture, call
800-333-8536. 

Pentagon Trolls the Net
By David Corn
c1996

 Internet users beware; Pentagon snoops are taking an interest in your
cyber-communications. Last summer, Charles Swett, a policy assistant in the
Office of the Assistant Secretary of Defense for Special Operations and
Low-Intensity Conflict, produced a report  that assessed the intelligence
value of the Internet for the Defense Department. His study discovered the
obvious: By monitoring computer message traffic and alternative news sources
from around the world, the military might catch "early warning of impending
significant developments." Swett reports that the "Internet could also be
used offensively as an additional medium in psychological operations
campaigns and to help achieve unconventional warfare objectives." A striking
aspect of his study is that there is one sort of Internet user who attracts a
large amount of attention from Swett: cyber-smart lefties.
   The thirty-one-page, unclassified study is mostly cut and dry. Much of it
describes what the Internet is and what can be found within its infinite
confines. Swett lists various "fringe groups" that are exploiting the
Internet: the white-supremacist National Alliance, the Michigan Militia,
Earth First, and People for the Ethical Treatment of Animals (PETA). He
highlights MUFON--the Mutual UFO Network--which uses the Internet to
disseminate information on "U.S. military operations that members believe
relate to investigations and cover-ups of UFO-related incidents." MUFON
computer messages, Swett notes, "contain details on MUFON's efforts to
conduct surveillance of DoD installations." The report does not suggest that
the computer communications of MUFON and these other groups should be
targeted by the military--though X Filers will be forgiven for wondering if
something sinister is afoot.
   What Swett apparently finds of greater interest than MUFON and the "fringe
groups" is the online left. A significant portion of the report is devoted to
the San Francisco-based Institute for Global Communications, which operates
several computer networks, such as PeaceNet and EcoNet, that are used by
progressive activists. I.G.C. demonstrates, he writes, "the breadth of
DoD-relevant information available on the Internet." The paper refers to
I.G.C. conferences that might be considered noteworthy by the Pentagon,
including ones on anti-nuclear arms campaigns, the extreme right, social
change, and "multicultural, multi-racial news." Swett cites I.G.C. as the
home for "alternative news sources" that fill gaps in the mainstream media.
(It might be good for Pentagon analysts to read I.G.C. dispatches from
Holland's Peace Media Service.) Yet he seems to say that one can  also track
the left around the world by monitoring I.G.C.: "Although [I.G.C.] is clearly
a left-wing political organization, without actually joining I.G.C. and
reading its message traffic, it is difficult to assess the nature and extent
of its members' actual real-world activities."
 Swett's paper presents the world of opportunity awaiting a cyber-shrewd
military and intelligence establishment. The Pentagon and intelligence
services will conduct "routine monitoring of messages originating in other
countries" in the search for information on "developing security threats."
That means overseas e-mail, like overseas phonecalls, will be intercepted by
the electronic eavesdroppers of the National Security Agency or some other
outfit. The data will be fed into filtering computers and then, if it
contains any hot-button words, forwarded to the appropriate analyst.
"Networks of human sources with access to the Internet could be developed in
areas of security concern to the U.S." (But bureaucrats rest assured; "this
approach"--using computer-assisted spies--"could never replace official DoD
intelligence collection systems or services.") The Internet "can also serve
counterintelligence purposes" by identifying threats to the Pentagon and U.S.
intelligence activities. As an example, Swett refers to a message posted in a
discussion group for "left-wing political activists" that repeated an A.P.
article about an upcoming U.S. Army Special Operations Command training
exercise at an empty Miami Beach hotel.
 Another growth area is the dirty tracks department. Noting that government
officials, military officials, business people, and journalists all around
the world are online, Swett envisions "Psychological Operations" campaigns in
which U.S. propaganda could be rapidly disseminated to a wide audience. He
adds, "The U.S. might be able to employ the Internet offensively to help
achieve unconventional warfare objectives." Swett does not delve into details
on how the Internet could serve such a mission. But he tosses out one
possibility: communicating via the Internet with political and paramilitary
groups abroad that Washington wants to assist while "limiting the direct
political involvement of the United States." Imagine this: contras with
computers.
 Swett does point to a few potential problems. The Internet is chockful of
chit-chat of no intelligence value. Retrieving useful nuggets will require
monumental screening. He also predicts that one day video footage of military
operations will be captured by inexpensive, hand-held digital video cameras
operated by local individuals and then up-loaded to the Internet. Within
minutes, millions of people around the world will see for themselves what has
happened--which could lead to calls for action (or calls to terminate action)
before government leaders have had a chance to react and formulate a
position. Such a development, he observes, "will greatly add to the burden on
military commanders, whose actions will be subjected to an unprecedented
degree of scrutiny." And opponents of the Pentagon might try to exploit the
Internet for their own devilish ends: "If it became widely known that DoD
were monitoring Internet traffic for intelligence or counterintelligence
purposes,  individuals with personal agendas or political purposes in mind,
or who enjoy playing pranks, would deliberately enter false or misleading
messages." The study ends with a series of vague recommendations--all to be
carried out "only in full compliance with the letter and the spirit of the
law, and without violating the privacy of American citizens." 
 The Swett paper is "refreshingly candid," says Steven Aftergood of the
Federation of American Scientists, who placed a copy of the document on the
FAS web site on government secrecy, where it is being downloaded about twenty
times a day (at http://www.fas.org/pub/gen/fas/sgp/.).  The I.G.C. staff is
amused by Swett's interest. "We must be doing something right," notes George
Gundrey, program coordinator of I.G.C.'s PeaceNet. "But it is interesting
that all of his [I.G.C.] examples are the most left-wing items [on the
network]." 
 Swett's study is not the first of its kind. Under the rubric of "information
warfare," other Pentagon outfits and military contractors have studied how to
use computer networks to collect public information, disseminate propaganda,
politically destabilize other governments, and plant computer viruses into
the information systems of foes. (The latter task is particularly foolhardy.
Deploying viruses into cyber-space--even if targeted against an enemy--would
likely pose a danger to the United States, since this country is more
networked than any other.) But Swett's office--the Pentagon's dirty tricks
shop--is a newcomer to this scene, acoording to David Banisar, a policy
analyst for the Electronic Privacy Information Center. Banisar's group has
been helping international human rights groups use encryption to protect
their global e-mai, "so the spooks don't listen in"
 It is natural that the national security gang will try to infiltrate and use
a communication medium like the Internet to its advantage. What is most
troubling about Swett's paper is its preoccupation with left-of-center
travelers in cyberspace and _domestic_ political activities. In the appendix,
Swett reproduces four examples of notable e-mail. One (written by progressive
activists Richard Cloward and Frances Fox Piven) calls for 100 days of
protest in response to the Republican's Contract with America, another
announces plans for a demonstration at the 1996 G.O.P. convention in San
Diego, the third relays to lefties information on the U.S. Army exercise at
the Miami Beach hotel, and the last is a communique from the Zapatistas of
Mexico. Swett's use of these cyber dispatches can be explained one of two
ways. Either the left has made much more progress in cyber-organizing than
the right and "such fringe groups" as PETA, or Swett, true to institutional
tradition, is overwrought about the use of the Internet by a certain parties.
In any case, the would-be watchers in the defense establishment ought to be
watched closely--especially if Swett's report refelcts broader sentiment
within the Pentagon.






From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 19 10:18:12 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 20 Feb 1996 02:18:12 +0800
Subject: Easy Nuclear Detonator
Message-ID: <01I1EB1R8QLGA0V4SL@mbcl.rutgers.edu>


	I would have appreciated it if you'd sent this to me privately, or at
least didn't enclose my message to you (which was sent in private email). Among
other reasons, it is rather off-topic (unless one wants to count it among bomb
information available on the net).
	-Allen


From:	IN%"jimbell at pacifier.com"  "jim bell" 19-FEB-1996 00:58:39.66

-----BEGIN PGP SIGNED MESSAGE-----

At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>	I've been kind of busy recently (the reason I haven't responded to
>the more recent Assasination Politics stuff), but I'm curious what your method
>is for achieving simultaneous explosions.


"Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
homogenous liquid 
explosive (for example, pure nitromethane), length accurately cut to produce 
the exactly desired delay.  Kept separated from each other by foam spacers 
to avoid inter-fiber detonations. Detonated from a single cap, with an 
intermediary chamber of liquid explosive to stabilize the shock front, the 
detonation wave travels along each tube simultaneously at (presumably) 
identical velocity."

It's a race, designed so that the detonation waves reach their targets (the
foci) at 
the same time.  If the detonation velocity was, say, 5,000 meters per 
second, an accuracy of 0.5 millimeter in length would produce a delay accuracy 
of 100 nanoseconds.

Whatcha think?

Now where did I put that pit...   


Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSgFwvqHVDBboB2dAQGzYAQAksCklKTJ80tr+YuASwzt6KRMVgqivydf
wjYP9GL5Bo3HeXxEgOB8Xg6gnO9aOdDxMfMKiR0SdodE4V4kiy2y671jPofNz800
Y0YHzKnLcLuZzvnExGkhtLDQLigqDdNWSdPgFItkJ/5TVXHrEfL7+paOmo2hbYKO
5hbuG7wZ9Hg=
=6qoY
-----END PGP SIGNATURE-----






From nobody at REPLAY.COM  Mon Feb 19 10:38:07 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Tue, 20 Feb 1996 02:38:07 +0800
Subject: Assassination Biz
Message-ID: <199602191740.SAA14401@utopia.hacktic.nl>



Hey, Jim Bell, here are some clients, or competitors, or best, 
targets?



The Hit Men (Newsweek, Feb 26, 96)

Call it "in-your-face-capitalism." You lose your job, your ex-
employer's stock price rises, the CEO gets a fat raise. Today,
the more people a company fires, the more Wall Street loves
it, the higher its stock price goes.

Cheer up, you're serving the greater good by being blown away
by what economist Joseph Schumpeter christened "the gale of
creative destruction."

The world is changing and no matter how big and rich a company
is, it has to adapt or die. But Wall Street and Big Business
have made a bad problem worse by being greedheads. Lots of
CEOs have messed up big time. They let payrolls get bloated.
Then to recoup, the offer up employees as sacrifices to
Mammon, god of Wall Street, hoping to get their stock price
back up. When the price rises, it's like Wall Street spitting
on the victim's bodies.

Corporate heads, salaries and layoffs:

Robert Allen, AT&T. Salary: $3,362,000, 40,000 layoffs.

Louis Gerstner, IBM, $2,625,000, 60,000.

Robert Palmer, Digital Equipment, $900,016, 20,000.

Walter Shipley, Chemical/Chase, $2,496,154, 12,000.

Charles Lee, GTE. $2,004,115, 17,000.

Ronald Allen, Delta Air Lines, $475,000, 15,000.

John McDonnell, McDonnell Douglas, $577,791, 17,000.

Robert Stempel, General Motors, $1,000,000, 74,000.

Edward Brennan, Sears, Roebuck, $3,075,000, 50,000.

Michael Miles, Philip Morris, $1,000,000, 14,000.

Frank Shrontz, Boeing, $1,420,935, 28,000.

William Ferguson, CEO Nynex, $800,000, 16,800.

Albert Dunlap, Scott Paper. $100,000,000 in salary, stock
profits and other perks, 11,000.







From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 19 10:48:50 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 20 Feb 1996 02:48:50 +0800
Subject: Should *WE* Sue Under CDA
Message-ID: <01I1EBV48X2UA0V4SL@mbcl.rutgers.edu>


From:	IN%"tallpaul at pipeline.com" 19-FEB-1996 08:49:19.72

>On a personal and emotional level I *love* the idea of watching a group of
>pro-CDA fundie christers having to sweat in court explaining how their
>support for things like incest and murder are protected under the First
>Amendment but other people's speech is not. 

	It is a rather humorous idea.

>But on a logical level, should we use (or advocate) the court system under
>CDA-related topics. 
 
>I think not. 
 
>Allen's post has great emotional appeal, but it creates at least one
>danger. 
 
>The first is the hypocrisy involved in advocating something with which we
>disagree, like asking the courts to support CDA and use CDA to punish those
>we don't like. 

	That does have its problems. I've got the same sort of dilemma in my
life; to take government funding (for science) or not, when I disapprove of
most such funding. I wind up deciding to, because otherwise the funds in
question could be spent less efficiently on science (thus further wasting
taxpayer funds) or on something even less legitimate (i.e., the Wo(S)D), given
that bureaucratic budgets tend to be decided by who uses up the most money.
	I can justify this by that one would pick a target that had done
something directly wrong: participating in the writing of a bill that violates
individual rights. In other words, pick a target that deserves it enough, and
striking back at them is justified. The problem is the old ends justify means
debate.
 
>The second is creating an Orwellian doublethink in politics where we first
>advocate something, like useing the courts. Then, when challenged (about
>hypocrisy or anything else) turn around and state that we really did not
>adovate what we so clearly did advocate or that we did not "mean" what we
>so clearly said. 
 
>Ultimately, we reinforce a form of political behavior where nobody is
>responsible for their political behavior and nobody expects to be held
>accountable for it. 
 
>Witness the behavior of people like Rep. Shroeder who voted for CDA etc.
>including the anti-abortion aspects, but does not want this to count among
>the pro-choice crowd because she didn't "really" vote for CDA etc. to get
>it to limit abortions. 

	You have a point.
	-Allen





From perry at piermont.com  Mon Feb 19 10:56:44 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 02:56:44 +0800
Subject: True random numbers
In-Reply-To: <199602172002.MAA09152@netcom20.netcom.com>
Message-ID: <199602191809.NAA06677@jekyll.piermont.com>



maruishi at netcom.com writes:
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small little
> program that generates random numbers by measuring the mili-second timing ies
> a TCP packet to bounce back, from another network. 

A bad source of randomness, both because the opponent can also conduct
the same measurement and because the opponent can alter your
measurement...

.pm





From eli+ at GS160.SP.CS.CMU.EDU  Mon Feb 19 11:07:43 1996
From: eli+ at GS160.SP.CS.CMU.EDU (eli+ at GS160.SP.CS.CMU.EDU)
Date: Tue, 20 Feb 1996 03:07:43 +0800
Subject: True random numbers
In-Reply-To: <+cmu.andrew.internet.cypherpunks+kl9Y:mm00UfAI100wG@andrew.cmu.edu>
Message-ID: <9602191812.AA07312@toad.com>


Tim May writes:
>4. I'd avoid altogether phrases such as "generates random numbers," unless
>your method uses radioactive decay or Johnson noise measurements, for
>example, and maybe not even then.

Persi Diaconis gave a talk here last week on pseudorandom generation,
during which he was asked by people didn't use hardware RNGs.  He said
that he wasn't aware of any that passed the standard battery of
statistical tests.

(He also mentioned that nobody had thoroughly tested the
complexity-theoretic generators such as Blum-Micali, and got into a
rather vigorous discussion with a professor who argued that testing
was superfluous.  Diaconis: "You theorists always take that tone!")

-- 
. Eli Brandt                                        usual disclaimers .
. eli+ at cs.cmu.edu                                  PGP key on request .
. arrest me:                       violation of 18 U.S.C. 1462: "fuck".






From dlv at bwalk.dm.com  Mon Feb 19 11:19:31 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 20 Feb 1996 03:19:31 +0800
Subject: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 


jim bell  writes:
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid
> explosive (for example, pure nitromethane), length accurately cut to produce
> the exactly desired delay. ...

Sounds good!

Now that coderpunks have split off of cypherpunks, I propose the creation of
at least two more mailing lists on toad.com (to keep the traffic on the
original cypherpunks more in line with Perry's views of what's appropriate):

* nukepunks - for educating the public how to build nuclear weapons
 (discussions of refining U-232 in your garage and the like)

* chempunks - for educating the public how to build chemical weapons
 (how to make Cyclon-B out of common household chemicals)

   :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ericm at lne.com  Mon Feb 19 11:45:23 1996
From: ericm at lne.com (Eric Murray)
Date: Tue, 20 Feb 1996 03:45:23 +0800
Subject: NSA net trolling
Message-ID: <199602191852.KAA06662@slack.lne.com>


 

Forwarded from alt.politics.datahighway, sorry I didn't
get the Message-ID when it was fowarded to me.

This is possibly old news to some, but I think it needs
to be spread widely.

 
> Article 1706 of alt.politics.datahighway:
> Date: Tue, 16 Jan 1996
> Subject: NSA SHORTCIRCUITING FUTURE CRYPTO CAPABILITIES
>
> from Global Net News
> ===
> [Want to know the easiest way... Puzzle Palace coauthor Wayne
> Madsen, in an article written for the June 1995 issue of Computer
> Fraud & Security Bulletin (Elsevier Advanced Technology Publications),
> wrote that "according to well-placed sources within the Federal
> Government and the Internet service provider industry, the National
> Security Agency (NSA) is actively sniffing several key Internet router
> and gateway hosts."
>
> Madsen says the NSA concentrates its surveillance on destination and
> origination hosts, as well as "sniffing" for specific key words and
> phrases.  He claims his sources have confirmed that the NSA has
> contracted with an unnamed private company to develop the software
> needed to capture Internet data of interest to the agency.
>
> According to Madsen, the NSA monitors traffic primarily at two Internet
> routers controlled by the National Aeronautics and Space Administration
> (NASA), one in College Park, MD (dubbed "Fix East") and another at NASA
> Ames Research Center in Sunnyvale, CA ("Fix West").
>
> Other NSA Internet sniffers, he said, operate at busy routers knows as
> Mae East (an East Coast hub), Mae West (a West Coast hub), CIX
> (reportedly based in San Jose), and SWAB (a northern Virginia router
> operated by Bell Atlantic).
>
> Madsen says the NSA may also be monitoring traffic at network access
> points, the large Internet gateways operated by regional and
> long-distance service providers. The NAPs allegedly under surveillance
> are in Pennsauken, NJ (operated by Sprint), Chicago (run by AmeriTech
> and Bell Communications Research), and San Francisco (Pacific Bell).
>
>    [Quote]
>    "Madsen claims the NSA has deals with Microsoft, Lotus, and Netscape
> to prevent anonymous email."
>    [quote]
>
> "One senior Federal Government source has reported that NSA has been
> particularly successful in convincing key members of the US software
> industry to cooperate with it in producing software that makes Internet
> messages easier for NSA to intercept, and if they are encrypted, to
> decode," Madsen wrote. "A knowledgeable government source claims that
> the NSA has concluded agreements with Microsoft, Lotus and Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, the use of cryptographic key-escrow, as well
> as software industry acceptance of the NSA-developed Digital Signature
> Standard (DSS)."
>
> Is the NSA really snooping on the Net? And if they are, would that
> violate the agency's charter, which specifically prohibits it from
> spying within the US?
>
> "Well, Net traffic is routed from God knows where to God knows where
> around the world," says George Washington University Professor Lance
> Hoffman, a professor of Communications and Telecommunications Systems
> Policy at George Washington University. "So if the NSA is doing this,
> they could say they are not violating their charter not to spy in the
> US. That's the thing. Intelligent routers send stuff any which way."
> 
> 
> 


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From frantz at netcom.com  Mon Feb 19 11:57:23 1996
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 20 Feb 1996 03:57:23 +0800
Subject: Req. for soundbites
Message-ID: <199602191900.LAA20595@netcom7.netcom.com>


At  7:57 AM 2/19/96 -0500, tallpaul wrote:
>On Feb 18, 1996 19:27:04, 'frantz at netcom.com (Bill Frantz)' wrote: 
> 
> 
>>>A local TV station has asked me for an interview, after I sent a graphic 
>>>of a mono-digital hand gesture with the phrase "censor this!" to the
>Prez, 
>>>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
>>>station), accompanied by a 'confession' and demand for swift prosecution.
>
>>> 
>>>Anyone got any nifty sound bites I can try to toss in? 
>> 
For the record, that is not my statement, but one I was replying to.  No
offense, I think I may have made the same kind of mistake.

> 
>I do not think that sound bites are the way to deal with these complex
>issues. 

Tallpaul is right when he says that one SHOULD not deal with complex issues
through sound bites.  However, the mathematical model for this part of
politics is Prisoner's Dilemma.  (BTW It is also the model for negative
advertising.)  When your opponent goes to sound bites, you also must, or
you will lose.

The CDA fans have been using sound bites such as, "It will protect our
children from netporn."  and, "The net is a sea of pornography."  Lost jobs
and dead teenagers are the strongest images I can present on our side and
still feel look at myself in the mirror in the mornings.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From bruce at aracnet.com  Mon Feb 19 12:28:28 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 04:28:28 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960219191757.006d763c@mail.aracnet.com>


I'm curious if anyone knows anything about the status of the following type
I remailers.

NOT HEARD FROM IN MY JANUARY OR FEBRUARY TESTS

amnesia at chardos.connix.com

NOT HEARD FROM IN MY FEBRUARY TESTS

pamphlet at idiom.com
remail at c2.org
remailer at bi-node.zerberus.de
robo at c2.org

And as long as I'm asking questions :-), I see that some remailers
(hfinney at shell.portal.com, hal at alumni.caltech.edu, homer at rahul.net) preserve
subject lines while others do not. Is this a readily settable option? If so,
I'd like to commend it to other remailer operators. If not, I'd be
interested in getting some sense of how difficult a hack it is.


-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bianco at itribe.net  Mon Feb 19 12:30:39 1996
From: bianco at itribe.net (David J. Bianco)
Date: Tue, 20 Feb 1996 04:30:39 +0800
Subject: Encryption in software licenses...
Message-ID: <199602191923.OAA23820@gatekeeper.itribe.net>


Does anyone have a pointer to any good discussions on how to build programs
with encrypted license keys?  ftp.csua.berkeley.edu used to have such a file
(/pub/cypherpunks/cryptanalysis/license.asc.gz), but the archive hasn't
been accessible for a few days.  Although I remember this to be mostly about 
how to crack such schemes, it has lots of useful information about how they
are designed in the first place.

	Thanks,
	  David

-- 
==========================================================================
David J. Bianco			| Web Wonders, Online Oddities, Cool Stuff
iTribe, Inc.			| Phone: (804) 446-9060 Fax: (804) 446-9061
Suite 1700, World Trade Center	| email: 
Norfolk, VA 23510		| URL  : http://www.itribe.net/~bianco/





From perry at piermont.com  Mon Feb 19 12:35:20 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 04:35:20 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: <199602181745.JAA08925@ix5.ix.netcom.com>
Message-ID: <199602191921.OAA07056@jekyll.piermont.com>



Bill Stewart writes:
> >They could use no stock software, and they would grind every machine
> >in the country to its knees doing the signatures. RSA signatures
> >aren't cheap.
> 
> Could you use IPv6 / IPSP authentication to do the job?

Yes, they could. (Its IPSEC these days, by the way).

However, again, I don't think it will do them much good, especially
since forcing people to deploy strong cryptography everywhere isn't
in their best interests. They could try only doing the AH part of the
protocol, of course, but even then, using forged, stolen, or otherwise
ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
you can't trust both endpoints its hard to trust the crypto itself...

Perry





From perry at piermont.com  Mon Feb 19 12:42:33 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 04:42:33 +0800
Subject: PING packets illegal?
In-Reply-To: <199602181819.NAA10431@homeport.org>
Message-ID: <199602191922.OAA07064@jekyll.piermont.com>



Adam Shostack writes:
> | If you want to really abuse the protocols, 53 bytes probably fits into the
> | 64 you can send in a ping, so you could implement ATM-over-ICMP :-)
> 
> Err, you can put up to 1500 bytes into an ICMP echo request, if its
> properly implemented.

IP datagrams will store up to 64k (including headers). 1500 bytes is
just a common MTU, but with fragmentation that needn't be a limit.

.pm





From sameer at c2.org  Mon Feb 19 13:12:05 1996
From: sameer at c2.org (sameer)
Date: Tue, 20 Feb 1996 05:12:05 +0800
Subject: COMMUNITY CONNEXION, INC. RESPONDS TO THE SIMON WIESENTHAL CENTER
Message-ID: <199602192005.MAA01242@infinity.c2.org>


For Immediate Release - February 20th, 1996
Contact: Sameer Parekh 510-601-9777x3

COMMUNITY CONNEXION, INC. RESPONDS TO THE SIMON WIESENTHAL CENTER

Berkeley, CA - In an open letter sent to the Simon Wiesenthal Center,
Community ConneXion, Inc., the Internet Privacy Provider, explicitly
stated its refusal to agree to their request to restrict access to
services based on the content of the web pages their customers may
implement using Community ConneXion services.

In a letter to Community ConneXion dated February 6th, the Simon
Wiesenthal Center requested that they refuse to carry messages that
"promote racism, anti-Semitism, mayhem and violence." Their target in
the request was not Usenet, the discussion forums on the Internet
which were recently targeted for censorship by CompuServe, but the
World-Wide-Web, the area of the Internet which allows anyone to serve
their words and ideas to the nearly thirty million people on the
Internet.

Efforts are growing to regulate content on the Internet and restrict
freedom of expression. Community ConneXion, Inc. is opposed to all
forms of censorship. In his response to the Simon Wiesenthal Center,
Sameer Parekh, President of Community ConneXion, issued a statement in
reply to the Center's request that Internet providers pledge to
restrict service, "Community ConneXion, Inc. considers it our civic
duty to provide Internet access, services, and privacy to any
individual or group, no matter what their political or social agenda."

The Simon Wiesenthal Center is asking Internet providers to restrict
access to individuals and groups who would use their services to
promote hateful ideas. "The answer to hateful speech is more speech,"
said Parekh, "Rather than attempting to ban hateful speech, which does
nothing to prevent the hate and the effects of hate in the long run,
human rights groups should devote their time and energies towards
positive activities, such as speaking out debunking the hate groups
and holocaust revisionists. Only by speaking out against the
hate-mongers can any progress be made. Trying to stop them from
speaking will only serve to encourage them."

The very same services that Community ConneXion refuses to censor may
be used by the persecuted groups who are harassed by the anti-Semites
and neo-Nazis to aid them to protect themselves from
persecution. "Using our services someone who may be afraid of the
neo-Nazis, perhaps because they live in a very intolerant town, may
set up web pages speaking out against the anti-Semites, but not reveal
their real name or address. In this way people can provide information
and speak out against the hate without fearing any repercussions. The
very same services which can help drive out hate are the very same
ones which the Simon Wiesenthal Center is asking Internet providers to
restrict."

Community ConneXion, Inc. is the leading provider of privacy on the
Internet. They provide anonymous and pseudonymous Internet access and
web pages in addition to powerful web service, virtual hosts, and web
design consultation. Information is available from their web pages at
http://www.c2.org/.

Attachments: Open letter to the Simon Wiesenthal Center; Community
  ConneXion, Inc. statement on the provision of services to
  controversial viewpoints

February 19, 1996
Rabbi Abraham Cooper
The Simon Wiesenthal Center
9760 West Pico Boulevard
Los Angeles, California 90035

Dear Rabbi Cooper:

	Thank you for your letter concerning the spread of unpopular
views via the Internet.
	Community ConneXion, Inc., The Internet Privacy Provider, is
not going to censor the content of its customers' Web pages. Our
statement regarding provision of services to controversial groups is
attached, as well as our official policies.
	While the reasons to not censor Internet traffic are great, we
will only describe a few of them in order to explain our
decision. First, the best way to fight speech is with more
speech. Second, it violates the fundamentals upon this country was
founded, in particular the ideal of freedom of expression. Finally, we
believe that trying to restrict harmful speech, which, for example,
"conspires against democracy," does more damage to the cause of
democracy than allowing the hateful individuals and organizations to
speak in the first place.
	In order to fight the hateful speech to which your
organization objects, it is more productive to speak out against the
hate and the lies of the anti-Semites and neo-Nazis than to try to
prevent them from speaking. By preventing them from speaking, you are
giving them more allies, and more legitimacy than they would have if
you merely spoke out against them and debunked their words. If you
actually take proactive action towards debunking their lies, people
will understand that they are actually lying. By preventing them from
speaking, you are promoting the idea that they actually might have
something valuable to say.  Hateful action, of course, should be
prosecuted to the fullest extent permissible by law.
	Second, this country was founded on the ideal of freedom of
expression. The First Amendment to the United States Constitution is
the first one on the list of the Bill of Rights. Restricting access to
freedom of expression to only people with acceptable viewpoints is not
true freedom of expression.
	Finally, and most important, restricting speech in order to
ostensibly protect democracy does more to damage democracy than to
help it. Censorship leads towards a more restrictive society, one
which grows ever more similar to the totalitarian government of the
Third Reich, which made the atrocities of the Holocaust possible. In
order to prevent such an atrocity from happening again, no government
must be allowed to gain the power over its citizens that was allowed
the Third Reich. By asking for restrictions on speech you are asking
for a return to the controls which gave the Third Reich its power.
	Therefore, we have taken a stance directly opposed to any and
all forms of censorship.  Community ConneXion, Inc. considers it our
civic duty to provide Internet access, services, and privacy to any
individual or group, no matter what their political or social
agenda. Thank you.

Sincerely,



Sameer Parekh
President
Community ConneXion, Inc.
--
Community ConneXion, Inc.
on the provision of services to those with unpopular viewpoints

The Internet is an unprecedented technological tool which for the
first time in history has democratized communications throughout the
world. It provides tens of millions of people with the tools to
communicate freely and share their ideas to an audience whose size and
diversity was previously unimagined. It is the embodiment of the
concept of an international marketplace of ideas.

As such it deserves to be encouraged and protected from those who
would restrict it. There are those who would limit the use of this
incredible power only to those with popular views. Community
ConneXion, Inc. has a First Amendment right and a moral obligation to
provide groups of all viewpoints with the ability to express their
viewpoints in an unintrusive, non-harassing manner on the Internet.

Given the unprecedented potential and scope of the Internet, Community
ConneXion, Inc. considers it our civic duty to provide Internet
access, services, and privacy to any individual or group, no matter
what their political or social agenda.



Sameer Parekh
President
Community ConneXion, Inc.







From dmandl at panix.com  Mon Feb 19 13:30:52 1996
From: dmandl at panix.com (David Mandl)
Date: Tue, 20 Feb 1996 05:30:52 +0800
Subject: Remailers not heard from; info?
Message-ID: 


At 11:17 AM 2/19/96, Bruce Baugh wrote:
>And as long as I'm asking questions :-), I see that some remailers
>(hfinney at shell.portal.com, hal at alumni.caltech.edu, homer at rahul.net) preserve
>subject lines while others do not. Is this a readily settable option? If so,
>I'd like to commend it to other remailer operators.

Even more important, I believe that many (most?) remailers still leave
signatures in by default.  This is extremely dangerous, and inconvenient
too, since some mail programs make you jump through hoops to turn off the
signature feature.  I think it'd be a good idea if ALL remailers omitted
them by default and, if anything, allowed the sender to optionally leave
his or her signature in (though I imagine that'd be a rare request).

I know that there's no sure-fire way to find signatures that aren't
prefixed by, say "--", but that's better than nothing.

   --Dave.

--
Dave Mandl
dmandl at panix.com
http://www.wfmu.org/~davem







From cp at proust.suba.com  Mon Feb 19 13:51:05 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 20 Feb 1996 05:51:05 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: <199602191921.OAA07056@jekyll.piermont.com>
Message-ID: <199602192044.OAA28265@proust.suba.com>


> However, again, I don't think it will do them much good, especially
> since forcing people to deploy strong cryptography everywhere isn't
> in their best interests. They could try only doing the AH part of the
> protocol, of course, but even then, using forged, stolen, or otherwise
> ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
> you can't trust both endpoints its hard to trust the crypto itself...

It seems to me that the actual result of the Chineese experiment in net
censorship will probably be something in between what the Communist
government is hoping for and what some hard line crypto anarchists are
predicting.  Nets and good crypto tools aren't going to make it possible
for everyone in China with a pc to discuss any subject without fear of
government reprisal, but the new technology will almost certainly result
in a significant loss of control for the state. 

Censorship will persist in China, but evading it will be easier and safer
than it is now.  Nets being what they are, it will be easier for people to
organize, and discussions and debates will probably be more productive
than they are now.  The pressures of crypto anarchy might not be strong
enough to liberate China overnight, but they will exert a powerful and
steady force towards liberalization.  Once Chineese society has coexisted
with a vibrant black information market for a decade or two, making 
things legal will probably seem sensible to most people -- no one will 
expect the sky to fall if people are allowed to speak their minds.






From ipgsales at cyberstation.net  Mon Feb 19 14:10:23 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 06:10:23 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190942.EAA30761@thor.cs.umass.edu>
Message-ID: 


Mon Mar 19,1996

Obviously you want to criticise without investigation. He who knows all, 
   knows little, or nothing accoring to Einstein.

On Mon, 19 Feb 1996 lmccarth at cs.umass.edu wrote:

> "Internet.Privacy.Guaranteed (IPG)" writes:
> >	   CRE Transforms,
> >          trademark IPG, are the only acknowledged unbreakable method
> >          of so transforming digitized information. There are no
> >          passwords, encryption keys, or anything like that to conjure
> >          up, remember, and perhaps forget. 
> 
> Neat trick, unless they're using biometrics, which doesn't appear to be the
> case :}
It uses one time pads - yes - but true OTPs, not random number generators 
with a key like the POTP people. The mere fact that POTP sells the entire 
package, should tell you something. For long Messages, the basic kernel 
of our system is also a random number generator, but the source key, 5600 bits,
is a true random one time pad generated from a hardware source. 

>From that 5600 bits, a combination of a prime number numbers, picked from 
a large random table, by 512 of the random bits, ie 64 large prime 
numbers, and the other random bits are used to generate the random numbers 
used. This in effect creates a humoungous cycled encryption wheel 
system, with over 10 to the 2300th power possibilities before repeats, 
similar to engima but more like the most secured electronic encryption 
systems used prior to the advent of computers.
> 
> [...]
> >                      Don't Waste your time !
> 
> I think they just said it best themselves, but I'll comment a bit more....
> 
You obviously are too informed - since you already know everything, 
perhaps there is nothing more for you to learn so you are right, don't 
waste you time, since you already know, But others, less informed, might 
discover that they do nnot know everything
> [...]
> >          Every informed expert of the
> >          technology will confirm, without reservation, that the IPG
> >          system is not breakable, as many already have!  
> 
> All under NDA, I suppose. Note that they don't even name an "informed expert of
> the technology"; at least the POTP people gave some names.
We did refer people to Paul Leyland as you note in your next paragrapgh - 
Unlike PGP, and other RSA systems, DES, and even POTP, the PCX Nvelopes 
system is mathematically unbreakable - if you labor uner the delusion 
that the PGP protects your privacy be our guest. Ask yourself " Why are 
Freeh, Gore and all the others not screaming more than they are about 
RSA systems, DES systems and so forth? They are talking about 
interceting 1 in 100 messages n urban areas, are they doing it 
because they want to waste their time?
> [...]
> >          A fully
> >          operational integrated multi-user system costs approximately
> >          $140.00 per user, ready to load and go, with thousands, or
> >          millions of Nvelopes and Nvelopeners. IPG also offers full
> >          turnkey leases at $15.00 per user, per network, per
> >          month, which includes all software, upgrades, administration,
> >          and unlimited Nvelopes and Nvelopeners.
> >
> >          As a reference to its unbreakability, we refer you to an
> >          article by Paul Leyland on Internet at:
> > 
> >              http://dcs.ex.ac.uk/~aba/otp.html
> 
> Clearly they (claim to) offer some sort of system using One Time Pads.
> Notice the price quote of "$15.00 per user, per network, per month" including
> "unlimited Nvelopes and Nvelopeners". I suspect this means that they're
> basically selling chunks of (pseudo- ?)random data for as much as $15/person 
> each month!  I guess it's nice work if you can get it. At that price, one
> would hope that they're at least generating truly random bits from a hardware
> source. But their skimpy details on their proprietary processes don't
> inspire confidence....
Every message is encrypted with a separate Nvelope, and as indicated in 
our site, nver repeated. If the message is less than 5600 bits, it is a 
true random one time pad, from hardware sources - if longer, the one time 
pad becomes a random number generator as partially explained previously.
Each nvelope, hardware one time pad, an ADC LOB system,  is used once and 
only once, the system absolutely precludes reuse.  The $15.00 per moth 
keeps all users supplied with the necessary one time pads, which in the 
case of high volume business users might be a few hundred a day, a stock 
broker, anb accountant, auditor, an attorney or the like.
 > >          For more information visit our Web Site at:
> > 
> >              http://www.netprivacy.com/ipg
> 
> In case you didn't get enough hyperbole from the press release, they have
> extra helpings on the Web. This site has numerous pages containing precious
> little real information. I found a few tidbits in unlikely places, though:
> 
> In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
> that they "can help you to make some big bucks through the PCX Nvelopes
> Multi - Level - Marketing Plan", it says:
> 
> > With our manufacturing process it is relatively easy for us
> > to manufacture a ready to go system, for 25 users, or for
> > 2,500 users.  All the user has to do is to prepare a
> > DIR.LST, a Directory Listing of the users. We use that as
> > the template and manufacture the system. 
> 
> This is actually a little scary. According to one of their other web pages, 
> the DIR.LST file is a numbered list of user names and email addresses. So it
> appears that a customer hands over a list of names and addresses, and IPG
> assigns a set of one-time pads (or something) to each pair of users on the 
> list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
> will be used between any pair of email addresses on the list it has !  
> The EES is starting to look attractive by comparison. 
> 

Obviously you again already know everything, so there is no need to 
try to explain it to you, but others might be interested. As to 
combinatorial explosion, it really ius not as ad as people might think!
A user does not jave to keep all the combinations, only the ones paired 
with, thus in a thousand user system, there is only a need for 999 paired 
Nvelope and Nvelopeners, and some of those will little usage. We keep 10 
Nvelopes/Nvelopeners for each pair, 20 in duplex, and each is 700 bytes.
Thus in a 1000 user system, about 7.2 MB would be required to handle all 
the one taime pads, a lot os space but not unmageable, As Nvelopes are 
used, they are replensihed accordingly to a heuristic algorithm built 
into the system. 
  
> > It becomes a load
> > and go installation at each of the user sites. 
> 
> Gee, why are we all so worried about key management ?  It's just a load and
> go installation at each of the user sites !  ;)
> 

That is precisely why PCX Nvelopes is such an extraordinary system. 
That is the beauty of PCX Nvelopes, it lifts that  burden from the 
user, eliminates it entirely. You may have worried about key 
management, but with our system, you will not have to do so in the 
future. The system itself, manages all the OTPs, you do not have to do 
anything but use the system. Key management is the problem with all existing 
systems, but it is no problem at all with the PCX Nvelopes system, as you would 
see if you looked at the system, instead, of talking about something 
when you have no idea at all of what it is about. The first set of keys 
must be sent by a secure source, US mail, FED EX, or whatever, but
thereafter, all updates can be accomodated over Internet. 


 > > We will even prepare, or help prepare, the DIR.LST for 
users. > >
> > While we have the software and manufacturing facility to do
> > that quickly, it is not easily transportable, to say the
> > least, and certain aspects of it, we consider highly proprietary.
> 
> "not easily transportable, to say the least" ???  
> Any ideas to what this might refer ?
The combinatorial problem that you referred to previously, would indeed 
generate almost 500,000 pair sets, which we call packets. What is the 
best way to generate those 499,500 sets? 999 We can automatically generate 
them, and all the software that goes with them on 1000 sets of 6 diskettes
each, each of which goes through a separte verification process, and certification 
process, larger systems are delivered in parts, two diskettes 
direct, and the others over internet. 

> 
> OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
> about their proprietary, immobile RNG methods:
> (from http://www.netprivacy.com/ipg/comp.html)
> 
> >         How do we Achieve such High Standards?
> >                  First Class Quality Control!
> >
> > We achieve unusually high standards of excellence because
> > of the manufacturing process. Over 30%, sometimes as high as 
> > 50% or more of our Nvelopes, Nvelopeners, are discarded 
> > because they cannot meet our rigid standards. Also our 
> > Nvelopes and Nvelopeners are subjected to a battery of 
> > performance tests to insure that when used, they will meet the 
> > high standards that you would expect.
Every onetime pad is subjected to analysis at the bit level, character 
level, couplet level, triplet level, and set level, 5600 bits. As you 
might, but probably do not know, all hardware generation of OTP's are 
irregular, otherwise they are not random. Thus at times, a hardware 
source, such as ADC LOB system, can generate nonrandom data, unless 
this is checked, it can destroyed the integrity of your system. At all 
levels, we check standard deviation, chi Square, Delta IC, and other 
statistical tests. Moreover, we check sets of packet, at the 2, 4, 8, 
16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384 etal. Our 
packets are random, and you can take that to the bank.   

> 
>  It's a jungle out there....
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
  - Einstein - He who thinks that he knows everything, knows 
                     nothing.






From cea01sig at gold.ac.uk  Mon Feb 19 14:11:18 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Tue, 20 Feb 1996 06:11:18 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


Alan,

I agree that I was looking at *Arabic* Islam, in which specific bad
features of Arabic culture have congealed with the religion.  It is as if
I were to judge Christianity solely by reference to the Spanish Inquisition.

However, this being said, it is presently true that Arab Islam is the 
most important single strand.  It may be that the softer oriental 
versions will gradually take over.  If so, this is to be desired.  
Indeed, so far as we can, we should even encourage this.  In the 
meantime, though, I think it wise to be aware of the nastiness of much 
actually existing Islam, and to challenge any claims that its devotees 
may make to moral superiority over our own civilisation.  I think I was 
too harsh in my postings of last week.  But I stand by my dislike of the 
Islam that I most often see.

Yours ever,

Sean.

PS	I seem to be breaking my self-denying ordinance about postings on 
Islam to the list.  But this I suppose only confirms Tallpaul's doubts 
regarding the honour and consistency of libertarians!

On Mon, 19 Feb 1996, Alan Horowitz wrote:

> Sean,
> 
> Women's place in Islam is just fine. The problem is that _Arabs_ like to 
> define their ages-old cultural suppression of woman as Islamic. Which it is
> not.
> 
> YOu in England are dealing with an unrepresentative sample of the Islamic 
> world. May I suggest a few weeks of traveling through Java and Mindanao, 
> to see another side of the coin.
> 
> The crusaders liked to define their thuggery and thievery in the Balkans 
> and middle East as being driven by Christian imperatives. Should we say 
> that the Crusader's *actions* were a good definition of "christian 
> principles"?
> 
> Alan Horowitz
> alanh at norfolk.infi.net
> 
> 





From reagle at rpcp.mit.edu  Mon Feb 19 14:44:53 1996
From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Tue, 20 Feb 1996 06:44:53 +0800
Subject: ITAR Amended to Allow Personal Use Exemption
Message-ID: <9602192117.AA08428@rpcp.mit.edu>


>From the most recent RISKS:

>RISKS-LIST: Risks-Forum Digest  Friday 16 February 1996  Volume 17 : Issue 75
...

Date: Fri, 16 Feb 96 14:04:39 EST
From: denning at cs.cosc.georgetown.edu (Dorothy Denning)
Subject: ITAR Amended to Allow Personal Use Exemption 

Today's Federal Register contains a notice from the Department of State,
Bureau of Political Military Affairs, announcing final rule of an amendment
to the International Traffic in Arms Regulation (ITAR) allowing U.S. persons
to temporarily export cryptographic products for personal use without the
need for an export license.  The product must not be intended for copying,
demonstration, marketing, sale, re-export, or transfer of ownership or
control.  It must remain in the possession of the exporting person, which
includes being locked in a hotel room or safe.  While in transit, it must be
with the person's accompanying baggage.  Exports to certain countries are
prohibited -- currently Cuba, Iran, Iraq, Libya, North Korea, Sudan, and
Syria.  The exporter must maintain records of each temporary export for five
years.  See Federal Register, Vol. 61, No. 33, Friday, February 16, 1996,
Public Notice 2294, pp. 6111-6113.

Dorothy Denning 

   [This will probably become known as the Matt Blaze exemption.
   See Matt's ``My life as an international arms courier" in RISKS-16.73,
   6 January 1995.  PGN]   

------------------------------

Date: Fri, 16 Feb 1996 13:18:02 -0500 (EST)
From: Educom 
Subject: Spreading the Word (Edupage, 15 February 1996)

*The Washington Post* has reported that a Maryland family received a number
of threatening calls after a University of Maryland student used the
Internet to circulate a hearsay allegation that a daughter in the family was
being mistreated by her mother.  Posting his message on Internet newsgroups
concerned with child welfare, psychology, left-wing politics, and civil
liberties, the student urged people to call the mother "at home and tell her
you are disgusted and you demand that she stops."  The student claims: "You
should be able to write what you want on the Internet, whether it's true or
not."  (*Houston Chronicle*, 14 Feb 1996, 2A)

------------------------------
_______________________
Regards,               "Men are not against you; they are merely for 
			themselves." -Gene Fowler
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle at mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88






From bruce at aracnet.com  Mon Feb 19 14:50:13 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 06:50:13 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960219213114.006a3f04@mail.aracnet.com>


At 03:25 PM 2/19/96 -0500, Dave Mandl wrote:
>
>I know that there's no sure-fire way to find signatures that aren't
>prefixed by, say "--", but that's better than nothing.

A fix along the lines of

::
don't-send-anything-after-this

might be readily applicable.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From rittle at comm.mot.com  Mon Feb 19 14:56:55 1996
From: rittle at comm.mot.com (Loren James Rittle)
Date: Tue, 20 Feb 1996 06:56:55 +0800
Subject: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: 
Message-ID: <9602191718.AA11463@supra.comm.mot.com>



>Given that the world of telephony is moving towards Local Number Portability,
>isn't it inevitable that the internet will be expected to provide the
>equivalent functionality?

You have this today in the form of symbolic addresses mapped to an
IP number via DNS (domain name service).

Under IPng, all this becomes easier to manage in the long run, but
DNS has been around for a long time.  I'd bet that the phone company
stole the idea from the Internet... :-)

Loren

-- 
Loren J. Rittle (rittle at comm.mot.com)	PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240)	FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc.				FP2048:FDC0292446937F2A240BC07D42763672
(708) 576-7794				Call for verification of fingerprints.





From adam at lighthouse.homeport.org  Mon Feb 19 15:01:19 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Tue, 20 Feb 1996 07:01:19 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602192141.QAA14697@homeport.org>


Since you're convinced that your system can stand scrutiny, why not
post a URL for a paper describing the algorithims, key management,
etc, of your system.  What you've posted here is unparseable, with the
exception of some nonsense, which parses to `We know enough to be
dangerous.'

Adam


IPG Sales wrote:

| >From that 5600 bits, a combination of a prime number numbers, picked from 
| a large random table, by 512 of the random bits, ie 64 large prime 
| numbers, and the other random bits are used to generate the random numbers 
| used. This in effect creates a humoungous cycled encryption wheel 
| system, with over 10 to the 2300th power possibilities before repeats, 
| similar to engima but more like the most secured electronic encryption 
| systems used prior to the advent of computers.

|   - Einstein - He who thinks that he knows everything, knows 
|                      nothing.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume









From bruce at aracnet.com  Mon Feb 19 15:39:18 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 07:39:18 +0800
Subject: Some thoughts on the Chinese Net
Message-ID: <2.2.32.19960219221817.006ce4a8@mail.aracnet.com>


At 02:44 PM 2/19/96 -0600, Alex Strasheim  wrote:

>steady force towards liberalization.  Once Chineese society has coexisted
>with a vibrant black information market for a decade or two, making 
>things legal will probably seem sensible to most people -- no one will 
>expect the sky to fall if people are allowed to speak their minds.

I'd like to agree, but I'm afraid I can't. Notice that many years of
widespread use of currently illegal drugs in the US has not translated into
widespread willingness to say that the drugs should be legal. Nor has the
experience of decades of black markets turned into widespread Russian
willingness to allow a lot more freedom: what they call "profiteering" and
punish heavily is mostly what we call "wholesaling" and regard as an
essential part of mundane distribution.

Cognitive dissonance is really, really easy to come by, and hard to remove. 

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bruce at aracnet.com  Mon Feb 19 15:40:34 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 07:40:34 +0800
Subject: Net Partying Last Week?
Message-ID: <2.2.32.19960219215923.006c3540@mail.aracnet.com>


I'm noticing something odd in the course of my remailer tests. There's an
across-the-board increase in turnaround times for Sunday/Monday as compared
with Friday/Saturday. Was there some remailer cyberbash I don't know about,
or was this more likely to be a local problem?

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From raph at kiwi.cs.berkeley.edu  Mon Feb 19 15:59:45 1996
From: raph at kiwi.cs.berkeley.edu (Raph Levien)
Date: Tue, 20 Feb 1996 07:59:45 +0800
Subject: Remailers not heard from; info?
In-Reply-To: <2.2.32.19960219213114.006a3f04@mail.aracnet.com>
Message-ID: <199602192239.OAA31378@kiwi.cs.berkeley.edu>


Bruce Baugh wrote:
> A fix along the lines of
>
> ::
> don't-send-anything-after-this
>
> might be readily applicable.

   This is simply the "cut" feature of remailers, which is already
implemented.

   In response to your question about preserving subject headers,
there are actually three different behaviors. The default is to
preserve the subject header if the input message is not encrypted,
otherwise to discard it. The other two behaviors (nsub and ksub) are
to preserve or discard the subject header, respectively. I do not
recommend nsub, because it is allows tracing a message through the
subject header. No currently operational remailers have nsub behavior.

   In response to your question about remailers which haven't
responded to your tests, remail at c2.org is quite functional. I have no
idea why it did not respond. The other remailers are no longer
functional. In general, when I take a remailer off the page, it is
because it has been non-functional a few weeks, when the remailer
operator announces that it will be taken offline, or (temporarily)
when I know that the remailer will be unavailable or unreliable for a
while. There may be publicly known functioning remailers which are not
on my list, but I rather tend to doubt it.

   In general, I applaud independent work confirming or confronting my
remailer-list, but I ask that you please RTFM before doing things like
suggesting new features.

ObNoise: do any of our resident lawyers have any idea whether "RTFM"
is indecent?

Raph





From cp at proust.suba.com  Mon Feb 19 16:04:48 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 20 Feb 1996 08:04:48 +0800
Subject: Remailers not heard from; info?
In-Reply-To: 
Message-ID: <199602192241.QAA28619@proust.suba.com>


> Even more important, I believe that many (most?) remailers still leave
> signatures in by default.  This is extremely dangerous, and inconvenient
> too, since some mail programs make you jump through hoops to turn off the
> signature feature.  I think it'd be a good idea if ALL remailers omitted
> them by default and, if anything, allowed the sender to optionally leave
> his or her signature in (though I imagine that'd be a rare request).

Couple of problems:

o   Some of us -- like me -- like to use double dashes to separate text. 
The penet remailer used to drive me crazy, it always stripped off the
bottom of my posts.

o   Someone using a nym might want to use a sig.

o   Very few mailers make people use sigs -- usually just the ones on 
bbs's.  If people want to use crummy broken mailers, they ought to be 
willing to take the consequences.

o   Depending on a remailer to strip your sig doesn't give you security wrt
the remailer operator.  If you use encryption, the last remailer on the
chain will see your sig, which will be in the innermost encrypted block. 
That defeats the purpose of chaining.  If you're not using encryption, you 
don't have any security anyay.

A better solution might be a specialized remailer that strips sigs for 
people who need the service.  People who need sig stripping could put 
that remailer in the chain, and the rest of us could handle our sigs on 
our own.

I think we're moving more towards systems that require remailer clients 
(like mixmaster) anyway.





From mch at squirrel.com  Mon Feb 19 16:10:35 1996
From: mch at squirrel.com (Mark C. Henderson)
Date: Tue, 20 Feb 1996 08:10:35 +0800
Subject: Encryption in software licenses...
Message-ID: <199602192246.OAA01658@squirrel.com>


On Feb 19, 14:25, "David J. Bianco" wrote:
} Subject: Encryption in software licenses...
} Does anyone have a pointer to any good discussions on how to build programs
} with encrypted license keys?  ftp.csua.berkeley.edu used to have such a file
} (/pub/cypherpunks/cryptanalysis/license.asc.gz), but the archive hasn't
} been accessible for a few days.  Although I remember this to be mostly about 
} how to crack such schemes, it has lots of useful information about how they
} are designed in the first place.

license.asc.gz and some other related stuff is available on
ftp://utopia.hacktic.nl/pub/replay/pub/cracking

This all goes back to the familiar lesson for all of us reading this 
newsgroup, the easy way to break most practical applications of 
cryptography is to find a way to "work around" or "subvert" the 
cryptosystem being used. 

Consider two popular UNIX licence managers

FlexLM - uses weak cryptography by default to produce licence keys, 
although vendors can plug in their own 

Elan (V4.1 and above) - can use DES or a 5-rotor enigma. Both of these
are better cryptosystems than that used by FlexLM.

Now, does anyone here think that Elan is significantly harder to 
crack than FlexLM because it uses better cryptography than FlexLM? I 
hope not. 

The Elan marketing literature makes the use of DES sound like a big 
advantage. But, it doesn't make any difference to the cracker. 

There is actually some good content in the marketing goo at
http://www.globetrotter.com
http://www.elan.com
if you're willing to sift through it.

Writing and debugging a floating network licence manager which is 
reliable and multiplatform is hard. For a real challenge, try and put 
in some sort of redundancy (multiple hosts), and keep everything 
sane. The danger for a software vendor is that they end up with a 
good software product, which has a licence manager that makes it 
unreliable and causes problems for customers. I've seen this happen a 
few times. In this senario, customers often abandon the product and 
stop paying for support and upgrades, which are a significant part of 
the income of a software vendor. If word gets around (and it will), 
that your licence manager is buggy will adversely effect new sales. 

I'm a sysadmin, and every time a licence manager craps out and needs 
to be restarted, users can't use their software until they can get a 
hold of me. For some products (I'm not going to mention names), this 
happens on a more or less weekly basis. Licence manager malfunctions 
are relatively rare with products like FlexLM and Elan. The 
home-grown licence managers tend to be a real problem from a systems
administration point of view. 

Here are my free (and worth every penny you paid) recommendations
to a software vendor considering some sort of software based licence 
management scheme.

1. Trust your customers (best choice!!!) and concentrate your efforts 
on producing good quality software. This way you'll get more 
customers, etc. Crackers will be able to get around any sort of 
licence-management scheme anyway (just check out Usenet newsgroups 
devoted to binary mods to unlock applications and distributing keys 
for applications) 

2. Buy an off-the-shelf licence manager which has a good 
track-record. It will already have the worst bugs worked out. Better 
to spend time working on improving the software you are trying to 
licence. 

3. If you must roll-your-own, avoid trying to write a 
network-floating licence scheme. These are harder to write and have a 
lot more potential to turn an otherwise good product into a worthless 
piece of crap. 

4. If you must roll-your-own network-floating licence manager, be 
prepared to expend a lot of time and effort debugging and testing. Be 
sure to build in some sort of redundancy

I mention FlexLM and Elan because I know a fair bit about them. This isn't
an endorsement, etc.

-- 
Mark Henderson -- markh at wimsey.bc.ca, henderso at netcom.com, mch at squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer - ftp://ftp.wimsey.com/pub/crypto/README.html
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.3.tar.gz





From bruce at aracnet.com  Mon Feb 19 16:27:20 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 08:27:20 +0800
Subject: NET_run
Message-ID: <2.2.32.19960219225440.006e9bb0@mail.aracnet.com>


>   2-19-96. NYT:
>
>   "In this new game, you'll never play with a full deck."
>
>      Sometime next month a game will be played on the
>      Internet, challenging surfers to leap between sites,
>      solving puzzles and cracking codes that will give them
>      access to secret data hidden behind firewalls and
>      software barriers. 

Okay, I just checked with Wizards of the Coast, and here's the story.

Netrunner is indeed a card game. As part of the intro publicity, some demo
games will be run on the Web. (No, no info about that at the moment.) The
rest is the intersection of overenthusiastic publicity folks and clueless
reporters. "Go, marketing department, go" were the exact words of my friend.

However, he also says that the game is an exceedingly cool one, and that
those of you who like the collectable card games should check it out.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From cp at proust.suba.com  Mon Feb 19 16:53:08 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Tue, 20 Feb 1996 08:53:08 +0800
Subject: Some thoughts on the Chinese Net
In-Reply-To: <2.2.32.19960219221817.006ce4a8@mail.aracnet.com>
Message-ID: <199602192342.RAA28868@proust.suba.com>


> I'd like to agree, but I'm afraid I can't. Notice that many years of
> widespread use of currently illegal drugs in the US has not translated into
> widespread willingness to say that the drugs should be legal. 

This is a a bad example:  drugs are a destructive, negative thing, and 
practical experience with them makes people wary.  Freedom, on the other 
hand, it a good thing and experience with it will bear that out.

Having said that, there is a lot of support for legal and non-violent ways
to distribute drugs.  I would be surprised if it doesn't happen in 20 or
30 years.

> Nor has the
> experience of decades of black markets turned into widespread Russian
> willingness to allow a lot more freedom: what they call "profiteering" and
> punish heavily is mostly what we call "wholesaling" and regard as an
> essential part of mundane distribution.

I'll have to defer to you on this -- I don't know the ins and outs of
commerce in Russia.  But my impression, as an uninformed layman, was that
the experience with illegal capitalist trading in the black market had
preceeded (and softened them up for?) legal capitalist transactions above
ground. 





From ipgsales at cyberstation.net  Mon Feb 19 16:53:26 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 08:53:26 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192141.QAA14697@homeport.org>
Message-ID: 




On Mon, 19 Feb 1996, Adam Shostack wrote:

> Since you're convinced that your system can stand scrutiny, why not
> post a URL for a paper describing the algorithims, key management,
> etc, of your system.  What you've posted here is unparseable, with the
> exception of some nonsense, which parses to `We know enough to be
> dangerous.'
> 
> Adam
> 
> 
> IPG Sales wrote:
> 
> | >From that 5600 bits, a combination of a prime number numbers, picked from 
> | a large random table, by 512 of the random bits, ie 64 large prime 
> | numbers, and the other random bits are used to generate the random numbers 
> | used. This in effect creates a humoungous cycled encryption wheel 
> | system, with over 10 to the 2300th power possibilities before repeats, 
> | similar to engima but more like the most secured electronic encryption 
> | systems used prior to the advent of computers.
> 
> |   - Einstein - He who thinks that he knows everything, knows 
> |                      nothing.
> | 
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
> 
> 
> 
> 
We are not currently revealing all the details of our system because of 
patents in process, and other relat6ed matters. We are offering the 
software. You should be able to readily decompile it and determine the 
algorithms used andf how they are used to generate random number sequences 
for very long files.  For short messages, a true OTP is used directly. 

If you are aware of encrtypting technology, you recognize that hardware 
prime number cycle wheels for the basis of some of the most secured 
hardware systems employed for encryption. We simply expand that technogy 
using software to set an intial setting, an adder, and a limit for 64 
such wheels, using large random prime numbers for each of those settings. 
The total number of possibilities is over 10 to the 1690th power and can 
be much larger. 

Thus we can eliminate the need to have the length of the OTP to be equal 
to the length of the file - if you do not belive that it works, try it 
and see - it takes inly a few hours to set such a trial up. We generated 
over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
standard deviations, chi squares, Delta ICs for bits, characters, sets, 
and the entire set were random. The sets are random, and you can take 
that to the bank. 

Someone, will decompile it and discover that it is truly random, at least 
from the practical usage basis. But we need that time to file patents, 
cvopyrights and the like. 

The IPG system solves the key management problem and produces a truly 
unbreakabkle system. We make no apologies for not currently revealing all 
of the methodologies andf algorithms, but they will be revealed with 
time, by us or others, and you will discover that it is indeed a simple, 
easy to use, easy to install, truly unbreakable system.

"Unless we know, we do not experience by talking," Plato
  





From perry at piermont.com  Mon Feb 19 17:10:42 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 09:10:42 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602192346.SAA00359@jekyll.piermont.com>



IPG Sales writes:
> We are not currently revealing all the details of our system because of 
> patents in process,

Bull. Once you have applied for the patent you no longer need be
secret -- indeed, you can still apply for a patent up to one year
after full publication.

> We are offering the software. You should be able to readily
> decompile it and determine the algorithms used andf how they are
> used to generate random number sequences for very long files.

Something tells me it wouldn't be worth my while. Until you guys get a
clue, none of my clients on Wall Street or elsewhere are coming within
a mile of your products. I won't even waste my time looking at them.

> If you are aware of encrtypting technology, you recognize that hardware 
> prime number cycle wheels for the basis of some of the most secured 
> hardware systems employed for encryption.

The cypherpunks mailing list is composed of some of the most
knowledgeable people in the field of cryptography in the
world. Therefore, you will pardon my noting that the phrase "prime
number cycle wheels" isn't a term any of us are familiar with. I don't
find the term anywhere in any of the literature, I don't recall it,
and if it was anything more than marketingese I would have. You do
seem to know enough to know that prime numbers play a bit of a role in
modern cryptography, but that seems to be it. They play very little
role in non-public key systems like yours.

> We simply expand that technogy 
> using software to set an intial setting, an adder, and a limit for 64 
> such wheels, using large random prime numbers for each of those settings. 
> The total number of possibilities is over 10 to the 1690th power and can 
> be much larger. 

Spare us the bull. You don't get security in a crypto system from
having impressive combinatorial explosions. A simple monoalphabetic
substitution can claim to have 403291461126605635584000000 possible
keys and you wouldn't trust your six year old cousin not to crack
it. (the number would be far, far more impressive if I'd taken all
ASCII characters instead of just the alphabet of 26 letters in to
account).

> Someone, will decompile it and discover that it is truly random, at least 
> from the practical usage basis.

"Truly random" and "for practical purposes" don't mix. If it isn't
truly random, then the question is whether or not the thing is, in
fact, a strong encryption system.

Time and time again, snake oil salesmen come up and delude themselves
and others into thinking that they have some sort of great encryption
system and time and time again it cracks open like an egg. You guys
have all the stigmata.

> The IPG system solves the key management problem

Public key cryptography did that 20 years ago. Where have you been?

> and produces a truly unbreakabkle system.

The only system that is truly unbreakable is a true one time pad, not
a fake one.

> We make no apologies for not currently revealing all 
> of the methodologies andf algorithms,

Too bad. You should be embarassed to even open your mouths.

Perry





From abostick at netcom.com  Mon Feb 19 17:12:32 1996
From: abostick at netcom.com (Alan Bostick)
Date: Tue, 20 Feb 1996 09:12:32 +0800
Subject: NET_run
In-Reply-To: <199602191315.IAA19551@pipe1.nyc.pipeline.com>
Message-ID: <7eLKx8m9LMaA085yn@netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602191315.IAA19551 at pipe1.nyc.pipeline.com>,
John Young  wrote:
>    2-19-96. NYT:
> 
>    "In this new game, you'll never play with a full deck."
> 
>       Sometime next month a game will be played on the
>       Internet, challenging surfers to leap between sites,
>       solving puzzles and cracking codes that will give them
>       access to secret data hidden behind firewalls and
>       software barriers. The new game is Netrunner, set in the
>       "dark techno-future" in which "ruthless corporations
>       scheme to accomplish secret agendas as they build
>       elaborate fortresses of data." In opposition to such
>       plots, "anarchistic netrunners hack the system,
>       infiltrating data forts to liberate information." It was
>       created by Richard Garfield, who applied his doctoral
>       training in combinatorial mathematics -- a field that
>       studies the interaction of objects in complex systems.

"Created by Richard Garfield??!!  Not bloody likely!

Netrunner is Wizards of the Coast's licensed adaptation of an existing
paper-and-dice roleplaying game, Cyberpunk(TM), created by Mike Pondsmith
and published by R. Talsorian Games.  The game was inspired by the
cyberpunk literary movement in general and the writing of Walter Jon
Williams (author of HARDWIRED) in particular.  (RTG's Cyberpunk(TM) game
should not be confused with Steve Jackson Games' GURPS Cyberpunk module
for Jackson's GURPS role-playing system, which was published later.)

"What the hell does this have to do with cryp%*##~~~
NO CARRIER
OK 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSi6X+VevBgtmhnpAQFW2wMAl3fUfG2PA+8Zh5x2dek5JGFS2Lzkpk4G
RGDweUo4PHPZy+U9HiG54LQ1+d8zI2KVirb67e0EE1hYHyMWi8Is9yZGtTgmo3hl
aTl8fN/CwbU4hXzM1OUDFHT1rpYjYviz
=B8TO
-----END PGP SIGNATURE-----





From m5 at dev.tivoli.com  Mon Feb 19 17:15:33 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Tue, 20 Feb 1996 09:15:33 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192141.QAA14697@homeport.org>
Message-ID: <9602192353.AA14887@alpha>



IPG Sales writes:
 > For short messages, a true OTP is used directly. 

Quick question: does anybody at IPG know what the "O" in "OTP" stands
for?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From droelke at rdxsunhost.aud.alcatel.com  Mon Feb 19 17:42:18 1996
From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 20 Feb 1996 09:42:18 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602200007.AA09268@spirit.aud.alcatel.com>


> From owner-cypherpunks at toad.com  Mon Feb 19 17:50:19 1996
> Date: Mon, 19 Feb 1996 17:17:52 -0600 (CST)
> From: IPG Sales 

> We are not currently revealing all the details of our system because of 
> patents in process, and other relat6ed matters. We are offering the 
> software. You should be able to readily decompile it and determine the 
> algorithms used andf how they are used to generate random number sequences 
> for very long files.  For short messages, a true OTP is used directly. 

Marketing Fluff - read "we don't *want* to revel it".  Patent stuff doesn't
take long to get the initial disclosures filed.  Cypherpunks are 
generally engineers and are immune to such crap.  

> If you are aware of encrtypting technology, you recognize that hardware 
> prime number cycle wheels for the basis of some of the most secured 
> hardware systems employed for encryption. We simply expand that technogy 
> using software to set an intial setting, an adder, and a limit for 64 
> such wheels, using large random prime numbers for each of those settings. 
> The total number of possibilities is over 10 to the 1690th power and can 
> be much larger. 

So.  Large "random" prime numbers are generated.  From what?  How?
Obviously these act as keys to your "OTP".  Figure out how to 
match this prime and you can generate the same "OTP".

> Thus we can eliminate the need to have the length of the OTP to be equal 
> to the length of the file - if you do not belive that it works, try it 
> and see - it takes inly a few hours to set such a trial up. We generated 
> over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
> standard deviations, chi squares, Delta ICs for bits, characters, sets, 
> and the entire set were random. The sets are random, and you can take 
> that to the bank. 

So the data coming out appears random.  Big whoopie.  Lots of algorithms
can generate the same thing.

The key is how do you seed that random number generator? 

This isn't even close to being a OTP.  A OTP by definition has a random
set of data that is transmitted to the receipient over a seperate
secure channel from the actual message to be sent.  The actual message
and the OTP are XOR'ed together and sent.  The receipient then XORs
the OTP and the encrypted message to get plaintext.

That is pretty simple - even a marketing drone should be able to figure
that one out.

Now - explain how (in generic terms) your system acts as a OTP.

> Someone, will decompile it and discover that it is truly random, at least 
> from the practical usage basis. But we need that time to file patents, 
> cvopyrights and the like. 

Yes - hopefully someone will take the time and money to decompile it.
.... but if you are so sure of yourself,
why not give away some demo copies.  Why not source of the security
functions?  (Shove that patent crap someplace - you wouldn't be 
selling it if your disclosures weren't already filed)

> The IPG system solves the key management problem and produces a truly 
> unbreakabkle system. We make no apologies for not currently revealing all 
> of the methodologies andf algorithms, but they will be revealed with 
> time, by us or others, and you will discover that it is indeed a simple, 
> easy to use, easy to install, truly unbreakable system.

"unbreakable" - Bullshit - you obviously don't know crap.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke at aud.alcatel.com                             Richardson, TX






From cea01sig at gold.ac.uk  Mon Feb 19 17:47:40 1996
From: cea01sig at gold.ac.uk (Sean Gabb)
Date: Tue, 20 Feb 1996 09:47:40 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


I did say I wouldn't send this review.  But having broken purdah once 
already this evening, I see no harm in doing so again.

Sean Gabb.

This article was published in Free Life, No. 20, August 1994.

       _The Status of Women in Islam_
             Dr Jamal A. Badawi
 Islamic Propagation Centre International (UK),
     Birmingham, no date, 28 pp, Pounds 1.05
                  (No ISBN)


I have  among my books  various works  by Hewlett Johnson,  the
"red Dean  of Canterbury", published  in the  1940s.  In  their
gushing, literal  acceptance  of every  Soviet  lie, they  read
oddly like  one of  Peter Simple's  parodies.  Was  this man  a
fool?   Was he a  villain?   Was he something of  both?  I have
never bothered  checking.   All  I can  say is  that his  works
remain  a good  example  of how  a  thoroughly evil  system  of
thought and  government can be  portrayed with  some persuasive
force as its exact opposite.

Reading Dr Badawi's pamphlet puts me strongly in  mind of these
works.  Of course,  I should never dream of  calling its author
a villain or exactly a fool.  I have no doubt that he  believes
every word  he has written, or  that he has some  understanding
of the  matters here discussed.  Even so, he does put forward a
point of view that is supported neither by a candid reading  of
the sacred  texts to which he appeals, nor by the most fleeting
glance at  any of  the societies,  now or  ever existent,  that
have taken these texts at all seriously.

Dr Badawi begins:

     The accusation that Islam oppresses women  is nothing
     new   but  a  perpetuation   of  the   centuries  old
     deliberate  distortion and  misrepresentation of  the
     Western world. (p.5)

He concludes, _inter alia_:

     It   is  impossible   for  anyone   to  justify   any
     mistreatment of women  by any decree of rule embodied
     in the Islamic Law, nor could anyone  dare to cancel,
     reduce,  or  distort the  clear-cut  legal  rights of
     women given in Islamic Law.  (p.23)

Taken in  their  ordinary, natural  meaning,  these claims  are
false, and are easily demonstrated to be false.

Let  us first  examine Dr  Badawi's use  of  the term  "Islamic
Law".   This  is not, as  some of his readers  might suppose, a
single,  unambiguous body of law - such as  can be found in the
_Code Napoleon_, or even, if with considerable training, in the
English common  law. It is  derived from  many sources.   First
there  is the Koran, which is a long  and not always clear text
allegedly  dictated  to  Mohammed  by  the  Archangel  Gabriel.
Second there are the _hadith_, which are the  traditional stories
of what  Mohammed said  and did  on various  occasions.   Since
there  are  nearly   two  million  of  these,  and  they  often
contradict one  another, there has been  much room for  dispute
as to their collective meaning.  Third,  there is the _ijima_, or
the  consensus of opinion among learned Moslems.  Fourth, there
is _qiyas_,  this being  a  process  of analogical  reasoning  by
which,  in  the absence  of any  other rule,  a case  is  to be
decided in a manner consistent with the existing body of law.

This aside,  Islam has over  the centuries   divided into  many
sects,  each with  its own  doctrinal emphases  and accretions.
It is therefore  quite impossible - except on the  most obvious
sectarian  grounds  - to  claim  the  existence of  any  single
Islamic  Law, or  any "clear-cut  legal rights"  held under it.
This allows  Dr Badawi to  sweep aside  many objections to  his
argument based on actual practice in Islamic societies.   Or so
it  would  were  he  only  to  admit  the  existence  of  these
practices.   He  says nothing  of female  circumcision, or  the
selling  of  brides, or  the  power  of life  and  death  often
possessed -  and often  exercised -  by Moslem  men over  their
womenfolk.   He does, however, allude  to them in the  expected
manner:

     It is... a  fact that  during the  downward cycle  of
     Islamic  Civilisation, [Islamic]  teachings were  not
     adhered to by many people who profess  to be Muslims.
     (p.23)

Yet  even  if  we follow  Dr  Badawi's  advice,  to  "make  any
original   and  unbiased   study  of   the  sources   of  these
teachings", we find  much that falls short of what  is normally
meant by  equality -  and much  that is  at least  inconsistent
with his claims.

Take,  for  example, marriage.    Here,  Dr Badawi  contradicts
himself.  He claims that husbands and wives  "have equal rights
and claims  on one another". (p.16)   He immediately adds  that
husbands have  the  exclusive  "responsibility" of  leadership.
His  biological  justification for  this  is  irrelevant -  and
would  remain so  were  it  true.   An equality  of  rights and
claims, plus  leadership!  There  is a  twisting of words  that
Hewlett Johnson himself might not have dared make so crudely.

Turning  to divorce,  Dr Badawi  makes no  explicit claim,  but
uses a  form of words that implies an equality of rights.  This
is   not  an   equality  recognised   by  any   Islamic  jurist
uninfluenced by  Western legal concepts.   The  general outline
of  Islamic divorce law -  an outline more or  less accepted by
all jurists  before this century -  was summarised thus by  the
Privy Council in 1861:

     It appears that by the  Mohammedan law divorce may be
     made in either of two forms:  _Talak_ or _Khoola_.

     A divorce by  _Talak_ is the mere arbitrary act  of the
     husband, who  may  repudiate  his  wife  at  his  own
     pleasure.  But if he adopts that course  he is liable
     to  repay her  dowry, or _dyn-mohr_, and,  as it seems,
     to give up any jewels  or paraphernalia belonging  to
     her.

     A divorce  by _Khoola_ is a  divorce with the  consent,
     and at the instance, of the wife, in  which she gives
     or  agrees to give a consideration to the husband for
     her release  from the marriage tie.   In such a  case
     the terms of the bargain  are a matter of arrangement
     between the  husband and wife, and  the wife may,  as
     the  consideration, release  her _dyn-mohr_  and  other
     rights, or make any other  agreement for the  benefit
     of the husband.^1 

A  man can  divorce his wife  at any time, without  consent.  A
woman  must negotiate  and then  often buy  her  way out  of an
unsuitable marriage.  Again, some equality!^2 

But Dr Badawi goes  further.  He appeals to  the Koran.   This,
he says, provides

     clear cut evidence  that woman is  completely equated
     with man in the  sight of God in terms of  her rights
     and responsibilities. (p.13)

I have  not space to  quote his  appeals to  the Koran on  this
point:   my readers  may find  them in  chapters 74:38,  3:195,
4:124, 2:36, 7:24-24,  and 20:121.  Anyone who reads  them will
find nothing  of any  substance.   I will instead  make my  own
appeal, quoting chapter 24:31:

     And  say  to the  believing  women  that they  should
     lower their gaze and guard  their modesty; that  they
     should  not display their beauty and ornaments except
     what  (must  ordinarily) appear  thereof;  that  they
     should  draw their  veils over  their bosoms  and not
     display their beauty except to their  husbands, their
     fathers, their  husbands' fathers, their sons,  their
     husbands'  sons,  their brothers  or their  brothers'
     sons, or their sisters'  sons, or their women, or the
     slaves  whom  their  right  hands  possess,  or  male
     servants free  of any  physical needs (ie,  eunuchs),
     or small children  who have no sense of the  shame of
     sex; and  that they should  not strike  their feet in
     order to draw attention to their hidden ornaments.^3 

Let us  ignore  that if  this  is the  direct Word  of God,  it
sanctions slavery  and involuntary castration.  I will only say
that it has been used, together  with other verses of the  same
kind, to justify  at least the economic oppression of  women in
traditional  Islamic  societies.     It  limits  the  range  of
employments open  to them  - partly  by imposing  a dress  code
incompatible  with many  occupations, and  partly by forbidding
contact with any man not related to them.

Turning to  formal equality before  the law, take chapter 4:15-
16:

     If any  of your  women are guilty  of lewdness,  take
     the  evidence  of  four  (reliable)  witnesses   from
     amongst  you against  them; and  if they  do testify,
     confine them to  houses until death do claim them, or
     God ordain for them some (other) way.

     If two men  among you are  guilty of lewdness, punish
     them  both.   If they  repent  and amend,  leave them
     alone; for God is Oft-returning, Most Merciful.

The  commentary here  leaves it  open whether  "lewdness" means
simple   fornication  or  homosexual  intercourse.     But  the
procedural  meaning  is   plain.    Men   can  get   away  with
repentance:   women are shut away  for life unless God  himself
comes down to say otherwise.

There is much more that  I could say.   A reading of the  Koran
is most enlightening -  though not in any sense that  Dr Badawi
might hope.  But  I have said enough.   Under Islam, women  are
most  emphatically  not  equal  to  men.   Certainly,  men  are
repeatedly encouraged  to treat  women with more  consideration
than seems to have been usual in Arabia  before Mohammed became
its ruler.  But this consideration falls short  of the equality
that Dr Badawi insists is the case.

In passing, I  will draw attention to Dr Badawi's  ignorance of
Western history and culture.  He claims. for example, that

     In England over  nine million women were burned alive
     in the 16th century. (p.5)

In reply,  I quote from  a letter  to Dr  Badawi written by  my
friend Judith Hatton:

     The total population  of Britain (not England  alone)
     was  2.5  million in  1500, and  about  5  million in
     1650.  Parish records show that there  was an average
     annual  mortality  rate  of  55,000, which  of course
     includes men,  women  and children.    To reach  your
     figure 90 thousand women alone would  have had to  be
     executed  annually,  without  consideration   of  any
     normal deaths.

That, I think, answers this claim.  Let us move to another:

     Even  in  modern times,  and  in  the most  developed
     countries,  it  is  rare  to  find  a  woman  in  the
     position of  a head of  state acting  as more than  a
     figurehead....  (p.22)

What about  Mary I and  Elizabeth I of  England?  Catherine  de
Medici  of France?   Christina  of Sweden?    Maria Theresa  of
Austria?   Anne and  Catherine of  Russia?   What of  all those
other European women  who enjoyed something like supreme power,
though only  informally?  And, against  this, how many  Islamic
countries  have  been  ruled  by  a Queen,  or  have  tolerated
anything approaching "petticoat"  government?   The only  Queen
who  immediately comes  to  mind as  the  ruler of  an  Islamic
country was Queen Victoria, Empress of India!

Again, take this:

     In the 17th century, the clergy in  Rome decided that
     women  had  no soul  and  would  therefore not  enter
     paradise.

But this is  a claim too laughable to  merit reply.  I only ask
Dr Badawi to produce a source to justify  it.  I am in no hurry
to receive  it, though:  let  him first become better  informed
about his own religion before he starts investigating another.

Now,  I suppose  I  should conclude  with a  general  statement
about Islam.  If  my tone in the above  may sound contemptuous,
it is not because I hold  Islam in contempt or fear.   I do not
share the view  of the remaining  Cold War cranks  in the  Tory
Party  that it is  the Next Great Enemy  of Apple Pie that must
be beaten down by  the same means that kept  so many people  in
agreeable jobs before  1989.  It is not a  necessarily barbaric
religion.   It enjoins many things  that are of enduring  value
and prohibits  or discourages many  things that  are bad.   The
Old Testament has  texts quite as savage  as those to be  found
in  the  Koran; and  both Judaism  and Christianity  have their
grim old men with beards who mutter these  texts whenever there
is  someone else  around trying  to have  fun  or do  something
generous.   Nevertheless, in Islam,  the old  men are still  in
charge.  That is the problem.

I dislike Dr Badawi's pamphlet and everything else  that I have
read  produced by  the IPCI.    But I  am  glad  that they  are
produced  in English  and  made  so freely  available  to  non-
believers.   Here is an  invitation to debate.   By  joining in
that  debate, and  winning it,  we  can do  far more  than  any
number  of  Gulf   War  massacres  to  bring  on  the  internal
reformation that  Islam so plainly  needs before  it can  stand
usefully beside the two other great monotheistic religions.

*Marian Halcombe*

Notes

1.   _Moonshee  Buzul-ul  Raheem  v  Luteefut-oon-Nissa_  (1861),
cited  in Asaf A.A.  Fyzee, _Outlines  of Muhammedan Law_, Oxford
University Press,  New Delhi, 1974,  p. 164.   The practice  of
the authorities in British India was to  let each group, so far
as  possible, live  under its  own customary or  religious law.
In deciding this case, the judges at first  instance would have
taken the  advice  of the  most  authoritative Islamic  jurists
available.  That  this summary is  a good  one is indicated  by
its having been cited by Mr Fyzee.

2.   Divorce  by  _Talak_   is  still  allowed  in  some  Islamic
jurisdictions, and there have been Moslem  men settled in  this
country who have tried  - of course, without success  - to have
it recognised in the English courts.  I will not  cite the many
cases:   my readers may  find them discussed at  some length in
David  Pearl, _A  Textbook of  Muslim  Law_ (2nd  edition), Croom
Helm, London, 1987.

3.   I  quote  here  and  below   from  the  translation   with
commentary by Abdullah Yusuf Ali, also published by the IPCI.


*Editor's note*

Though priced at   1.05, Dr Badawi's  pamphlet and  many others
like  it  are  available  free  of  charge   from  the  Islamic
Propagation  Centre International  (UK)  at 481  Coventry Road,
Birmingham, B10 0JS, Tel: 021 773 0137, fax:  021 766 8577.

The translation of the Koran used by Mrs  Halcombe is available
from  the same  address  at  the greatly  subsidised  price  of
Pounds 7.50, plus  Pounds 3.50 p&p.

Any  reply   to  Mrs  Halcombe's   review  will   be  seriously
considered  for publication.   It  should address  her specific
points and not be too long.

*Note for this uploading

A copy of this review was sent to the IPCI in August 1994.  I received
a brief acknowledgment, but am still waiting for any kind of refutation.







From jimbell at pacifier.com  Mon Feb 19 17:55:00 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 20 Feb 1996 09:55:00 +0800
Subject: Easy Nuclear Detonator
Message-ID: 


At 12:14 PM 2/19/96 EDT, E. ALLEN SMITH wrote:
>	I would have appreciated it if you'd sent this to me privately, or at
>least didn't enclose my message to you (which was sent in private email). Among
>other reasons, it is rather off-topic (unless one wants to count it among bomb
>information available on the net).
>	-Allen

Uh, okay, sorry.  See, I wrote the response for you, and at the last minute
I realized that I might as well include it to the list as well.   Yes, it is
"off topic" but I thought it was interesting reading anyway.  In addition, I
gave the list 12+ hours of "warning" and asked if anybody objected...  All I
got was an "attaboy" from Dr. Dmitri Vulis.

As for the inclusion of your private note:  sorry again.  But at the time,
it just didn't occur to me that you'd object to this.  "Nettiquette" is new
to me.

Jim Bell

jimbell at pacifier.com.






From ipgsales at cyberstation.net  Mon Feb 19 18:28:51 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 10:28:51 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192346.SAA00359@jekyll.piermont.com>
Message-ID: 




On Mon, 19 Feb 1996, Perry E. Metzger wrote:

> 
> IPG Sales writes:
> > We are not currently revealing all the details of our system because of 
> > patents in process,
> 
> Bull. Once you have applied for the patent you no longer need be
> secret -- indeed, you can still apply for a patent up to one year
> after full publication.
True, but we are not sure what is going to be covered by patents, 
obviously you must know that wemay have to treat some�of the information, 
maybe all of the really iomportant stuff as trad secret material and try 
our best to protect it inm that manner - we cannot depend upon the 
paatents until we know what is going to be covered, if anything - so bull
back to you.

> 
> > We are offering the software. You should be able to readily
> > decompile it and determine the algorithms used andf how they are
> > used to generate random number sequences for very long files.
> 
> Something tells me it wouldn't be worth my while. Until you guys get a
> clue, none of my clients on Wall Street or elsewhere are coming within
> a mile of your products. I won't even waste my time looking at them.
> 
In time they will, because keymanagem,ent makes RSA systems unmanageable 
for large organizations - offer such a suystem to Merrill Lynch and be 
laughed out of the office - only a syustem such as ours resolve that 
problem!


> > If you are aware of encrtypting technology, you recognize that hardware 
> > prime number cycle wheels for the basis of some of the most secured 
> > hardware systems employed for encryption.

Please refer to Dorthy Dennings excellent work on mathematical 
crytanalysis of wheeeled cryptosystems, and then imagine that every 
Nvelope, or suych wheeled system, was based on randomly selecting the 
prime number wheels, they do not have to be, but ours are - imagine that 
every message ever sent was sent using such an unique wheel system. 

> 
> The cypherpunks mailing list is composed of some of the most
> knowledgeable people in the field of cryptography in the
> world. Therefore, you will pardon my noting that the phrase "prime
> number cycle wheels" isn't a term any of us are familiar with. I don't
> find the term anywhere in any of the literature, I don't recall it,
> and if it was anything more than marketingese I would have. You do
> seem to know enough to know that prime numbers play a bit of a role in
> modern cryptography, but that seems to be it. They play very little
> role in non-public key systems like yours.

Are you sure that none of you are familiar with it? I have received many 
replies indicating that a large number of you are familiar with it, 
I refer you again to Denning's. Maybe you are not, but many are, 
apparently most from the replies that I am getting. Such systems are 
used at the highest level of government because they are the most secure 
systems available, excepting OTP's of course. 


> > We simply expand that technogy 
> > using software to set an intial setting, an adder, and a limit for 64 
> > such wheels, using large random prime numbers for each of those settings. 
> > The total number of possibilities is over 10 to the 1690th power and can 
> > be much larger. 
> 
> Spare us the bull. You don't get security in a crypto system from
> having impressive combinatorial explosions. A simple monoalphabetic
> substitution can claim to have 403291461126605635584000000 possible
> keys and you wouldn't trust your six year old cousin not to crack
> it. (the number would be far, far more impressive if I'd taken all
> ASCII characters instead of just the alphabet of 26 letters in to
> account).
Who in the world said it was monalpabetic substitution -  we are talking 
about the random sequences for a single message - A random prime number 
wheel system, provides a far more secure system that RSA based systesms, 
- check it out, and do some investigating instead of talking. > 
> > Someone, will decompile it and discover that it is truly random, at least 
> > from the practical usage basis.
> 
> "Truly random" and "for practical purposes" don't mix. If it isn't
> truly random, then the question is whether or not the thing is, in
> fact, a strong encryption system.
> 
> Time and time again, snake oil salesmen come up and delude themselves
> and others into thinking that they have some sort of great encryption
> system and time and time again it cracks open like an egg. You guys
> have all the stigmata.
> 
> > The IPG system solves the key management problem
> 
> Public key cryptography did that 20 years ago. Where have you been?
> 
> > and produces a truly unbreakabkle system.
> 
> The only system that is truly unbreakable is a true one time pad, not
> a fake one.
> 
> > We make no apologies for not currently revealing all 
> > of the methodologies and algorithms,
> 
> Too bad. You should be embarassed to even open your mouths. 

Not until we know what patent coverage is going to do and not to do.

> 
> Perry
> 






From acg at mandrake.cen.ufl.edu  Mon Feb 19 18:53:07 1996
From: acg at mandrake.cen.ufl.edu (Alexandra Griffin)
Date: Tue, 20 Feb 1996 10:53:07 +0800
Subject: Optical repeaters
In-Reply-To: <9602190113.AA23991@pig.die.com>
Message-ID: <199602200045.TAA23358@mandrake.cen.ufl.edu>


I wrote:

> > Optical
> > repeaters have to pass your signal through an intermediate electronic
> > stage anyway, since we have no purely optical valve/transistor
> > equivalents (bosons don't interact with each other at all).

Dave Emery responds:
> 	This is not true.   There is now a whole technology of optical
> amplifiers for fiber communications systems that used Ettrium doped
> fibers pumped with strong light from a laser at a slightly shorter
> wavelength. These fiber optical amplifiers have gains in the order of
> 10-12 db in a section of special doped fiber only about 10 feet long.

You're right, I do remember reading about these somewhere... didn't
realize they were already in use.

Even so, I still don't think such a repeater would pass quantum-crypto
signals, excepting any photons that happened to just "leak" directly
through.  Your useful quantum state information resides in the
individual photons originally sent, and any even the optical repeaters
you describe achieve gain by by gating in *more* photons under the
incoming signal's control.  In so doing it will collapse the
wavefunctions of these incoming photons.

Not to say repeaters on the line aren't possible, but they'll have to
decode your data using a copy of the "secret" key, then re-encode for
transmission... so this will be a potential break-in point and need
good physical security.

> 	The current generation of undersea cables from the US to Europe
> use these amplifiers instead of the more traditional regenerating
> repeaters that convert the light to electronic signals, reclock the data
> stream and convert it back to light with another laser diode.   There is
> no conversion from light to digital electronic signals all the way from
> Rhode Island to England - the same light pulses that go into the fiber
> on one side of the Atlantic come out on the other end without ever
> having been converted to electronic form in between.

You said power for the amps comes from a high-intensity,
shorter-wavelength beam... can this be superimposed on the original
signal at the point of origin, as with in-line coax-cable amplifiers?

> 	 These amplfiers have enourmous bandwidth, and can be used to
> amplify several slightly different wavelengths of light allowing
> wavelength division multiplexing of multiple streams of light flashes of
> slightly different "colors" (all the current technology works at around
> 1500 nm which is well into the infrared).   This can expand the capacity
> of a single fiber to four to six times the 5 Gb/sec that is the current
> state of the art.

Nice... :)

- alex





From dsmith at midwest.net  Mon Feb 19 19:01:16 1996
From: dsmith at midwest.net (David E. Smith)
Date: Tue, 20 Feb 1996 11:01:16 +0800
Subject: NET_run [NOISE]
Message-ID: <2.2.32.19960220005248.00695cbc@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

At 02:54 PM 2/19/96 -0800, bruce at aracnet wrote:

>>      Sometime next month a game will be played on the
>>      Internet, challenging surfers to leap between sites,
>>      solving puzzles and cracking codes that will give them
>>      access to secret data hidden behind firewalls and
>>      software barriers. 
>
>Netrunner is indeed a card game. As part of the intro publicity, some demo
>games will be run on the Web. (No, no info about that at the moment.) The
>rest is the intersection of overenthusiastic publicity folks and clueless
>reporters. "Go, marketing department, go" were the exact words of my friend.

Which is based on the even more cool Cyberpunk (no, not Cypherpunk, but
it seems that way in my own games) traditional role-playing game.

Actually, that's not a small percentage of why I keep up with all the
noise on this list - you get some _great_ game ideas.

<>

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSkafjVTwUKWHSsJAQEI7gf9HwKWFS489/ljLT9OtQxpfLP5dqOtCkFg
7IW65RvYfuwS/G6bkpc9pOUGGabnsI/rak7AtzJwXlqtI6DJnTl7MSNoA+vdddQX
t7eLv4d9phTSBg3s5N1upOZuLO8239pWmx+y0Rknzo1qkZ9P0pQPOFqHdhsem5TA
X/AtP1nLyno8dKlOLcdcqk3p5CLQt6v3X/sZN10Y1N6JYXcxmY3VbFWMBjmWjAZi
Qv9awTjBvLem+NHF/alEkRR2AIeswLwl7jB/P9zZ/R4x1NfcGYKGWRnT+6cFITrM
UYH+WxqYZGcrY3ECVJ8IrylFJ/MJsBDyUpw+ZXIbh9BjQmD8GfiukQ==
=TPrG
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From perry at piermont.com  Mon Feb 19 19:12:34 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 11:12:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200101.UAA00472@jekyll.piermont.com>



IPG Sales writes:
> > Once you have applied for the patent you no longer need be
> > secret -- indeed, you can still apply for a patent up to one year
> > after full publication.

>True, but we are not sure what is going to be covered by patents,
>obviously you must know that wemay have to treat some of the
>information, maybe all of the really iomportant stuff as trad secret
>material

If you make any of your work at all trade secrets your entire system
is totally unacceptable to any real client with real security
needs. No rational security person is willing to accept the words of
snake oil salesmen -- like yourselves -- on faith.

> In time they will, because keymanagem,ent makes RSA systems unmanageable
> for large organizations - offer such a suystem to Merrill Lynch and be
> laughed out of the office - only a syustem such as ours resolve that
> problem!

You are the ones that are going to get laughed out of places, except
for the offices of the ignorant and gullible, whom you might prey
on. You should be ashamed to even dare to put it on the market. You
are committing nothing less than fraud, in all likelyhood.

You system resolves no key management problems because at this point
-- sight unseen -- I'm almost sure it is a piece of junk. You are
putting out too many "this is crap" keywords for me to think
otherwise. However, let me point out that you guys also don't know
what you are talking about. There is no key management problem per
se. RSA based systems are quite easy to use.

Even private key systems are quite workable. I actually work with
these firms -- its what I do for a living. They have existing systems
based on KDCs (do you even know what a KDC is?) and they function just
fine. As for public key technologies, they are in many cases
implementing technologies based on public key system. The only people
that are going to be laughed out are you guys. You are obviously the
worst kind of snake oil salesmen.

> > > If you are aware of encrtypting technology, you recognize that hardware
> > > prime number cycle wheels for the basis of some of the most secured
> > > hardware systems employed for encryption.
> 
> Please refer to Dorthy Dennings excellent work on mathematical
> crytanalysis of wheeeled cryptosystems,

Are you refering to rotors, by any chance? Rotors are World War II era
technology. Of course, who can even guess what you are talking
about. You make about as much sense as the people handing out xeroxed
pamphlets on the street corner informing all comers about the fact
that they are being controlled by aliens.

> > > The total number of possibilities is over 10 to the 1690th power and can
> > > be much larger.=
> >
> > Spare us the bull. You don't get security in a crypto system from
> > having impressive combinatorial explosions. A simple monoalphabetic
> > substitution can claim to have 403291461126605635584000000 possible
> > keys and you wouldn't trust your six year old cousin not to crack
> > it. (the number would be far, far more impressive if I'd taken all
> > ASCII characters instead of just the alphabet of 26 letters in to
> > account).

> Who in the world said it was monalpabetic substitution -

I didn't. I just said that impressive numbers are meaningless. A
simple repeating Vigenere cipher's key can easily have more than
10^1690 possible keys and yet be crackable with no trouble at
all. Sheer number of combinations is meaningless. Big numbers are
meaningless. If you understood cryptography, my point would have been
obvious. You don't understand technology.

> we are talking
> about the random sequences for a single message - A random prime number
> wheel system, provides a far more secure system that RSA based systesms,

The first part of your comment is meaningless. The second part implies
that you know how to break RSA public key cryptography. Please
enlighten us as to how.

> - check it out, and do some investigating instead of talking.

You won't allow anyone to do any investigating on your methods since
you keep them secret.

You should be ashamed. Luckily, no one is going to buy your products,
especially not once the crypto community is finished with you.

Perry





From dsmith at midwest.net  Mon Feb 19 19:18:14 1996
From: dsmith at midwest.net (David E. Smith)
Date: Tue, 20 Feb 1996 11:18:14 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960220005246.00694dcc@204.248.40.2>


-----BEGIN PGP SIGNED MESSAGE-----

At 01:31 PM 2/19/96 -0800, bruce at aracnet wrote:

>A fix along the lines of
>
>::
>don't-send-anything-after-this
>
>might be readily applicable.

Don't some remailers support the "Cutmarks"
header, which does essentially that?

A useful reference for this is Raph's remailers list; among
the numbers and cryptic little charts is a listing of
which remailers support which features.

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSkaFDVTwUKWHSsJAQGCjAf+K5TW4yRol6a0L2xclbrU84MMA3FtmpCE
xyx016KEOxEfVGBflsg3phRYSfY13Ezjxkrmkv449wsOAlRamwFpgCTcpDNU+dKk
YXrJGnQ2PMNYPXZNNK/CObHEFA2xl3peITMF27NrLcGkC2On4r+geajyV8QZo+RF
bNmPJ6fc5FTyl1BNAe0L/spucxx1wDG+IgKZP9IX+I3niJJBdxj73N4AAz3loesq
+qwB9NRceFtNYdoigYUxC9nhB0s90C1fJtkc0/M8Jv0Qd0S4FosU+e1HSCkNLgXU
ALuoXkhhRFmBAIW9Qf6aLKK4ANgt9DfmKIoHaBYy1B1GBKhxLHEWqw==
=Fzjc
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net, dsmith at alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From ipgsales at cyberstation.net  Mon Feb 19 19:20:43 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 11:20:43 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602200007.AA09268@spirit.aud.alcatel.com>
Message-ID: 




On Mon, 19 Feb 1996, Daniel R. Oelke wrote:

> > From owner-cypherpunks at toad.com  Mon Feb 19 17:50:19 1996
> > Date: Mon, 19 Feb 1996 17:17:52 -0600 (CST)
> > From: IPG Sales 
> 
> > We are not currently revealing all the details of our system because of 
> > patents in process, and other relat6ed matters. We are offering the 
> > software. You should be able to readily decompile it and determine the 
> > algorithms used andf how they are used to generate random number sequences 
> > for very long files.  For short messages, a true OTP is used directly. 
> 
> Marketing Fluff - read "we don't *want* to revel it".  Patent stuff doesn't
> take long to get the initial disclosures filed.  Cypherpunks are 
> generally engineers and are immune to such crap.  

You must also then know that you do not always get what you want with a 
pent - sometimes you do not get anything, or not enough to cover you. 
Until we know, we are reating much of the material as trade secrets, as 
we are sure you would also do. Once, you discover how simple the system 
is to install, use, update, and add to, you will understand our concern.

> 
> > If you are aware of encrtypting technology, you recognize that hardware 
> > prime number cycle wheels for the basis of some of the most secured 
> > hardware systems employed for encryption. We simply expand that technogy 
> > using software to set an intial setting, an adder, and a limit for 64 
> > such wheels, using large random prime numbers for each of those settings. 
> > The total number of possibilities is over 10 to the 1690th power and can 
> > be much larger. 
> 
> So.  Large "random" prime numbers are generated.  From what?  How?
> Obviously these act as keys to your "OTP".  Figure out how to 
> match this prime and you can generate the same "OTP".
> 
The hardware  OTP is used as a template to 

> > Thus we can eliminate the need to have the length of the OTP to be equal 
> > to the length of the file - if you do not belive that it works, try it 
> > and see - it takes inly a few hours to set such a trial up. We generated 
> > over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
> > standard deviations, chi squares, Delta ICs for bits, characters, sets, 
> > and the entire set were random. The sets are random, and you can take 
> > that to the bank. 
> 
> So the data coming out appears random.  Big whoopie.  Lots of algorithms
> can generate the same thing.

Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
it employs a truse hardware random OTP to select intial settings, adds, 
and limits, so every one is new and unique - a lot of algorithnms can 
generate pseudfo trandom numbers, but onece you knw the algorithm, you 
can generate the random sequence. Our system does not do that - in 
oReder to solve the system, you must know what OTP was used, that is what 
was the true hardware generated OTP. Unless you know what that was, 
knowing the algorithm does nothing for you. If you understand that 
principle you understand the system. 

> 
> The key is how do you seed that random number generator? 
> 
As explained above

> This isn't even close to being a OTP.  A OTP by definition has a random
> set of data that is transmitted to the receipient over a seperate
> secure channel from the actual message to be sent.  The actual message
> and the OTP are XOR'ed together and sent.  The receipient then XORs
> the OTP and the encrypted message to get plaintext.
> 
> That is pretty simple - even a marketing drone should be able to figure
> that one out.
Perhaps so, but our system does employ a true hardware generated OTP, and 
operates similiar to what you describe -  however, the important 
differernce is that we use a smal;l OTP to generate a larger OTP, like 
stringing the cable across the Golden Gate narrows. Just becuase we 
convert over from a full OTP to a prime number wheel system configured 
from the OTP doers not mnean that the result is not an OTP - in theory it 
is simple to break RSA systems, but factoring a 2048 bit number, or 4096 
number, or whatever, makes the problem enormous  - our system for large 
messages/files is similiar in difficult except that it is much nearer 
an 8192 bit number than 2048. The possibilities to be examined ar4e so 
large, that iot is not possible to solve then with a computer, even if 
all the particles in the iuniverse, all 10 to the 80 power of then were 
a Cray T3E, or better.  Furthermore, all you would get would be all the 
possiblilities which would be everything!


 > 
> Now - explain how (in generic terms) your system acts as a OTP.
> 
I believe that you have some basic grasp of OTPs, but obviously you do 
not understand how the Golden Gate Bride Cable was strung: A 
string, a rope, a small steel cable, all of the cables - we employ a 
similar technique to fdeliver the follow on OTPs. 
> > Someone, will decompile it and discover that it is truly random, at least 
> > from the practical usage basis. But we need that time to file patents, 
> > cvopyrights and the like. 
> 
> Yes - hopefully someone will take the time and money to decompile it.
> .... but if you are so sure of yourself,
> why not give away some demo copies.  Why not source of the security
> functions?  (Shove that patent crap someplace - you wouldn't be 
> selling it if your disclosures weren't already filed)
> 
> > The IPG system solves the key management problem and produces a truly 
> > unbreakabkle system. We make no apologies for not currently revealing all 
> > of the methodologies andf algorithms, but they will be revealed with 
> > time, by us or others, and you will discover that it is indeed a simple, 
> > easy to use, easy to install, truly unbreakable system.
> 
> "unbreakable" - Bullshit - you obviously don't know crap.
> 
Time will prove one of us wrong, and that wiill prove to be you - it is 
unbreakable as a thoprough examination of the literature will reveal.
 > Dan
> ------------------------------------------------------------------
> Dan Oelke                                  Alcatel Network Systems
> droelke at aud.alcatel.com                             Richardson, TX
> 
> 





From wlkngowl at unix.asb.com  Mon Feb 19 19:32:59 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 1996 11:32:59 +0800
Subject: Remailers not heard from; info?
Message-ID: <199602200108.UAA04164@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I think it would be better to use some commands indicating the start
and end of the messages...

::begin-body

[message goes here]

::end-body
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSke8ioZzwIn1bdtAQEQBgGAq91bmP74lyy4PIiTrZmYkg3zDBbt3Ke/
fLcVQNmXFZuYR5s5FkfX9DKLmY3Vkg1v
=jI5z
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Mon Feb 19 19:33:12 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 1996 11:33:12 +0800
Subject: Remailers not heard from; info?
Message-ID: <199602200105.UAA04147@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

The c2 remailers always bounce from full disks for the last couple of 
months when I've tried to use them.  I've had problems with amnesia as 
well.

I've noticed some that allegedly allow replacement of subject do not.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSkeaSoZzwIn1bdtAQF1YAF8DQDN1BnrJ0DU5Vp3Ac9Z8id91UGurocG
kAyHUUEnMXD2eFa1K4PPI+VCrFQBFKgs
=pC+m
-----END PGP SIGNATURE-----





From tcmay at got.net  Mon Feb 19 19:39:05 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 11:39:05 +0800
Subject: Remailers not heard from; info?
Message-ID: 


At 10:41 PM 2/19/96, Alex Strasheim wrote:
>
>o   Depending on a remailer to strip your sig doesn't give you security wrt
>the remailer operator.  If you use encryption, the last remailer on the
>chain will see your sig, which will be in the innermost encrypted block.
>That defeats the purpose of chaining.  If you're not using encryption, you
>don't have any security anyay.

Exactly.

Further, in an earlier message Bruce Baugh asked why some remailers did not
more promptly remail their messages. Bruce, you need to look at Raph
Levien's statistics on remailers, inclduding batching/latency: rapid
responses tend to defeat the traffic analysis features of remailers!

Also, preserving subject lines through remailings, another feature Bruce is
requesting, is kind of like barium-tagging one's messages! Why use remailer
chains if the messages are tagged all the way through?

(There are wrinkles that work, such as adding a subject line based on stuff
stored inside the encrypted block a remailer opens for furhter processing.
The nth remailer can add a suject line that may be different for every hop,
or only added near or at the end of the remailings...)

Those who want more "user-friendly" remailer features would do well to
think about what the properties of an "ideal mix" are.


>A better solution might be a specialized remailer that strips sigs for
>people who need the service.  People who need sig stripping could put
>that remailer in the chain, and the rest of us could handle our sigs on
>our own.

And for "casual-grade remailing," where no encryption is used and where
minimal other mix features are used, there are Web pages that will send
simple messages through a user-selectable remailer
(http://www.c2.org:80/remail/by-www.html).

This Web remailer will _not_ automatically add a .sig, as it is not a mail
program per se, and the only text that is remailed is what is entered into
the on-screen window.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ipgsales at cyberstation.net  Mon Feb 19 19:40:47 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 11:40:47 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200101.UAA00472@jekyll.piermont.com>
Message-ID: 


Perry, 

I will not waste anymore of your time, or mine -
Since you seem to know everything about everything, 
there is no need in talking in circles - You may think that you know 
everything there is to know about encryption, but believe me, there is 
a lot more for you to learn - I do not now what KDC's are, I presume 
some sort o Key Delivery Codes. or Systems, but? I would like to find out 
though - send us some literature and we will send you a free demo system- that 
is the differece between you and us - we know very little and want to 
know more you know everythinh there is to know - and do not need to 
know anymore - 

Incidentally crypto wheel systems are stillemployed in 1996 at some of 
the highest levels of usage - some called then rotors at one time - they 
are still used because the produce non repeatable sequeces - the fact 
that ROMs are userd insteaed of rotors does not change the basic nature 
of such systems, they depend upon the generation of random, nonrepeatable 
sequences, which they can do, much faster and much more securely ythan 
RSA systems, I like RSA systems, they have application - but they are not 
the begin all�and end all of encryption technology - good luck 





From tcmay at got.net  Mon Feb 19 19:44:52 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 11:44:52 +0800
Subject: Fuck Islam and the Apologists Cluttering Up this List with Defenses of It
Message-ID: 


At 12:08 AM 2/20/96, Sean Gabb wrote:
>I did say I wouldn't send this review.  But having broken purdah once
>already this evening, I see no harm in doing so again.
>
>Sean Gabb.
...

All of you in the following list please take me off your list of responses:

Sean Gabb , Alan Horowitz , Ashfaq
Rasheed , jpb at miamisci.org

(Generally, I don't see why people keep letting the cc: and To: fields get
cluttered up with additional names, unless someone is not reading the CP
list, in which case who cares if they don't get it?)


Please don't send me separate copies (in addition to what is sent to the
IslamPunks mailing list) of this Muslim crap....it's bad enough seeing the
pro-Muslim apologists explaining why the Word of Allah (hollow be his name)
is more liberating than any decadent, Western system can be, about how
women are more free under Islam because they have the freedom to be
obedient to the will of her husband and Allah (hollow be his name), the
freedom to be beaten with sticks if they show their face in public, and the
freedom to have their devil organs removed.

And don't send me any more apologies about how it is only "Arab Islam" that
is barbaric and authoritarian...the Persians don't exactly like to be
called Arabic, and yet the Persian/Iranian branch (Shiite) is amongst the
most backward of all the Muslim sects. (Women dismissed from their
professional jobs when Khomeini took over, forced to wear the chador, death
warrant on Rushdie, and so on.)

--Tim May




[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]







From droelke at rdxsunhost.aud.alcatel.com  Mon Feb 19 19:46:40 1996
From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 20 Feb 1996 11:46:40 +0800
Subject: Optical repeaters
Message-ID: <9602200124.AA09857@spirit.aud.alcatel.com>



> 
> > > Optical
> > > repeaters have to pass your signal through an intermediate electronic
> > > stage anyway, since we have no purely optical valve/transistor
> > > equivalents (bosons don't interact with each other at all).
> 
> Dave Emery responds:
> > 	This is not true.   There is now a whole technology of optical
> > amplifiers for fiber communications systems that used Ettrium doped
> > fibers pumped with strong light from a laser at a slightly shorter
> > wavelength. These fiber optical amplifiers have gains in the order of
> > 10-12 db in a section of special doped fiber only about 10 feet long.
> 
> You're right, I do remember reading about these somewhere... didn't
> realize they were already in use.

Optical amplifiers -  they are in use all right.  Want to buy one?
My employer sells them.  (get out a big checkbook though -
gotta cover my salary ;-)

> Even so, I still don't think such a repeater would pass quantum-crypto
> signals, excepting any photons that happened to just "leak" directly
> through.  Your useful quantum state information resides in the
> individual photons originally sent, and any even the optical repeaters
> you describe achieve gain by by gating in *more* photons under the
> incoming signal's control.  In so doing it will collapse the
> wavefunctions of these incoming photons.
> 
> Not to say repeaters on the line aren't possible, but they'll have to
> decode your data using a copy of the "secret" key, then re-encode for
> transmission... so this will be a potential break-in point and need
> good physical security.

This is essentially true for the purpose of quantum-crypto. 
The cascade of phontons triggered from the incoming photons would
mask most of your original phontons - necesitating a secure "repeater".


> > 	The current generation of undersea cables from the US to Europe
> > use these amplifiers instead of the more traditional regenerating
> > repeaters that convert the light to electronic signals, reclock the data
> > stream and convert it back to light with another laser diode.   There is
> > no conversion from light to digital electronic signals all the way from
> > Rhode Island to England - the same light pulses that go into the fiber
> > on one side of the Atlantic come out on the other end without ever
> > having been converted to electronic form in between.
> 
> You said power for the amps comes from a high-intensity,
> shorter-wavelength beam... can this be superimposed on the original
> signal at the point of origin, as with in-line coax-cable amplifiers?

Power for the amps must be electrical.  So, a seperate power cable must
be run seperate with the optical-fiber.  This normally isn't a problem
since the casing/etc of the fibers has lots of metal for protection anyways.

> > 	 These amplfiers have enourmous bandwidth, and can be used to
> > amplify several slightly different wavelengths of light allowing
> > wavelength division multiplexing of multiple streams of light flashes of
> > slightly different "colors" (all the current technology works at around
> > 1500 nm which is well into the infrared).   This can expand the capacity
> > of a single fiber to four to six times the 5 Gb/sec that is the current
> > state of the art.
> 
> Nice... :)
> 
Very nice! ;-)  Flouride based amplifiers should be able to handle up
to 16 channels.  Using state of the art time-multiplex stuff of 10 Gb/sec
gives a total throughput of 160 Gb/Sec.... smoking!

Of course the parts for all of this will set you pack a sizeable 
chunk of change.

If you want to see some further reading about optical amplifiers
as applied in a telephone network - find a copy of "Telephony" 
a trade rag.  There is an article by John Moss and ??? here at Alcatel
that explains stuff in high level terms.  (little to no physics stuff)

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke at aud.alcatel.com                             Richardson, TX






From perry at piermont.com  Mon Feb 19 20:05:06 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 12:05:06 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200137.UAA02295@jekyll.piermont.com>



IPG Sales writes:
> there is no need in talking in circles - You may think that you know
> everything there is to know about encryption, but believe me, there is
> a lot more for you to learn - I do not now what KDC's are,

Key Distribution Centers, the center of Needham-Schroeder and similar
key management protocols, like the Kerberos protocols. If you don't
know what these are, you have no business talking about the "problems
of key management" because you know nothing about the field of key
management.

> that is the differece between you and us - we know very little and
> want to know more you know everythinh there is to know - and do not
> need to know anymore

The difference between us is that you are pretending to be a doctor
even though you have no medical training and are about to go out and
butcher live patients, pretending that this is just business as
usual. Some of the rest of us have devoted many years to the study of
this field, which actually does have a substantial literature and lots
of skilled professionals. Anyone who says "We know very little" has no
business writing code and selling it to the public. You are doing
nothing less than putting your customers businesses at risk, and in
some cases their lives. You deserve the worst.

> I will not waste anymore of your time, or mine -

Don't worry. Whether we waste any of your time or not, I assure you
that people like me *will* lay waste to your company and its sales if
you are indeed peddling junk, which is the most obvious assumption to
make here. I personally am sick of companies such as yours pulling the
big con on ignorant customers. You have not heard the last of any of
this -- believe me. If the lot of you end up convicted of fraud it
will not surprise me. I repeat -- you have NOT heard the last of
this. As I said, I'm a libertarian. I believe it is up to the
community, not the government, to track down and stop the activities
of glorified con men such as yourselves. You *will* be stopped.

Perry





From tcmay at got.net  Mon Feb 19 20:09:00 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 12:09:00 +0800
Subject: SOTP = Snake Oil Time Pad
Message-ID: 


At 11:53 PM 2/19/96, Mike McNally wrote:
>IPG Sales writes:
> > For short messages, a true OTP is used directly.
>
>Quick question: does anybody at IPG know what the "O" in "OTP" stands
>for?

I think it is "O for Oil," as in Snake Oil.

The view of some seems to be "We're selling Internet Security products
because that's where the money and the suckers are, and anything with
"Internet" and "Security" in it will mean a quick couple of million when we
take our company public."

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ipgsales at cyberstation.net  Mon Feb 19 20:13:28 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 12:13:28 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200137.UAA02295@jekyll.piermont.com>
Message-ID: 


Perry

Yes you are quite right - time will tell and it is you that is wrong - as 
time will prove - it will be my pleasure to have you eventually choke on 
your castigating words - to castigate be sure that you are right, and in 
this case, you are wrong as time will tell - wait and see -!!!!!!





From ricksorak at ichange.com  Mon Feb 19 20:26:55 1996
From: ricksorak at ichange.com (Richard Sorak)
Date: Tue, 20 Feb 1996 12:26:55 +0800
Subject: No Subject
Message-ID: <01I1EN1CLU7S984IVQ@INCPRD.ICHANGE.COM>


unsubsribe rick.sorak at ichange.com





From tcmay at got.net  Mon Feb 19 20:36:34 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 12:36:34 +0800
Subject: Optical repeaters
Message-ID: 


At 12:45 AM 2/20/96, Alexandra Griffin wrote:

(about inline optical amplifiers/regenerators)

>You're right, I do remember reading about these somewhere... didn't
>realize they were already in use.
>
>Even so, I still don't think such a repeater would pass quantum-crypto
>signals, excepting any photons that happened to just "leak" directly
>through.  Your useful quantum state information resides in the
>individual photons originally sent, and any even the optical repeaters
>you describe achieve gain by by gating in *more* photons under the
>incoming signal's control.  In so doing it will collapse the
>wavefunctions of these incoming photons.

Given that a quantum cryptography system depends on *single photons* to
work, I'm not sure that talk of amplifification makes sense. Between source
and receiver, a photon either makes it or doesn't. If it makes it, it makes
it will its full "quanta" of energy, of course. If it doesn't make it, due
to tunnel-penetrating the walls of the fiber or scattering off an impurity
in the fiber, then it just doesn't make it, so no
amplification/regeneration is possible. (Regenerate _what_?)

But the quantum measurement issue, aside from the above, is an interesting one.

We have to be careful here (and I'm including myself, not just using the
royal "we"). It isn't clear to me that the amplification/regeneration
process counts as making a measurement, from some recent work I've read
(sorry, don't recall the references, but could be a recent issue of
"Scientific American"). In interference measurements, the wave function
collapses if individual photons are counted and recorded (whatever
"recorded" really means...) and the interference pattern vanishes. If the
photons are not counted and/or recorded, the pattern reappears.

By analogy, it is not clear to me that a simple regeneration mechanism,
with no local observer or recording apparatus, will collapse the wave
function. Seems to me an experiment may have already been done along these
lines: separate fibers producing an interference pattern and then these
inline amps added...if the interference pattern remains, as I would expect,
then the amps/regenerators did not constitute a "measurement" in QM terms.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From geeman at best.com  Mon Feb 19 20:36:55 1996
From: geeman at best.com (geeman at best.com)
Date: Tue, 20 Feb 1996 12:36:55 +0800
Subject: Guaranteed snake-oil, er, privacy...
Message-ID: <199602200202.SAA18639@shell1.best.com>


>> Sigh.  Here comes another one.....

         We have been trying to post this News Release to several 
         places in USENET, but are seemingly being thwarted by 
         person or persons unknown. Shortly after the posting, on 
         01-26-96, our postings were all methodically removed without
         any trace evidence. We have been unable to maintain their 
         posting since.

         We believe that the obvious malefactor may be at the root of these 
         problems. Why would 'they' try to keep this from coming to 
         light? Because 'they' know what is best for all of us. 

>> Maybe they know it's a waste of bandwidth!

The 
         posting(s) concern an extremely easy to use, unbreakable system 
         for encrypting all user sensitive data going out over Internet.
         As a reference to its unbreakability, I refer you to an 
         article by Paul Leyland on Internet at:

                http://dcs.ex.ac.uk/~aba/otp.html

         Mr. Leyland refers to some problems, which our PCX 
         system addresses and resolves.

>> That piece discusses true one-time pads. To anyone reading the posts on
Cpunks 
and sci.crypt regarding another purported purveyor of OTP technology, this is g
oing to ring some very familiar bells. Again: you can't create pseudo-randoms 
on-the-fly, algorithmically, and call it OTP. Just stop it!

[SNIP]

         The good obviously outweighs the bad. We must stop this 
         insanity of some imagined fear being advanced as the rationale 
         from keeping us from doing something that will immensely 
         benefit us all.      

         If we allow some crazed terrorist fear keep us from doing 
         something important, then we become the victims of that terror. 
         That is not right! We cannot let faceless terrorists dictate
         what we can and cannot do.  
                      
         With the forgoing in mind, we are pleased to make the 
         following press release: 
                        
>> I suppose it's possible that some intelligible text was run thru this 
package's transform, producting this example of random unintelligible gibberish!

                  If You Break our System, You've Bought our Company!


         Internet.Privacy.Guaranteed, IPG, today announced a new
         product line that guarantees privacy  for 2 to 20,000 or 
         more or more people on Internet. They back up there 
         Guarantee with their Corporate motto, 'If You Break our 
         System, You Have Bought our Company.'
  
  

         IPG Guarantees Absolute Privacy on Internet. Using the 
         trademark CRE transform, 

>> If I can find an explanation of what a CRE transform really is in any IPG
material, what do I get?

the IPG PCX Nvelopes system 
         translates any intelligble digitized information into
         random gibberish. 

>> So does XOR-ing a message with the output of my compiler's "rand()"
function: does this make it secure?  
Ridiculously not.

Only one other user, or more in certain 
         instances where there is a need to know,  will have the 
         Nvelopener required to transform the random gibberish back
         into intelligible digitized information. CRE Transforms,
         trademark IPG, are the only acknowledged unbreakable method
         of so transforming digitized information. 

>> Acknowledged by whom?  Where are they?  What do they really say?  What
information was given them 
about the implementation?  Who  is IDG, what are their bona-fides?  Did they
work for the Mossad once, per 
chance?  That's always a good line.....

There are no passwords,
         encryption keys, or anything like that to conjure up, remember, 
         and perhaps forget. PCX Nvelopes usage is automatic, similar 
         to PKZIPand PKUNZIP.   Easy to install, use, add to, and
         administer.


                        It is Unbreakable   

         If an individual, or any group of individuals, break the IPG
         Privacy System, IPG will sell them their company for $1.00,
         and even give them the dollar to buy it with. If you think you
         can, just try and find out that it is impossible. There may 
         be rumors that someone has broken the system, but that is not 
         possible, it will never happen.


                     Don't Waste your time !

         How dare IPG have the unmitigated gall? When you are certain,
         then you are certain, and IPG is certain! Others dare not
         make such a brazen boast because they cannot possibly back it
         up, but IPG most certainly can.  Every informed expert of the
         technology will confirm, without reservation, that the IPG
         system is not breakable, as many already have!  There, we
         have thrown down that gauntlet, dare you pick it up?  Be
         forewarned, if you do, in your quest, you will never become a
         knight; but instead, will only become utterly benighted.

>> Would you buy an encryption system from this (wo)/man?

                               CRE Transforms

         The system uses CRE transforms, called Nvelopes, to translate 
         any meaningful digitized information into random gibberish. In
         order to convert that random gibberish back into intelligible
         usable form, a Nvelopener is required, and only the recipient
         has the required Nvelopener.

>> OH, **THAT** explains it!   ROTFL!!!!







From stewarts at ix.netcom.com  Mon Feb 19 20:42:14 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 20 Feb 1996 12:42:14 +0800
Subject: Optical repeaters
Message-ID: <199602200205.SAA23957@ix8.ix.netcom.com>


>> > > Optical repeaters have to pass your signal through an intermediate
electronic
>> > > stage anyway, since we have no purely optical valve/transistor
>> > > equivalents (bosons don't interact with each other at all).

>> > 	This is not true.   There is now a whole technology of optical
>> > amplifiers for fiber communications systems that used Ettrium doped
>> > fibers pumped with strong light from a laser at a slightly shorter
>> > wavelength. These fiber optical amplifiers have gains in the order of
>> > 10-12 db in a section of special doped fiber only about 10 feet long.

>Very nice! ;-)  Flouride based amplifiers should be able to handle up
>to 16 channels.  Using state of the art time-multiplex stuff of 10 Gb/sec
>gives a total throughput of 160 Gb/Sec.... smoking!

The flavor of optical amplifier and end equipment being deployed by one 
large telecomm company (ahem) over the next couple of years 
uses 8 colors, each at 2.4 Gbps (OC-48), giving about 20 Gbps,
which is about 10 times the current capacity (1.7 Gbps.)
(Some other telecomm companies are deploying 3-colors of OC-48.)
A nice thing about the optical amplifiers is that they have about triple
the range of the current regenerators, so one amplifier can replace about
16-24 regens,
reducing the amount of equipment that can fail and produce downtime.
Because of this increased capacity, it's a good time to upgrade to SONET rings
(which are dual rings that provide self-healing similar to FDDI's;
SONET self-repair typically takes 60 ms instead of the several minutes
to cross-connect the equivalent pile of T3s using current equipment.)

If the FBI wants to wiretap this stuff, they'll have to get on the ball :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From ses at tipper.oit.unc.edu  Mon Feb 19 20:59:17 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 20 Feb 1996 12:59:17 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


Monty, my squeaky python, has a pop quiz for you. 

1) What is the definition of a One TIme Pad?
2) What is the standard informtation theoretic proof of the 
   unbreakability of a One Time Pad?

Use an number 2 pencil and write on both sides of the perpetual motion
machine

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From tbyfield at panix.com  Mon Feb 19 21:16:21 1996
From: tbyfield at panix.com (t byfield)
Date: Tue, 20 Feb 1996 13:16:21 +0800
Subject: Guaranteed snake-oil, er, privacy...
Message-ID: 


At 6:02 PM 2/19/96, geeman at best.com forwarded:

>      If You Break our System, You've Bought our Company!

        Isn't "You break it, you buy it" the kind of sign that merchants
put up near _fragile_ things? Must be some new security strategy: threaten
would-be attackers with hanging the albatross of a hemorrhaging corporation
around their neck...
        Who knows? Maybe it'll work. Not sure how much pleasure I'd take in
a "Hack IPG" mug if I had to face years of litigation.

Ted







From shamrock at netcom.com  Mon Feb 19 21:20:16 1996
From: shamrock at netcom.com (Lucky Green)
Date: Tue, 20 Feb 1996 13:20:16 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 19:05 2/19/96, IPG Sales wrote:

>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

Somebody please hand the guy a textbook on information theory. The entropy
of your "larger OTP" *can not* be greater than the entropy of your original
OTP. You are suspending Golden Gate Bridge by a string. Anybody using it
does so at their peril.

Side note: why do these snake oil salesmen tend to have such horrible
spelling? Let me guess. Because they design their software with the same
care they use to compose their posts?


-- Lucky Green 
   PGP encrypted mail preferred.







From bdavis at thepoint.net  Mon Feb 19 21:24:28 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Tue, 20 Feb 1996 13:24:28 +0800
Subject: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 


On Mon, 19 Feb 1996, jim bell wrote:

> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
  ^^^^^^

No shit.

> Jim Bell
> 
> jimbell at pacifier.com.

EBD





From tallpaul at pipeline.com  Mon Feb 19 22:03:37 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Tue, 20 Feb 1996 14:03:37 +0800
Subject: Piracy Bests ITAR
Message-ID: <199602200354.WAA04032@pipe9.nyc.pipeline.com>


On Feb 19, 1996 01:29:14, 'Alan Horowitz ' wrote: 
 
 
> 
>> From: Anonymous  
>> Some economists have made a good case that slack 
>> enforcement of such rules may sometimes do little harm. 
>> Local firms benefit by acquiring pirated technology more 
>> cheaply than the real thing; consumers acquire affordable 
>> high-tech products and close copies of branded goods. 
> 
>Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he  
>shouldn't complain when the taxi driver takes him, not to his requested  
>destination, buit some dark alley where Mr Anon gets clunked over the  
>head and his wallet removed. The locals need the money more than Mr  
>rich-tourist-on-vacation Anon. 
 
I haven't accepted the original argument that A. Horowitz critiques. 
 
However, there appears to be at least two errors in his counter argument. 
 
1) Mr Anon is a real human being; the corporation is a legal fiction. Mr
Anon has a real head; the corporation does not. Mr. Anon has suffered a
real assault; the corporation has not. 
 
2) Mr Anon has a real use for his money. The original argument was, I
believe, that the tech etc. was appropriated in an area of the world where
no one could afford it, etc. As in: I write a book. I get money for it in
NYC where people buy it. I get mugged in NYC and my money is stolen. VERSUS
Soneone in an area of the world where my book is not sold makes a xerox
copy of the book. 
 
The crimes if crimes they be are not the same. 
 
> 
> They're only doing socialist justice,  
>after all. 
> 
 
Naturally, I expect all the members of the Libertarian Party and the non-LP
libertarians who sent me e-mail and who posted to the list will post
similar things about this fallacy in logic, won't you. (Note to T.C. May:
This is not really sarcasm and not rhetorical hyperbole. It is more
"wishful thinking" on my part. 
 
> 
>Property is property. Theft is theft. 
> 
 
I believe the original quote from Proudhoun was "property is theft" but who
is counting. On the other hand, "2 + 2 = 4" and if my aunt had wheels and
ran down 5th Avenue she'd be a trolley. So what?





From olcay at libtech.com  Mon Feb 19 22:05:40 1996
From: olcay at libtech.com (Olcay Cirit)
Date: Tue, 20 Feb 1996 14:05:40 +0800
Subject: PING packets illegal?
In-Reply-To: <31229D6B.59C6@mail.hh.provi.de>
Message-ID: <199602200259.VAA04564@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

"Markus L. Noga"  wrote:
>I think there is an implementation of IDEA called TinyIDEA that will fit 
>in <512 bytes. Why don't you try it?

There is a version of Idea written by Fauzan Mirza in 448 bytes of ASM
(80x86)

	-olcay

- --
"For he who lives more lives than one, |) Olcay Cirit -- olcay at libtech.com
   more deaths than one must die"      (| http://www.libtech.com/olo2.html

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSk5GSoZzwIn1bdtAQHrJAF/UFAhOQJ+7VgpcjgwXext1lIxGt1+NdPb
dVj1pggNXEW8OT85ci/Ttxptfc+gIHmG
=1rkY
-----END PGP SIGNATURE-----





From perry at piermont.com  Mon Feb 19 22:06:30 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Tue, 20 Feb 1996 14:06:30 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200340.WAA16734@redwood.skiles.gatech.edu>
Message-ID: <199602200401.XAA05145@jekyll.piermont.com>



"Richard J. Coleman" writes:
> I'm way out of my league here, but using a small OTP to create a
> larger OTP seems impossible on information theoretic grounds.

No, you are correct.

Perry





From alanh at infi.net  Mon Feb 19 22:11:06 1996
From: alanh at infi.net (Alan Horowitz)
Date: Tue, 20 Feb 1996 14:11:06 +0800
Subject: Online Zakat Payment: Religious tithe.
In-Reply-To: 
Message-ID: 


Is American law derived from a single source? Does America have one 
common law - or fifty different jurisdictions.

Lets cut this thread off. You don't want to admit that you are uttering 
religious slurs. It doesn't matter to me.





From winkjr at teleport.com  Mon Feb 19 22:14:12 1996
From: winkjr at teleport.com (Wink Junior)
Date: Tue, 20 Feb 1996 14:14:12 +0800
Subject: Internet Privacy Guaranteed
In-Reply-To: 
Message-ID: <199602200339.TAA17670@julie.teleport.com>


I've been reading the mish-mash of replies from "IPG Sales" and have been
trying to figure out exactly what it is they think they're doing.  Aside
from the crap about not revealing details due to patent-pending issues, but
claiming it's the same as a process that's been in use since 1966 (clue:
prior art == no patent) and an unwillingness to provide any names or
references for all this apart from mentioning Ms. Denning and Leyland's web
page, I think I've got something pieced together.  Perhaps IPG Sales will be
happy to tell me if I've got it right or not:

Step 1. 100 friends and I pay IPG $$$.

Step 2. IPG starts up a hardware-based random number generator, and spits out
	5066-bit chunks of random data to be used as OTPs.  Since each pair of
	friends needs unique data (wouldn't want them easedropping on our
	gossip about them), IPG will generate a large number of said chunks.
	The magic box remembers every chunk it's ever spewed and never, ever
	repeats itself.

Step 3. IPG's Kwality Kontrol Dept. will run a bunch of statistical tests on
	the chunks (did I see the standard entropy calculation in the list?)
	to make sure they look truly random.  Chunks failing the tests get
	tossed.

Step 4. IPG takes the surviving chunks and runs them through a "prime number
	cycle wheel" which is some kind of rotor system, with something like
	64 rotors, or perhaps 64 passes through an n-rotor system.  It produces
	primes, or works with primes, or somehow large random primes (can a
	prime truly be called "random) either come in, go out, or both.  Primes
	are involved here somehow.  In any case, whatever comes out is part of
	10^1690 (or from a previous message, 10^2330) possible results.  Why
	this matters I do not know.

Step 5. The results are somehow variable in length (?) or in some way
	eliminates the need for a OTP to be at least as large as the message
	to be encoded.  This has been claimed several times.  So somehow the
	original OTP chunk produces new pads of potentially infinite length?

Step 6. IPG mails out a lot of floppies to me and my 100 friends containing
	lots of these resultant things (which still sound like OTPs.)  I
	assume US Mail is completely trusted, data is never corrupted, disks
	are never lost or stolen, etc.

Step 7. These results act as OTPs (aka Nvelopes) that are used to encode
	the message.  My buddies use the matching chunks to decode the
	messages (aka Nvelopeners.)  The software system does all the work,
	and I don't have to do anything (much like public-key systems today.)

Err... okay, maybe I don't have this figured out.  Still sounds like OTPs,
and someone selling random data at $15 a pop per month.  Having multiple
floppies mailed to me monthly, with all the inherent difficulties, sounds
like a lot more work than public-key management.  My bozometer is pegged.

Looking forward to having my oversights corrected,
Wink

--
winkjr at teleport.com
"We offer freedom to the masses.  It's a tough fight -- I'll grant you that --
but we're brave.  We're well financed.  We believe that God is on our side."
						-- Netscape CEO James Barksdale





From jimbell at pacifier.com  Mon Feb 19 22:17:01 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 20 Feb 1996 14:17:01 +0800
Subject: Optical repeaters
Message-ID: 


At 07:45 PM 2/19/96 -0500, Alexandra Griffin wrote:
>I wrote:
>
>> > Optical
>> > repeaters have to pass your signal through an intermediate electronic
>> > stage anyway, since we have no purely optical valve/transistor
>> > equivalents (bosons don't interact with each other at all).
>
>Dave Emery responds:
>> 	This is not true.   There is now a whole technology of optical
>> amplifiers for fiber communications systems that used Ettrium doped
>> fibers pumped with strong light from a laser at a slightly shorter
>> wavelength. These fiber optical amplifiers have gains in the order of
>> 10-12 db in a section of special doped fiber only about 10 feet long.
>
>You're right, I do remember reading about these somewhere... didn't
>realize they were already in use.

Actually, they're in very common usage today.


[stuff deleted]

>> 	The current generation of undersea cables from the US to Europe
>> use these amplifiers instead of the more traditional regenerating
>> repeaters that convert the light to electronic signals, reclock the data
>> stream and convert it back to light with another laser diode.   There is
>> no conversion from light to digital electronic signals all the way from
>> Rhode Island to England - the same light pulses that go into the fiber
>> on one side of the Atlantic come out on the other end without ever
>> having been converted to electronic form in between.
>
>You said power for the amps comes from a high-intensity,
>shorter-wavelength beam... can this be superimposed on the original
>signal at the point of origin, as with in-line coax-cable amplifiers?

Uh, no.  See, the problem is that the (long)transmission fiber has even more 
attenuation at about 980 nm (the "pump wavelength) than about 1500, the 
wavelength of interest.  It is necessary to generate and apply the power at 
the amplifier site.

>> 	 These amplfiers have enourmous bandwidth, and can be used to
>> amplify several slightly different wavelengths of light allowing
>> wavelength division multiplexing of multiple streams of light flashes of
>> slightly different "colors" (all the current technology works at around
>> 1500 nm which is well into the infrared).   This can expand the capacity
>> of a single fiber to four to six times the 5 Gb/sec that is the current
>> state of the art.
>
>Nice... :)

They are!  Truly amazing technology.  It's like a "negative-loss" cable.  
Invented about 10 years ago, and they vastly improved the ability to do LD 
communications through fiber.  Huge bandwidth, compared to current usage.

Jim Bell
jimbell at pacifier.com






From shamrock at netcom.com  Mon Feb 19 22:26:42 1996
From: shamrock at netcom.com (Lucky Green)
Date: Tue, 20 Feb 1996 14:26:42 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 20:01 2/19/96, Perry E. Metzger wrote:

>Are you refering to rotors, by any chance? Rotors are World War II era
>technology. Of course, who can even guess what you are talking
>about. You make about as much sense as the people handing out xeroxed
>pamphlets on the street corner informing all comers about the fact
>that they are being controlled by aliens.

I think what he means is that they use virtual rotors built out of very
long primes. I.e., write down n very long primes, one per line. Shift each
prime number by a the number of positions indicated in an m by n key. Pick
a column. Read the column top to bottom. Use the resulting number to xor
with your cleartext of lenght <= n. If the cleartext is > n, use the next
column(s) as well.

Just a guess.


-- Lucky Green 
   PGP encrypted mail preferred.







From tcmay at got.net  Mon Feb 19 22:29:33 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 14:29:33 +0800
Subject: Prosecutor Violates CDA--Film at Eleven
Message-ID: 


At 3:12 AM 2/20/96, Brian Davis wrote:
>On Mon, 19 Feb 1996, jim bell wrote:
>
>> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> to me.                                                  ^^^^^^^^^^^^^^^^^^ >
>  ^^^^^^
>
>No shit.


Brian,

While I agree with your point of view, I must inform you that your word is
one of the "Seven Dirty Words" and that you have thus violated the
Communications Decency Act. There are several self-admitted minors
(including several high school students) subscribed to the Cypherpunks
list, so use of such indecent language as the above is a violation of the
CDA on the face of it.

I presume you will not be allowed to prosecute yourself.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From warlord at MIT.EDU  Mon Feb 19 22:30:12 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 20 Feb 1996 14:30:12 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200306.WAA11013@toxicwaste.media.mit.edu>


I, too, am interested in seeing the underlying algorithms.  Not
because I don't believe that they work, but because I'm interested in
seeing what you may have found that no one else has.  However from
your recent mailing I think I know what you're doing:

> Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
> it employs a truse hardware random OTP to select intial settings, adds, 
> and limits, so every one is new and unique - a lot of algorithnms can 
> generate pseudfo trandom numbers, but onece you knw the algorithm, you 
> can generate the random sequence. Our system does not do that - in 
> oReder to solve the system, you must know what OTP was used, that is what 
> was the true hardware generated OTP. Unless you know what that was, 
> knowing the algorithm does nothing for you. If you understand that 
> principle you understand the system. 

I think this is the key.  Question: if I knew the starting "OTP" that
seeded your algorithms, would I be able to re-create the whole stream
and decrypt a message?  I suspect the answer is "yes".  However if I
knew the algorithm you were using, could I decrypt the message without
the use of the "OTP" key?  I don't know the answer to this question.
I hope the answer is no.  Assuming it is no, then I ask you: when can
I see the algorithm you are using.  Following is an example of why
knowledge of the algorithm is useful but not harmful:

Example: Let's assume I can securely exchange a "OTP" (key) with
someone.  I now run some algorithm using that "OTP", add in the
plaintext, and out comes a random stream which is the encrypted
message.  Is this similar to what POTP does?  I believe the answer is
"yes".  Let me submit that what I described here I can do with DES
using ofb mode to generate a random number stream with which I encrypt
the message.  The fact that I know I used DES does not help me decrypt
the message.  I still need the "OTP" key in order to figure out which
stream of random bits were used to encrypt the message.

> Perhaps so, but our system does employ a true hardware generated OTP, and 
> operates similiar to what you describe -  however, the important 
> differernce is that we use a smal;l OTP to generate a larger OTP, like 
> stringing the cable across the Golden Gate narrows. Just becuase we 
> convert over from a full OTP to a prime number wheel system configured 
> from the OTP doers not mnean that the result is not an OTP - in theory it 

Actually, this statement is false.  What you have is a pseudo one-time
pad, not a true one-time pad.  It's close, though.  The problem is
that the means that you use to convert the smaller OTP to a larger OTP
may be "flawed", and that is the algorithm that I think most people
here want to see.  I do believe that the 5600-bit OTP key material
that you distribute is random.  You claim it is hardware generated; I
believe that.  However that doesn't help me feel any less wary about
the algorithm you use to convert that 5600-bit OTP to a larger
pseudo-random stream.

At best, you have a cipher with a 5600-bit key.  If this is so, I
congratulate you on it.  However I think that I, and others on this
list, would like to see how it is accomplished.  This is mostly
because I believe people here are wary of such systems; key management
and random number generation is a tricky business, and its very easy
to make a slip and get it wrong.  Just look at Netscape and other
systems which have fallen to simple attacks.

I think that people here would like to prove whether or not your
system is vulnerable to such attacks.  Just remember that if it is not
vulnerable, as you claim, then you have nothing to worry aout and you
will gain the acknowledgement of the cypherpunks behind you.  On the
other hand, wouldn't you rather that you know if your system has a
flaw, rather than having some cracker discover it and try to exploit
it rather than inform you?  That is a choice you will have to make.

I believe the cypherpunks offer still stands:  to test your algorithm.

The choice is yours.

-derek





From thad at hammerhead.com  Mon Feb 19 22:51:17 1996
From: thad at hammerhead.com (Thaddeus J. Beier)
Date: Tue, 20 Feb 1996 14:51:17 +0800
Subject: Optical repeaters
Message-ID: <199602200501.VAA10510@hammerhead.com>



You should be able to use optical repeaters in a quantum cryptography situation.
The way lasers (these optical repeaters are lasers) amplify is that a photon
can stimulate the emission of an identical (in all respects) photon from an
excited atom as it goes by.  So you get two photons, with exactly the same
direction, frequency, polarization, and so on; without measuring those states.
This is how lasers work.

But, and this is the interesting part; you cannot use this feature to tap
the line.  Measuring either one of these photons would disturb the other,
destroying the state that it has.

It has been proven over and over that you cannot measure the polarization of
a photon in two axes at the same time, the measurment at one axis destroys
that information.  So you think, "Fine, I'll just stimulate the emission of
an identical photon, and measure one horizontally and one vertically. 
I'm only measuring each photon once, but since I know that the two photons
are identical, I can deduce the polarization in both axes of the one photon
from these two measurements."  Makes sense.  Doesn't work.  There was a
fabulous article in Scientific American, I think August 1978 that described
almost exactly this experiment.  You can think about it a number of different
ways, but the upshot is that you cannot defeat quantum cryptography this way,
the uncertainty principle will not let you.

thad
-- Thaddeus Beier                     thad at hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 





From coleman at math.gatech.edu  Mon Feb 19 22:51:46 1996
From: coleman at math.gatech.edu (Richard J. Coleman)
Date: Tue, 20 Feb 1996 14:51:46 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200340.WAA16734@redwood.skiles.gatech.edu>


> Perhaps so, but our system does employ a true hardware generated OTP, and 
> operates similiar to what you describe -  however, the important 
> differernce is that we use a smal;l OTP to generate a larger OTP, like 
> stringing the cable across the Golden Gate narrows. Just becuase we 
> convert over from a full OTP to a prime number wheel system configured 
> from the OTP doers not mnean that the result is not an OTP - in theory it 
> is simple to break RSA systems, but factoring a 2048 bit number, or 4096 
> number, or whatever, makes the problem enormous  - our system for large 
> messages/files is similiar in difficult except that it is much nearer 
> an 8192 bit number than 2048. The possibilities to be examined ar4e so 
> large, that iot is not possible to solve then with a computer, even if 
> all the particles in the iuniverse, all 10 to the 80 power of then were 
> a Cray T3E, or better.  Furthermore, all you would get would be all the 
> possiblilities which would be everything!

I'm way out of my league here, but using a small OTP to create a
larger OTP seems impossible on information theoretic grounds.

Richard Coleman
coleman at math.gatech.edu






From liberty at gate.net  Mon Feb 19 23:08:22 1996
From: liberty at gate.net (Jim Ray)
Date: Tue, 20 Feb 1996 15:08:22 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.) [HUMOR]
Message-ID: <199602200523.AAA15480@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Hey! These guys may be onto something after all...We can't decrypt
what they can't spell. ;)
JMR


Regards, Jim Ray 
Boycott espionage-enabled software! [It's evidently proliferating.]

"If I had to summarize [Republican candidate Morry] Taylor's campaign
 message, I'd boil it down to two basic points:
1. The problem with this country is that the government is run by lawyers.
2. And these are *stupid* lawyers."  --  Dave Barry 2/17/96
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMSlaR21lp8bpvW01AQF1WgP8C2fWGAY5o9hY9zt4lMKUa3AzfmqSua8E
l1VmYMH9hOak4EspWYMwPSdl1EtVWPK7bFSQHES//XmTQl6gqLl7lUx+YHUrwnNV
+Z1jkdUH/VanpK+ZXW0moq7aOQqn3KlJKkUIR0R6ynDBdsVwjZTGROmKYA/StygV
rDAj8bcU6rE=
=EtaV
-----END PGP SIGNATURE-----






From ses at tipper.oit.unc.edu  Mon Feb 19 23:21:17 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 20 Feb 1996 15:21:17 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200401.XAA05145@jekyll.piermont.com>
Message-ID: 


On Mon, 19 Feb 1996, Perry E. Metzger wrote:

> 
> "Richard J. Coleman" writes:
> > I'm way out of my league here, but using a small OTP to create a
> > larger OTP seems impossible on information theoretic grounds.
> 
> No, you are correct.
> 
> Perry

But it's got rotors! Rotors I tell you!

Hiss, squeak. Hiss, squeak.  Hiss, squeak. 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From pgf at srl01.cacs.usl.edu  Mon Feb 19 23:27:44 1996
From: pgf at srl01.cacs.usl.edu (Phil G. Fraering)
Date: Tue, 20 Feb 1996 15:27:44 +0800
Subject: Optical repeaters
Message-ID: <199602200444.AA01625@srl03.cacs.usl.edu>


   From: tcmay at got.net (Timothy C. May)
   Newsgroups: hks.lists.cypherpunks

\Given that a quantum cryptography system depends on *single photons* to
/work, I'm not sure that talk of amplifification makes sense. Between source
\and receiver, a photon either makes it or doesn't. If it makes it, it makes
/it will its full "quanta" of energy, of course. If it doesn't make it, due
\to tunnel-penetrating the walls of the fiber or scattering off an impurity
/in the fiber, then it just doesn't make it, so no
\amplification/regeneration is possible. (Regenerate _what_?)

/But the quantum measurement issue, aside from the above, is an
\interesting one.  We have to be careful here (and I'm including
/myself, not just using the royal "we"). It isn't clear to me that the
\amplification/regeneration process counts as making a measurement,
/from some recent work I've read (sorry, don't recall the references,
\but could be a recent issue of "Scientific American"). In interference
/measurements, the wave function collapses if individual photons are
\counted and recorded (whatever "recorded" really means...) and the
/interference pattern vanishes. If the photons are not counted and/or
\recorded, the pattern reappears.

/By analogy, it is not clear to me that a simple regeneration mechanism,
\with no local observer or recording apparatus, will collapse the wave
/function.

I'm sorry I quoted so much, but let's think for a second: what is
a regeneration mechanism going to do?

Idea number one: It could act on an individual photon. This photon
could have its energy per photon increaced. Except for doppler effects
or possibly some wierd non-conservative electric/magnetic fields (and
I'm just starting again, and can't remember if there are some obscure
non-conservative electric fields), I don't think there are any methods
that don't involve <> of the photon. Please note that the
known ways of "pumping" a photon's frequency, such as interaction with
electrons in the orbitals of atoms in a crystal lattice, involve
<>.

Please note I'm using the term <> in brackets so that the
physics-challenged here will realize that what is being discussed is
the Q-M concept of measurement and not the sending out of some guy
with a yardstick to look at photons.

Another idea that occured to me is that the number of photons are
being manipulated: one photon spawns many. As a practical example,
check any image-intensifier tube.

\Seems to me an experiment may have already been done along these
/lines: separate fibers producing an interference pattern and then these
\inline amps added...if the interference pattern remains, as I would expect,
/then the amps/regenerators did not constitute a "measurement" in QM terms.

I'm getting the impression of an optical-loop interferometer that
relies on the timing of a photon's arrival as the first-order
effect in the generation of an interference pattern. I'm not sure if
it'll work, but I'm willing to bet there are some useful optical-loop
interferometer experiments that don't rely on preserving all the
states of the photons in question. Don't ring gyroscopes rely on
measuring path length?

Other than the two examples I mentioned above, the only things I could
think of involved modifying quantum parameters themselves, which is
what's supposed to be avoided, right?

BTW, since I'm not on cypherpunks and am reading this sporadically
thanks to news.hks.net (thanks guys!), could y'all email any responses
to me?

I think I need that refresher course in electrodynamics and Q-M pretty
bad. 


\--Tim May

/Boycott espionage-enabled software!
\We got computers, we're tapping phone lines, we know that that ain't allowed.
/---------:---------:---------:---------:---------:---------:---------:----
\Timothy C. May              | Crypto Anarchy: encryption, digital money,
/tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
\W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
/Higher Power: 2^756839 - 1  | black markets, collapse of governments.
\"National borders aren't even speed bumps on the information superhighway."

I'd delete that but it's a work of art... 

Getting back to more real-world applications, anyone out there have
any ideas why netscape's stock is still so high when all the stuff
they came out with that was allegedly secure basically wasn't?

And more immediate than that, I was thinking of ordering some
textbooks using a borrowed credit card from a bookstore in Oregon.
Is it safe now? ;-)

If it turns out to not have been safe, can I sue Netscape for false
advertizing, even if I knew it was false?

Phil

Phil Fraering           "Nice shark...
pgf at srl03.cacs.usl.edu   _pretty_ shark..."
========================================================================
is it just me, or is everyone else having bsd flashbacks too?








From bruce at aracnet.com  Mon Feb 19 23:31:51 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 15:31:51 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054832.006f46ac@mail.aracnet.com>


At 06:52 PM 2/19/96 -0600, "David E. Smith"  wrote:

>Don't some remailers support the "Cutmarks"
>header, which does essentially that?

Yup. I clean forgot about it, truth to tell.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bruce at aracnet.com  Mon Feb 19 23:32:40 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 15:32:40 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054841.006fbd60@mail.aracnet.com>


At 02:39 PM 2/19/96 -0800, Raph Levien  wrote:

>   This is simply the "cut" feature of remailers, which is already
>implemented.

Right you are. I posted without thinking, and deserve the RTFM here.

>while. There may be publicly known functioning remailers which are not
>on my list, but I rather tend to doubt it.

Since I'm getting my list of remailers from you :-), I don't know about them
either.

I really wish I could get a lead on...well, I just put all that in a post to
Tim May, no need to duplicate it all. I'll cheerfully accept both info and
pointers to info for thsoe questions, though.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From ipgsales at cyberstation.net  Mon Feb 19 23:32:41 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Tue, 20 Feb 1996 15:32:41 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: 




On Mon, 19 Feb 1996, Derek Atkins wrote:

> I, too, am interested in seeing the underlying algorithms.  Not
> because I don't believe that they work, but because I'm interested in
> seeing what you may have found that no one else has.  However from
> your recent mailing I think I know what you're doing:
> 
> > Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
> > it employs a truse hardware random OTP to select intial settings, adds, 
> > and limits, so every one is new and unique - a lot of algorithnms can 
> > generate pseudfo random numbers, but once you know the algorithm, you 
> > can generate the random sequence. Our system does not do that - in 
> > oReder to solve the system, you must know what OTP was used, that is what 
> > was the true hardware generated OTP. Unless you know what that was, 
> > knowing the algorithm does nothing for you. If you understand that 
> > principle you understand the system. 
> 
> I think this is the key.  Question: if I knew the starting "OTP" that
> seeded your algorithms, would I be able to re-create the whole stream
> and decrypt a message? 

Answer - No, there are other things involved, time to microseconds, as 
well as the actual algorithm, recipient - name and relative number, and 
an additional user OTP. Remember that every OTP is a true OTP, and a new 
one is used for each transmission. The information to recreate the 
starting OTP is transmitted but is encrypted with the real starting OTP set,
so it is not easy to figure out what the starting OTP is.

Isuspect the answer is "yes".  However if I
> knew the algorithm you were using, could I decrypt the message without
> the use of the "OTP" key?

  I don't know the answer to this question.
> I hope the answer is no. 


It is definitely NO: You must have the the individual OTP to XOR out the 
message - It is the key to the encryption, and the obvious decryption.
The algorithm is impotent without the OTP.

 Assuming it is no, then I ask you: when can
> I see the algorithm you are using.  Following is an example of why
> knowledge of the algorithm is useful but not harmful:
> 
> Example: Let's assume I can securely exchange a "OTP" (key) with
> someone.  I now run some algorithm using that "OTP", add in the
> plaintext, and out comes a random stream which is the encrypted
> message.  Is this similar to what POTP does?  I believe the answer is
> "yes".  Let me submit that what I described here I can do with DES
> using ofb mode to generate a random number stream with which I encrypt
> the message.  The fact that I know I used DES does not help me decrypt
> the message.  I still need the "OTP" key in order to figure out which
> stream of random bits were used to encrypt the message.

 That is true, except you have a monstrous problem with key distribution 
 and the generation of the OTP keys. In effect, such a system would be 
 can OTP system, except it would not be as clean and as fast, and as 
 simplye as XORing the plain text with the OTP. 

> 
> > Perhaps so, but our system does employ a true hardware generated OTP, and 
> > operates similiar to what you describe -  however, the important 
> > differernce is that we use a small OTP to generate a larger OTP, like 
> > stringing the cable across the Golden Gate narrows. Just becuase we 
> > convert over from a full OTP to a prime number wheel system configured 
> > from the OTP doers not mnean that the result is not an OTP - in theory it 
> 
> Actually, this statement is false.  What you have is a pseudo one-time
> pad, not a true one-time pad.  It's close, though.


  I cannot argue with that characterization;however, I would point out 
  that a true One Time Pad must qualify as unpredictable, not 
  absolute random. We could generate indeterminate length OTPs but they 
  become unwieldy for huge files because the lengths must correspond - so 
  we have gone to the propogating method! 

  The problem is
> that the means that you use to convert the smaller OTP to a larger OTP
> may be "flawed", and that is the algorithm that I think most people
> here want to see.  I do believe that the 5600-bit OTP key material
> that you distribute is random.  You claim it is hardware generated; I
> believe that.  However that doesn't help me feel any less wary about
> the algorithm you use to convert that 5600-bit OTP to a larger
> pseudo-random stream.
> 
> At best, you have a cipher with a 5600-bit key. 

Yes, but it would be trival and not that big of a space problem to 
expand to a 10,000 bit key, or even a 20,000 bit key. We simply change a 
few parameters, in the C programs.

 If this is so, I
> congratulate you on it.  However I think that I, and others on this
> list, would like to see how it is accomplished.  This is mostly
> because I believe people here are wary of such systems; key management
> and random number generation is a tricky business, and its very easy
> to make a slip and get it wrong.  Just look at Netscape and other
> systems which have fallen to simple attacks.

We will provide you with a free demonstration if you would like. We will 
also provide you with the methodology in written form, but becuase of 
certain methods employed, we will not release the source code - we want 
tio buy some time.

In general, you will find the kernel of the propgations consists of 64 
equation sets of the form:

       Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers  
       ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
       OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic

Where the intial Bis, Cis and Dis are all randomly selected from a 
tables of 2048 random prime numbers, the 5600 bit OTP is used to make 
the selections from the 6144 prime numbers, Dis are always larger than 
either Cis or Bis. The Cis and Dis are also different prime mods of 256, 
there might be some repeats but not many from a selection of 64 from 
a set of 6144. The effect is that you put a plain text character into the 
system and the envcrypted character is XORed against a random character and 
the resultant becomes a part of the dynamically changing OTP. 

There is a little more to it but that is the essence!
> 
> I think that people here would like to prove whether or not your
> system is vulnerable to such attacks.  Just remember that if it is not
> vulnerable, as you claim, then you have nothing to worry aout and you
> will gain the acknowledgement of the cypherpunks behind you.  On the
> other hand, wouldn't you rather that you know if your system has a
> flaw, rather than having some cracker discover it and try to exploit
> it rather than inform you?  That is a choice you will have to make.
> 
> I believe the cypherpunks offer still stands:  to test your algorithm.


We would be most interested in allowing the cyberpunks to examine the 
program and use it as they like. We will provide source code for the 
propgation kernel, generating the large pseudo OTP from the real OTP - 
Actually there are two real time pads involved - a user oriented one and 
a message oriented one, nut that os only used to secure a user and for 
some smoothing operations. But that is the gist of it. 

> 
> The choice is yours.
> 
> -derek
> 

Try it, you will like it:







From bruce at aracnet.com  Mon Feb 19 23:39:25 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 15:39:25 +0800
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054834.006cc5d4@mail.aracnet.com>


>Further, in an earlier message Bruce Baugh asked why some remailers did not
>more promptly remail their messages. 

No, Tim, I didn't. I asked why I was noticing a secular slowdown _relative
to last month_ when I did the same thing I'm doing now. Then I asked the
same question for the last couple of days relative to the end of the last week.

I understand why there are delays. And how to set latency. And a number of
other things. This is none of those.

I'll take the heat for what I do write. I'm not claiming to be an expert, I
do make mistakes, I do get confused, when it's appropriate I'll take a few
"RTFMs" (as with cutmarks). In return, though, I don't take the heat for
what I don't write.

I will also point out that I asked at least a few of these questions when I
posted my January results. Particularly, I'm curious to get a better handle
on what elements of the process I'm using lead to such different time
results from, say, Raph's pinging chart. Local site? The scummy service
through which too much Portland traffic has to pass? Other factors? Dunno.
Met with deafening silence last month, apart from some thank-yous on the
side from folks who appreciated having things already formatted with times
rather than needing the extra step of reading the codes.

[Side note: I see myself as offering a supplement to services like Raph's.
Obviously I can't compete in timeliness or comprehensiveness of coverage. On
the other hand, I do think my usage reflects much more closely what happens
when people actually send traffic through remailers, and I go for maximum
clarity of presentation. In other words, I'm building on others' work. No
inflating of ego is intended or implied; some settling of arches may have
occurred during shipping.]

So I'm asking again. I've had some helpful notes on the side from remailer
operators, to whom my thanks. I'd like to learn more.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bdavis at thepoint.net  Mon Feb 19 23:46:53 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Tue, 20 Feb 1996 15:46:53 +0800
Subject: Prosecutor Violates CDA--Film at Eleven
In-Reply-To: 
Message-ID: 


On Mon, 19 Feb 1996, Timothy C. May wrote:

> At 3:12 AM 2/20/96, Brian Davis wrote:
> >On Mon, 19 Feb 1996, jim bell wrote:
> >
> >> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> >> to me.                                                  ^^^^^^^^^^^^^^^^^^ >
> >  ^^^^^^
> >
> >No shit.
> 
> 
> Brian,
> 
> While I agree with your point of view, I must inform you that your word is
> one of the "Seven Dirty Words" and that you have thus violated the
> Communications Decency Act. There are several self-admitted minors
> (including several high school students) subscribed to the Cypherpunks
> list, so use of such indecent language as the above is a violation of the
> CDA on the face of it.
> 
> I presume you will not be allowed to prosecute yourself.

Fuck.  I've been caught!  But I granted myself immunity.  So piss on 
them.

Besides, it is almost 1:00 a.m. and all kids are asleep!

> 
> 
> --Tim May
> 

EBD

> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!






From stevenw at best.com  Mon Feb 19 23:57:45 1996
From: stevenw at best.com (Steven Weller)
Date: Tue, 20 Feb 1996 15:57:45 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 



Some thoughts on the rash of IPG OTP cluelessness:

If I set up a radioactive source, I can almost certainly get 1000 bits per
second of random data from it. Chop it up into 5 second chunks and sell em.
That's 5000 bits without all that messy rotor stuff.

Why throw out 30% - 50% of the OTPs? Any filtering algorithm will reduce
the randomness of the resulting numbers. My guess is that the "hardware"
randomness generator has very little entropy and a) produces numbers with a
bell curve distribution, so concentrating what little entrpy there is, and
b) *repeats* a whole lot of the time. That's what they throw out.

They know that encryption has something to do with prime numbers so they
throw in a little obfuscation with the rotor thing. Why bother?

And of course, since they supply all the locks and all the keys, they can
search for, locate, and read anybody's communication whenever they want.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From nobody at REPLAY.COM  Tue Feb 20 00:01:58 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Tue, 20 Feb 1996 16:01:58 +0800
Subject: should we use same nym on multiple servers?
Message-ID: <199602200645.HAA00901@utopia.hacktic.nl>


  With the additional nym servers coming on the scene comes the 
question of whether or not to "claim" our alpha.c2 nym on the other 
ones, too.  E.g., if we are foobar at alpha.c2.org, should we also become 
foobar at nym.gondolin.org and foobar at nym.alias.net, too?

  That would let us have a very stable nym, and prevent confusion over 
who's "who" if someone else were to have the same id with another nym 
server.  But, it makes it harder to keep our real ID secret.  (E.g., 
an oversimplified scenario would be if an attacker sends a message to 
all three nyms, then watches three PGP conventionally encrypted 
messages arrive in our mailbox.)

  A "safer" way would be to have the other two nyms have a fake 
address, but then we couldn't receive mail with it.  A trickier way 
would be to have the reply block point to alt.anonymous, but then we'd 
have to constantly be watching for a message "to" us.

  Another angle, though, is that the nym servers may be unstable, and 
multiple nyms would allow us to post, if out "favorite" is down.

  Anyways, I'm a beginner, and think that the most useful use of 
remailers is to ask dumb questions.  :-)






From tcmay at got.net  Tue Feb 20 00:17:13 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 16:17:13 +0800
Subject: Compelling Advantage of Public Key Systems
Message-ID: 



This is a really, really basic point, but it seems to be lost by some of
the folks talking about "virtual one-time pads," "power one-time pads," and
"visual power agents one-time pads."

To wit: public key systems drastically simplify the whole key exchange problem.

Thus, I can send an encrypted message to any of you for whom I have a
public key, or can easily get a public key for, and then only the holder of
the private key can decrypt. (There are the usual wrinkles about whether
the public key is really that of the person you think it is for, MITM,
etc., but these are true of any system, and in practice present little
problem.)

Any schemes which use symmetric key systems, including one time pads, must
of necessity involve prior arrangement to exchange keying materials.
Nothing can get around this.

The "revolution in cryptography" comes from this basic feature of public
key cryptosystems. Period.

I suggest we not waste our time on the "IPG" system. Whether it is secure
or not is not the point. It's cumbersomeness and its $15 a month for some
nominally random-looking bits (though known to IPG, so what's the point?)
will kill it dead.

Let those who use it be examples of evolution in action.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Tue Feb 20 00:25:38 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 16:25:38 +0800
Subject: should we use same nym on multiple servers?
Message-ID: 


At 6:45 AM 2/20/96, Anonymous wrote:
>  With the additional nym servers coming on the scene comes the
>question of whether or not to "claim" our alpha.c2 nym on the other
>ones, too.  E.g., if we are foobar at alpha.c2.org, should we also become
>foobar at nym.gondolin.org and foobar at nym.alias.net, too?

You know, shalmaneser at alpha.c2.org sent me a message demanding that he be
given the name shalmaser at black.net on my system, for exactly this reason.

I told him to fuck off.

Now he's threatening to sue me. Do you folks think this is right?

(More to the point, this example shows that whatever "anonymous" thinks
about "claims" on nyms, it's pointless. Even if _some_ nyms are apparently
persistent across nymservers, all it takes is the possibility of this not
to be so for the fiction to collapse. The best way to prove that
"shalmaneser at alpha.c2.org" is really the same True Name (or in alliance
with) as "foobar at black.net" is to show that either can read the messages
encrypted to the other.)


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From erc at dal1820.computek.net  Tue Feb 20 00:46:48 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 20 Feb 1996 16:46:48 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


On Mon, 19 Feb 1996, IPG Sales wrote:

> Perry
> 
> Yes you are quite right - time will tell and it is you that is wrong - as 
> time will prove - it will be my pleasure to have you eventually choke on 
> your castigating words - to castigate be sure that you are right, and in 
> this case, you are wrong as time will tell - wait and see -!!!!!!

As much as I dislike Perry's strutting on CP, I dislike even more folks
who dream up some hair-brained scheme, then claim it's the greatest thing
since sliced bread, without so much as anything approaching peer review,
and are obviously out to make a quick buck when they take the company
public.  I hate to say it in public, but Perry's 100% correct.

Especially ones who end their rants with multiple exclamation marks.  The
more exclamation marks I see, the faster the message gets thrown in the
trash. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From lmccarth at cs.umass.edu  Tue Feb 20 00:52:20 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 20 Feb 1996 16:52:20 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200812.DAA05762@thor.cs.umass.edu>


IPG Sales writes:
> Obviously you want to criticise without investigation. He who knows all, 
>    knows little, or nothing accoring to Einstein.

That's a rather disingenuous statement. I read your press release, and then
I spent a while browsing through everything that seemed germane on your
web pages. But my investigation of all the material you had presented to the
world yielded very little in the way of hard facts about the security of the 
IPG system. I responded to what I'd been able to find.

Future technical investigations of IPG would be greatly aided if you placed
on your web pages some of the technical details you have at last revealed
here. I just checked your web pages again, and they still don't explain the
actual workings of the system at all.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From bruce at aracnet.com  Tue Feb 20 01:18:48 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 17:18:48 +0800
Subject: Compelling Advantage of Public Key Systems
Message-ID: <2.2.32.19960220082955.00691914@mail.aracnet.com>


At 12:58 AM 2/20/96 -0800, tcmay at got.net (Timothy C. May) wrote:

>To wit: public key systems drastically simplify the whole key exchange problem.

Exactly. I was trying (not very successfully, I fear) to explain this point
just this afternoon to an acquaintance who's developed a handy-to-use but
not at all really secure encryption utility. Quite apart from the issue of
key size, the public-key system means that I never have to have a secure
channel to start communicating. If I've got a channel secure enough to send
a clear password to you, I don't need the encryption for security reasons.
(_Economic_ reasons may well be valid ones, in practice, but again, if a
secure channel isn't routinely available, I say go for the tool that doesn't
require it.)

I find that it generally takes a few repetitions of this for it to sink in,
but once it does, an "aha!" usually follows.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bruce at aracnet.com  Tue Feb 20 01:19:25 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Tue, 20 Feb 1996 17:19:25 +0800
Subject: should we use same nym on multiple servers?
Message-ID: <2.2.32.19960220082958.00691804@mail.aracnet.com>


At 01:05 AM 2/20/96 -0800, tcmay at got.net (Timothy C. May) wrote:

>You know, shalmaneser at alpha.c2.org sent me a message demanding that he be
>given the name shalmaser at black.net on my system, for exactly this reason.
>I told him to fuck off.
>Now he's threatening to sue me. Do you folks think this is right?

No fooling? Wow. That's astonishingly clueless on his part, I'd say. 

When I sign up with an Internet provider, I don't necessarily get the user
name I want. When I joined Teleport, "bruce", "baugh", and "bbaugh" were all
already taken. I presume by, in turn, someone with the first name of Bruce,
someone with the last name of Baugh, and someone with a first initial of B
and a last name of Baugh. (There are, oh, third or fourth cousins of mine in
the area. These things happen.) When I transferred to Aracnet, "bruce" was
free, so I grabbed it. If Bruce Boxleitner were to try to get an account
there, that'd be his tough luck.

Even more so with nyms, and even more more so with nyms that aren't real
names. "Shalmaneser" is a name with antecedents, after all. If someone else
beat the c2 guy to it at black.net, that's his tough luck. No provider, I
think, is compelled to offer anyone the user name they might like to have,
nor to hold one indefinitely on the off chance. Welcome to the real world,
where more than one person can have the same idea.

And, as you say...

>about "claims" on nyms, it's pointless. Even if _some_ nyms are apparently
>persistent across nymservers, all it takes is the possibility of this not
>to be so for the fiction to collapse. The best way to prove that
>"shalmaneser at alpha.c2.org" is really the same True Name (or in alliance
>with) as "foobar at black.net" is to show that either can read the messages
>encrypted to the other.)

Right. It at least shows some level of cooperation, if not identity. And
realistically, that's about as close as anyone is going to get.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From don at cs.byu.edu  Tue Feb 20 01:19:45 1996
From: don at cs.byu.edu (don at cs.byu.edu)
Date: Tue, 20 Feb 1996 17:19:45 +0800
Subject: should we use same nym on multiple servers?
In-Reply-To: <199602200645.HAA00901@utopia.hacktic.nl>
Message-ID: <199602200823.BAA00562@wero.cs.byu.edu>


-----BEGIN PGP SIGNED MESSAGE-----


>   With the additional nym servers coming on the scene comes the 
> question of whether or not to "claim" our alpha.c2 nym on the other 
> ones, too.  E.g., if we are foobar at alpha.c2.org, should we also become 
> foobar at nym.gondolin.org and foobar at nym.alias.net, too?

*shrug* sounds good

> an oversimplified scenario would be if an attacker sends a message to 
> all three nyms, then watches three PGP conventionally encrypted 
> messages arrive in our mailbox.)
> 
>   A "safer" way would be to have the other two nyms have a fake 
> address, but then we couldn't receive mail with it.  A trickier way 
> would be to have the reply block point to alt.anonymous, but then we'd 

Traffic analysis can happen even with only one address. (just spam attack
the one, or whatever)

You can protect yourself somewhat by putting lots of latency into your reply
block, including random. You could have one nym point to another.

ObMindWandering
Since expiration dates were "supposed" to be added to type I, and there's at
least some spam-detection code, why not add "Hi, I'm reply block #XYZ. Watch
for spam attacks from me." warnings inside the reply block. (To be lost on
the next hop, of course)

If good spam-detection code ever catches on in type I, it would be nice to be
able to trigger it yourself. 

ObSnakeOil: Post your source code or go away, you're wasting bandwidth.

ObNoiseInGeneral: skipping it in leaps and bounds. MUCH quieter. =)
- -- 
           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root at fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSmE/cLa+QKZS485AQHbigL+Ja1krN2TUFyR+aFR6C0wI5zj4160Iz0q
0tLKSA7X+px+lUwCLdRuEk4wskcNhXFP5ESpCxpQKw2CZRjNlJ4vZA54wE9PBlxf
ibR4ZpktxfFsYr+rkdwt0JWUj/+65d6P
=Pwji
-----END PGP SIGNATURE-----





From nelson at santafe.edu  Tue Feb 20 01:20:53 1996
From: nelson at santafe.edu (Nelson Minar)
Date: Tue, 20 Feb 1996 17:20:53 +0800
Subject: breakable session keys in Kerberos v4
Message-ID: <199602200828.BAA21074@nelson.santafe.edu>


I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
of forwarded messages: first, an announcement made Fri Feb 16 by Gene
Spafford at COAST about an exploitable flaw they've found in Kerberos,
and then a comment on the www-security list that it is due to a bad
random number generator. Same old story!

The message (lifted from the COAST web site)
-----BEGIN PGP SIGNED MESSAGE-----

Personnel at the COAST Laboratory (Computer Operations, Audit, and
Security Technology) at Purdue University have discovered a
vulnerability in current versions of the Kerberos security system.
Graduate students Steve Lodin and Bryn Dole, working with Professor
Eugene Spafford, have discovered a method whereby someone without
privileged access to most implementations of a Kerberos 4 server can
nonetheless break secret session keys issued to users.  This means that
it is possible to gain unauthorized access to distributed services
available to a user without knowing that user's password. This method
has been demonstrated to work in under 1 minute, on average, using a
typical workstation, and sometimes as quickly as 1/5 second.

The Kerberos system was developed at MIT in the mid-1980s, and has
been widely adopted for security in distributed systems worldwide.
Kerberos is most often used on UNIX platforms by various vendors, and
is often enhanced, sold and supported by 3rd-party vendors for use in
academic, government, and commercial environments.

The same researchers at COAST have also found a small, theoretical
weakness in Kerberos version 5 that would allow similar access, given
some additional information and considerable preliminary computation.
Kerberos version 5 does not exhibit the same weakness as described
above for Kerberos version 4.

The researchers at COAST had intended to release the specific details
of the problem to affected vendors and incident response teams during
the week of February 19, prior to making a public announcement of
their findings.  However, as rumors have begun to circulate and
several representatives of the news media have apparently received
indication of the problem, we are releasing this preliminary
announcement at this time.

Government and industry sponsors of the COAST Laboratory were made
aware of the preliminary details of these findings in January (full
sponsors receive early notification of significant discoveries as a
result of COAST research).  Other affiliates of COAST as well as the
world-wide network of FIRST computer incident response teams were made
aware of the general nature of the findings during the week of
February 5.  The original plan at COAST was to release specific
details only to FIRST (Forum of Incident Response and Security Teams)
teams and to MIT prior to announcement by affected vendors of a fix
for these weaknesses.  The flaw in Kerberos version 4 is significant
enough that disclosure of its details prior to a fix would allow
someone with moderate programming skills to exploit it; there is
currently no reason to believe that others know the details of the
flaw and are exploiting it, so there is no immediate danger to the
public that would warrant release of the details at this time.

COAST personnel have been informed that MIT has already developed a
fix for the flaw in version 4 Kerberos and is preparing it for
release.  Additionally, COAST researchers are cooperating with MIT
personnel to identify what (if any) fixes are necessary for version 5
Kerberos. Users of either version of Kerberos should contact their
vendors for details of any fixes that may be made available; vendors
of products incorporating Kerberos should contact MIT directly for
details of the problems and fixes.

COAST is a research group of faculty and students dedicated to
research into information security and computer crime investigation,
and education in computer and network security.  It is the largest
such university-based group in the United States.

Information on COAST may be found on the WWW at
  http://www.cs.purdue.edu/coast
Information on FIRST teams may be found on the WWW at
  http://www.first.org
Information on MIT's Kerberos may be found on the WWW at
  ftp://athena-dist.mit.edu/pub/kerberos/doc/KERBEROS.FAQ

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key @ ftp://ftp.cs.purdue.edu/pub/spaf/pers/pgpkey.asc

iQCVAwUBMSZ42cpvK4P8DALVAQHg8QP/TRmqwP7vG32aaBjvbMof2iuVQ2bcWrg9
p55KN5wBfrBzxq5/NE+6lodkqq2w1ib8q/47uYT1S8iR+z2tnbvL64dxrtDEh4iY
iEWjfpTMtQxLmZ1gA3Sxxn4A+6KwlXq5z4Lp2BROUXyeSR7HPAEeEQucRNWkzz8o
IOMHuBAcBKo=
=yWxe
-----END PGP SIGNATURE-----

(a comment I found in reply)

------- Start of forwarded message -------
From: jis at mit.edu (Jeffrey I. Schiller)
Subject: Re: Kerberos Vulnerability
Newsgroups: hks.lists.www-security
Date: 19 Feb 1996 21:42:08 -0500
Organization: HKS, Inc.
Path: hks.net!news-mail-gateway!owner-www-security
Lines: 8
Sender: root at hks.net
Message-ID: 
NNTP-Posting-Host: bb.hks.net

There will be a fix distributed by MIT later this week. The problem is that
the random number generator in V4 is worse then we thought! The fix is to
retrofit the V5 generator (which is decent) into the V4 KDC. Note: Only the
KDC needs to be updated, clients and servers are unaffected.

                                -Jeff


------- End of forwarded message -------






From lmccarth at cs.umass.edu  Tue Feb 20 01:31:31 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 20 Feb 1996 17:31:31 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602200851.DAA02057@thor.cs.umass.edu>


I wrote:
# Gee, why are we all so worried about key management ?  It's just a load and
# go installation at each of the user sites !  ;)

("That was sarcasm, son")

IPG Sales writes:
> That is precisely why PCX Nvelopes is such an extraordinary system. 
> That is the beauty of PCX Nvelopes, it lifts that  burden from the 
> user, eliminates it entirely. You may have worried about key 
> management, but with our system, you will not have to do so in the 
> future. The system itself, manages all the OTPs, you do not have to do 
> anything but use the system. Key management is the problem with all existing 
> systems, but it is no problem at all with the PCX Nvelopes system, 

What protects each user's one time pads ("PCX Nvelopes", or whatever) ?  

Are they protected by an eight-character Unix account password ?  (This would 
be harder for implementations on traditionally single-user platforms like the
Macintosh and most of the Microsoft OSes, presumably.) 

Are they protected by a policy that says all users must lock away their IPG
disks or CDs when not in use ?  

Also, how are they protected from the people who generate the one-time pads
at IPG (and their friends and families) ? 

> as you 
> would see if you looked at the system, instead, of talking about something 
> when you have no idea at all of what it is about. 

As I said earlier, I read all your material and still had almost no idea
at all about what it is. If you don't tell people about the system, it's
extremely hard for them to do more than speculate.

> The first set of keys 
> must be sent by a secure source, US mail, FED EX, or whatever, but
> thereafter, all updates can be accomodated over Internet. 

Keys ?  Wait a minute, #2 of the "Dozen Reasons why PCX Nvelopes is
absolutely the finest Communication Security and Privacy system available",
according to http://www.netprivacy.com/ipg/dozbest.html, is:

"2. No Messy, Intrusive Passwords/Encryption Keys to get in your way and
worry about, forget about those troublemakers"

[...]
> all hardware generation of OTP's are irregular, otherwise they are not 
> random. 

I'm not sure what you mean by "irregular" in this context.

> Thus at times, a hardware source, such as ADC LOB system, can generate 
> nonrandom data, unless this is checked, it can destroyed the integrity of 
> your system. 

This doesn't quite jibe with my understanding of the typical use of a hardware
RNG. From what I have read, one starts with an unpredictable bit source with
some known bias, so that each original bit has somewhat less than one bit of
real entropy. The bias is "corrected" by combining the original bits to get
fewer bits with enough real entropy, and then repeating the process enough to
get enough final bits of real entropy. 

Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
just tried a web search for the two together, and all I got was a page of
UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
but he doesn't mention either acronym. I might guess that LOB = Low Order
Bits.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From MAILER-DAEMON at ncrhub4.attgis.com  Tue Feb 20 01:45:59 1996
From: MAILER-DAEMON at ncrhub4.attgis.com (Mail Delivery Subsystem)
Date: Tue, 20 Feb 1996 17:45:59 +0800
Subject: Returned mail: Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)
Message-ID: <199602200914.EAA02287@ncrhub5.attgis.com>


The original message was received at Tue, 20 Feb 1996 03:58:01 -0500 (EST)
from ncrgw1 at localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks at toad.com
Received: from ncrgw1.UUCP (ncrgw1 at localhost) by ncrhub5.attgis.com (8.7.3/8.7.3) with UUCP id DAA01682 for sandiegoca.ncr.com!chris.claborne; Tue, 20 Feb 1996 03:58:01 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 20 Feb 96 03:57:37 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadsc06898; Tue, 20 Feb 1996 03:36:36 -0500 (EST)
Received: by toad.com id AA24807; Tue, 20 Feb 96 00:12:26 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA24801; Tue, 20 Feb 96 00:12:23 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA21656; Tue, 20 Feb 1996 03:12:18 -0500
Received: (from lmccarth at localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id DAA05762; Tue, 20 Feb 1996 03:12:18 -0500
From: lmccarth at cs.umass.edu
Message-Id: <199602200812.DAA05762 at thor.cs.umass.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
To: cypherpunks at toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 03:12:17 -0500 (EST)
Cc: ipgsales at cyberstation.net (IPG Sales)
Reply-To: cypherpunks at toad.com (Cypherpunks Mailing List)
In-Reply-To:  from "IPG Sales" at Feb 19, 96 02:51:58 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk

   ----- Message body suppressed -----






From Mailer-Daemon at wipinfo.soft.net  Tue Feb 20 01:48:28 1996
From: Mailer-Daemon at wipinfo.soft.net (Mail Delivery Subsystem)
Date: Tue, 20 Feb 1996 17:48:28 +0800
Subject: Returned mail: User unknown
Message-ID: <9602200933.AB07900@s.wipinfo.soft.net>


   ----- Transcript of session follows -----
550 rajr... User unknown

   ----- Unsent message follows -----
Return-Path: 
Received: by s.wipinfo.soft.net (4.1/SMI-4.1)
	id AA07898; Tue, 20 Feb 96 15:03:05 IST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadse09618; Tue, 20 Feb 1996 04:11:46 -0500 (EST)
Received: by toad.com id AA25259; Tue, 20 Feb 96 00:51:53 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA25253; Tue, 20 Feb 96 00:51:48 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA22177; Tue, 20 Feb 1996 03:51:45 -0500
Received: (from lmccarth at localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id DAA02057; Tue, 20 Feb 1996 03:51:44 -0500
From: lmccarth at cs.umass.edu
Message-Id: <199602200851.DAA02057 at thor.cs.umass.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
To: cypherpunks at toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 03:51:44 -0500 (EST)
Cc: ipgsales at cyberstation.net (IPG Sales)
Reply-To: cypherpunks at toad.com (Cypherpunks Mailing List)
In-Reply-To:  from "IPG Sales" at Feb 19, 96 02:51:58 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Length: 3356
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk

I wrote:
# Gee, why are we all so worried about key management ?  It's just a load and
# go installation at each of the user sites !  ;)

("That was sarcasm, son")

IPG Sales writes:
> That is precisely why PCX Nvelopes is such an extraordinary system. 
> That is the beauty of PCX Nvelopes, it lifts that  burden from the 
> user, eliminates it entirely. You may have worried about key 
> management, but with our system, you will not have to do so in the 
> future. The system itself, manages all the OTPs, you do not have to do 
> anything but use the system. Key management is the problem with all existing 
> systems, but it is no problem at all with the PCX Nvelopes system, 

What protects each user's one time pads ("PCX Nvelopes", or whatever) ?  

Are they protected by an eight-character Unix account password ?  (This would 
be harder for implementations on traditionally single-user platforms like the
Macintosh and most of the Microsoft OSes, presumably.) 

Are they protected by a policy that says all users must lock away their IPG
disks or CDs when not in use ?  

Also, how are they protected from the people who generate the one-time pads
at IPG (and their friends and families) ? 

> as you 
> would see if you looked at the system, instead, of talking about something 
> when you have no idea at all of what it is about. 

As I said earlier, I read all your material and still had almost no idea
at all about what it is. If you don't tell people about the system, it's
extremely hard for them to do more than speculate.

> The first set of keys 
> must be sent by a secure source, US mail, FED EX, or whatever, but
> thereafter, all updates can be accomodated over Internet. 

Keys ?  Wait a minute, #2 of the "Dozen Reasons why PCX Nvelopes is
absolutely the finest Communication Security and Privacy system available",
according to http://www.netprivacy.com/ipg/dozbest.html, is:

"2. No Messy, Intrusive Passwords/Encryption Keys to get in your way and
worry about, forget about those troublemakers"

[...]
> all hardware generation of OTP's are irregular, otherwise they are not 
> random. 

I'm not sure what you mean by "irregular" in this context.

> Thus at times, a hardware source, such as ADC LOB system, can generate 
> nonrandom data, unless this is checked, it can destroyed the integrity of 
> your system. 

This doesn't quite jibe with my understanding of the typical use of a hardware
RNG. From what I have read, one starts with an unpredictable bit source with
some known bias, so that each original bit has somewhat less than one bit of
real entropy. The bias is "corrected" by combining the original bits to get
fewer bits with enough real entropy, and then repeating the process enough to
get enough final bits of real entropy. 

Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
just tried a web search for the two together, and all I got was a page of
UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
but he doesn't mention either acronym. I might guess that LOB = Low Order
Bits.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lmccarth at cs.umass.edu  Tue Feb 20 02:02:18 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 20 Feb 1996 18:02:18 +0800
Subject: Remailers not heard from; info?
In-Reply-To: <2.2.32.19960219191757.006d763c@mail.aracnet.com>
Message-ID: <199602200943.EAA06099@thor.cs.umass.edu>


Bruce Baugh writes:
> And as long as I'm asking questions :-), I see that some remailers
> (hfinney at shell.portal.com, hal at alumni.caltech.edu, homer at rahul.net) preserve
> subject lines while others do not. Is this a readily settable option? If so,
> I'd like to commend it to other remailer operators. If not, I'd be
> interested in getting some sense of how difficult a hack it is.

(Raph has authoritatively covered the space of deployed options already.)

Writing code to keep or drop particular headers is trivial. Getting everyone
who runs a remailer to deploy that code tends to be much harder.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From Mailer-Daemon at wipinfo.soft.net  Tue Feb 20 02:30:38 1996
From: Mailer-Daemon at wipinfo.soft.net (Mail Delivery Subsystem)
Date: Tue, 20 Feb 1996 18:30:38 +0800
Subject: Returned mail: User unknown
Message-ID: <9602201012.AB09634@s.wipinfo.soft.net>


   ----- Transcript of session follows -----
550 rajr... User unknown

   ----- Unsent message follows -----
Return-Path: 
Received: by s.wipinfo.soft.net (4.1/SMI-4.1)
	id AA09632; Tue, 20 Feb 96 15:42:56 IST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadsh11578; Tue, 20 Feb 1996 04:51:09 -0500 (EST)
Received: by toad.com id AA25879; Tue, 20 Feb 96 01:43:53 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA25873; Tue, 20 Feb 96 01:43:48 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA22591; Tue, 20 Feb 1996 04:43:46 -0500
Received: (from lmccarth at localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id EAA06099 for cypherpunks at toad.com; Tue, 20 Feb 1996 04:43:46 -0500
From: lmccarth at cs.umass.edu
Message-Id: <199602200943.EAA06099 at thor.cs.umass.edu>
Subject: Re: Remailers not heard from; info?
To: cypherpunks at toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 04:43:45 -0500 (EST)
Reply-To: cypherpunks at toad.com (Cypherpunks Mailing List)
In-Reply-To: <2.2.32.19960219191757.006d763c at mail.aracnet.com> from "Bruce Baugh" at Feb 19, 96 11:17:57 am
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Length: 814
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk

Bruce Baugh writes:
> And as long as I'm asking questions :-), I see that some remailers
> (hfinney at shell.portal.com, hal at alumni.caltech.edu, homer at rahul.net) preserve
> subject lines while others do not. Is this a readily settable option? If so,
> I'd like to commend it to other remailer operators. If not, I'd be
> interested in getting some sense of how difficult a hack it is.

(Raph has authoritatively covered the space of deployed options already.)

Writing code to keep or drop particular headers is trivial. Getting everyone
who runs a remailer to deploy that code tends to be much harder.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From daw at dawn9.CS.Berkeley.EDU  Tue Feb 20 02:44:22 1996
From: daw at dawn9.CS.Berkeley.EDU (David A Wagner)
Date: Tue, 20 Feb 1996 18:44:22 +0800
Subject: True random numbers
Message-ID: <199602201017.FAA06008@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

In article <9602191812.AA07312 at toad.com>,   wrote:
> Persi Diaconis gave a talk here last week on pseudorandom generation,
> during which he was asked by people didn't use hardware RNGs.  He said
> that he wasn't aware of any that passed the standard battery of
> statistical tests.

Well, he's just being silly then.

Throw the true random numbers into a hash function, and voila! they
pass all the standard battery of tests.

The hard part, IMHO, is figuring out how much true entropy you've got.
(Estimate, but be very conservative!  Mistakes are costly.)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSmfoioZzwIn1bdtAQHn3wF9E/jnTYZAgUM/Xkd9XCn2kfI1kJw6I1j8
PUkrLrMoy8hL5HVLHOxemVgQAyQQqnSD
=OheY
-----END PGP SIGNATURE-----





From stewarts at ix.netcom.com  Tue Feb 20 03:22:34 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 20 Feb 1996 19:22:34 +0800
Subject: CDA outside US (Including Indian Reservations)
Message-ID: <199602201045.CAA13729@ix16.ix.netcom.com>


At 06:21 PM 2/18/96 -0700, Sean Morgan wrote:
>This is not an idle threat.  When Pierre Trudeau was elected prime minister
>of Canada (1969?) there was some scrambling in the US to get him off the
>_persona non grata_ list.  Seems that in his student days he had been busted
>for trying to kayak from Florida to Cuba.  Canadian author Farley Mowatt
>(sp?) was turned back at the border for imagined pinko associations (best
>guess was that it was because he had traveled to the USSR to research _Sibir_).

Farley Mowat (author of such pinko-Canadian books as "Never Cry Wolf")
had also "violently attacked" the US Air Force.  He was annoyed at them for
flying
nuclear bombers and such on training runs over Canada, and shot at them
with a small rifle (I think it was a .22 or something equally dangerous to
airplanes at 35000 feet...)  They didn't like it.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From stewarts at ix.netcom.com  Tue Feb 20 03:27:13 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 20 Feb 1996 19:27:13 +0800
Subject: ITAR Amended to Allow Personal Use Exemptions
Message-ID: <199602201046.CAA13736@ix16.ix.netcom.com>


At 07:28 PM 2/16/96 -0500, Adam Shostack  wrote:
>Since we don't need a license, what records are we supposed to keep?

>| The product must
>| not be intended for copying, demonstration, marketing, sale, re-export,
>| or transfer of ownership or control.  It must remain in the possession
>| of the exporting person, which includes being locked in a hotel room or
safe. 

So does wearing the RSA T-shirt count as "demonstration"?  Or would you have
to show people how the perl code works?  Or are you still not allowed to
let foreigners see it, even though you're allowed to wear it?

I suppose wearing the T-shirt _to_ a demonstration would be illegal?  :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From stewarts at ix.netcom.com  Tue Feb 20 03:27:37 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 20 Feb 1996 19:27:37 +0800
Subject: PGP
Message-ID: <199602201046.CAA13739@ix16.ix.netcom.com>


At 10:30 PM 2/15/96 EST, Derek Atkins  wrote:
>>       Could you settle a dispute?  Is it, or Is it not, legal to take 
>> PGP source code and the like out of the country if it is written on 
>> paper?
>
>This is a leading question.  If you just print it out, it might not be
>legal to export.  If it is printed in a book (e.g., the PGP Sourcecode
>Book, MIT Press, 1995) then it should be legal to take it out of the
>country.  IANAL, YMMV.

A more precise answer is "If you print it out, and ask them for permission,
they may or may not grant it.  If you print it out, don't ask for permission,
and let them know you're exporting it, they may or may not decide to
prosecute you, and you may or may not have the resources to win if they do."

Dan Bernstein's reading of the law is that you can't even teach cryptomathics
to foreigners in the US, and his court case on the matter is beginning.
Other people read the law to say that public domain material is not
"technical documentation" on defense items, and thus exempt.
Putting a copy of the MIT book in some public libraries would be nice...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From geeman at best.com  Tue Feb 20 20:27:32 1996
From: geeman at best.com (geeman at best.com)
Date: Tue, 20 Feb 96 20:27:32 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210426.UAA02338@pipebomb.noc.best.net>


At 06:10 PM 2/20/96 -0600, you wrote:
>>  ** fairly remarkable coincidences.  Or is it that great minds
>>  think alike?
>
>heh, actually the Elementrix POTP sounds like plaintext-driven autokey  
>cipher and probably wouldn't be offensive if they weren't touting it as a  
>'OTP'...
>

Yes, that's true, but they also allude to "a large number of randomly
spinning dice" [rotors?] of which some are selected by contents [perhaps]
the autokey stream.  This from a discussion held with the POTP people.  The
allusion to the numerous 'dice' is what suggested to me a similarity with
the new [unknown but perfect, of course] system.  The autokey of POTP was
supposedly only part of the scheme....







From declan at well.com  Tue Feb 20 20:31:12 1996
From: declan at well.com (Declan McCullagh)
Date: Tue, 20 Feb 96 20:31:12 PST
Subject: Banned Zambian newspaper now on the Web
Message-ID: 


We now have the banned February 6 issue of _The Post_ online!

Frank Stuart kindly provided a copy of the text. I've HTMLized it, added
background documents and information about other international censorship 
efforts, and put it online at:
     http://www.cs.cmu.edu/~declan/zambia/

Zambia's president-cum-tyrant Frederick Chiluba has plenty of practice
censoring local dissidents, broadcasters, and newspapermen. Now, if he
likes, he can take on the Net. 

I've copied this message to the state news service, Zambia Today. Please
redistribute as appropriate. 

-Declan



------------------------------------------------------------------------
                http://www.cs.cmu.edu/~declan/zambia/
------------------------------------------------------------------------
   
      
                     NET CENSORSHIP AND ZAMBIAN DICTATORS
                                       
   By Declan McCullagh
   declan at well.com   
     
     
     Zambian President and Dictator-for-Life Frederick Chiluba has made a
     career of intimidating, harassing, arresting, and censoring those
     who disagree with him. Now his attempts to muzzle his critics have
     reached the Net -- specificially, Zamnet, the only Internet service
     provider in this impoverished African country.
     
     Chiluba has plenty of experience intimidating traditional media. At
     Chiluba's bidding, in December 1994 an armed paramilitary unit
     raided the Lusaka offices of The Post newspaper and its printer
     Printpak in Ndola looking for "seditious and defamatory material" --
     just as the presses were starting to roll. Germany's ambassador to
     Zambia, Peter Schmidt, who witnessed the raid, told InterPress
     Service that "the raid amounted to an attempt to intimidate the free
     press."
     
     A few days later, police arrested the top editors of the weekly
     Crime News and held them without bail and without filing charges.
     The journalists' offense? The newsweekly had revealed that Chiluba's
     wife was involved in drug trafficking.
     
     The year before, Chiluba sued The Weekly Post for libel after the
     paper reported on his shady financial dealings with South Africa.
     Chiluba also fired the head of the Zambia National Broadcasting
     Corporation for not broadcasting appropriately pro-government
     programming. In 1994, the ever-vigilant Chiluba introduced
     legislation to make the Zambian media answerable to a
     government-appointed secret tribunal with broad, undefined powers of
     censure and punishment.
     
     Chiluba's latest state-sponsored terrorism came in early February
     1996, after The Post published a report revealing the government's
     plans to hold a referendum on the adoption of a new constitution --
     plans Chilbua hoped to keep secret to the disadvantage of his
     political opponents. True to form, the hypersensitive Chiluba
     ordered his forces to invade the newspaper's office, ransack the
     paper's files, arrest the editors, and stop the presses. Security
     forces then sealed the offices of The Post.
     
     Chiluba's despotic behavior is reprehensible. Foreign governments
     immediately should yank the $1.8 billion in foreign aid Zambia
     receives each year and demand Chiluba's ouster. That failing, it's
     high time for the Zambian people to kick their thin-skinned tyrant
     out of office.

     
     February 16, 1996: Zamnet Communication Systems, which hosts the the
     web version of The Post, removes the online copy of the February 5
     issue after police threaten a raid. David Lush of the Media
     Institute of Southern Africa publishes an advisory.
     
     February 18, 1996: After reading Lush's advisory, I send an appeal
     requesting the text to several mailing lists.
     
     February 19, 1996: Frank Stuart contacts me when I'm logged into the
     WELL, saying he has a copy of the banned issue of the newspaper.
     
     February 20, 1996: This archive goes online after I translate
     Frank's text into HTML.

     
###






From geeman at best.com  Tue Feb 20 20:47:16 1996
From: geeman at best.com (geeman at best.com)
Date: Tue, 20 Feb 96 20:47:16 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210446.UAA04948@pipebomb.noc.best.net>


At 01:00 PM 2/20/96 -0600, you wrote:
>Derek - We accept the gaunlet that Cyperpunks threw down, We will 
>provide the complete set of algoritms and free demo systems - we will not be 
>asking you to sign a NDA or anything like that, but we do want it to be a 
>two way street - if we put our head in your guillotene, to be chopped 
>off by the warlord and his minions, then we expect you to perform 
>reciprocal actions.

I'd like to go on record as being interested in looking at this.  Thanks!

>
>There has never been an idea advanced, where the orginator was not 
>thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"
>
But not all those thought of as cranks are originators of worthwhile ideas ...






From ses at tipper.oit.unc.edu  Tue Feb 20 20:47:19 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 20 Feb 96 20:47:19 PST
Subject: Need SSL firewall
In-Reply-To: <199602202203.RAA08526@bb.hks.net>
Message-ID: 


Can't you just run a dumb TCP relay? 

I used to have one somewhere, but I can't remember if I solarified it to 
run with multi-threading. I can try and dig it up, but it'd probably be 
faster for you to rewrite from scratch. I also have a ssl proxy for the 
client side which I wrote to demo the MITM attack, but that doesn't sound 
like what you need.

Simon

On Tue, 20 Feb 1996, Lucky Green wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I need firewall software, preferably for free and running on an x86, that
> allows me to place an SSL webserver behind the firewall.
> 
> Any pointers?
> 
> TIA,
> 
> - -- Lucky Green 
>    PGP encrypted mail preferred.
> 
> 
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
> 4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
> =kPCC
> -----END PGP SIGNATURE-----
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From bplib at wat.hookup.net  Tue Feb 20 20:55:41 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Tue, 20 Feb 96 20:55:41 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 



	I have been following this debate with some interest. I think that
it is quite clear that without your publishing the algorithms for your
product, you have to accept our skepticism obout your claims. You have
offered to do this so I will wait to make my judgement. 
	The issue that I have not seen you address is one that has been
brought up by several posters to this thread. This issue has to do with
the fact that if you generate all of the keys (or whatever) what is to
stop someone from offering one of your employees a LARGE bribe to cough up
the keys? 
	I don't think that anyone on this list would accept as secure any
system, no matter how clever, that relies on a human factor. People are
weak, properly used, mathematics is not. To suggest that such a security
breach would not occur with your procedures is disingenuous in the
extreme. 
	I am not trying to start (or continue) a flame war. I am willing
to learn more about your system before I pass judgement but I must tell
you, however, that I have heard nothing yet to give me any confidence 
that your system is secure. 

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From ponder at wane-leon-mail.scri.fsu.edu  Tue Feb 20 21:03:21 1996
From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder)
Date: Tue, 20 Feb 96 21:03:21 PST
Subject: unsubscribing info; pcmcia, anyone?
Message-ID: 



> Date: Tue, 20 Feb 1996 14:50:00 -0600
> From: Nemesis 
> To: cypherpunks at toad.com
> Subject: (no subject)

> How do i get off the mailing list??????

reply follows-------------------------------------------------------

to unsubscribe from the cypherpunks mailing list, send to:

		majordomo at toad.com

an e-mail message with the following text in the body of the message:

	unsubscribe cypherpunks richier at onramp.net

--
buenas suerte, nemesis.

p.s. -- a little hint: if your mail reader lets you save messages rec'd 
in folders or some such thing, you should save all the messages you get 
from mailing list software (like the first two messages you got from 
cypherpunks) in a sepaprate folder (like one called 'lists'.) Then you 
will be able to go back and unsubscribe or sign off when you want.

I'm thinking of putting the how to unsubscribe info for RFC-Dist and 
IETF-Announce (and maybe c.punks) in a .sig file - but I hate sigs so.
------------------------------------------------------------------------

obligatory crypto comment: has anyone looked at the iPower card and 
gotten one to play with? Where else could one get a PCMCIA card that was 
programmable and had a little memory on it? How hard would it be to make 
one - in other words, what could we get the cost down to for an 
encrypting pcmcia card? there couldn't be much to it, really, could there?
------------------------------------------------------------------
latest word from the other room: Buchanan 27%, Dole 26%, Lamar 13%





From perry at vishnu.alias.net  Tue Feb 20 05:08:53 1996
From: perry at vishnu.alias.net (John Perry)
Date: Tue, 20 Feb 1996 21:08:53 +0800
Subject: should we use same nym on multiple servers?
In-Reply-To: <199602200645.HAA00901@utopia.hacktic.nl>
Message-ID: <199602201238.GAA18210@vishnu.alias.net>


>>>>> "Anonymous" == Anonymous   writes:


    Anonymous> harder to keep our real ID secret.  (E.g., an
    Anonymous> oversimplified scenario would be if an attacker sends a
    Anonymous> message to all three nyms, then watches three PGP
    Anonymous> conventionally encrypted messages arrive in our
    Anonymous> mailbox.)

	What's wrong with having a nym point to yet another nym on a
different server? Has anyone thought of that?






From jwhiting at igc.apc.org  Tue Feb 20 21:12:34 1996
From: jwhiting at igc.apc.org (Jerry Whiting)
Date: Tue, 20 Feb 96 21:12:34 PST
Subject: Credit card numbers
Message-ID: <199602210511.VAA27800@igc2.igc.apc.org>


Credit card check sums are based on the Luhn code.

Double the odd digits (1, 3, 5, etc.).  Use the sum of any 2-digit results.

Add all these numbers together to end up with one single digit.

Add this single digit to the sums of all the even digits.

The Luhn check digit is the mod 10 of that final subtotal.

For example 641205002340106 yields 4.


jwhiting





From bplib at wat.hookup.net  Tue Feb 20 21:14:33 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Tue, 20 Feb 96 21:14:33 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 



I have just read your conditions for releasing the information tha the 
group felt was necessary to evaluate your product. A couple of comments.
First, the Cypherpunks are not an organized group who can agree to your 
conditions. This is simply a mailing list not a corporate entity to be 
contracted with. To attempt to treat them as such and to use their 
resources for your marketing gain is, in my opinion, less than honest. If 
the code has not been broken in 5 months, nothing will have been proved. 
A better model to follow would be that used (eventually) by Netscape. 
Release the code for comment and make changes based on weaknesses 
discovered by the group.
	My last point has to do with one of your restrictions. Why will 
you not release the information to Canadians? It cannot be ITAR, because 
it does not apply to Canadians. How can you claim that the Cypherpunks 
failed to break your system if you exclude its most brilliant members! .

Regards from Canada, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From wlkngowl at unix.asb.com  Tue Feb 20 21:19:42 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 96 21:19:42 PST
Subject: Telephone card tech. howto needed
Message-ID: <199602210516.AAA10665@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Kristian Sagi wrote:
[..]
> Only 6 are connected ... Has anyone ideas, how this card works ... i 
> something like telephone card hardware tutorials or something ... I [..]

What kind of telephone card?

Probably a smart card with PK crypto which isn't so easy to defeat.

In terms of technical details, check 2600 magazine (but avoid alt.2600,
since there's more noise there than this group has) or do a web search.
You might want to check other magazines like Hac Tic (no longer printed?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqqvSoZzwIn1bdtAQHIMQF+N7aisKNZZ+wM7sSUSRxfo7cZ2DC1maxR
8i3tFjE8yPc6CPbuQf4j5vwcPBa64D9N
=IPIj
-----END PGP SIGNATURE-----





From packrat at ratbox.rattus.uwa.edu.au  Tue Feb 20 05:20:11 1996
From: packrat at ratbox.rattus.uwa.edu.au (Bruce Murphy)
Date: Tue, 20 Feb 1996 21:20:11 +0800
Subject: Windows 95 encryption shell extension
In-Reply-To: <01BAFEAE.63BB64E0@loki>
Message-ID: <199602201245.UAA00304@ratbox.rattus.uwa.edu.au>


In message <01BAFEAE.63BB64E0 at loki>, 
  Brian Gorka wrote:
> On Monday, February 19, 1996 4:32 AM, Andy Brown[SMTP:a.brown at nexor.co.uk] 
> wrote:
> >http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
> >
> >Haven't tried it myself since I don't use Windows 95, just thought
> >I'd report what I saw.
> >
> 
> I downloaded this, AND installed it.  It displays your password right on 
> the screen!!!  No *s, no blind typing.  Anyone looking over ytour shoulder 
> can see what you type as your passphrase!  Come on.
> 

Aha! but what you didn't know was that it was FV's card number
sniffer, and their obviously competent programmer needed another four
weeks to get the '*'s to come up...

One has to wonder about the security of binaries random people put up
especially for closed systems such as Win96 don't you?

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.





From perry at vishnu.alias.net  Tue Feb 20 05:22:09 1996
From: perry at vishnu.alias.net (John Perry)
Date: Tue, 20 Feb 1996 21:22:09 +0800
Subject: should we use same nym on multiple servers?
In-Reply-To: <199602201238.GAA18210@vishnu.alias.net>
Message-ID: <199602201258.GAA18533@vishnu.alias.net>


>>>>> "John" == John Perry  writes:


>>>>> "Anonymous" == Anonymous   writes:

    John> 	What's wrong with having a nym point to yet another
    John> nym on a different server? Has anyone thought of that?

Ha. Blew that nym.. :) Oh well, that'll teach me to have coffee before
email instead of the other way around.. :)

 John Perry - KG5RG - perry at vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry at vishnu.alias.net is on the keyservers.





From erc at dal1820.computek.net  Tue Feb 20 21:25:23 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 20 Feb 96 21:25:23 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


On Wed, 21 Feb 1996, Tim Philp wrote:

> 	The issue that I have not seen you address is one that has been
> brought up by several posters to this thread. This issue has to do with
> the fact that if you generate all of the keys (or whatever) what is to
> stop someone from offering one of your employees a LARGE bribe to cough up
> the keys? 

Not to mention GAK.  No bribe needed - just a "suit" showing up with what
looks like a court order. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From wlkngowl at unix.asb.com  Tue Feb 20 21:27:54 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 96 21:27:54 PST
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602210524.AAA10716@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

David A Wagner wrote:
[..]
>         A full review of Z-Mail for Windows and other Z-Mail products is
> available over NCD Software's site on the World Wide Web at
> http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info at z-code.com.
> ViaCrypt information is available over the Web at http://www.viacrypt.com

ViaCrypt's page talks about a beta version of PGP 4.0 available
at some sites. Hmmm.

The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqspioZzwIn1bdtAQHUYgGApl4OV143Q/LL2/mPC1m0PDHiGYbVB4xm
sB66fpLRrpjHBYxqYg/fGTL1rN6Z4Ydu
=OmqS
-----END PGP SIGNATURE-----





From asantos at retesa.es  Tue Feb 20 05:35:59 1996
From: asantos at retesa.es (Agustin Santos Mendez)
Date: Tue, 20 Feb 1996 21:35:59 +0800
Subject: breakable session keys in Kerberos v4
Message-ID: <9602201400.AA00692@sun2.retesa.es>


Se han encontrado huecos en Kerberos v4. Aqui teneis la informacion:

>Return-Path: 
>Received: from control (controli.retesa.es) by sun2.retesa.es (5.x/SMI-SVR4)
>	id AA01592; Tue, 20 Feb 1996 09:59:01 GMT
>Received: by control (SMI-8.6/SMI-SVR4)
>	id DAA19612; Tue, 20 Feb 1996 03:02:47 -0800
>Received: from relay3.uu.net(192.48.96.8) by control via smap (V1.3)
>	id sma019610; Tue Feb 20 03:02:35 1996
>Received: from toad.com by relay3.UU.NET with SMTP 
>	id QQadse08697; Tue, 20 Feb 1996 04:01:50 -0500 (EST)
>Received: by toad.com id AA24982; Tue, 20 Feb 96 00:28:15 PST
>Received: from sfi.santafe.edu by toad.com id AA24976; Tue, 20 Feb 96
00:28:11 PST
>Received: from nelson.santafe.edu by sfi.santafe.edu (4.1/SMI-4.1)
>	id AA02389; Tue, 20 Feb 96 01:24:08 MST
>Received: (from nelson at localhost) by nelson.santafe.edu (8.7.1/8.7.1) id
BAA21074; Tue, 20 Feb 1996 01:28:01 -0700
>Date: Tue, 20 Feb 1996 01:28:01 -0700
>Message-Id: <199602200828.BAA21074 at nelson.santafe.edu>
>From: Nelson Minar 
>To: cypherpunks at toad.com
>Subject: breakable session keys in Kerberos v4
>Sender: owner-cypherpunks at toad.com
>Precedence: bulk
>Content-Type: text
>Status: O
>
>I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
>of forwarded messages: first, an announcement made Fri Feb 16 by Gene
>Spafford at COAST about an exploitable flaw they've found in Kerberos,
>and then a comment on the www-security list that it is due to a bad
>random number generator. Same old story!
>
>The message (lifted from the COAST web site)
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Personnel at the COAST Laboratory (Computer Operations, Audit, and
>Security Technology) at Purdue University have discovered a
>vulnerability in current versions of the Kerberos security system.
>Graduate students Steve Lodin and Bryn Dole, working with Professor
>Eugene Spafford, have discovered a method whereby someone without
>privileged access to most implementations of a Kerberos 4 server can
>nonetheless break secret session keys issued to users.  This means that
>it is possible to gain unauthorized access to distributed services
>available to a user without knowing that user's password. This method
>has been demonstrated to work in under 1 minute, on average, using a
>typical workstation, and sometimes as quickly as 1/5 second.
>
>The Kerberos system was developed at MIT in the mid-1980s, and has
>been widely adopted for security in distributed systems worldwide.
>Kerberos is most often used on UNIX platforms by various vendors, and
>is often enhanced, sold and supported by 3rd-party vendors for use in
>academic, government, and commercial environments.
>
>The same researchers at COAST have also found a small, theoretical
>weakness in Kerberos version 5 that would allow similar access, given
>some additional information and considerable preliminary computation.
>Kerberos version 5 does not exhibit the same weakness as described
>above for Kerberos version 4.
>
>The researchers at COAST had intended to release the specific details
>of the problem to affected vendors and incident response teams during
>the week of February 19, prior to making a public announcement of
>their findings.  However, as rumors have begun to circulate and
>several representatives of the news media have apparently received
>indication of the problem, we are releasing this preliminary
>announcement at this time.
>
>Government and industry sponsors of the COAST Laboratory were made
>aware of the preliminary details of these findings in January (full
>sponsors receive early notification of significant discoveries as a
>result of COAST research).  Other affiliates of COAST as well as the
>world-wide network of FIRST computer incident response teams were made
>aware of the general nature of the findings during the week of
>February 5.  The original plan at COAST was to release specific
>details only to FIRST (Forum of Incident Response and Security Teams)
>teams and to MIT prior to announcement by affected vendors of a fix
>for these weaknesses.  The flaw in Kerberos version 4 is significant
>enough that disclosure of its details prior to a fix would allow
>someone with moderate programming skills to exploit it; there is
>currently no reason to believe that others know the details of the
>flaw and are exploiting it, so there is no immediate danger to the
>public that would warrant release of the details at this time.
>
>COAST personnel have been informed that MIT has already developed a
>fix for the flaw in version 4 Kerberos and is preparing it for
>release.  Additionally, COAST researchers are cooperating with MIT
>personnel to identify what (if any) fixes are necessary for version 5
>Kerberos. Users of either version of Kerberos should contact their
>vendors for details of any fixes that may be made available; vendors
>of products incorporating Kerberos should contact MIT directly for
>details of the problems and fixes.
>
>COAST is a research group of faculty and students dedicated to
>research into information security and computer crime investigation,
>and education in computer and network security.  It is the largest
>such university-based group in the United States.
>
>Information on COAST may be found on the WWW at
>  http://www.cs.purdue.edu/coast
>Information on FIRST teams may be found on the WWW at
>  http://www.first.org
>Information on MIT's Kerberos may be found on the WWW at
>  ftp://athena-dist.mit.edu/pub/kerberos/doc/KERBEROS.FAQ
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Key @ ftp://ftp.cs.purdue.edu/pub/spaf/pers/pgpkey.asc
>
>iQCVAwUBMSZ42cpvK4P8DALVAQHg8QP/TRmqwP7vG32aaBjvbMof2iuVQ2bcWrg9
>p55KN5wBfrBzxq5/NE+6lodkqq2w1ib8q/47uYT1S8iR+z2tnbvL64dxrtDEh4iY
>iEWjfpTMtQxLmZ1gA3Sxxn4A+6KwlXq5z4Lp2BROUXyeSR7HPAEeEQucRNWkzz8o
>IOMHuBAcBKo=
>=yWxe
>-----END PGP SIGNATURE-----
>
>(a comment I found in reply)
>
>------- Start of forwarded message -------
>From: jis at mit.edu (Jeffrey I. Schiller)
>Subject: Re: Kerberos Vulnerability
>Newsgroups: hks.lists.www-security
>Date: 19 Feb 1996 21:42:08 -0500
>Organization: HKS, Inc.
>Path: hks.net!news-mail-gateway!owner-www-security
>Lines: 8
>Sender: root at hks.net
>Message-ID: 
>NNTP-Posting-Host: bb.hks.net
>
>There will be a fix distributed by MIT later this week. The problem is that
>the random number generator in V4 is worse then we thought! The fix is to
>retrofit the V5 generator (which is decent) into the V4 KDC. Note: Only the
>KDC needs to be updated, clients and servers are unaffected.
>
>                                -Jeff
>
>
>------- End of forwarded message -------
>
>
Agust�n Santos M�ndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos at retesa.es   







From wlkngowl at unix.asb.com  Tue Feb 20 21:48:38 1996
From: wlkngowl at unix.asb.com (Mutant)
Date: Tue, 20 Feb 96 21:48:38 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210545.AAA10828@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

IPG Sales wrote:

[Notice "Sales" wrote this...]
> We are not currently revealing all the details of our system because of
> patents in process, and other relat6ed matters. We are offering the

Do you know what "patent pending" means?

> software. You should be able to readily decompile it and determine the
> algorithms used andf how they are used to generate random number sequences

If you're so concerned about secrecy and patents, why encourage anyone
to reverse engineer it?  If it's as secure as you say (and it's not)
and yet unpatented, then you sure as hell don't want anyone reverse
engineering it... you don't even want to publish the compiled binary
either (if that were true).

[..]
> If you are aware of encrtypting technology, you recognize that hardware
> prime number cycle wheels for the basis of some of the most secured
> hardware systems employed for encryption. We simply expand that 

You mean like Enigma machines? (chuckle)

> Thus we can eliminate the need to have the length of the OTP to be equal
> to the length of the file - if you do not belive that it works, try it
> and see - it takes inly a few hours to set such a trial up. We generated

OTP = One Time Pad
      ^^^
Used once. Not repeated. Equals the size of the file. Completely
erased from the cosmos after decryption and never seen again. Anything
else just isn't a one time pad.

> over 790 gigabytes of charcaters, on multiple backups, and tested. Our
> standard deviations, chi squares, Delta ICs for bits, characters, sets,
> and the entire set were random. The sets are random, and you can take
> that to the bank.

Gee. It sure looks random. Must be secure. [Sarcarm mode off]

> Someone, will decompile it and discover that it is truly random, at least
> from the practical usage basis. But we need that time to file patents,
> cvopyrights and the like.

Truly random? If it's based on an algorithm and not an unpredictable
source of external randomness, it just ain't random.

If it's fed the same seed, will it produce the same output? If so,
'taint random. Don't call it that. Just don't.

> The IPG system solves the key management problem and produces a truly

Oh really? And how does it do that? ...

[..]
> "Unless we know, we do not experience by talking," Plato

Interesting that you quote Plato, who believed in such fairy tales
as essential orbs of "truth", "beauty", etc. floating around in
some neuminal hyperspace.  Faith was rather important, and the western
religions were really damn peachy about it.

Oh, I get it... OTP stands for Onto-Theological Platonism. Philisophical 
snake oil...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqxhCoZzwIn1bdtAQFrnwGAxffXmBmuZchYHTFapCNqc5xxiEqDy7BD
RL9cJeuP/2CHnVUgvfRX5uHfabPZz+Z7
=akNJ
-----END PGP SIGNATURE-----





From jwhiting at igc.apc.org  Tue Feb 20 22:06:29 1996
From: jwhiting at igc.apc.org (Jerry Whiting)
Date: Tue, 20 Feb 96 22:06:29 PST
Subject: PRNG in VB
Message-ID: <199602210605.WAA04260@igc2.igc.apc.org>


I am answering the courteous inquiry from Thomas Womack about my request for 
help with a Visual Basic-only PRNG.  The premise is that those who will not or
can not afford hardware-based RNG's need something relatively secure in the
face of nothing at all or at best a lesser implementation.
 
I was reluctant to post code at first but rather asked for an interpretation 
of 10 runs of 9999 characters each.  I want peer review of source code but 
the threads in CypherPunks have been of a shall we say "low signal to noise" 
ratio of late.  Even more so than usual.  I just didn't want to feed the 
beast at this time.
 
That said, here's the outline of what I'm doing.  A splash screen loads first
displaying a random tip'o'the day about good key management.  I make use of 
the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.
 
 
' Load splash screen first
Sub Form_Load ()
 
  ' first randomize using number of milliseconds since Windows was launched
  Randomize getcurrenttime()
 
  ' then rotate the tip'o'the day (30 currently, adding unknown some delay)
  For j = 1 To Int(n * Rnd + 1)
    Select Case j
      Case 1
        hint.Caption = "You passphrase is SUPPOSED to look like gibberish."
      ...
      Case n
        hint.Caption = "Change your passphrases often."
       End Select
  Next j
 
End Sub
 
' user clicks an OK button and up comes 2nd screen
Sub Form_Load ()
 
 ' mix things up
  Randomize getcurrenttime()
  
End Sub
 
 
' main screen's OK button
Sub Command1_Click ()
  
  Screen.MousePointer = 11
  scramble = ""
  keyLen = Val(keyLength.Text)
 
  ' repeat for the number of characters in the desired key
  For i = 1 To keyLen
    ' character set is ASCII 33 to ASCII 127
    scramble = scramble & Chr$(Int(94 * Rnd + 33))
    ' reseed
    Randomize getcurrenttime()
    ' now make it wobble to throw off any regularity in the loop
    ' this loop works because as the 7 increases, so does execution time
    For j = 1 To Int(7 * Rnd + 1)
      'idle
    Next j
  Next
  
  Screen.MousePointer = 0
  secondaryForm.keyLabel.Caption = scramble
 
End Sub
 
 
I'd be happy with an analysis of just how random this is.  My working 
assumption is that over a >8 character key, it beats trying to dream one 
up in one's head.  Besides the getcurrenttime API, I don't know what else 
to sample without an external DLL or hardware.
 
I started out attempting a keyboard timing routine but had second thoughts.
My software company has been doing bar code printing tools for years. Now 
we're moving from simple encoding to encryption.
 
After playing with RSA Secure briefly, I realized that one way to spoof a 
request to type willy nilly to initialize anything is to use a bar code 
scanner.  The common type is sometimes called a wedge because you plug your 
keyboard into it, and it into the keyboard port.  It's wedged between the 
keyboard and the CPU.
 
So when asked to type (obstensibly to input randomly timed events) I scan 
a very large block of bar coded material.  I fill the keyboard buffer at a 
fixed rate; the throughput of my scanner and PC.  If I scan a large bar 
code, yes, I'll fill the keyboard buffer as fast as possible.  Little 
entropy in my eyes.
 
Oh yeah, with common symbologies like Code 39 and Code 128, I can recreate 
the whole lower ASCII 128 including tabs, LF/CR, etc.  So I can tab to 
activate buttons in some UI scenarios. Or do macros any any combination that 
may include control characters.
 
So gang, what about bar code scanners being used to thwart random typing 
requests??
 
Jerry Whiting
jwhiting at azalea.com 






From pclow at pc.jaring.my  Tue Feb 20 22:25:42 1996
From: pclow at pc.jaring.my (Peng-chiew Low)
Date: Tue, 20 Feb 96 22:25:42 PST
Subject: ANNOUNCE: New Crypto Product!
In-Reply-To: 
Message-ID: <2F49867D.50@pc.jaring.my>


Ed Carp wrote:
> 
> CompuScam, Inc., an unwholly-owned invention of InventiData, is pleased to
> announce its latest offering in the growingly lucrative Internet Security
> market.  Called "Secure Users Everywhere", SUE is "guaranteed privacy
> protection for citizen-units everywhere," according to Ed Carp, Chief
> Scientist, Chief Executive Officer, and Chief Everything Else for
> CompuScam.  In today's press release, Carp said that "SUE is destined to
> become the dominant market leader in a field full of inferior products."
> 
> SUE is designed to work in any environment, and provides "Fort Knox"
> security for Internet users who wish to transact business over the "net".
> "Up until now, the Internet has been totally exposed, totally wide open to
> every 12-year-old wannabe cracker with a cheap PC and a modem," said Carp,
> "but with SUE, all that has changed overnight.  Now SUE users can safely
> and securely exchange the most sensitive of documents, including credit
> card and checking account numbers, SSN, employee information, credit
> reports, gold bars - virtually anything that is of value can now be safely
> transported across the Internet."
> 
> No details were immediately available on the technical foundations of SUE,
> but Carp indicated that this is to provide enhanced security for its
> customers, adding that "you wouldn't want everyone to see your data, would
> you?  Then why would you want everyone to know about how this software
> works?"  According to CompuScam, SUE is composed of a small software "TSR"
> that is loaded into memory when a computer is first powered up, and a
> proprietary hardware device, known as a CUD ("compulsive exteriorization
> device") that provides "total security" for the software.  Carp indicated
> that the software TSR is "completely ITAR/RNG/SHA/RC4/BBS/RSA/MD5
> compliant, and meets all government standards for the very highest levels
> of cryptographic software, including FIPS-180, SESAME, and STU-III."  The
> hardware device is reportedly PRNG/RNG compliant.
> 
> Additionally, the SUE product is reportedly backwards-compatible with most
> other manufacturer's "inferior" cryptographic products, including products
> from Digital Pathworks, AT&T, VeriSign, IBM, and others.  Asked whether or
> not SUE is compatible with electronic cash offerings from First Virtual
> and others, Carp said, "Our total solution is so comprehensive, we're
> fixed problems that even the National Security Agency hasn't thought of
> yet.  We've also totally addressed the major problems that First Virtual
> brought to light last month in their press release," adding that no other
> cryptographic software maker had even responded to First Virtual's
> announcement, "let alone done anything about it.  We are acting now to
> protect our customers and children on the Internet by providing total
> coverage of the market."
> 
> Carp denied rumors that the CompuScam was nothing but a mailbox located in
> a Mailboxes Etc., branch office in Garland.  "I believe you will find that
> a reporter obtained an early press release which contained an
> typographical error in our suite number," adding that the company is
> expecting to move soon to new offices near Sun Microsystems in Palo Alto,
> adding that "the proximity to so many Silicon Valley companies will no
> doubt enhance the value of our
> stock^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hquality of our software."
> 
> When asked about the timing of the release, noting that it was only a few
> days before the company was scheduled to go public, Carp said, "this is an
> absolutely wonderful opportunity for investors to get in on the ground
> floor of this new technology" adding something about a new Porsche which
> the reporters didn't quite catch.
> 
> SUE is available for PCs running all versions of Microsoft Windows,
> Windows 95, Windows NT and MS-DOS, as well as all UNIX and UNIX-like
> platforms, and MVS.  The CUD hardware device is available in .357, .45,
> .44 Magnum, and 9MM versions.  Pricing was not immediately available.
> --

	And of course, export license has been granted to Iraq, Iran
	and the rest of the "non-hostile challenged" (?) world.
	Wonderful!







From asantos at retesa.es  Tue Feb 20 07:23:45 1996
From: asantos at retesa.es (Agustin Santos Mendez)
Date: Tue, 20 Feb 1996 23:23:45 +0800
Subject: Symantec Café
Message-ID: <9602201546.AA01028@sun2.retesa.es>


La empresa Symantec ha sacado al mercado un entorno de programacion JAVA
para Windows�95/NT. Quien se apunta a evaluarlo?

El URL es :"http://www.symantec.com/lit/dev/javaindex.html"
 o bien   :"http://www.symantec.com/lit/dev/java.html"
Agust�n Santos M�ndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos at retesa.es   







From loki at obscura.com  Tue Feb 20 23:38:35 1996
From: loki at obscura.com (Lance Cottrell)
Date: Tue, 20 Feb 96 23:38:35 PST
Subject: Secure Split
Message-ID: 


I wrote a program which does secret sharing calles SecShare. It is on my
home page. As my first venture into crypto programming it is a major
kludge, but it does the job.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki at obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------







From lmccarth at cs.umass.edu  Tue Feb 20 23:41:01 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Tue, 20 Feb 96 23:41:01 PST
Subject: Web Browsers and Anonymous Mail (Was: NSA net trolling)
Message-ID: <199602210740.CAA13722@thor.cs.umass.edu>


Wayne Madsen wrote somewhere:
> A knowledgeable government source claims that
> the NSA has concluded agreements with [...] Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, [...]

I suspect this may actually mean that they're pushing Netscape to
incorporate cryptographic authentication into browser email, which I think is
a useful development. I'm not aware of any public remailers previously 
operated by Netscape Communications Corp. that have now shut down. ;)

At any rate, it's an excuse for me to ask some questions:

(0) I'm not aware of any class library objects or methods in stand-alone Java
for calling the local mail transport agent. Is there any class library 
support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
etc.} for applet calls to the local mail agent that's configured in the 
browser ?  

I would prefer not to reimplement SMTP using the Socket class in my own 
applets. Ideally I'd like to have an applet that presents a form with some 
entry boxes and check boxes, quantizes and encrypts the input according to 
the check box settings, and spews the resulting byte streams to the MTA. 

(1) As I recall, I used to be able to set (as an Option) the path and name of 
the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. 
That seems to have disappeared in Navigator 2.0. Is there indeed no longer a 
way to set that ?  

It occurs to me that we could have achieved partial integration of
remailing into Navigator quite cheaply with that option.

Comments from Sun and/or Netscape and/or anyone else would be welcome.
Thanks :)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From ptrei at acm.org  Tue Feb 20 08:07:37 1996
From: ptrei at acm.org (Peter Trei)
Date: Wed, 21 Feb 1996 00:07:37 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602201519.AA02219@toad.com>


ipgsales at cyberstation.net writes

[...]
 - I do not now what KDC's are...
[...]
> Incidentally crypto wheel systems are still employed in 1996 at some of
> the highest levels of usage - some called then rotors at one time - they
> are still used because the produce non repeatable sequeces 

It's sort of amazing that a person can show themselves so foolish and ignorant
in less than four full lines of text. No person or organization who has studied 
crypto beyond  the Captain Midnight Decoder Ring level can take these  people 
or  their product seriously.

Peter Trei
ptrei at acm.org





From jk at digit.ee  Tue Feb 20 08:11:47 1996
From: jk at digit.ee (Jyri Kaljundi)
Date: Wed, 21 Feb 1996 00:11:47 +0800
Subject: JavaScript to grab email
Message-ID: 



Another annoying feature in JavaScript and Netscape. Have a look at 


The page uses JavaScript to steal your e-mail address and sends a test 
e-mail message to the address it grabbed. It works with Netscape, which 
is probably only browser supporting JavaScript.

Probably there will soon be thousands of pages which include this code, 
and people using Netscape 2.0 will be spammed with commercial messages. 
So just put some false e-mail address in your Netscape browser to disable 
this feature.

The script was developed and announced by Glenn Fleishman, moderator of 
the Internet Marketing mailing list. Thanks for letting people know.

J�ri Kaljundi
jk at digit.ee
Digiturg http://www.digit.ee/






From don at cs.byu.edu  Wed Feb 21 00:12:57 1996
From: don at cs.byu.edu (don at cs.byu.edu)
Date: Wed, 21 Feb 96 00:12:57 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602210807.BAA00723@wero.cs.byu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> > Do we have to show an exploitable flaw? Or we have to do the exploit? That
> > might be expensive. Who would judge the contest?
> > 
> > The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> > read the messages. End of story.
> > 
> Hedging, hedging, hedging - why? I did not noitice this in my first 

I think he meant that it might cost him several $10000 in computing time to
actually demonstrate a flaw, should it be found. Proving the flaw exists
should be enough. If a company really needs unbreakable encryption, a few
hundred thou isn't too much for an attacker to pay for million dollar secrets.
On the other hand, it would be quite a bit for an individual to come up with,
just to illustrate a point.

And this thing about keeping a copy of the one-time-pad, now just why is it
that you need to at all?? After all, if it doesn't arrive safely, then who
knows who has it... And if so, then you don't need a copy that could, say,
accidently get smuggled out and sold to [foreign government, domestic
covernment, competitor, curious onlooker - pick one] for the right sum of
money.

For your next version, you might want to add in the capability for a slight
remixing of the random pool at both ends (a passphrase, for example)
protected by secure-hashing properly-sized chunks. There's nothing like
being able to lock the door behind you, ya know...

Don
- -- 
           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root at fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSrSo8La+QKZS485AQFXeAL6AviaeMve7k6Oh1F5qix9EOBT29wSXXMa
NAcr8PSTFfQ7kd1FHz2A1N4OPXO+AW2vVPLWiulU/bcXoP5K/+mU36wM17bo9nXz
0tiVmyZcDV4bn6Vs373oYIKt2W0rj02K
=sJQO
-----END PGP SIGNATURE-----





From frantz at netcom.com  Wed Feb 21 00:20:10 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 21 Feb 96 00:20:10 PST
Subject: Web Browsers and Anonymous Mail (Was: NSA net trolling)
Message-ID: <199602210806.AAA28113@netcom7.netcom.com>


>(0) I'm not aware of any class library objects or methods in stand-alone Java
>for calling the local mail transport agent. Is there any class library 
>support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
>etc.} for applet calls to the local mail agent that's configured in the 
>browser ?  

A look at the documentation does not show one.  You may have to implement
the whole MTA protocol yourself :-(.  It does occur to me that such a
library would only be possible in a browser that knows (via configuration)
how to find MTAs.

Good luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From asantos at retesa.es  Tue Feb 20 08:51:27 1996
From: asantos at retesa.es (Agustin Santos Mendez)
Date: Wed, 21 Feb 1996 00:51:27 +0800
Subject: Conexion a control
Message-ID: <9602201657.AA01164@sun2.retesa.es>


Por favor, no useis el modem hasta que no pongamos en marcha
el sistema de retorno de llamadas y nos aseguremos que estan 
las medidas de seguridad correctas.



>Return-Path: 
>Received: by sun2.retesa.es (5.x/SMI-SVR4)
>	id AA01057; Tue, 20 Feb 1996 15:58:35 GMT
>Date: Tue, 20 Feb 1996 15:58:35 GMT
>From: jfla (Jose Fernando Luis Alarcon)
>Message-Id: <9602201558.AA01057 at sun2.retesa.es>
>To: gruporetesa
>Subject: Conexion a control
>Content-Type: text
>
>Hola a todos:
>	Teneis a vuestra disposicion el acceso a control por modem , la linea
>tendra el numero 3426751 , entrareis como terminal remoto .., la conexion ppp
>a control todavia no esta disponible.., pero lo estara en poco tiempo.
>	Un saludo,
>                                                            _
>                                                            /____/______
>                                                         (_/--  /__  /-\
>
Agust�n Santos M�ndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos at retesa.es   







From jamesd at echeque.com  Tue Feb 20 09:16:10 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Wed, 21 Feb 1996 01:16:10 +0800
Subject: Optical repeaters
Message-ID: <199602201608.IAA17321@shell1.best.com>


At 07:35 PM 2/19/96 -0800, Timothy C. May wrote:
>By analogy, it is not clear to me that a simple regeneration mechanism,
>with no local observer or recording apparatus, will collapse the wave
>function. Seems to me an experiment may have already been done along these
>lines: separate fibers producing an interference pattern and then these
>inline amps added...if the interference pattern remains, as I would expect,
>then the amps/regenerators did not constitute a "measurement" in QM terms.

An amplification mechanism will usually couple the signal to the vacuum, 
and introduce vacuum noise.   Another way of thinking of vacuum noise 
is that amplification mixes the state of the signal, with the (unknown) 
phase of the universe at infinity.

Of course any statement in words about quantum mechanics is necessarily 
false, so the above statement is a metaphor or parable, rather than literal
truth.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From geeman at best.com  Tue Feb 20 09:42:18 1996
From: geeman at best.com (geeman at best.com)
Date: Wed, 21 Feb 1996 01:42:18 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602201618.IAA09595@mail1.best.com>


There are remarkable similarities between this 'system' and the Elementrix
one.  Could it be that E-ix is selling some licenses to the unsuspecting?
Or perhaps it's the other way around.

Both involve:

- An ill-defined cure-all solution which can't realy be revealed because of
patent-pending status

- An OTP (so they say) that's not really an OTP

- Starting with a 'seed' that is truly random and then algorithmically
generating a stream that is XOR-ed with the data, based on analogies to
"rotors" and "dice"

- Encrypting keystream data using portions of the previous keystream

** fairly remarkable coincidences.  Or is it that great minds think alike?









From jya at pipeline.com  Tue Feb 20 09:54:43 1996
From: jya at pipeline.com (John Young)
Date: Wed, 21 Feb 1996 01:54:43 +0800
Subject: SOW_hat
Message-ID: <199602201637.LAA24576@pipe3.nyc.pipeline.com>


   2-20-96. FT:

   "Cash versus cashless."

      Assays Y/Ns of e-cash and declares DigiCash the winner
      for its privacy and anonymity. Echoes DC privacy mantra
      and sketches DC/DC tests underway by the EU. Compares
      froth of issuers, fear of banks and so-what of 
      consumers: "Physical cash already offers consumers a 
      product that is universally accepted, convenient, 
      anonymous and has no direct costs."

   2-20-96. WSJ:

   "Security Sytem On the Internet Contains Flaw."

      Two Purdue University students discovered a major flaw
      in Kerberos that could allow a hacker to penetrate
      corporate networks in about 5.8 seconds, giving another
      black-eye to electronic commerce. 

   SOW_hat













From crisper at ascensionet.com  Tue Feb 20 10:07:05 1996
From: crisper at ascensionet.com (crisper)
Date: Wed, 21 Feb 1996 02:07:05 +0800
Subject: CRYPTO INFO
Message-ID: <3129FD2E.3B33@ascensionet.com>


I am fairly new to this crypto group and was looking for any good places 
to get some basic information on current cryptography techniques.  
Anyone with som info on this topic please E-MAIL the response dont post 
on the mailing list.  E-mail to crisper at ascensionet.com

IF ANYONE KNOWS OF ANY GOOD PLACES TOGET A GOOD PGP SHELL FOR WINDOWS 
PLEASE ADD THE URL OR FTP SITE.  THANX






From mrose at stsci.edu  Tue Feb 20 10:47:17 1996
From: mrose at stsci.edu (Mike Rose)
Date: Wed, 21 Feb 1996 02:47:17 +0800
Subject: JavaScript to grab email
In-Reply-To: 
Message-ID: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>


>>>>> On Tue, 20 Feb 1996 16:33:21 +0200 (EET), Jyri Kaljundi  said:

>Probably there will soon be thousands of pages which include this code,
>and people using Netscape 2.0 will be spammed with commercial messages.
>So just put some false e-mail address in your Netscape browser to disable
>this feature.

Changing the email address known to netscape doesn't help.  Your email
address is in the message sent, regardless of what netscape thinks
your identity is.

Mike





From frantz at netcom.com  Tue Feb 20 10:51:07 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 21 Feb 1996 02:51:07 +0800
Subject: JavaScript to grab email
Message-ID: <199602201758.JAA21544@netcom7.netcom.com>


At  4:33 PM 2/20/96 +0200, Jyri Kaljundi wrote:
>Another annoying feature in JavaScript and Netscape. Have a look at 
>
>
>The page uses JavaScript to steal your e-mail address and sends a test 
>e-mail message to the address it grabbed. It works with Netscape, which 
>is probably only browser supporting JavaScript.
>
>Probably there will soon be thousands of pages which include this code, 
>and people using Netscape 2.0 will be spammed with commercial messages. 
>So just put some false e-mail address in your Netscape browser to disable 
>this feature.
>...

Anyone know the email address of an email reflector that automatically
sends everything sent (not bounced) to it back to the sender.  Or I suppose
I could use invalid names/domain names.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From abostick at netcom.com  Tue Feb 20 10:51:39 1996
From: abostick at netcom.com (Alan Bostick)
Date: Wed, 21 Feb 1996 02:51:39 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200851.DAA02057@thor.cs.umass.edu>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602200851.DAA02057 at thor.cs.umass.edu>,
lmccarth at cs.umass.edu wrote:

> IPG Sales writes:

> > Thus at times, a hardware source, such as ADC LOB system, can generate 
> > nonrandom data, unless this is checked, it can destroyed the integrity of 
> > your system. 
> 

> Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
> just tried a web search for the two together, and all I got was a page of
> UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
> Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
> but he doesn't mention either acronym. I might guess that LOB = Low Order
> Bits.

I'd say that you're right, and I'd also guess myself that ADC stands for
Analog-to-Digital Converter, so that an "ADC LOB system" is a hardware
random number generator that looks at the lowest order (and therefore
presumed noisy) bit of an analog-to-digital converter.

ObCrypto:  Would four years experience interpreting cryptic vanity
plates while commuting on the Nimitz Freeway be a good qualification for
an NSA cryptanalyst?  Would that experience also qualify me as a traffic
analyst? 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSn/a+VevBgtmhnpAQG14QMAmzKee6JNV+R5so+xsGN/bPtzmIdAUqES
KB3CJaIEWvKD6PWUQ7/L+j+f8Ugr9ZrXHOscjjIge1zLdwtMnRmzNO/vpO6kI/aq
loVXVhPvPwnlniO6FGF5QqddQ7fUn5gI
=kfQZ
-----END PGP SIGNATURE-----





From remailer at meaning.com  Tue Feb 20 11:15:44 1996
From: remailer at meaning.com (Anonymous)
Date: Wed, 21 Feb 1996 03:15:44 +0800
Subject: New Remailer
Message-ID: <199602201824.NAA19539@black.colossus.net>


The Nemesis Remailer is online at remailer at meaning.com. It supports 
Type 1 (Ghio) and Type 2 (Mixmaster) messages. It is still in beta 
testing. Comments to remailer-owner at meaning.com would be appreciated.





From ipgsales at cyberstation.net  Tue Feb 20 12:23:19 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Wed, 21 Feb 1996 04:23:19 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: 


Derek - We accept the gaunlet that Cyperpunks threw down, We will 
provide the complete set of algoritms and free demo systems - we will not be 
asking you to sign a NDA or anything like that, but we do want it to be a 
two way street - if we put our head in your guillotene, to be chopped 
off by the warlord and his minions, then we expect you to perform 
reciprocal actions.

We will be back in a couple of hours or so, to spell out what we have 
in mind.  I do not believe that you will find the terms 
to be onerous or objectionable. 

Thanks for your civility, unlike some of your comrades in arms, very big 
arms, Greatly appreciated!


There has never been an idea advanced, where the orginator was not 
thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"






From Jim_Bostwick at cargill.com  Tue Feb 20 12:26:16 1996
From: Jim_Bostwick at cargill.com (Jim_Bostwick at cargill.com)
Date: Wed, 21 Feb 1996 04:26:16 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602201858.AA23328@merlin.res.cargill.com>


In <199602200851.DAA02057 at thor.cs.umass.edu>, Lewis mentioned: 

> Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
[and]
> I might guess that LOB = Low Order Bits.

Now, I'm way (WAY) over my head on this forum wrt crypto. However, an idea --

ADC might mean Analog Digital Converter. LOB might mean Low Order Bit 
(singular). So, IPG may just be watching the LOB of an off-the-shelf analog 
input card. Rash speculation, of course. 

However, if true, a Novitiate Crypto Wizard might be prompted to ask: 

"Assuming I use an audio source to drive the ADC, which of the following would
yield higher entropy?:

	* Greatfull Dead 
	* Al Gore speeches
	* The Beatle's White album (at 78, backwards)
	* The hiss after the local AM station shuts down for the night.
"

:-)

-jim

P.S. My name is Jim Bostwick, I hate big SIG files, and my employers opinion
	might actually coincide with my own - but probably not.





From jcobb at ahcbsd1.ovnet.com  Tue Feb 20 13:04:54 1996
From: jcobb at ahcbsd1.ovnet.com (James M. Cobb)
Date: Wed, 21 Feb 1996 05:04:54 +0800
Subject: Internet Privacy Guaranteed
Message-ID: 


 
 
  Friend, 
 
 
                           (KEY #1) 
 
 
  Date: Mon, 19 Feb 1996 20:01:06 -0500
  From: "Perry E. Metzger" 
  To: IPG Sales 
  Cc: cypherpunks at toad.com
  Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)

  [snip]  
 
  > ...keymanagem,ent makes RSA systems unmanageable for large 
  > organizations - offer such a suystem to Merrill Lynch and be 
  > laughed out of the office.... 

  [snip] 

  Even private key systems are quite workable. I actually work 
  with these firms [large organizations] -- its what I do for a 
  living. They have existing systems based on KDCs (do you even 
  know what a KDC is?) and they function just fine. As for public 
  key technologies, they [large organizations] are in many cases 
  implementing technologies based on public key system. 
 
  [snip] 
 
                            (KEY #2) 
 
 
  Date: Mon, 19 Feb 1996 20:37:42 -0500
  From: "Perry E. Metzger" 
  To: IPG Sales 
  Cc: cypherpunks at toad.com
  Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.) 
 
  [snip] 
 
  IPG Sales writes:
  > there is no need in talking in circles - You may think that 
  > you know everything there is to know about encryption, but 
  > believe me, there is a lot more for you to learn - I do not 
  > now what KDC's are,

  Key Distribution Centers, the center of Needham-Schroeder and 
  similar key management protocols, like the Kerberos protocols. 
 
  [snip] 
 
 
                             (KEY #3) 
 
  
  Date: Tue, 20 Feb 1996 01:28:01 -0700
  From: Nelson Minar 
  To: cypherpunks at toad.com
  Subject: breakable session keys in Kerberos v4 
 
  I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
  of forwarded messages: first, an announcement made Fri Feb 16 by Gene
  Spafford at COAST about an exploitable flaw they've found in Kerberos,
  and then a comment on the www-security list that it is due to a bad
  random number generator. Same old story! 
 
  The message (lifted from the COAST web site)
 
  [snip] 
 
  (a comment I found in reply [to the COAST message]) 
 
  ------- Start of forwarded message -------
  From: jis at mit.edu (Jeffrey I. Schiller)
  Subject: Re: Kerberos Vulnerability
  Newsgroups: hks.lists.www-security
  Date: 19 Feb 1996 21:42:08 -0500
  Organization: HKS, Inc.
  Path: hks.net!news-mail-gateway!owner-www-security
  Lines: 8
  Sender: root at hks.net
  Message-ID: 
  NNTP-Posting-Host: bb.hks.net
 
  There will be a fix distributed by MIT later this week. The problem is 
  that the random number generator in V4 is worse then we thought! The 
  fix is to retrofit the V5 generator (which is decent) into the V4 KDC. 
  Note: Only the KDC needs to be updated, clients and servers are unaf- 
  fected. 
 
                                -Jeff
 
 
  ------- End of forwarded message -------
 
 
 
                               (KEY #4) 
 
 
  Kerberos offers a better network security model than ignoring 
  network security entirely.  Unfortunately, it is plagued with 
  holes, from windows that remain "authenticated" for hours while 
  the user is at lunch, to passwords that are stored in plain text 
  on the authentication server. 
 
        Page 553 of: 

        Evi Nemeth, Garth Snyder, Scott Seebass, Trent R Hein. 
 
        UNIX System Administration Handbook. Second Edition. 
 
        Prentice Hall PTR. 
 
        1995. 
 
        ISBN: 0 13 151051 7 
 
        email: sa-book at admin.com 
 
        http://www.admin.com 
                  
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The above message excerpts are reformatted. 
 
 
 






From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 20 14:10:14 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 21 Feb 1996 06:10:14 +0800
Subject: Easy Nuclear Detonator
Message-ID: <01I1FTI556YKAKTJEQ@mbcl.rutgers.edu>


From:	IN%"jimbell at pacifier.com"  "jim bell" 20-FEB-1996 09:01:32.20

>As for the inclusion of your private note:  sorry again.  But at the time,
>it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>to me.

	Ah. I understand mistakes. I've made one similar to this before,
although it was through not noticing that a mailing to me wasn't also to
Cypherpunks, rather than not knowing the (rather basic element of) Nettiquette
of not posting someone else's private email. Apology accepted.
	-Allen





From ipgsales at cyberstation.net  Tue Feb 20 14:32:13 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Wed, 21 Feb 1996 06:32:13 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200812.DAA05762@thor.cs.umass.edu>
Message-ID: 




On Tue, 20 Feb 1996 lmccarth at cs.umass.edu wrote:

> IPG Sales writes:
> > Obviously you want to criticise without investigation. He who knows all, 
> >    knows little, or nothing accoring to Einstein.
> 

I apologize but I do believe that you prejudged it without bothering to 
inquire of us, or inquire further. We are now anxious to cooperate with 
cypherpunks and let them show us how silly the system is. We will cooperate
fully, with minor but we believe accpeptableimitations and subject 
to reciprocation. 


> That's a rather disingenuous statement. I read your press release, and then
> I spent a while browsing through everything that seemed germane on your
> web pages. But my investigation of all the material you had presented to the
> world yielded very little in the way of hard facts about the security of the 
> IPG system. I responded to what I'd been able to find.
> 
> Future technical investigations of IPG would be greatly aided if you placed
> on your web pages some of the technical details you have at last revealed
> here. I just checked your web pages again, and they still don't explain the
> actual workings of the system at all.
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
We will not post it to Internet, but we will provide it to the 
Cipherpunks, a large selected set choisen by Derek Atkins or 
his designee. 

Some men are as sure of their opinions as they are of what they know - 
Shakespeare.





From markm at voicenet.com  Tue Feb 20 14:35:35 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 21 Feb 1996 06:35:35 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Feb 1996, Mike Rose wrote:

> >Probably there will soon be thousands of pages which include this code,
> >and people using Netscape 2.0 will be spammed with commercial messages.
> >So just put some false e-mail address in your Netscape browser to disable
> >this feature.
>
> Changing the email address known to netscape doesn't help.  Your email
> address is in the message sent, regardless of what netscape thinks
> your identity is.

I'm not sure I understand what you are saying.  The Javascript program
uses Netscape to send the e-mail.  The only way Netscape knows your actual
e-mail address is if you tell Netscape what it is.  The comments on the
page tell you that deleting your e-mail address from Netscape's config, or
supplying it with a false one, prevents the script from working.  I visited
the page using a fake e-mail address, and have yet to be sent a confirmation
e-mail.

BTW, here's the source for the page:









Viewing this page automatically submits email to an address which then
sends you back email to prove it grabbed the message.






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSofNbZc+sv5siulAQGV6QP/feZ59C51ZAjKkrvBUCdNOvhtJqQJsR2I
uigA5owTzecDXfnwCC3XB4w08ym0lgA1pwKcAEWl4hhOPyBmnerKbT2Q96Z5JMFe
LwQnbP78fDB/Sx101X5uYHh47tGGkfzGbMhjLcrVpTrpgIDMYBEKLtfyZknwI4xQ
Do9CPVr9lwM=
=XMTH
-----END PGP SIGNATURE-----





From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 20 14:52:49 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 21 Feb 1996 06:52:49 +0800
Subject: NET_run
Message-ID: <01I1FTP3FADEAKTJEQ@mbcl.rutgers.edu>


From:	IN%"abostick at netcom.com" 20-FEB-1996 09:07:55.46

>should not be confused with Steve Jackson Games' GURPS Cyberpunk module
>for Jackson's GURPS role-playing system, which was published later.)

>"What the hell does this have to do with cryp%*##~~~

	Actually, it does. Steve Jackson Games (SJG) was raided by the Secret
Service for that game, in which the Secret Service showed their total
ignorance of computers by mistaking it for a "handbook of computer crime."
Since they're the ones also concerned with counterfeiting:
	A. this indicates something about how much one needs to worry about
		counterfeiting, and one reason that even with the new changes,
		US currency is still one of the easiest ones to counterfeit
		with modern technology.
	B. they're likely to be total idiots when it comes to digital cash

On the other hand on the last point, they did look at one private currency
scheme and deem it allowable, since the (physical) bucks in that case didn't
resemble US currency. The governmental group that _did_ have problems with it
was the SEC, who decided that since its non-inflationary qualities were based
on direct funding through a group of investments, it qualified as an
unlicensed mutual fund. Moral of the story: don't base it in the US, or don't
make it run off of investments.
	-Allen





From mrose at stsci.edu  Tue Feb 20 15:50:55 1996
From: mrose at stsci.edu (Mike Rose)
Date: Wed, 21 Feb 1996 07:50:55 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201940.AA09764@MARIAN.SOGS.STSCI.EDU>


>>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M."  said:

>On Tue, 20 Feb 1996, Mike Rose wrote:

>>Changing the email address known to netscape doesn't help.  Your email
>>address is in the message sent, regardless of what netscape thinks
>>your identity is.

>I'm not sure I understand what you are saying.  The Javascript program
>uses Netscape to send the e-mail.  The only way Netscape knows your actual
>e-mail address is if you tell Netscape what it is.  

Netscape doesn't need to know your email address.  Your email address
is put into the headers by sendmail.  Netscape will make a "from"
header of what you claim in the "indentity" field, but your real
address is also in the headers - "sender:" in mine.

Mike





From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 20 16:37:35 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 21 Feb 1996 08:37:35 +0800
Subject: Chaotic physical systems as random number sources
Message-ID: <01I1FUPJ56PQAKTJEQ@mbcl.rutgers.edu>


	I'm curious if anyone knows of any attempts to use a chaotic physical
system (such as the famous double pendulum) as a source of random numbers. I
did an Alta Vista check on the problem, and all I turned up was a paper (in
postscript, so I couldn't read it) on all mathematical pseudorandom number
generators being logical chaotic systems. (It's at
http://csl.ncsa.uiuc.edu/~herring/publications/rand.ps).
	One problem that I can see is that of strange attractors. While the
path through each time would be different, they're still _close_ to each other,
and a practical mechanical system might not be sensitive enough to pick up the
differences.
	Thanks,
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Tue Feb 20 16:37:47 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Wed, 21 Feb 1996 08:37:47 +0800
Subject: Optical repeaters
Message-ID: <01I1FUFZ69LGAKTJEQ@mbcl.rutgers.edu>


From:	IN%"thad at hammerhead.com" 20-FEB-1996 09:52:39.27

>But, and this is the interesting part; you cannot use this feature to tap
>the line.  Measuring either one of these photons would disturb the other,
>destroying the state that it has.

	I believe that all of this comes down to what and when is the
"waveform collapse" - what and when is observation. If any interaction with
something else counts as observation, then it won't work. This problem is
where one gets into the many worlds hypothesis et al.
	-Allen





From jimbell at pacifier.com  Tue Feb 20 16:45:55 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 21 Feb 1996 08:45:55 +0800
Subject: Optical repeaters
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:04 AM 2/20/96 -0800, jamesd at echeque.com wrote:
>At 07:35 PM 2/19/96 -0800, Timothy C. May wrote:
>>By analogy, it is not clear to me that a simple regeneration mechanism,
>>with no local observer or recording apparatus, will collapse the wave
>>function. Seems to me an experiment may have already been done along these
>>lines: separate fibers producing an interference pattern and then these
>>inline amps added...if the interference pattern remains, as I would expect,
>>then the amps/regenerators did not constitute a "measurement" in QM terms.
>
>An amplification mechanism will usually couple the signal to the vacuum, 
>and introduce vacuum noise.   Another way of thinking of vacuum noise 
>is that amplification mixes the state of the signal, with the (unknown) 
>phase of the universe at infinity.

I would think that the action of a optical fiber amplifier is, in a sense, 
"negative loss," or the inverse of the kind of loss normally found in a 
fiber cable.  Thus, if quantum crypto can be done through a long fiber at 
all, the fiber amplifier shouldn't negatively affect it.  However, if 
polarization is important (and I know that "polarization maintaining" fibers 
are available) then I assume that the amplifier would probably also have to be 
designed to ensure that polarization would also be maintained through the 
EDFA (Erbium-Doped Fiber Amplifier.)

Jim Bell
jimbell at pacifier.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSoOwfqHVDBboB2dAQGyawP/TZDei/hk1S3ohFGCz+z8hlLbYuL5Bswo
17UYtM/NyCdKtZ3K/4t2wuGjKwhzUY8iuzi9b1DiKG5pqlsi4rIMz6VqF5V3dIie
5MjDmlCVabYJR5a5DKbWGb/osVsKJfEDskhMcGKtnjMQc3L/Ua9DzkhXhfQ2GWUh
u+4hhjL+i5E=
=f/Cm
-----END PGP SIGNATURE-----






From mrose at stsci.edu  Tue Feb 20 16:49:08 1996
From: mrose at stsci.edu (Mike Rose)
Date: Wed, 21 Feb 1996 08:49:08 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201941.AA09775@MARIAN.SOGS.STSCI.EDU>


>>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M."  said:

>I visited
>the page using a fake e-mail address, and have yet to be sent a confirmation
>e-mail.

That's a flaw in the auto-responder, which believes the false "from"
field.

Mike





From mrose at stsci.edu  Tue Feb 20 17:27:14 1996
From: mrose at stsci.edu (Mike Rose)
Date: Wed, 21 Feb 1996 09:27:14 +0800
Subject: JavaScript to grab email
Message-ID: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>


>>>>> On Tue, 20 Feb 96 14:40:30 EST, Mike Rose  said:

>Changing the email address known to netscape doesn't help.  Your email
>address is in the message sent, regardless of what netscape thinks
>your identity is.

Sorry for the imprecision here.  I was referring to Netscape 2.0 on
unix here.  Changing the email address known to netscape is
insufficient for non-root users on unix systems, because sendmail will
put your real address into the headers.

The auto-responder used by the posted example page apparently isn't
sophisticated enough to extract the real address, but the address is
still in the headers for someone to extract.

For those who haven't read the script, the technique used is as
follows.  A java script sends a mail message to the author of the
script.  The identity of the sender is in the mail headers.  The
script does not look at netscape variables or otherwise get the
information from netscape or the environment.

The major point is that setting a bogus email address in netscape will
not necessarily prevent your email address from being captured in this
manner.

Mike





From nobody at 2005.bart.nl  Tue Feb 20 18:15:04 1996
From: nobody at 2005.bart.nl (Senator Exon)
Date: Wed, 21 Feb 1996 10:15:04 +0800
Subject: ANNOUNCE> New remailer
Message-ID: <199602202102.WAA01406@ddh.bart.nl>


The Exon Remailer (remailer at remailer.nl.com) is up. It supports Type 1
(Ghio) messages and news postings. It is still in beta testing.
Comments to remailer-owner at remailer.nl.com would be appreciated.

	Grtz, 

	Senator Exon

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAzEqIb0AAAEEANNdNiByrACsMnADFF4XVIaVGteITHQJ7jgYT8xis1VFXdRq
II+vpHKJv0kIuf8l1B4xMk3t/AGH2zk6BwBFXwMZutSDfhxSZ/8VHky9yZQ3Zzfy
0cLCa2rfMS456WhJpj+m1X53IHMqjghm5zosF+gKJN95+/jzSWQjxfIE5MYJAAUR
tCdTZW5hdG9yIEV4b24gPHJlbWFpbGVyQHJlbWFpbGVyLm5sLmNvbT6JAJUDBRAx
KiVIWd90FI1WkT0BAQxwA/9aPuL33L7jt7yI/nFJ/xkRsPOWFrRq0sHXemEfXe4D
3mhxeA3HKjZYlKtDN2DTXVK0IEb0lkTefV3HfbMRyHyeJ+9nf+gn6ASNifXUKWnl
JZwcWBIFA25TeQX9MqdO4WZfIV6LFPJPmNJ5yeB5X4JGNU/KihBSS9KNocduMp49
cYkAlQMFEDEqH1Qp1cio8BPPmQEBm3QEAJlWcOX0nPDg/qU2WRMs1CyVNtNBQDsH
zmvadUfULzLuiKIwfSEnyoX0m9RIgdOdpQCPHHlFqMQDijtab5+aeF3Vaa/n4uGw
lpGjvg9Zz6zNNBikywpv9spd+95HZEMvPisTaPOnVGHJRG45qgm8GTnOMZEe6qgk
voxTA4UafmY1iQCVAwUQMSoid2QjxfIE5MYJAQHDngQAtajcXiFJaS2TEwuldzHE
DP7W2UlwQnSu8RYvnO2bnLZCaAnjl5gjcY+72L6+84WAhwM5upmCsCt3XxsDJz7O
KY88Tqo/oMLItwl91npjepwktJ5SoiNuW8oXeVI1lDKaSvImYmDP7D2I7YJ+iCHE
Gnsyv8DqHFrlbujh9cO94XE=
=JOAa
-----END PGP PUBLIC KEY BLOCK-----






From nobody at 2005.bart.nl  Tue Feb 20 18:27:27 1996
From: nobody at 2005.bart.nl (Senator Exon)
Date: Wed, 21 Feb 1996 10:27:27 +0800
Subject: ANNOUNCE> New remailer
Message-ID: <199602202110.WAA02307@ddh.bart.nl>


The Exon Remailer (remailer at remailer.nl.com) is up. It supports Type 1
(Ghio) messages and news postings. It is still in beta testing.
Comments to remailer-owner at remailer.nl.com would be appreciated.

	Grtz, 

	Senator Exon

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAzEqIb0AAAEEANNdNiByrACsMnADFF4XVIaVGteITHQJ7jgYT8xis1VFXdRq
II+vpHKJv0kIuf8l1B4xMk3t/AGH2zk6BwBFXwMZutSDfhxSZ/8VHky9yZQ3Zzfy
0cLCa2rfMS456WhJpj+m1X53IHMqjghm5zosF+gKJN95+/jzSWQjxfIE5MYJAAUR
tCdTZW5hdG9yIEV4b24gPHJlbWFpbGVyQHJlbWFpbGVyLm5sLmNvbT6JAJUDBRAx
KiVIWd90FI1WkT0BAQxwA/9aPuL33L7jt7yI/nFJ/xkRsPOWFrRq0sHXemEfXe4D
3mhxeA3HKjZYlKtDN2DTXVK0IEb0lkTefV3HfbMRyHyeJ+9nf+gn6ASNifXUKWnl
JZwcWBIFA25TeQX9MqdO4WZfIV6LFPJPmNJ5yeB5X4JGNU/KihBSS9KNocduMp49
cYkAlQMFEDEqH1Qp1cio8BPPmQEBm3QEAJlWcOX0nPDg/qU2WRMs1CyVNtNBQDsH
zmvadUfULzLuiKIwfSEnyoX0m9RIgdOdpQCPHHlFqMQDijtab5+aeF3Vaa/n4uGw
lpGjvg9Zz6zNNBikywpv9spd+95HZEMvPisTaPOnVGHJRG45qgm8GTnOMZEe6qgk
voxTA4UafmY1iQCVAwUQMSoid2QjxfIE5MYJAQHDngQAtajcXiFJaS2TEwuldzHE
DP7W2UlwQnSu8RYvnO2bnLZCaAnjl5gjcY+72L6+84WAhwM5upmCsCt3XxsDJz7O
KY88Tqo/oMLItwl91npjepwktJ5SoiNuW8oXeVI1lDKaSvImYmDP7D2I7YJ+iCHE
Gnsyv8DqHFrlbujh9cO94XE=
=JOAa
-----END PGP PUBLIC KEY BLOCK-----






From erc at dal1820.computek.net  Tue Feb 20 19:34:24 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Wed, 21 Feb 1996 11:34:24 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: 


On Tue, 20 Feb 1996, Mike Rose wrote:

> Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> unix here.  Changing the email address known to netscape is
> insufficient for non-root users on unix systems, because sendmail will
> put your real address into the headers.

How about setting the mail proxy to something bogus? ;)
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From nobody at REPLAY.COM  Tue Feb 20 19:34:37 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 21 Feb 1996 11:34:37 +0800
Subject: No Subject
Message-ID: <199602202023.VAA26697@utopia.hacktic.nl>


::
Subject: Re: List of reliable remailers

On Mon, 19 Feb 1996 06:50:11 -0800, Raph Levien  
wrote:

>   I operate a remailer pinging service which collects detailed
>information about remailer features and reliability.

[snip]

What does it mean if a certain remailer is *not* shown on the current 
list?  Is it down?  Or simply not tested?






From frissell at panix.com  Tue Feb 20 19:47:09 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 21 Feb 1996 11:47:09 +0800
Subject: Public Access Obsolete.  Capitalism offers free email
Message-ID: <2.2.32.19960220201325.0070e5c8@panix.com>


The NYT's Cybertimes reports 
(http://www.nytimes.com/library/cyber/week/0219email.html)

that two companies are preparing to offer free email to customers who agree
to be barraged by ads.  Juno and Freemark will soon offer free email to all
(Americans).

http://www.freemark.com/freemark.html

http://www.juno.com/

And since you can do (almost) anything with email that you can do with the
rest of the net (just more slowly and less conviniently) I guess we don't
have to worry about government-provided public access any more.

DCF






From shamrock at netcom.com  Tue Feb 20 20:01:22 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 12:01:22 +0800
Subject: Need SSL firewall
Message-ID: <199602202203.RAA08526@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

I need firewall software, preferably for free and running on an x86, that
allows me to place an SSL webserver behind the firewall.

Any pointers?

TIA,

- -- Lucky Green 
   PGP encrypted mail preferred.


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
=kPCC
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Tue Feb 20 20:07:43 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 21 Feb 1996 12:07:43 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 08:59 AM 2/20/96 -0800, Alan Bostick wrote:

>ObCrypto:  Would four years experience interpreting cryptic vanity
>plates while commuting on the Nimitz Freeway be a good qualification for
>an NSA cryptanalyst?  Would that experience also qualify me as a traffic
>analyst? 

An interesting movie out of the 1960's (which is just barely available by 
special order from Blockbuster video) is called "Sebastian."   English actor 
Dirk Bogarde plays "Sebastian," the head of a British code-cracking 
organization staffed by women.  Haven't seen it for a couple of decades.  As 
the opening credits roll, Sebastian has a random chance encounter with a 
woman on the street.  Without any other words, he asks her something like, 
"Spell your name backwards."  In a comparative instant she does so, and he
gives her his 
card, saying, "Call me if you want a job."  A few months later she does, and 
that's where the main story starts.

Jim Bell

jimbell at pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSo2I/qHVDBboB2dAQGb8gP/Vrr2AweA3CZeSB1xUvlpLvAYX8jnvXNL
vHYNLtLl6NiVXIOVNtG/d7e+K5BgSHgjlme0BwqdEzI8NqNN5mbyM1VVeYqpl4SH
NK//1yyvABAQa4I20GZkFT6MU36iub7G6uDV2UdGqekCskmdE8uURa773KGe7aBL
NF6A0fthx2s=
=vvXl
-----END PGP SIGNATURE-----






From ravage at ssz.com  Tue Feb 20 20:14:27 1996
From: ravage at ssz.com (Jim Choate)
Date: Wed, 21 Feb 1996 12:14:27 +0800
Subject: Chaotic physical systems as random number sources (fwd)
Message-ID: <199602202224.QAA18587@einstein.ssz.com>



Forwarded message:

> Date: Tue, 20 Feb 1996 14:47 EDT
> From: "E. ALLEN SMITH" 
> Subject: Chaotic physical systems as random number sources
> 
> 	I'm curious if anyone knows of any attempts to use a chaotic physical
> system (such as the famous double pendulum) as a source of random numbers.

I have used magnetic pendulums for this as well as chaotic dripping (both
with an old C64).

> 	One problem that I can see is that of strange attractors. While the
> path through each time would be different, they're still _close_ to each other,
> and a practical mechanical system might not be sensitive enough to pick up the
> differences.


Not necessarily. In both the magentic pendulum and chaotic pendulums this is
not a problem.


                                              Jim Choate
                                              ravage at ssz.com






From richier at Onramp.NET  Tue Feb 20 20:17:21 1996
From: richier at Onramp.NET (Nemesis)
Date: Wed, 21 Feb 1996 12:17:21 +0800
Subject: (no subject)
Message-ID: <312A33F8.D93@onramp.net>


How do i get off the mailing list??????





From jeffb at sware.com  Tue Feb 20 20:46:27 1996
From: jeffb at sware.com (Jeff Barber)
Date: Wed, 21 Feb 1996 12:46:27 +0800
Subject: JavaScript to grab email
In-Reply-To: 
Message-ID: <199602202014.PAA01389@jafar.sware.com>


Mark M. writes:

> On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> > >Probably there will soon be thousands of pages which include this code,
> > >and people using Netscape 2.0 will be spammed with commercial messages.
> > >So just put some false e-mail address in your Netscape browser to disable
> > >this feature.
> >
> > Changing the email address known to netscape doesn't help.  Your email
> > address is in the message sent, regardless of what netscape thinks
> > your identity is.
> 
> I'm not sure I understand what you are saying.  The Javascript program
> uses Netscape to send the e-mail.  The only way Netscape knows your actual
> e-mail address is if you tell Netscape what it is.  The comments on the
> page tell you that deleting your e-mail address from Netscape's config, or
> supplying it with a false one, prevents the script from working.  I visited
> the page using a fake e-mail address, and have yet to be sent a confirmation
> e-mail.

On my system (Linux), the "Sender: " header contains my address no matter
what I set my address too.


-- Jeff





From aba at atlas.ex.ac.uk  Tue Feb 20 20:53:13 1996
From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk)
Date: Wed, 21 Feb 1996 12:53:13 +0800
Subject: Guaranteed snake-oil, er, privacy...
Message-ID: <13501.9602202156@exe.dcs.exeter.ac.uk>



geeman at best.com writes:
>	The 
>        posting(s) concern an extremely easy to use, unbreakable system 
>        for encrypting all user sensitive data going out over Internet.
>        As a reference to its unbreakability, I refer you to an 
>        article by Paul Leyland on Internet at:
>
>               http://dcs.ex.ac.uk/~aba/otp.html
>
>        Mr. Leyland refers to some problems, which our PCX 
>        system addresses and resolves.

Some corrections: I (Adam Back) wrote the www page you refer to, the
attribution to Paul Leyland  on that page is
refering to his implementation of a OTP in 1 line of C which I
included with permission:

main(i,c)int*c;{for(c=fopen(c[1],"r");i=~getchar();putchar(getc(c)^~i));}

>        Mr. Leyland refers to some problems, which our PCX 
>        system addresses and resolves.

Neglecting the misattribution, some comments on IPG's claims are in
order.  My page mentions that OTPs are provably secure:

: "OTPs are provably unconditionally secure"

BUT, I also go to great pains to make clear that the security of OTPs
rests critically on the true randomness of the PAD:

: 
Generating OTPs

: 
: It can't be stressed enough how important it is to have a truly random
: OTP.  Just using the random() function provided with C
: libraries is nowhere near good enough, these typically have a seed of
: one 32 bit word, so that even if you used the millisecond of your
: clock as a seed the whole system could be broken with a brute force
: keysearch of all possible seeds.  In cryptographic terms a 32 bit
: keyspace is tiny, and would take a negligble amount of compute time to
: break.
: 
: 

: 
: Basically if you use pseudo-random number generators they are going to
: be the weak point in the system, unless you have external input like a
: radio-active decay card, or timings of the milliseconds between
: keystrokes with proper entropy estimation as used by PGP.

I'm sure everyone reading understands ad nauseum about OTPs etc, but I
would like to take the opportunity to distance myself from any claims
being made by IPG, and to state categorically as the author of the www
page quoted that I do not agree with IPG interpretation of what one
can legitimately call a secure OTP system.

I think (and this has been pointed out repeatedly to POTP in the past)
that you would go a lot further if you made realistic claims, and used
standard nomenclature.

If you have a new stream cipher using a PRNG, say so, publish the
algorithm for peer review, and go from there.  It is the calling it
something which it is not which generates criticism out of hand.
People look no further.  I'd suggest replacing marketing at IPG with
some one who can at least sound convincing.  As lots of people have
said: publish the algorithm.

Adam






From mdiehl at dttus.com  Tue Feb 20 20:55:34 1996
From: mdiehl at dttus.com (Martin Diehl)
Date: Wed, 21 Feb 1996 12:55:34 +0800
Subject: Patient medical files on Net
Message-ID: <9601208248.AA824855630@cc1.dttus.com>


     WSJ - 2/20/96, page B1 
     
     "Click! Doctor to Post Patient Files on Net" by G. Bruce Knecht
     
     "An audacious experiment ...
     [snip]
     "Deep in the heart of Appalachian coal country, a doctor is about to 
     put his patients' records on the World Wide Web.  The Doctor, Bruce 
     Merkin, works at a community health clinic in Wayne, W. Va."
     [snip]
     "Dr. Merkin and Vasudevan Jagan-nathaniel, a West Virginia University 
     professor who is responsible for developing the software for the 
     system, say they have yet to decide how secure the system should be.  
     At one extreme, they could encrypt the information, offering the 
     highest possible degree of protection.  But encryption is expensive 
     and time consuming and thus could hinder the goals of cutting costs 
     and rapidly transmitting information."
     [snip]
     
     
     Cypherpunks:
     
     The WSJ report seems to indicate that the system is to be deployed 
     without any encryption safeguards.
     
     After talking by phone to Lee Oxley (oxley at vhs.wvu.edu) at Valley 
     Health in Wayne, WV, I got clarifications of what was in the WSJ 
     story.  The present pilot system is an intranet system with dedicated 
     frame relay links and does use encryption.  Eventually they may deploy 
     a system that would be internet based.  They are considering how much 
     protection to put into the system.  The reference in the article about 
     encryption costs was intended to be about CPU cycles not dollars. 
     Vasudevan Jagan-nathaniel's email address is juggy at cerc.wvu.edu
     
     Some obvious proposals would be to use something like SSL to do server 
     to workstation encryption.  I don't know what issues may exist such as 
     the effort to install SSL, key management, and processing delays due 
     to session keys and traffic encryption.  In addition, how could an 
     on-call doctor access patient records through an ISP and maintain 
     patient privacy.  An obvious issue (which I know have been discussed 
     on this list) has to do with the trade-off between key size and 
     privacy.
     
     Any other thoughts?
     
     Martin G. Diehl






From rmartin at aw.sgi.com  Tue Feb 20 21:11:45 1996
From: rmartin at aw.sgi.com (Richard Martin)
Date: Wed, 21 Feb 1996 13:11:45 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201704.ZM3263@glacius.alias.com>



-----BEGIN PGP SIGNED MESSAGE-----

On Feb 20,  3:09pm, Mike Rose wrote:
> For those who haven't read the script, the technique used is as
> follows.  A java script sends a mail message to the author of the
> script.  The identity of the sender is in the mail headers.  The
> script does not look at netscape variables or otherwise get the
> information from netscape or the environment.

Javascript is coming to annoy me more and more all the time. I can turn
off Java in Netscape, but I can't turn off Javascript, and I've already
encountered pages which use Javascript to animate status bars and so on.
My web browser should *not* be generating 90% of my usage, or if it is,
there should be a way of turning it off.

So, here's a proposal for those who (a) run high-traffic sites and (b)
are similarly annoyed with the Netscape plan.

Insert the following at the top of your top-level page.





Viewing this page has automatically sent a short piece of protest
e-mail to Netscape.




[the rest of your page here]
...


They *might* get the point.


It's *not* spamming them! Folks'll only--at most--send them about fifteen
messages a day!


They can use it to replace cookies, if they ever get rid of cookies.
["Alright, Jim, we've had to reboot the mail server fifteen times today,
which suggests that there's about fourteen thousand more users than
yesterday... Pity they can't talk to us, eh?"]


frodo =)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSpFUx1gtCYLvIJ1AQFxqgP9FT90ol1fakS2Zy2TN8eqMpsad0/UjSKZ
anEXYUUMzhV2Pr+RudCydygFa5HxiGMiHdjmLaO0cONsAmTD/MY2OrwigDfpk/DA
0SuqMgPhFt/UyGkatu0ZDLkpjUFqY0e6AD81mYe5eVBxarnfUtuZXEM7Slu/K4yF
ij67tiCQbh0=
=nNwZ
-----END PGP SIGNATURE-----

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992





From WlkngOwl at UNiX.asb.com  Tue Feb 20 21:21:51 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Wed, 21 Feb 1996 13:21:51 +0800
Subject: NOT CRYPTO (Sort of): Fwd: OPPOSITION: AFA seeks to expand CDA
Message-ID: <199602202339.SAA05031@UNiX.asb.com>


Got this in the mail. Pardon me if it turns out to be spam, but it's 
relevant.  Pardons to unnamed folx who prefer only crypto stuff.

------- Forwarded Message Follows -------
telstar at wired.com (--Todd Lappin-->) wrote:

While I warms my heart to know that the American Family Association thinks
the Communications Decency act is a dud, the following message demonstrates
that the organization does not intend to let the issue rest.

Specifically, they're now seeking to expand the scope of Internet Service
Provider (ISP) liability for "indecent" content. That makes about as much
sense as asking AT&T to censor your telephone conversations, but
regardless... the bottom line is that the American Family Association is
*very* determined to impose its social agenda on cyberspace through
government legislation.

Moreover, at this point it's hardly clear to what extent ISP's are or are
not liable for online content under the CURRENT provisions of the
Communcations Decency Act.  Given this ambiguity, a more stringent
clamp-down would only expand the "chilling effect" on free speech.

Spread the word!

--Todd Lappin-->
Section Editor
WIRED Magazine

=========================================

COMPUTER PORNOGRAPHY LAW NOT WORKING, SAYS AFA

WASHINGTON, Feb. 14 /PRNewswire/ -- American Family Association issued the
following: "Less than one week after the Communications Decency Act was
signed into law by President Clinton, it is obvious that the law, designed
to curb computer pornography, is not working and never will work," said
Patrick Trueman, director of American Family Association governmental
affairs.  This fact was made clear by the action this week of CompuServe, a
major access provider to the Internet, to restore access to pornographic
Internet sites it had recently blocked under pressure from German
prosecutors.

Access providers to the Internet have a financial incentive to provide
access to pornography and they will not block such sites until they are
under a legalobligation to do so, Trueman said.  The Communications Decency
Act included specific provisions protecting access providers from criminal
liability and until those provisions are repealed, CDA will be nearly
useless, he added.

Trueman wrote to leaders of pro-family groups today urging them to unite
behind a tough anti-pornography measure like that sponsored by Congressman
Henry Hyde.  The Hyde measure, which would have made anyone liable who
knowingly and intentionally provides pornography to children or obscene
pornography to anyone, was defeated in committee by supporters of CDA.
"The reality is CDA does not work and it will never work.  For its
enforcement it relies on a massive number of prosecutions by the Justice
Department of individuals who put illegal pornography on the Internet while
the major distributors and money makers from the distribution of
pornography -- the access providers -- are given a free ride," Trueman said
in his letter to pro-family leaders.

Trueman urged pro-family leaders to act now to change the law. "There is no
point in waiting months or years.  CompuServe has made that clear in its
recent actions which demonstrate that the law has little, if any, deterrent
effect," Trueman said in his letter.

CONTACT:  Patrick A. Trueman of the American Family Association: 202-544-0061

###



Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From frissell at panix.com  Tue Feb 20 21:33:26 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 21 Feb 1996 13:33:26 +0800
Subject: Public Access Obsolete.  Capitalism offers free email
Message-ID: <2.2.32.19960220213659.007009ec@panix.com>


At 03:13 PM 2/20/96 -0500, Duncan Frissell wrote:
>The NYT's Cybertimes reports 
>(http://www.nytimes.com/library/cyber/week/0219email.html)
>
>that two companies are preparing to offer free email to customers who agree
>to be barraged by ads.  Juno and Freemark will soon offer free email to all
>(Americans).

So if any of you nyms out there want an email presence, this might be a
possibility.  I wonder how they are verifying account setup info.  I will
investigate.

DCF






From jya at pipeline.com  Tue Feb 20 21:37:06 1996
From: jya at pipeline.com (John Young)
Date: Wed, 21 Feb 1996 13:37:06 +0800
Subject: The Future of US Intelligence - CoFR Report
Message-ID: <199602202356.SAA03606@pipe1.nyc.pipeline.com>


   The new CoFR report on the future of US intelligence 
   as covered in recent press reports is digitized. Is
   there a public-spirited site for making it available
   by http or ftp or both? It's 103 kb long, in ASCII.

   Altavista did not show this tealeaf -- to us anyhow.
                 
   _________________________________________________________

                 Making Intelligence Smarter

               The Future of U.S. Intelligence

             Report of an Independent Task Force

        Sponsored by the Council on Foreign Relations
   _________________________________________________________

                             Contents

      Executive Summary
      Introduction
      Background
      The Setting
      The Need for Intelligence
      Collection Priorities
      Setting Requirements
      Improving Analysis
      Economic Intelligence
      Clandestine Activities
      Organization
      Military Issues
      Intelligence and Law Enforcement
      Congressional and Public Oversight
      Additional Views
      Appendix
      Members of the Task Force
      Acknowledgements
      Publication information

   _________________________________________________________







From jon at aggroup.com  Tue Feb 20 21:37:28 1996
From: jon at aggroup.com (Yanni)
Date: Wed, 21 Feb 1996 13:37:28 +0800
Subject: JavaScript to grab email
Message-ID: <9602201325.AA28317@jon>


> I visited the page using a fake e-mail address, and have yet to be sent
> a confirmation e-mail.

When it sends the mail, netscape puts your email address that you put
into the message in the From: field. This is what that JavaScript is
doing. It is not reading any of your files or doing anything "illegal",
it is just taking advantage of the way that Netscape sends email. ;)

Obviously, either putting nothing or a bogus email address will cause
you to not get a confirmation e-mail.

It is one of those "why didn't I think of it" things. ;) Simple
yet effective. :)

-jon

Jon S. Stevens         yanni at clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp at sparc.clearink.com for pgp pub key
My apologies for the loss of bandwidth. :-)





From tcmay at got.net  Tue Feb 20 21:39:48 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 21 Feb 1996 13:39:48 +0800
Subject: Chaotic physical systems as random number sources
Message-ID: 


At 6:46 PM 2/20/96, E. ALLEN SMITH wrote:
>        I'm curious if anyone knows of any attempts to use a chaotic physical
>system (such as the famous double pendulum) as a source of random numbers. I
>did an Alta Vista check on the problem, and all I turned up was a paper (in
>postscript, so I couldn't read it) on all mathematical pseudorandom number
>generators being logical chaotic systems. (It's at
>http://csl.ncsa.uiuc.edu/~herring/publications/rand.ps).
>        One problem that I can see is that of strange attractors. While the
>path through each time would be different, they're still _close_ to each other,
>and a practical mechanical system might not be sensitive enough to pick up the
>differences.

This has come up several times. As I recall, some guys at a Navy research
lab (San Diego?) were claiming to have a "chaotic encryption" system.

As to using chaotic systems for PRNGs or RNGs, the "turbulent flow over
disk drive platters causes speed variations" idea, described recently, is
of course an example of nominally using a chaotic/turbulent system to
defeat predictability.

I have at least a couple of paragraphs on chaos and crypto in my Cyphernomicon.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ipgsales at cyberstation.net  Tue Feb 20 21:45:34 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Wed, 21 Feb 1996 13:45:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 




On Tue, 20 Feb 1996, Lucky Green wrote:

> At 17:22 2/20/96, IPG Sales wrote:
> 
> >If you are able to break the system, and everyone knows what we mean by
> >break, then we will publicly admit that we are snake oil salesmen, and
> >all the other things that Perry Metzger and others called us.
> 
> It is by no means clear to me what "breaking the system" means. One does
> not have to be able to decipher a single message to prove a system to be
> insecure. Moreover, cryptanalysis is economics: is it more expensive to get
> the information by analyzing the crypto than it is to get it by other
> means?
> 
> Do we have to show an exploitable flaw? Or we have to do the exploit? That
> might be expensive. Who would judge the contest?
> 
> The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> read the messages. End of story.
> 
> 
> -- Lucky Green 
>    PGP encrypted mail preferred.
> 
> 
> 


Lucky - you know the answer to that, several people have access to Cray's 
and the like - you must prove that we have an exploitable flaw, not 
just claim it - everyone claims it smokes and mirrors, why are you not willing 
to  go ahead and decipher a message - everyone claimed it was so easy - 
why are the cypherpunks so quite all of a sudden, we have been getting 
about 5 messages an hour up until we accepted Dereks challenge - now we 
have not received any messages for over five hours until we received 
yours. If it is so EASY, JUST GO AHEAD AND DO IT! 





From shamrock at netcom.com  Tue Feb 20 21:53:16 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 13:53:16 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 17:22 2/20/96, IPG Sales wrote:

>If you are able to break the system, and everyone knows what we mean by
>break, then we will publicly admit that we are snake oil salesmen, and
>all the other things that Perry Metzger and others called us.

It is by no means clear to me what "breaking the system" means. One does
not have to be able to decipher a single message to prove a system to be
insecure. Moreover, cryptanalysis is economics: is it more expensive to get
the information by analyzing the crypto than it is to get it by other
means?

Do we have to show an exploitable flaw? Or we have to do the exploit? That
might be expensive. Who would judge the contest?

The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
read the messages. End of story.


-- Lucky Green 
   PGP encrypted mail preferred.







From andrew_loewenstern at il.us.swissbank.com  Tue Feb 20 21:58:29 1996
From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern)
Date: Wed, 21 Feb 1996 13:58:29 +0800
Subject: DES_ono
In-Reply-To: 
Message-ID: <9602201822.AA00537@ch1d157nwk>


Adam Shostack  writes:
>  >       I'd use IDEA or 3DES.  Again, see Schneier.

Dr. Dimitri Vulis  responds:
>  Or perhaps GOST 28147-89.

Can you recommend some suitable S-Box configurations that might make GOST as  
secure as we think IDEA or 3DES is?


andrew





From erc at dal1820.computek.net  Tue Feb 20 21:59:38 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Wed, 21 Feb 1996 13:59:38 +0800
Subject: ANNOUNCE: New Crypto Product!
Message-ID: 


CompuScam, Inc., an unwholly-owned invention of InventiData, is pleased to
announce its latest offering in the growingly lucrative Internet Security
market.  Called "Secure Users Everywhere", SUE is "guaranteed privacy
protection for citizen-units everywhere," according to Ed Carp, Chief
Scientist, Chief Executive Officer, and Chief Everything Else for
CompuScam.  In today's press release, Carp said that "SUE is destined to
become the dominant market leader in a field full of inferior products." 

SUE is designed to work in any environment, and provides "Fort Knox" 
security for Internet users who wish to transact business over the "net". 
"Up until now, the Internet has been totally exposed, totally wide open to
every 12-year-old wannabe cracker with a cheap PC and a modem," said Carp,
"but with SUE, all that has changed overnight.  Now SUE users can safely
and securely exchange the most sensitive of documents, including credit
card and checking account numbers, SSN, employee information, credit
reports, gold bars - virtually anything that is of value can now be safely
transported across the Internet." 

No details were immediately available on the technical foundations of SUE,
but Carp indicated that this is to provide enhanced security for its
customers, adding that "you wouldn't want everyone to see your data, would
you?  Then why would you want everyone to know about how this software
works?"  According to CompuScam, SUE is composed of a small software "TSR"
that is loaded into memory when a computer is first powered up, and a
proprietary hardware device, known as a CUD ("compulsive exteriorization
device") that provides "total security" for the software.  Carp indicated
that the software TSR is "completely ITAR/RNG/SHA/RC4/BBS/RSA/MD5
compliant, and meets all government standards for the very highest levels
of cryptographic software, including FIPS-180, SESAME, and STU-III."  The
hardware device is reportedly PRNG/RNG compliant.

Additionally, the SUE product is reportedly backwards-compatible with most
other manufacturer's "inferior" cryptographic products, including products
from Digital Pathworks, AT&T, VeriSign, IBM, and others.  Asked whether or
not SUE is compatible with electronic cash offerings from First Virtual
and others, Carp said, "Our total solution is so comprehensive, we're
fixed problems that even the National Security Agency hasn't thought of
yet.  We've also totally addressed the major problems that First Virtual
brought to light last month in their press release," adding that no other
cryptographic software maker had even responded to First Virtual's
announcement, "let alone done anything about it.  We are acting now to
protect our customers and children on the Internet by providing total
coverage of the market." 

Carp denied rumors that the CompuScam was nothing but a mailbox located in
a Mailboxes Etc., branch office in Garland.  "I believe you will find that
a reporter obtained an early press release which contained an
typographical error in our suite number," adding that the company is
expecting to move soon to new offices near Sun Microsystems in Palo Alto,
adding that "the proximity to so many Silicon Valley companies will no
doubt enhance the value of our
stock^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hquality of our software." 

When asked about the timing of the release, noting that it was only a few
days before the company was scheduled to go public, Carp said, "this is an
absolutely wonderful opportunity for investors to get in on the ground
floor of this new technology" adding something about a new Porsche which
the reporters didn't quite catch. 

SUE is available for PCs running all versions of Microsoft Windows,
Windows 95, Windows NT and MS-DOS, as well as all UNIX and UNIX-like
platforms, and MVS.  The CUD hardware device is available in .357, .45,
.44 Magnum, and 9MM versions.  Pricing was not immediately available.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From weidai at eskimo.com  Tue Feb 20 22:04:50 1996
From: weidai at eskimo.com (Wei Dai)
Date: Wed, 21 Feb 1996 14:04:50 +0800
Subject: ANNOUNCE: Crypto++ 2.0
Message-ID: 


Crypto++ 2.0 has just been released.  Please see the attached readme file 
for a description of Crypto++ and what's new in version 2.0.  More 
details and download instructions can be found on my homepage at 
http://www.eskimo.com/~weidai.

Wei Dai



Crypto++: a C++ Class Library of Cryptographic Primitives
Version 2.0   2/19/1996

This library includes:

MD5, MD5-MAC, SHA, HAVAL, DES, IDEA, WAKE, 3-WAY, TEA, SAFER,
Blowfish, Diamond2, Diamond2 Lite, Sapphire, Luby-Rackoff, MDC, 
various modes (CFB, CBC, OFB, counter), DH,  DSA, ElGamal, LUC, 
Rabin, BlumGoldwasser, elliptic curve cryptosystems, BBS, gzip 
compression, Shamir's secret sharing scheme, Rabin's information 
dispersal scheme, and zero-knowledge prover and verifier for
graph isomorphism.  There are also various miscellanous modules such 
as base 64 coding and 32-bit CRC.

RSA and RC5 are noticeably absent.  I am still talking to RSA
DSI about adding them back into Crypto++.  I hope version 2.1
will include them.

Crypto++ has been compiled and tested with Borland C++ 4.5, MSVC 4.0, 
and G++ 2.7.2 on MS-DOS, Windows NT, and a variety of Unix machines.
You are welcome to use it for any purpose without paying me, but see
license.txt for the fine print.

           
Some short instructions to compile this library:
(you probably need to modify this to suit your environment)


-- if want to use this library with RSAREF, then

1. get a copy of RSAREF

2. untar or unzip it into a directory below this one

3. type "gcc -c -I. *.c" (in the rsaref/source directory) to compile RSAREF

4. edit config.h (make sure to #define USE_RSAREF)

5. type "g++ -c -Irsaref/source -I. *.cpp" to compile this library

6. type "g++ *.o rsaref/source/*.o -lstdc++ -lm" to link the test driver

7. type "a.out" to run the test driver


-- if you DON'T want to use this library with RSAREF, then

1. edit config.h

2. type "g++ -c *.cpp" to compile this library

3. type "g++ *.o -lstdc++ -lm" to link the test driver

4. type "a.out" to run the test driver


Finally, a note on object ownership:  If a constructor for A takes 
a pointer to an object B (except primitive types such as int and char),
then A owns B and will delete B at A's destruction.  If a constructor 
for A takes a reference to an object B, then the caller retains ownership 
of B and should not destroy it until A no longer needs it.

Good luck, and feel free to e-mail me at weidai at eskimo.com if you have
any problems.  Also, check http://www.eskimo.com/~weidai/cryptlib.html
for updates and new versions.

Wei Dai

History

1.0 - First public release.  Withdrawn at the request of RSA DSI.
    - Has a big bug in the RSA key generation code.

1.1 - Removed RSA, RC4, RC5
    - Disabled calls to RSAREF's non-public functions
    - Minor bugs fixed

2.0 - a completely new, faster multiprecision integer class
    - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser,
      Elliptic Curve algorithms
    - added the Lucas strong probable primality test
    - ElGamal encryption and signature schemes modified to avoid weaknesses
    - Diamond changed to Diamond2 because of key schedule weakness
    - fixed bug in WAKE key setup
    - SHS class renamed to SHA
    - lots of miscellaneous optimizations






From daw at orodruin.CS.Berkeley.EDU  Tue Feb 20 22:13:51 1996
From: daw at orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 21 Feb 1996 14:13:51 +0800
Subject: PGP integrated into Z-Mail
Message-ID: <9602202130.AA09986@espresso.CS.Berkeley.EDU.mammoth>


NCD/Z-Mail announces that they've integrated PGP support into their
popular email client.  This is good news, folks.

A chicken in every pot, and PGP on every desktop!

ObDisclaimer: I've not tried their PGP interface; I'm not associated
	with Z-Mail; I know no history; I always misquote everyone.

--

Press Contacts:

Mike Harrigan			Richard Burger/Shari Dupart
NCD Software Corporation		Miller/Shandwick Technologies
(415) 919-2886			415/962-9550
mikeh at ncd.com			rburger at millerwest.com
				sdupart at millerwest.com

FOR IMMEDIATE RELEASE

NCD Software Unveils New Integrated Security Solution for Z-Mail for 
Windows, Optimizing Internet Mail Protection

New ViaCrypt PGP Solution, Customized for Z-Mail, Brings Users Special 
Encryption, Decryption and Digital Signature Capabilities

	E-MAIL WORLD, San Jose, Calif., February 20, 1996 - NCD 
Software Corporation today unveiled a new optional security feature for its 
Z-Mail for Windows electronic messaging client, offering users the best 
integrated point-to-point security now available for Internet e-mail.
	ViaCrypt, a division of Lemcom Systems, Inc., worked with NCD 
Software to develop and customize the integration of Z-Mail for Windows and 
ViaCrypt(TM) PGP(TM) software.  With just a few clicks of the mouse, Z-Mail 
customers using ViaCrypt PGP can now encrypt the e-mail message bodies and 
arbitrary data file attachments they send, as well as apply digital signatures.  
Receivers can use ViaCrypt PGP to decrypt the messages and files and to 
verify the signatures.  NCD Software unveiled the new person-to-person 
security feature today at E-Mail World, Booth 434, in San Jose, CA.
	Z-Mail is NCD Software's award-winning cross-platform e-mail 
software.  Based on Internet-standard protocols that include POP, SMTP and 
MIME, Z-Mail has been acclaimed for its ease of use and highly integrated 
features, including a powerful scripting language, Z-Script, for enhanced 
customization capabilities.
	ViaCrypt PGP allows Z-Mail users to create, send and read secure 
messages by simple menu selection.  The integration of ViaCrypt PGP into 
Z-Mail was achieved through Z-Mail's exclusive scripting capabilities and a 
front-end built specifically for  by ViaCrypt.  Message bodies as well as arbitrary 
file attachments are secured through public-key cryptography:  only the person 
with the corresponding private key can unlock the encrypted file. 
	Digital signatures, another valuable security application provided 
by ViaCrypt PGP, allow  users to verify that the message they received was 
sent by a specific person and that the message was not altered.
	"Security has become our customers' primary consideration when it 
comes to Internet mail," said Mike Harrigan, vice president of marketing at 
NCD Software.  "The integrated solution of Z-Mail and ViaCrypt PGP reflects 
our commitment to provide our corporate customers with an easy, secure e-mail 
system."
	Dave Barnhart, product manager at ViaCrypt, commented, 
"Combined with the new ViaCrypt PGP encryption and decryption features, 
Z-Mail now gives users a simple point-and click solution for assuring security 
when conducting critical business transactions via the Internet."
	Z-Mail for Windows is available from NCD Software, and is priced 
at $165 for single users and $95 per user for 200-user licenses.  ViaCrypt PGP, 
which includes the front end that integrates it with Z-Mail for Windows, is priced 
at $169.00 for single users and $50 per user for 200 to 499 user licenses.  It is 
available now from ViaCrypt and will be available from NCD in March.
	A full review of Z-Mail for Windows and other Z-Mail products is 
available over NCD Software's site on the World Wide Web at 
http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info at z-code.com.  
ViaCrypt information is available over the Web at http://www.viacrypt.com.
	NCD Software Corporation is a wholly owned subsidiary of 
Network Computing Devices, Inc. (NASDAQ: NCDI).  The company provides 
desktop information access solutions for network computing environments.  
NCD Software Corporations is a major supplier of network software products, 
including PC-Xware software integrating Microsoft Windows and DOS-based 
PCs into X/UNIX networks, Marathon, a TCP/IP network foundation, and 
Z-Mail, a cross-platform electronic-mail and messaging system for open systems 
environments.





From abc at gateway.com  Tue Feb 20 22:19:03 1996
From: abc at gateway.com (Alan B. Clegg)
Date: Wed, 21 Feb 1996 14:19:03 +0800
Subject: New remailer (vegas) now operational.
Message-ID: 


Greetings, all.

remailer at vegas.gateway.com is now on-line.  It is a type 1 cpunk remailer
running standard ghio code. 

The following is vegas's PGP key:

--SNIP--
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzD9XEQAAAEEALrf7ZZV9ECB6jT0C7uVXByVa5332+yl1QIbx72FI+xWoyWF
5+MQkm803NaLyBabTrDyqJ6xkMLDu8acbH8OaATrAfUBM2qTZIVzlsgpynLkvCRv
OOJfV6fHkaNzbHnYKF3JuLPiyPpXTgJDESIEyqEh9bm34YT711XZZ6mRHzrtAAUR
tCtWZWdhcyBSZW1haWxlciA8cmVtYWlsZXJAdmVnYXMuZ2F0ZXdheS5jb20+iQB1
AwUQMP1xfZBA6uEVwDr9AQGibwL/adSqV5/12G+cH5cd5VDupuN570qS7dZdr6BI
W9msl+TV7Y9KQUVcKqJ2AAZ6Ng0164WD4JgmYqeDqni0oYyk+Rm9IBmddJ/b0g9Z
7XbWH9w7/J8Zbbdx3mi4IpmwPAZe
=9SYZ
-----END PGP PUBLIC KEY BLOCK-----
--SNIP--
 
which can be verified against ftp://ftp.gateway.com/pgpkeys/remailer.pgp

Enjoy, & watch for the anouncement of a new nym server soon.....

-abc
                                      \             Alan B. Clegg
         Just because I can            \            Internet Staff
        does not mean I will.           \          gateway.com, inc.
                                         \     






From j at iag.net  Tue Feb 20 22:27:54 1996
From: j at iag.net (Jason Rowley)
Date: Wed, 21 Feb 1996 14:27:54 +0800
Subject: JavaScript to grab email
In-Reply-To: 
Message-ID: 


On Tue, 20 Feb 1996, Ed Carp wrote:

> On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> > Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> > unix here.  Changing the email address known to netscape is
> > insufficient for non-root users on unix systems, because sendmail will
> > put your real address into the headers.
> 
> How about setting the mail proxy to something bogus? ;)

Like "127.0.0.1:7"? :)







From thielj at cs.bonn.edu  Tue Feb 20 22:49:36 1996
From: thielj at cs.bonn.edu (Jens Thiel)
Date: Wed, 21 Feb 1996 14:49:36 +0800
Subject: Credit card numbers
Message-ID: <312A4F73.12A8@cs.bonn.edu>


Is there something like a checksum attached to Credit Card
Numbers. Or better: Is there a way to determine for a given
number N if
  -this _might_ be a valid number
  -this can't be a valid number

Thanx,
Jens.
-- 
mailto:thielj at cs.bonn.edu
Fax: +49 228 747246
http://www.Bonn.CityNet.DE/people/jens







From frantz at netcom.com  Tue Feb 20 23:41:57 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 21 Feb 1996 15:41:57 +0800
Subject: Chaotic physical systems as random number sources (fwd)
Message-ID: <199602210157.RAA13227@netcom7.netcom.com>


At  4:24 PM 2/20/96 -0600, Jim Choate wrote:
>I have used magnetic pendulums for this as well as chaotic dripping (both
>with an old C64).

On problem I can think of with pendulums would be a low bit rate.  What
kind or rate do you get from your setup.  (Of course with nano-technology
pendulums ...)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From hfinney at shell.portal.com  Tue Feb 20 23:54:16 1996
From: hfinney at shell.portal.com (Hal)
Date: Wed, 21 Feb 1996 15:54:16 +0800
Subject: anonymous age credentials, sharing of
In-Reply-To: 
Message-ID: <199602210205.SAA20048@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Michael Froomkin  writes:

>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25

>Carol gets a legitimate anonymous age credential from Alice bound to an 
>anonymous public key generated for this purpose.  Carol then gives the 
>key pair to Bob.  Bob uses to do things only adults are legally permitted 
>to do.  (It's not bound to Carol's everday keypair because that's not 
>anonymous....)

>What can stop Bob and Carol from subverting a scheme that relies on 
>anonymous age creditials in this manner?

I think I wrote something about this before, but I can't recall whether
there was subsequent discussion...

In Chaum's pseudonym/credential system, you can be restricted in the
number of pseudonyms you can get of a given type.  You can transfer
your credentials among any of your pseudonyms, but you might only have
one pseudonym (and associated key pair) for a specific forum or
purpose.  So Carol could get her age credential by showing her birth
certificate, and get it on a non-anonymous pseudonym, then transfer it to
any of her other pseudonyms.  Maybe there is a particular nym which she
uses for access in some area, and she has to prove her age in order to do
so.  So she transfers the credential to that pseudonym and can get
access.

Now Carol could give her pseudonym, credential and key pair to Bob, and
let him act as her within that forum (say, for access to a particular
archive).  He could then exercise all of the privileges that she
could.  This is in effect a shortcut for the case where Bob asks Carol,
"get me this file", "get me that file", and she does.  This is in effect
a blanket promise on Carol's part to respond affirmatively to all such
requests.

Obviously, as I think Michael wrote earlier, we can't stop Carol from
doing this on a file-by-file basis.  But we still might want to make it
so she won't give Bob full access, since that will make it even easier
for him to get these files he's not supposed to see, and it seems to
somewhat remove Carol from responsibility for giving each file to Bob.

One thing that might make Carol reluctant to authorize Bob to act as
her agent in this way is that she would also be responsible for any
negative consequences of things Bob does.  If Bob abuses the lent key
pair in some way, such that maybe he is even banned from that archive,
then Carol will suffer the consequences as well.  Given that she only
gets one pseudonym of a kind which can access this archive, she can be
hurt by giving Bob the full use of that nym.

Now, depending on the circumstances, this may or may not be a significant
deterrent for Carol.  If the archive has no material she would be
interested in, or there is no significant likelihood of abuse which would
lead to losing her access, then it won't matter.  But things could be
structured so that these bad consequences were more likely, and then it
would be a more significant consideration for her.

There is a tradeoff between anonymity and accountability here.  We gain
this degree of accountability only be limiting the number of pseudonyms
a person can have for certain kinds of usage, thereby reducing
anonymity.  The most extreme case would would to say that a person can
have only one identity for use everywhere.  That is, we would ban
anonymity.  At the other extreme, anyone can get as many nyms of all
kinds as they want, and transfer credentials in all ways, in which case
credentials are meaningless.  These seem to be the two endpoints
considered in Michael's hypothetical example.

But there are actually a whole range of intermediate points which are
possible.  One example, close to the non-anonymous case, is to give
every person exactly one online pseudonym, unlinkable to their physical
identity, but the only one they can use in their online life.  Now if
they behave abusively the consequences they can suffer are limited.
They can't go to jail.  But still the risks may be relatively severe, and
could include in the most extreme case loss of access to all online
resources, which will be a severe punishment in the future.  Another
point on the continuum would be the use of a single pseudonym for all
access to materials which are illegal for minors to see.  If Carol gives
hers to Bob and he screws it up somehow, she may be stuck watching PG
movies for the rest of her life.

I have tried to think of a better technical fix, such that in order to
give Bob the ability to show one of her credentials, Carol must
inherently give him the ability to use all of them, to act as her in all
forums.  Maybe some zero-knowledge protocol would be required to show a
credential, one which would only work if you knew some basic secret that
underlies all your pseudonyms, but which doesn't reveal it to anyone.
Then Bob could act as Carol only if he knew her innermost secrets.  But
still it would be necessary to retain unlinkability among pseudonyms.  I
can't see how to make it work, and maybe it is fundamentally impossible.
But if something like this were possible it would be a good solution to
the problem Michael has described.

Hal Finney

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMSp9xxnMLJtOy9MBAQH9GAH9F7E6mZ/4lfL/b/4kdGTSpLZfmvJZu7iK
EN8+wUHrAdi/cobG9KUsrFxcm3evG6ijLyu4WhxQzdoU0k1wyAUN7g==
=X7tH
-----END PGP SIGNATURE-----





From jf_avon at citenet.net  Tue Feb 20 23:59:42 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Wed, 21 Feb 1996 15:59:42 +0800
Subject: Secure Split
Message-ID: <9602210251.AA16675@cti02.citenet.net>


Hi! this is the second time I post this to CP.

Where can I get Secure Split?
Apparently, it is a program to split a key in m parts, where 
n (
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From ipgsales at cyberstation.net  Wed Feb 21 00:00:11 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Wed, 21 Feb 1996 16:00:11 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: 


Derek - 

As stated previously, we accept the challenge that you make - 
However, we do believe that it should be a two way street -

If you are able to break the system, and everyone knows what we mean by 
break, then we will publicly admit that we are snake oil salesmen, and 
all the other things that Perry Metzger and others called us. We will go 
out of business, and tuck our tail and run. We will inform all major 
publications, WIRED, PC WEEK, PC  Magazine, PC World, Infoworld and the 
like that our mundane system was cracked by the cypherpunks. 

Furthermore: 
you, they,  will be free, to publish any material, any and all 
materials, will become the property of Cypherpunks if they break 
the system, inculding all of our source code - everything and they may do 
with it as they see fit.

On the other hand:

If the cypherpunks fail to break the system, they 
will  acknowledge that, not that it is unbreakable, but that they 
tried to break the system and were unable to do so, Furthermore, 
they will so notify all the major publications, and news sources that 
they tried break the system and failed - not that it is unbreakable 
but simply that they could not break it. Further, that all materials 
supplied to Cypherpunks will be returned to us, and will not be 
published without our explicit written permission, unless the 
Cypherpunks later break the system. 

Further:

That if you have not broken the system by August 1, 1996 the 
expiration date of the demo system to be provided to you, then we are
free to advertise that Cypherpunks have been trying to break our system and 
have been unable to so to that date, Further the cypherpunks will publicly 
acknowledge same as indicated previously. You can still try to break 
the system and publish the results, and obtain all of our souce code, 
materials and whatsoever when you do. However, you must do so with a 
purchased system and not a free demo system.

You can have infinity to try to break the system, but you cannot have 
that long to publicly admit that you have been unable to break it to 
date. I believe 5+ months is long enough to prove how easy it is to 
break, don't you.

Further:

If Cypherpunks are unable to break the system, then those who 
participated in the attempt will upbrade those cypherpunks, I at this 
stage prefer to call them cyphermouths, who have leaped before they 
looked, from a list supplied by us, based on received e-mail, in effect 
tell them to find out what they are talking about -before they start 
spouting off. 

Accordingly: 

We will not publish the algorithms on an Internet URL, for reasons 
that you, yourself, will soon come to understand. But we will provide it to a 
a very large selected set, you or your designee can do the selection, so 
long as all thosee selection are within the United States, of 
cypherpunks as follows:

 1. We will provide a 12 user integrated demo system, each outfitted with 
    240 Nvelopes, and Nvelopeners, read OTPs. These will not be the 
    5600 bit systems, discusssed in the many e-mail messages that have 
    been flowing back and forth, but will be our new 12288 bit systems, 
    which we have been working on since yesterday, since everyone seemed 
    to focus in on the 5600 bit OTPs - the algorithms themselves do not 
    change, only parametric values, but it will take a couple of days to 
    double check everything. 

    These are in effect single user systems, but for your purposes, 
    you may treat them as a site system. You may distribute them to 
    any twelve sites in the United States - You may not knowingly 
    deliver then into the hands of citizens of a country other than 
    the United States, not even Canadians. Nor may you make copies of 
    them and send them to anyone other than the 12 selected sites. Each 
    of the sites may of course communicate back and forth using the 
    system - be sure and don't include anything private because it is 
    so easy to break.  

    At each site, an unlimited number of people may work on cracking the 
    system, without limitation, but they must agree to the terms 
    set out herein in this offer.  Such participants may travel to a site 
    and work on it, but all work must be done at a site, not off 
    premises, at home or whatever -  the site may be operated 168 hours
    a week if desired, but no offsite work. 

   After the 20 User pair Nvelopes are exhausted, the DEMO system will be 
   set to recycle through the Nvelopes/Nvelopeners automatically,  this 
   means, as you might expect, that there is a finite chance, very 
   remote but possible, that you may get one or more exact OTP repeats  
   which means that you will be able to XOR out the OTP used, not the 
   orginal but the one actually used - that doers not count as breaking 
   the system, because it exists only as a convenience to continue 
   testing the system without interruption. For production systems, this 
   does not happen, cannot happen, unless you bugger your own, or allow 
   someone else to,system.     

   Also both performance and interface critisms are off limits during the 
   five months, unless you break the system of course - by then you may 
   crtique the performance, if you do it under lab conditions - a 
   defragmented disk with at least 10 times data free, ie. compare 
   apples to apples, not apples to oranges. We have been focusing on the 
   OTP aspects of the system, to the detriment of performance and 
   interface. For a first release though, we believe you will find them 
   acceptable - we will have a full windows 95 interface and 
   increased performance, hopefully by the time you break the 
   system, within the next few months. 

2. We will also supply 12 complete sets of the algorithms used, and 
   orally clarify any questions or ambiguities that may arise. However, 
   we will not submit to being unundated by a barrage of repetitious 
   questions - no more than three cypherpunks may be appointed as 
   questioners of IPG sales, and we are to be notified in writing,
   of who those appointees are. Inquiries from others will be directed to 
   one those three.

   The algorithms must be worked on at sight, other than some innoculous 
   trail and error processes and procedures which may be worked on at 
   home - no publication of same until you break the system.


Okay, enough badgering of each other - we deliberately did so yesterday, 
as some of you did, but now is the time for the cypherpunks, and for 
a few of what I will call cyphermouths, to put up or shut up. 
Assuming that you accept, we will supply any designee with the 12 sets, of 
materials, by UPS Next Day Air, and you may distrbute them as desired,  
subject to the above restrictions - we want to fight one problem at a 
time.

I somehow hope that you are able to include my good friend, "joke for 
him I am sure but serious from me", Perry in one of the twelve sites, 
so he can show us how stupid we are. Two of the best computer 
system engineers that I have ever known had the last name Metzger, Bob 
and Charles, who was blind - anyway good luck Perry, you are going to 
need it. We await your reply - assuming you accept, we will deliver the 
materials, one of the first three days of next week.

 
"He who laces himself into the straight jacket of what he knows and 
understands, imprisions his mind" - Willian Friedman memoirs - spoken 
to JVN, and Norbert Weiner, of MIT, at Princeton -
























































































































































































































 
     



    









From umwalber at cc.UManitoba.CA  Wed Feb 21 00:06:20 1996
From: umwalber at cc.UManitoba.CA (Sean A. Walberg)
Date: Wed, 21 Feb 1996 16:06:20 +0800
Subject: JavaScript to grab email
Message-ID: <199602210305.VAA05612@electra.cc.umanitoba.ca>


-----BEGIN PGP SIGNED MESSAGE-----

If you don't have a mail server set up, it won't send  (PC version at 
least).  Fine by me, cuz I just copy the address into Pegasus to send 
mail.  YMMV.

Sean


> Another annoying feature in JavaScript and Netscape. Have a look at 
> 
> 
> The page uses JavaScript to steal your e-mail address and sends a test 
> e-mail message to the address it grabbed. It works with Netscape, which 
> is probably only browser supporting JavaScript.

 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSqKGd82JgvRKzQZAQGyTwQAiKo1XUGZHPCgrwJU2ZWM/aREb/LHAebi
kGDWNyC4qFrDkB//A2jN6ZWckdEuuCvX+OKLyYZHWTZ/sTjvi7WDsTprrXt96mZV
ho1TB3nzemzRVZVO9aWUW/Zhpa+fi0MoSAlZC5ZFsdvnrEZUJSEbd5S1aubPA/gc
2/Zf6v1rbNw=
=W/Fp
-----END PGP SIGNATURE-----
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber at cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============





From perry at piermont.com  Wed Feb 21 00:09:34 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 21 Feb 1996 16:09:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602210229.VAA07560@jekyll.piermont.com>



Dear IPG Sales (May I call you "I", or would that be too familiar?)

1) There is no such organization as "Cypherpunks". "Cypherpunks" is a
   mailing list, not an organization. Using the name of the mailing
   list as though it were an organization is anti-social. There is no
   one who has the authority to speak for "Cypherpunks" because there
   is no such beast.
2) I see no reason to "trade" with you folks whatsoever. Any honest
   company would simply publish the technical specifications of their
   work and allow independent evaluation of the quality of your
   algorithms. I don't know about other people, but from my point of
   view, no deals (Other people are free, of course, to come to an
   arrangement with you). Submit your algorithms for peer review
   honestly or find yourself ridiculed anyway. I will not even look at
   a non-public specification. 
3) I warn you -- if you sell a system that you know to be potentially
   defective, and fail to take measures to evaluate its security using
   common industry standards (i.e. open peer review) you can and will
   be liable to any number of legal actions, all of which you will
   richly deserve, and no number of silly disclaimers on your
   packaging will save you. I'll happily give expert testimony for the
   plaintiffs and or prosecution, depending on whether it goes criminal.

> "He who laces himself into the straight jacket of what he knows and 
> understands, imprisions his mind" - Willian Friedman memoirs - spoken 
> to JVN, and Norbert Weiner, of MIT, at Princeton -

They laughed at Fulton, but they also laughed at Bozo the clown. All
indications are that you are in the latter, not the former set.


Perry





From nobody at alpha.c2.org  Wed Feb 21 00:11:50 1996
From: nobody at alpha.c2.org (Anonymous)
Date: Wed, 21 Feb 1996 16:11:50 +0800
Subject: Public Access Obsolete.  Capitalism offers free email
In-Reply-To: <2.2.32.19960220201325.0070e5c8@panix.com>
Message-ID: <199602210305.TAA12394@infinity.c2.org>


frissell at panix.com (Duncan Frissell) wrote:
>that two companies are preparing to offer free email to customers who agree
>to be barraged by ads.  Juno and Freemark will soon offer free email to all
>(Americans).
>
>http://www.freemark.com/freemark.html
>
>http://www.juno.com/
>
>And since you can do (almost) anything with email that you can do with the
>rest of the net (just more slowly and less conviniently) I guess we don't
>have to worry about government-provided public access any more.


It might be a cheap safe way to set up a remailer too...





From tbyfield at panix.com  Wed Feb 21 00:16:45 1996
From: tbyfield at panix.com (t byfield)
Date: Wed, 21 Feb 1996 16:16:45 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 6:46 PM 2/20/96, IPG Sales wrote:

>Hedging, hedging, hedging - why? I did not noitice this <...>

        IPG, why don't you sit down and draw up the terms of a challenge?
Specify:

        * what information and/or materials IPG will release
        * to whom it will release them and when
        * who is or isn't elligible
        * what you will and won't accept as "breaking your system"
        * the arbitrating body
        * a starting time and a deadline
        * the award

        You'd do well to be _very_ thorough in these terms, since any
perception that IPG was trying to throw the game would draw that much more
fire. You'd also do well to make terms terms conform to real-world
circumstances: for example, if someone hacking the office machines on which
which you generate, store, and/or disseminate RNs is a practical threat to
your product, then admit that as an acceptable part of a "break."

Ted







From lmccarth at cs.umass.edu  Wed Feb 21 00:22:19 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 21 Feb 1996 16:22:19 +0800
Subject: Secure Split
In-Reply-To: <9602210251.AA16675@cti02.citenet.net>
Message-ID: <199602210322.WAA12154@thor.cs.umass.edu>


JFA writes:
> Where can I get Secure Split?
> Apparently, it is a program to split a key in m parts, where 
> n ( 
> I saw that name in Nautilus manual (a pgpphone lookalike for dos).
> 
> I looked through Alta Vista and the only thing I found was a post on CP
> by somebody else looking for it, in 1994 (?)

You have to look for "secsplit". Try http://www.funet.fi/pub/crypt/old/ghost/

I think Joel McNamara has it on his home page, http://www.eskimo.com/~joelm/ 
but www.eskimo.com is S L O W.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From lmccarth at cs.umass.edu  Wed Feb 21 00:23:22 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 21 Feb 1996 16:23:22 +0800
Subject: Public Access Obsolete.  Capitalism offers free email
In-Reply-To: <199602210305.TAA12394@infinity.c2.org>
Message-ID: <199602210325.WAA12218@thor.cs.umass.edu>


Duncan writes:
# two companies are preparing to offer free email to customers who agree
# to be barraged by ads.  Juno and Freemark will soon offer free email to all
# (Americans).

Nobody writes:
> It might be a cheap safe way to set up a remailer too...

I'd be (very pleasantly) surprised if they will let you run code on the free
email account. After all, if you could, you could install a filter like 
procmail and automatically trash most of the junk mail :}

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From ericm at lne.com  Wed Feb 21 00:27:09 1996
From: ericm at lne.com (Eric Murray)
Date: Wed, 21 Feb 1996 16:27:09 +0800
Subject: NSA net trolling
In-Reply-To: <199602210313.WAA12167@thor.cs.umass.edu>
Message-ID: <199602210322.TAA25746@slack.lne.com>




Here's a copy of your message back to you as you requested:

lmccarth at cs.umass.edu writes:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. (Hey, I read that Netscape employees get fined $1 for 
> referring to Navigator as a "browser".)
> 
> At any rate, it's an excuse for me to ask some questions:
> 
> (0)
> I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library 
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
> etc.} for calls to the local mail agent configured in the browser ?  
> 
> I would prefer not to reinvent SMTP using the Socket class in my own applets.
> Ideally I'd like to have an applet that presents a form with some entry boxes
> and check boxes, quantizes and encrypts the input according to the check box
> settings, and spews the resulting byte streams to the MTA. 
> 
> (1)
> As I recall, I used to be able to set (as an Option) the path and name of the
> local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. That
> seems to have disappeared in Navigator 2.0. Is there indeed no longer a way
> to set that ?  
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.
> 
> Comments from Sun and/or Netscape and/or anyone else would be welcome.
> Thanks :)
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
> 


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From tighe at spectrum.titan.com  Wed Feb 21 00:35:34 1996
From: tighe at spectrum.titan.com (Mike Tighe)
Date: Wed, 21 Feb 1996 16:35:34 +0800
Subject: DES_ono
In-Reply-To: <199602171829.NAA02360@crypto.com>
Message-ID: <199602201334.HAA05569@softserv.tcst.com>


Matt Blaze writes:

>> So the banker's finally figured out what the NSA told us 14 years ago?
>> Great.

>Actually, that article concludes that they *haven't* figured it out yet.

Great, now I will sleep better. :-(





From an5877 at anon.penet.fi  Wed Feb 21 00:42:51 1996
From: an5877 at anon.penet.fi (deadbeat)
Date: Wed, 21 Feb 1996 16:42:51 +0800
Subject: Kerberos vulnerability
Message-ID: <9602210339.AA22431@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

A Kerberos V4 session key is chosen by calling random() repeatedly.
THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
where p is a static integer set to getpid() ^ gethostid() on the first
call and n is a static counter.

Is there any entropy here???  Most, if not all, Kerberos servers run one
time synchronization protocol or another, which reduces the entropy to a
few bits at most.

DEADBEAT 


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBMSnfhvFZTpBW/B35AQFNqgGApyXhHKIstdDvNaCuJY/fWfRZ16BvK60A
Qde5VxuTsFdZsm69rrTtGxpdyplBxso6
=jHUm
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From shamrock at netcom.com  Wed Feb 21 00:45:41 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 16:45:41 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 18:46 2/20/96, IPG Sales wrote:

>Hedging, hedging, hedging - why? I did not noitice this in my first
>reply - in addition to giving you the company if you can break the
>system, we will give you the company if you can establish, through our
>employees or any other method, that we retain any Ocopies of the TPs,
>any! - for very large systems, we maintain a temporary copy to insure
>safe arrival, by excuting the check system menu item -
>it is immediate destroyed upon system notification. Anyone that wants to
>audit us cazn do so, unannounced at any time - subject to payment ofd
>expenses! We do not keep copies, we would not be in business 30 days if
>we did.

It is irrelevant if you keep copies of the OTPs or not. The point is that
you might. There is no way to prove to me or anyone else that you don't
keep copies. [why this is true is left as an exercise to the reader].

I would not trust anyone outside my company to create keys for us. I would
urge any others interested in keeping their data inaccessible to outsiders
to exercise the same fundamental caution. There is no further need to look
at IPG's source code or algorithms.

As I said, end of story.


-- Lucky Green 
   PGP encrypted mail preferred.







From jya at pipeline.com  Wed Feb 21 00:45:56 1996
From: jya at pipeline.com (John Young)
Date: Wed, 21 Feb 1996 16:45:56 +0800
Subject: CoFR Report Site
Message-ID: <199602210356.WAA21274@pipe1.nyc.pipeline.com>


Thanks to KLP, the Council on Foreign Relations report on the 
future of US intelligence:


     http://www.tc.umn.edu/~klp/CoFR.txt (text)


and


     http://www.tc.umn.edu/~klp/CoFR.gz









From ipgsales at cyberstation.net  Wed Feb 21 00:52:38 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Wed, 21 Feb 1996 16:52:38 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 




On Tue, 20 Feb 1996, t byfield wrote:

> At 6:46 PM 2/20/96, IPG Sales wrote:
> 
> >Hedging, hedging, hedging - why? I did not noitice this <...>
> 
>         IPG, why don't you sit down and draw up the terms of a challenge?
> Specify:
> 
B>         * what information and/or materials IPG will release
>         * to whom it will release them and when
>         * who is or isn't elligible
>         * what you will and won't accept as "breaking your system"
>         * the arbitrating body
>         * a starting time and a deadline
>         * the award
> 
>         You'd do well to be _very_ thorough in these terms, since any
> perception that IPG was trying to throw the game would draw that much more
> fire. You'd also do well to make terms terms conform to real-world
> circumstances: for example, if someone hacking the office machines on which
> which you generate, store, and/or disseminate RNs is a practical threat to
> your product, then admit that as an acceptable part of a "break."
> 
> Ted
> 
> 

It seems to me that Cypherpunks, the mailing list of individuals, has a 
very practical solution to the argument - Derek asked for certain things 
- we agreed fully with those terms  - we will provide the complete 
set of algorithms employed - we will also provide a free demo system(s) - > 

Unlike Mr. Silvernail, we have a much simplier definition of what we mean 
by a one time pad - given a message/file of length N, where N is a finite 
practical number say less than 10 to the 1000th power, that the encrypted 
ciphertext can be any of the N to the 256th power possibile clear/plain 
text messages/files.  To prove that the IPG system does not work, all you 
have to do is to prove that is not the case - that our system, without 
artifically imposed boundary conditions will generate a subset of those 
possibilities  - that is simple and strsight forward - not 
hyperbole but action - everyone stated how simple it was to break the system,
now everyone is back paddling aa fast as they can, like Mr. Metzger and some of the other big bad cyphermouths. 

Put up or shut up - why is everyone all of a sudden backing away from 
what Derek proposed - because we proposed a two way street -  operhaps 
that is the real underlying problem - you are suddenly afraid that 
you are wrong - some of the cyphermouths want to argue 
semantics and abstract theory but no one wants to prove anything one way 
or the other - this is also my answer to Mr. Metzger - do as you like, I have 
absolutely no ability to force you to do anything, just like you have no 
ability to prove us wrong, absolutely zero ability, just talk, talk, 
and more talk - no substamce anymore - just talk - talk - we are the big 
bad wolf, doctor,  that is going to kill our patients, you have the power to 
prevent that Perry - why don't you do it? You had rather sit omn the 
sideliunes and tell everyone how great you are - you are not concerned 
about the patients like you claimed yesterday, you are only 
concerned about youself - You have the ability to try to prove us wrong - 
do it. How about some action from someone, we have two taker - now, anymore?

I do not want to argue semantics with Mr. Silvernail, or Mr. Metzger - 
they have an opinion - that does not prove them right - they are entitled 
to their opinion - but they would rather castigate us out of hand than 
prove us wrong - they want to talk, talk, talk but not do anything. It is 
obviously that both are dodging the issue, by taking their own narrow 
minded view of what is and is not the truth  - both are all talk but no 
action - a lot of bull and arbitrary  posturing, but that is all itis, pure 
unadultarated bull - .

They are afraid they may be wrong and they most assuredly are - I believe 
our offer to be fair, let us hear what Derek has to say when he gets around 
to it. 

Let Derek, Inccarth, and Adam be the aribtion committee, decide whether 
the system is fataklly flawed or not - we will accept their findings 
subject to only one caveat, that they have the intellectual honesty to 
tell the truth. I believe that since Mr. Silvernail and Mr. Metzger have 
exluded themselves, that Derek, Inccarth and Adam do have that 
intellectual honesty to tell the truth - is that weighted too much in 
IPGs favor.   

Also, let them decide and report to the other Cypherpunks, whether we 
were justified in witholding broad dissemination of certain materials -
the onlu caveat there is that they wait threee months, or until they 
break the system to make that report, and again conform to a high standard 
of intellectual honesty. 

What can be more fair than that, you own members can be the entire 
judging committee - are you afraid of the truth - if you cannot accept 
that you are. Tthat could be your only real reason fornot  facing it. I 
believe that many of you are now backtracfking because you are afraid of 
the truth - we invite whatever number you might choose to try - if some 
subset of Cyberpunks break the system, then they can publish everything -

Sigh - 






From markm at voicenet.com  Wed Feb 21 01:06:37 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 21 Feb 1996 17:06:37 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Feb 1996, Mike Rose wrote:

> >>>>> On Tue, 20 Feb 96 14:40:30 EST, Mike Rose  said:
>
> >Changing the email address known to netscape doesn't help.  Your email
> >address is in the message sent, regardless of what netscape thinks
> >your identity is.
>
> Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> unix here.  Changing the email address known to netscape is
> insufficient for non-root users on unix systems, because sendmail will
> put your real address into the headers.
>

AFAIK, Netscape does not use sendmail directly to send mail, but instead
contacts a user specified SMTP server and the e-mail is sent from there.
If you set the SMTP server to a fake value, or just delete the field,
the Javascript program will not work.  Of course, you won't be able to
use Netscape mail capabilities either.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSqdg7Zc+sv5siulAQE8wgP/X0+XRWbzrKuElg23NvRo9zejhMzMim4Y
ZZvwnffni+4DZRpO3Eu706ep6ALDL8FjPuH9g9MoYEpd/tG18DEqO7eDyG2X6nsf
p0CyULK7i81ZxOtZg7KSmgEUos+YTNippN/Kk9hIxaoLN8tWYnPUleJJzIKbcKRq
Qsoj7h2ZDR4=
=LXm2
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Wed Feb 21 01:27:36 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:27:36 +0800
Subject: No Subject
Message-ID: 


At 06:10 PM 2/20/96 -0600, you wrote:
>>  ** fairly remarkable coincidences.  Or is it that great minds
>>  think alike?
>
>heh, actually the Elementrix POTP sounds like plaintext-driven autokey  
>cipher and probably wouldn't be offensive if they weren't touting it as a  
>'OTP'...
>

Yes, that's true, but they also allude to "a large number of randomly
spinning dice" [rotors?] of which some are selected by contents [perhaps]
the autokey stream.  This from a discussion held with the POTP people.  The
allusion to the numerous 'dice' is what suggested to me a similarity with
the new [unknown but perfect, of course] system.  The autokey of POTP was
supposedly only part of the scheme....







From owner-cypherpunks at toad.com  Wed Feb 21 01:32:20 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:32:20 +0800
Subject: No Subject
Message-ID: 


At 01:00 PM 2/20/96 -0600, you wrote:
>Derek - We accept the gaunlet that Cyperpunks threw down, We will 
>provide the complete set of algoritms and free demo systems - we will not be 
>asking you to sign a NDA or anything like that, but we do want it to be a 
>two way street - if we put our head in your guillotene, to be chopped 
>off by the warlord and his minions, then we expect you to perform 
>reciprocal actions.

I'd like to go on record as being interested in looking at this.  Thanks!

>
>There has never been an idea advanced, where the orginator was not 
>thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"
>
But not all those thought of as cranks are originators of worthwhile ideas ...






From owner-cypherpunks at toad.com  Wed Feb 21 01:34:23 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:34:23 +0800
Subject: No Subject
Message-ID: 


Can't you just run a dumb TCP relay? 

I used to have one somewhere, but I can't remember if I solarified it to 
run with multi-threading. I can try and dig it up, but it'd probably be 
faster for you to rewrite from scratch. I also have a ssl proxy for the 
client side which I wrote to demo the MITM attack, but that doesn't sound 
like what you need.

Simon

On Tue, 20 Feb 1996, Lucky Green wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I need firewall software, preferably for free and running on an x86, that
> allows me to place an SSL webserver behind the firewall.
> 
> Any pointers?
> 
> TIA,
> 
> - -- Lucky Green 
>    PGP encrypted mail preferred.
> 
> 
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
> 4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
> =kPCC
> -----END PGP SIGNATURE-----
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From owner-cypherpunks at toad.com  Wed Feb 21 01:40:30 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:40:30 +0800
Subject: No Subject
Message-ID: 


Credit card check sums are based on the Luhn code.

Double the odd digits (1, 3, 5, etc.).  Use the sum of any 2-digit results.

Add all these numbers together to end up with one single digit.

Add this single digit to the sums of all the even digits.

The Luhn check digit is the mod 10 of that final subtotal.

For example 641205002340106 yields 4.


jwhiting





From owner-cypherpunks at toad.com  Wed Feb 21 01:43:06 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:43:06 +0800
Subject: No Subject
Message-ID: 



	I have been following this debate with some interest. I think that
it is quite clear that without your publishing the algorithms for your
product, you have to accept our skepticism obout your claims. You have
offered to do this so I will wait to make my judgement. 
	The issue that I have not seen you address is one that has been
brought up by several posters to this thread. This issue has to do with
the fact that if you generate all of the keys (or whatever) what is to
stop someone from offering one of your employees a LARGE bribe to cough up
the keys? 
	I don't think that anyone on this list would accept as secure any
system, no matter how clever, that relies on a human factor. People are
weak, properly used, mathematics is not. To suggest that such a security
breach would not occur with your procedures is disingenuous in the
extreme. 
	I am not trying to start (or continue) a flame war. I am willing
to learn more about your system before I pass judgement but I must tell
you, however, that I have heard nothing yet to give me any confidence 
that your system is secure. 

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From owner-cypherpunks at toad.com  Wed Feb 21 01:45:21 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:45:21 +0800
Subject: No Subject
Message-ID: 


We now have the banned February 6 issue of _The Post_ online!

Frank Stuart kindly provided a copy of the text. I've HTMLized it, added
background documents and information about other international censorship 
efforts, and put it online at:
     http://www.cs.cmu.edu/~declan/zambia/

Zambia's president-cum-tyrant Frederick Chiluba has plenty of practice
censoring local dissidents, broadcasters, and newspapermen. Now, if he
likes, he can take on the Net. 

I've copied this message to the state news service, Zambia Today. Please
redistribute as appropriate. 

-Declan



------------------------------------------------------------------------
                http://www.cs.cmu.edu/~declan/zambia/
------------------------------------------------------------------------
   
      
                     NET CENSORSHIP AND ZAMBIAN DICTATORS
                                       
   By Declan McCullagh
   declan at well.com   
     
     
     Zambian President and Dictator-for-Life Frederick Chiluba has made a
     career of intimidating, harassing, arresting, and censoring those
     who disagree with him. Now his attempts to muzzle his critics have
     reached the Net -- specificially, Zamnet, the only Internet service
     provider in this impoverished African country.
     
     Chiluba has plenty of experience intimidating traditional media. At
     Chiluba's bidding, in December 1994 an armed paramilitary unit
     raided the Lusaka offices of The Post newspaper and its printer
     Printpak in Ndola looking for "seditious and defamatory material" --
     just as the presses were starting to roll. Germany's ambassador to
     Zambia, Peter Schmidt, who witnessed the raid, told InterPress
     Service that "the raid amounted to an attempt to intimidate the free
     press."
     
     A few days later, police arrested the top editors of the weekly
     Crime News and held them without bail and without filing charges.
     The journalists' offense? The newsweekly had revealed that Chiluba's
     wife was involved in drug trafficking.
     
     The year before, Chiluba sued The Weekly Post for libel after the
     paper reported on his shady financial dealings with South Africa.
     Chiluba also fired the head of the Zambia National Broadcasting
     Corporation for not broadcasting appropriately pro-government
     programming. In 1994, the ever-vigilant Chiluba introduced
     legislation to make the Zambian media answerable to a
     government-appointed secret tribunal with broad, undefined powers of
     censure and punishment.
     
     Chiluba's latest state-sponsored terrorism came in early February
     1996, after The Post published a report revealing the government's
     plans to hold a referendum on the adoption of a new constitution --
     plans Chilbua hoped to keep secret to the disadvantage of his
     political opponents. True to form, the hypersensitive Chiluba
     ordered his forces to invade the newspaper's office, ransack the
     paper's files, arrest the editors, and stop the presses. Security
     forces then sealed the offices of The Post.
     
     Chiluba's despotic behavior is reprehensible. Foreign governments
     immediately should yank the $1.8 billion in foreign aid Zambia
     receives each year and demand Chiluba's ouster. That failing, it's
     high time for the Zambian people to kick their thin-skinned tyrant
     out of office.

     
     February 16, 1996: Zamnet Communication Systems, which hosts the the
     web version of The Post, removes the online copy of the February 5
     issue after police threaten a raid. David Lush of the Media
     Institute of Southern Africa publishes an advisory.
     
     February 18, 1996: After reading Lush's advisory, I send an appeal
     requesting the text to several mailing lists.
     
     February 19, 1996: Frank Stuart contacts me when I'm logged into the
     WELL, saying he has a copy of the banned issue of the newspaper.
     
     February 20, 1996: This archive goes online after I translate
     Frank's text into HTML.

     
###






From owner-cypherpunks at toad.com  Wed Feb 21 01:45:59 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:45:59 +0800
Subject: No Subject
Message-ID: 



> Date: Tue, 20 Feb 1996 14:50:00 -0600
> From: Nemesis 
> To: cypherpunks at toad.com
> Subject: (no subject)

> How do i get off the mailing list??????

reply follows-------------------------------------------------------

to unsubscribe from the cypherpunks mailing list, send to:

		majordomo at toad.com

an e-mail message with the following text in the body of the message:

	unsubscribe cypherpunks richier at onramp.net

--
buenas suerte, nemesis.

p.s. -- a little hint: if your mail reader lets you save messages rec'd 
in folders or some such thing, you should save all the messages you get 
from mailing list software (like the first two messages you got from 
cypherpunks) in a sepaprate folder (like one called 'lists'.) Then you 
will be able to go back and unsubscribe or sign off when you want.

I'm thinking of putting the how to unsubscribe info for RFC-Dist and 
IETF-Announce (and maybe c.punks) in a .sig file - but I hate sigs so.
------------------------------------------------------------------------

obligatory crypto comment: has anyone looked at the iPower card and 
gotten one to play with? Where else could one get a PCMCIA card that was 
programmable and had a little memory on it? How hard would it be to make 
one - in other words, what could we get the cost down to for an 
encrypting pcmcia card? there couldn't be much to it, really, could there?
------------------------------------------------------------------
latest word from the other room: Buchanan 27%, Dole 26%, Lamar 13%





From owner-cypherpunks at toad.com  Wed Feb 21 01:53:57 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:53:57 +0800
Subject: No Subject
Message-ID: 



I have just read your conditions for releasing the information tha the 
group felt was necessary to evaluate your product. A couple of comments.
First, the Cypherpunks are not an organized group who can agree to your 
conditions. This is simply a mailing list not a corporate entity to be 
contracted with. To attempt to treat them as such and to use their 
resources for your marketing gain is, in my opinion, less than honest. If 
the code has not been broken in 5 months, nothing will have been proved. 
A better model to follow would be that used (eventually) by Netscape. 
Release the code for comment and make changes based on weaknesses 
discovered by the group.
	My last point has to do with one of your restrictions. Why will 
you not release the information to Canadians? It cannot be ITAR, because 
it does not apply to Canadians. How can you claim that the Cypherpunks 
failed to break your system if you exclude its most brilliant members! .

Regards from Canada, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








From owner-cypherpunks at toad.com  Wed Feb 21 01:54:56 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:54:56 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Kristian Sagi wrote:
[..]
> Only 6 are connected ... Has anyone ideas, how this card works ... i 
> something like telephone card hardware tutorials or something ... I [..]

What kind of telephone card?

Probably a smart card with PK crypto which isn't so easy to defeat.

In terms of technical details, check 2600 magazine (but avoid alt.2600,
since there's more noise there than this group has) or do a web search.
You might want to check other magazines like Hac Tic (no longer printed?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqqvSoZzwIn1bdtAQHIMQF+N7aisKNZZ+wM7sSUSRxfo7cZ2DC1maxR
8i3tFjE8yPc6CPbuQf4j5vwcPBa64D9N
=IPIj
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Wed Feb 21 01:57:35 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:57:35 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

David A Wagner wrote:
[..]
>         A full review of Z-Mail for Windows and other Z-Mail products is
> available over NCD Software's site on the World Wide Web at
> http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info at z-code.com.
> ViaCrypt information is available over the Web at http://www.viacrypt.com

ViaCrypt's page talks about a beta version of PGP 4.0 available
at some sites. Hmmm.

The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqspioZzwIn1bdtAQHUYgGApl4OV143Q/LL2/mPC1m0PDHiGYbVB4xm
sB66fpLRrpjHBYxqYg/fGTL1rN6Z4Ydu
=OmqS
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Wed Feb 21 01:58:26 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 17:58:26 +0800
Subject: No Subject
Message-ID: 


On Wed, 21 Feb 1996, Tim Philp wrote:

> 	The issue that I have not seen you address is one that has been
> brought up by several posters to this thread. This issue has to do with
> the fact that if you generate all of the keys (or whatever) what is to
> stop someone from offering one of your employees a LARGE bribe to cough up
> the keys? 

Not to mention GAK.  No bribe needed - just a "suit" showing up with what
looks like a court order. 
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From owner-cypherpunks at toad.com  Wed Feb 21 02:21:58 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:21:58 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

IPG Sales wrote:

[Notice "Sales" wrote this...]
> We are not currently revealing all the details of our system because of
> patents in process, and other relat6ed matters. We are offering the

Do you know what "patent pending" means?

> software. You should be able to readily decompile it and determine the
> algorithms used andf how they are used to generate random number sequences

If you're so concerned about secrecy and patents, why encourage anyone
to reverse engineer it?  If it's as secure as you say (and it's not)
and yet unpatented, then you sure as hell don't want anyone reverse
engineering it... you don't even want to publish the compiled binary
either (if that were true).

[..]
> If you are aware of encrtypting technology, you recognize that hardware
> prime number cycle wheels for the basis of some of the most secured
> hardware systems employed for encryption. We simply expand that 

You mean like Enigma machines? (chuckle)

> Thus we can eliminate the need to have the length of the OTP to be equal
> to the length of the file - if you do not belive that it works, try it
> and see - it takes inly a few hours to set such a trial up. We generated

OTP = One Time Pad
      ^^^
Used once. Not repeated. Equals the size of the file. Completely
erased from the cosmos after decryption and never seen again. Anything
else just isn't a one time pad.

> over 790 gigabytes of charcaters, on multiple backups, and tested. Our
> standard deviations, chi squares, Delta ICs for bits, characters, sets,
> and the entire set were random. The sets are random, and you can take
> that to the bank.

Gee. It sure looks random. Must be secure. [Sarcarm mode off]

> Someone, will decompile it and discover that it is truly random, at least
> from the practical usage basis. But we need that time to file patents,
> cvopyrights and the like.

Truly random? If it's based on an algorithm and not an unpredictable
source of external randomness, it just ain't random.

If it's fed the same seed, will it produce the same output? If so,
'taint random. Don't call it that. Just don't.

> The IPG system solves the key management problem and produces a truly

Oh really? And how does it do that? ...

[..]
> "Unless we know, we do not experience by talking," Plato

Interesting that you quote Plato, who believed in such fairy tales
as essential orbs of "truth", "beauty", etc. floating around in
some neuminal hyperspace.  Faith was rather important, and the western
religions were really damn peachy about it.

Oh, I get it... OTP stands for Onto-Theological Platonism. Philisophical 
snake oil...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqxhCoZzwIn1bdtAQFrnwGAxffXmBmuZchYHTFapCNqc5xxiEqDy7BD
RL9cJeuP/2CHnVUgvfRX5uHfabPZz+Z7
=akNJ
-----END PGP SIGNATURE-----





From bruce at aracnet.com  Wed Feb 21 18:23:33 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Wed, 21 Feb 96 18:23:33 PST
Subject: "This is not Coderpunks--we don't need no steenking cryptography!"
Message-ID: <2.2.32.19960222022502.006956d0@mail.aracnet.com>


At 01:11 PM 2/21/96 -0800, tcmay at got.net (Timothy C. May) wrote:

>* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
>stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
>BSAFE, RSAREF, etc.
>
>* Cypherpunks -- nuclear bomb triggers, why women are more free under the
>will of Allah than in Western decadent societies, movie reviews, SS
>Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
>Antarctica, Himalayan treks, etc.

Pretty much, yep. The only part of this that really annoys me is that there
isn't currently any real place to talk about actual crypto matters from a
user's point of view.

Sure, I can carve out space for myself on my own Web pages to talk about the
things that interest/concern me - and I have - but it's tough to find
anyplace to _learn_ in any way except random experimentation. And sure, if I
could read C well enough to puzzle through the remailer code and had the
UNIX knowledge necessary to compile and run one myself, for instance, I
could answer all my questions about remailer operation. But I don't. And I
wish I didn't have to. Unfortunately, there seems to be a huge gap between
the tiny handful of people who create the stuff and the bulk of us who are
merely interested in using it.

At this point, I acknowledge that I'm reinventing Alan's screed about how
"cypherpunks teach" should be as true as "cypherpunks write code". If more
people don't work on bridging the aforementioned gap, smart people of good
will who happen to be occupied enough with other things not to be able (or
interested) to become themselves good programmers and cryptographers are SOL.
 

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From owner-cypherpunks at toad.com  Wed Feb 21 02:26:51 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:26:51 +0800
Subject: No Subject
Message-ID: 


I am answering the courteous inquiry from Thomas Womack about my request for 
help with a Visual Basic-only PRNG.  The premise is that those who will not or
can not afford hardware-based RNG's need something relatively secure in the
face of nothing at all or at best a lesser implementation.
 
I was reluctant to post code at first but rather asked for an interpretation 
of 10 runs of 9999 characters each.  I want peer review of source code but 
the threads in CypherPunks have been of a shall we say "low signal to noise" 
ratio of late.  Even more so than usual.  I just didn't want to feed the 
beast at this time.
 
That said, here's the outline of what I'm doing.  A splash screen loads first
displaying a random tip'o'the day about good key management.  I make use of 
the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.
 
 
' Load splash screen first
Sub Form_Load ()
 
  ' first randomize using number of milliseconds since Windows was launched
  Randomize getcurrenttime()
 
  ' then rotate the tip'o'the day (30 currently, adding unknown some delay)
  For j = 1 To Int(n * Rnd + 1)
    Select Case j
      Case 1
        hint.Caption = "You passphrase is SUPPOSED to look like gibberish."
      ...
      Case n
        hint.Caption = "Change your passphrases often."
       End Select
  Next j
 
End Sub
 
' user clicks an OK button and up comes 2nd screen
Sub Form_Load ()
 
 ' mix things up
  Randomize getcurrenttime()
  
End Sub
 
 
' main screen's OK button
Sub Command1_Click ()
  
  Screen.MousePointer = 11
  scramble = ""
  keyLen = Val(keyLength.Text)
 
  ' repeat for the number of characters in the desired key
  For i = 1 To keyLen
    ' character set is ASCII 33 to ASCII 127
    scramble = scramble & Chr$(Int(94 * Rnd + 33))
    ' reseed
    Randomize getcurrenttime()
    ' now make it wobble to throw off any regularity in the loop
    ' this loop works because as the 7 increases, so does execution time
    For j = 1 To Int(7 * Rnd + 1)
      'idle
    Next j
  Next
  
  Screen.MousePointer = 0
  secondaryForm.keyLabel.Caption = scramble
 
End Sub
 
 
I'd be happy with an analysis of just how random this is.  My working 
assumption is that over a >8 character key, it beats trying to dream one 
up in one's head.  Besides the getcurrenttime API, I don't know what else 
to sample without an external DLL or hardware.
 
I started out attempting a keyboard timing routine but had second thoughts.
My software company has been doing bar code printing tools for years. Now 
we're moving from simple encoding to encryption.
 
After playing with RSA Secure briefly, I realized that one way to spoof a 
request to type willy nilly to initialize anything is to use a bar code 
scanner.  The common type is sometimes called a wedge because you plug your 
keyboard into it, and it into the keyboard port.  It's wedged between the 
keyboard and the CPU.
 
So when asked to type (obstensibly to input randomly timed events) I scan 
a very large block of bar coded material.  I fill the keyboard buffer at a 
fixed rate; the throughput of my scanner and PC.  If I scan a large bar 
code, yes, I'll fill the keyboard buffer as fast as possible.  Little 
entropy in my eyes.
 
Oh yeah, with common symbologies like Code 39 and Code 128, I can recreate 
the whole lower ASCII 128 including tabs, LF/CR, etc.  So I can tab to 
activate buttons in some UI scenarios. Or do macros any any combination that 
may include control characters.
 
So gang, what about bar code scanners being used to thwart random typing 
requests??
 
Jerry Whiting
jwhiting at azalea.com 






From owner-cypherpunks at toad.com  Wed Feb 21 02:28:10 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:28:10 +0800
Subject: No Subject
Message-ID: 


At 2:04 PM 2/14/96, Robert Hettinga wrote:

>Perry and Tim,
>
>Why don't you two have sex already? The tension around here is getting
>unbearable...

And why don't you stop cluttering up the list with supposedly cute stuff
like this?

The couple of fairly short messages I've written in response to comments by
Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
Netscape battle.

(If anyone can point to examples where I have engaged in protracted--more
than a couple of short messages--flames, please send me pointers to these
examples in private mail. I claim no especial morality, but I do think I've
stayed out of ongoing flame wars. I haven't even commented on
"assassination politics," even though it's just a watered-down and
poorly-thought-out version of what I wrote about in 1988...easier to just
delete the ramblings.)

And yet people like Bob and Uni feel compelled to throw their two cents in
about what a spectacle this is.

Get real.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From owner-cypherpunks at toad.com  Wed Feb 21 02:29:28 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:29:28 +0800
Subject: No Subject
Message-ID: 


Ed Carp wrote:
> 
> CompuScam, Inc., an unwholly-owned invention of InventiData, is pleased to
> announce its latest offering in the growingly lucrative Internet Security
> market.  Called "Secure Users Everywhere", SUE is "guaranteed privacy
> protection for citizen-units everywhere," according to Ed Carp, Chief
> Scientist, Chief Executive Officer, and Chief Everything Else for
> CompuScam.  In today's press release, Carp said that "SUE is destined to
> become the dominant market leader in a field full of inferior products."
> 
> SUE is designed to work in any environment, and provides "Fort Knox"
> security for Internet users who wish to transact business over the "net".
> "Up until now, the Internet has been totally exposed, totally wide open to
> every 12-year-old wannabe cracker with a cheap PC and a modem," said Carp,
> "but with SUE, all that has changed overnight.  Now SUE users can safely
> and securely exchange the most sensitive of documents, including credit
> card and checking account numbers, SSN, employee information, credit
> reports, gold bars - virtually anything that is of value can now be safely
> transported across the Internet."
> 
> No details were immediately available on the technical foundations of SUE,
> but Carp indicated that this is to provide enhanced security for its
> customers, adding that "you wouldn't want everyone to see your data, would
> you?  Then why would you want everyone to know about how this software
> works?"  According to CompuScam, SUE is composed of a small software "TSR"
> that is loaded into memory when a computer is first powered up, and a
> proprietary hardware device, known as a CUD ("compulsive exteriorization
> device") that provides "total security" for the software.  Carp indicated
> that the software TSR is "completely ITAR/RNG/SHA/RC4/BBS/RSA/MD5
> compliant, and meets all government standards for the very highest levels
> of cryptographic software, including FIPS-180, SESAME, and STU-III."  The
> hardware device is reportedly PRNG/RNG compliant.
> 
> Additionally, the SUE product is reportedly backwards-compatible with most
> other manufacturer's "inferior" cryptographic products, including products
> from Digital Pathworks, AT&T, VeriSign, IBM, and others.  Asked whether or
> not SUE is compatible with electronic cash offerings from First Virtual
> and others, Carp said, "Our total solution is so comprehensive, we're
> fixed problems that even the National Security Agency hasn't thought of
> yet.  We've also totally addressed the major problems that First Virtual
> brought to light last month in their press release," adding that no other
> cryptographic software maker had even responded to First Virtual's
> announcement, "let alone done anything about it.  We are acting now to
> protect our customers and children on the Internet by providing total
> coverage of the market."
> 
> Carp denied rumors that the CompuScam was nothing but a mailbox located in
> a Mailboxes Etc., branch office in Garland.  "I believe you will find that
> a reporter obtained an early press release which contained an
> typographical error in our suite number," adding that the company is
> expecting to move soon to new offices near Sun Microsystems in Palo Alto,
> adding that "the proximity to so many Silicon Valley companies will no
> doubt enhance the value of our
> stock^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hquality of our software."
> 
> When asked about the timing of the release, noting that it was only a few
> days before the company was scheduled to go public, Carp said, "this is an
> absolutely wonderful opportunity for investors to get in on the ground
> floor of this new technology" adding something about a new Porsche which
> the reporters didn't quite catch.
> 
> SUE is available for PCs running all versions of Microsoft Windows,
> Windows 95, Windows NT and MS-DOS, as well as all UNIX and UNIX-like
> platforms, and MVS.  The CUD hardware device is available in .357, .45,
> .44 Magnum, and 9MM versions.  Pricing was not immediately available.
> --

	And of course, export license has been granted to Iraq, Iran
	and the rest of the "non-hostile challenged" (?) world.
	Wonderful!







From shamrock at netcom.com  Wed Feb 21 02:36:16 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 18:36:16 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 15:24 2/20/96, Ed Carp wrote:
>On Wed, 21 Feb 1996, Tim Philp wrote:
>
>>       The issue that I have not seen you address is one that has been
>> brought up by several posters to this thread. This issue has to do with
>> the fact that if you generate all of the keys (or whatever) what is to
>> stop someone from offering one of your employees a LARGE bribe to cough up
>> the keys?
>
>Not to mention GAK.  No bribe needed - just a "suit" showing up with what

The threat is mote. IPG generates the keys. Therefore, their system is
insecure from the user's point of view. This is just about as fundamental
of a security flaw as you are ever going to find. Let's not waste our time
on IPG (what a misnomer) any longer.


-- Lucky Green 
   PGP encrypted mail preferred.







From owner-cypherpunks at toad.com  Wed Feb 21 02:45:13 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:45:13 +0800
Subject: No Subject
Message-ID: 


I wrote a program which does secret sharing calles SecShare. It is on my
home page. As my first venture into crypto programming it is a major
kludge, but it does the job.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki at obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------







From owner-cypherpunks at toad.com  Wed Feb 21 02:47:38 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:47:38 +0800
Subject: No Subject
Message-ID: 


Wayne Madsen wrote somewhere:
> A knowledgeable government source claims that
> the NSA has concluded agreements with [...] Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, [...]

I suspect this may actually mean that they're pushing Netscape to
incorporate cryptographic authentication into browser email, which I think is
a useful development. I'm not aware of any public remailers previously 
operated by Netscape Communications Corp. that have now shut down. ;)

At any rate, it's an excuse for me to ask some questions:

(0) I'm not aware of any class library objects or methods in stand-alone Java
for calling the local mail transport agent. Is there any class library 
support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
etc.} for applet calls to the local mail agent that's configured in the 
browser ?  

I would prefer not to reimplement SMTP using the Socket class in my own 
applets. Ideally I'd like to have an applet that presents a form with some 
entry boxes and check boxes, quantizes and encrypts the input according to 
the check box settings, and spews the resulting byte streams to the MTA. 

(1) As I recall, I used to be able to set (as an Option) the path and name of 
the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. 
That seems to have disappeared in Navigator 2.0. Is there indeed no longer a 
way to set that ?  

It occurs to me that we could have achieved partial integration of
remailing into Navigator quite cheaply with that option.

Comments from Sun and/or Netscape and/or anyone else would be welcome.
Thanks :)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From owner-cypherpunks at toad.com  Wed Feb 21 02:52:24 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:52:24 +0800
Subject: No Subject
Message-ID: 


>(0) I'm not aware of any class library objects or methods in stand-alone Java
>for calling the local mail transport agent. Is there any class library 
>support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
>etc.} for applet calls to the local mail agent that's configured in the 
>browser ?  

A look at the documentation does not show one.  You may have to implement
the whole MTA protocol yourself :-(.  It does occur to me that such a
library would only be possible in a browser that knows (via configuration)
how to find MTAs.

Good luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From owner-cypherpunks at toad.com  Wed Feb 21 02:55:27 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 18:55:27 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

> > Do we have to show an exploitable flaw? Or we have to do the exploit? That
> > might be expensive. Who would judge the contest?
> > 
> > The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> > read the messages. End of story.
> > 
> Hedging, hedging, hedging - why? I did not noitice this in my first 

I think he meant that it might cost him several $10000 in computing time to
actually demonstrate a flaw, should it be found. Proving the flaw exists
should be enough. If a company really needs unbreakable encryption, a few
hundred thou isn't too much for an attacker to pay for million dollar secrets.
On the other hand, it would be quite a bit for an individual to come up with,
just to illustrate a point.

And this thing about keeping a copy of the one-time-pad, now just why is it
that you need to at all?? After all, if it doesn't arrive safely, then who
knows who has it... And if so, then you don't need a copy that could, say,
accidently get smuggled out and sold to [foreign government, domestic
covernment, competitor, curious onlooker - pick one] for the right sum of
money.

For your next version, you might want to add in the capability for a slight
remixing of the random pool at both ends (a passphrase, for example)
protected by secure-hashing properly-sized chunks. There's nothing like
being able to lock the door behind you, ya know...

Don
- -- 
           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root at fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSrSo8La+QKZS485AQFXeAL6AviaeMve7k6Oh1F5qix9EOBT29wSXXMa
NAcr8PSTFfQ7kd1FHz2A1N4OPXO+AW2vVPLWiulU/bcXoP5K/+mU36wM17bo9nXz
0tiVmyZcDV4bn6Vs373oYIKt2W0rj02K
=sJQO
-----END PGP SIGNATURE-----





From ac at hawk.twinds.com  Wed Feb 21 18:58:08 1996
From: ac at hawk.twinds.com (Arley Carter)
Date: Wed, 21 Feb 96 18:58:08 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


Finally, an honest man at IPG. Y'all are a hoot. I'll hire you as bozos 
for my kid's next birthday party. 
ROTFL

Arley Carter
Tradewinds Technologies, Inc.
email: ac at hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from ."

 

 On Wed, 21 Feb 1996, IPG Sales wrote:

> We fess up - we are pig farmers from TexasL, we never have been to 
> these high fluting things you call schools, so we do not even 
> know what you are talking about, much less anything about Cryptography.
> 
> On Wed, 21 Feb 1996, Arley Carter wrote:
> 
> > On Tue, 20 Feb 1996, IPG Sales wrote:
> > 
> > Fess up guys. You are either:
> > 
> > 1.  A team of undergrads or graduate students conducting an "exploit". 
> > 2.  A Detweiller tentacle. Dr. FC ?
> > 3.  The return of Alice D'nonymous ?
> > 4.  The reason the coderpunks lists was started.
> > 
> > You've got to be ROTFL. 
> > See my sig.
> > 
> > Arley Carter
> > Tradewinds Technologies, Inc.
> > email: ac at hawk.twinds.com
> > www: http://www.twinds.com
> > 
> > "Trust me. This is a secure product. I'm from  > corporation or government agency>."
> >  
> Appreciately,
> 
> Ralph
> 
> > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  
> > >      
> > > 
> > > 
> > > 
> > >     
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 





From owner-cypherpunks at toad.com  Wed Feb 21 03:00:48 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Wed, 21 Feb 1996 19:00:48 +0800
Subject: No Subject
Message-ID: 


The original message was received at Wed, 21 Feb 1996 03:37:32 -0500 (EST)
from ncrgw1 at localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
451 sandiegoca.ncr.com!chris.claborne... reply: read error from ncr-sd.sandiegoca.attgis.com.
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks at toad.com
Received: from ncrgw1.UUCP (ncrgw1 at localhost) by ncrhub5.attgis.com (8.7.3/8.7.3) with UUCP id DAA22660 for sandiegoca.ncr.com!chris.claborne; Wed, 21 Feb 1996 03:37:32 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 21 Feb 96 03:37:17 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadvt15500; Wed, 21 Feb 1996 03:22:15 -0500 (EST)
Received: by toad.com id AA18685; Tue, 20 Feb 96 19:22:49 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA18672; Tue, 20 Feb 96 19:22:36 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA26087; Tue, 20 Feb 1996 22:22:16 -0500
Received: (from lmccarth at localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id WAA12154 for cypherpunks at toad.com; Tue, 20 Feb 1996 22:22:15 -0500
From: lmccarth at cs.umass.edu
Message-Id: <199602210322.WAA12154 at thor.cs.umass.edu>
Subject: Re: Secure Split
To: cypherpunks at toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 22:22:15 -0500 (EST)
Reply-To: cypherpunks at toad.com (Cypherpunks Mailing List)
In-Reply-To: <9602210251.AA16675 at cti02.citenet.net> from "Jean-Francois Avon (JFA Technologies, QC, Canada)" at Feb 20, 96 09:47:39 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk

   ----- Message body suppressed -----






From llurch at networking.stanford.edu  Wed Feb 21 03:03:57 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Wed, 21 Feb 1996 19:03:57 +0800
Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: 
Message-ID: 


[Please forward along to fight-censorship if non-redundant]

I applaud your quick response. However, you should read more and consult
people with area expertise. At least do the five-minute AltaVista and 
DejaNews search I did; don't just trust the information that gets sent to 
you, or you're likely to be used. 

I think you're at least 95% right here, but it is worth noting that The
Post has ties to the former dictator of Zambia, who was replaced by the
more or less democratically elected Chiluba whose ouster you so
precipitously are demanding. First impressions and fast action are often
necessary, but it's not responsible to stop there. Life & death politics
isn't a toy. Chiluba is no saint, but he's no two-bit dictator, either.
I'd probably rate him a notch or two below Aristide, no worse. He's
certainly no Castro, Kim, or Idi Amin.Chiluba is pretty good by
Sub-Saharan African standards (which, unfortunately, isn't saying much). 

For informed opinion, you should start with the Association of Concerned
African Scholars: 

 http://www.prairienet.org/acas/

You might want to add Amnesty International's 1995 report on Sub-Saharan
Africa, which has some background on Zambia and Chiluba: 

 http://www.amnesty.org/Africa95/360195.AFR.txt

For those who read Swedish, this appears to be a more specific Amnesty 
report:

 http://www.everyday.se/amnesty/zambia2.html

See Chiluba's comments on Nigerian human rights violations:

 http://www.prairienet.org/acas/chiluba.html

Official statements of the Zambian government:

 http://www.zamnet.zm/zamnet/grz/govstate.html

Two trivial stylistic whines:

HTML bug:
You need to prepend mailto: to the link to fstuart at vetmed.auburn.edu

Graphical excess:
And as I'm sure you're aware, the lead graphic is a bit large for most 
browsers. It takes up the whole 13" screen I have at home.

-rich





From tcmay at got.net  Wed Feb 21 19:21:27 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 21 Feb 96 19:21:27 PST
Subject: "and two forms of ID"
Message-ID: 


At 11:53 PM 2/21/96, Adam philipp wrote:

>   Don't forget to bring your public key fingerprint (and two forms of ID).
>If you can figure out how to get a PGP fingerprint on the back of a business
>card, that would be cool.

This is an unusual development, asking for "two forms of ID." If I attend,
can I use the "May Company" ID card I had printed up, or are only State of
California and El Cajon Public Library cards accepted?

We've had several key-signings in the Bay Area, and at none of the ones
I've seen has there been any demand for "two forms of ID." In fact, I
understand that some of the keys signed were for people whose nom de list
differs from what Sacramento knows them by. Lucky Green might want to
comment.

This gets back to the familiar issue of what it is a name credential really
means, and whether we care.

--Tim May, the name I use for this list


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dlv at bwalk.dm.com  Wed Feb 21 19:26:14 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 21 Feb 96 19:26:14 PST
Subject: Credit card numbers
In-Reply-To: 
Message-ID: <0JJoJD44w165w@bwalk.dm.com>


> > Is there something like a checksum attached to Credit Card
> > Numbers. Or better: Is there a way to determine for a given
> > number N if
> >   -this _might_ be a valid number
> >   -this can't be a valid number

This was posted by Wayne D. Hoxsie Jr. :

#include 

v(char *s)
{
  int i=0,j=0,k;

  k=!(!s[16]);
  for(;*s;*s++)
    i+=(++j%2-k)?(*s-'0')*2>9?((*s-'0')*2)-9:(*s-'0')*2:*s-'0';
  return (i%10);
}
main()
{
  char s[160];

  printf("Enter credit card number\n");
  scanf("%s",s);
  printf("Credit card number is %svalid\n",v(s)?"in":"");
}

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From WlkngOwl at UNiX.asb.com  Wed Feb 21 19:38:34 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Wed, 21 Feb 96 19:38:34 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220345.WAA25647@UNiX.asb.com>


IPG Sales  wrote:

>  See my reply to Tim Phillip - it is checked extensively 
> 
> If the algorithm sucks, prove it - please read the messages back and 

See my comment below.
[..]
> > [..]
> > > In general, you will find the kernel of the propgations consists of 64
> > > equation sets of the form:
> > > 
> > >        Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers
> > >        ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
> > >        OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic
> > 
> > Bah. Looks to me like simple garbling, only using a large stream.
> > 
> > Encrypt a stream of zeros with that method, and you'll get repeated
> > strings of OTP[Bi]'s.  An unsophisticated high school student could
> > crack that.


 





From perry at piermont.com  Wed Feb 21 19:39:07 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 21 Feb 96 19:39:07 PST
Subject: BIG JAVA SECURITY HOLE
In-Reply-To: 
Message-ID: <199602220338.WAA11137@jekyll.piermont.com>



Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean 
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]





From unicorn at schloss.li  Wed Feb 21 19:57:59 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 21 Feb 96 19:57:59 PST
Subject: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 


On Sun, 18 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
> >	I've been kind of busy recently (the reason I haven't responded to
> >the more recent Assasination Politics stuff), but I'm curious what 
> >your method is for achieving simultaneous explosions.
> 
> 
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid 
> explosive (for example, pure nitromethane), length accurately cut to produce 
> the exactly desired delay.  Kept separated from each other by foam spacers 
> to avoid inter-fiber detonations. Detonated from a single cap, with an 
> intermediary chamber of liquid explosive to stabilize the shock front, the 
> detonation wave travels along each tube simultaneously at (presumably) 
> identical velocity."

This method is so dependent on the uniformity of the initiator (the cap 
in this instance) as to be nearly useless.  Normal blasting caps do not 
detonate with the uniformity required to initiate each of the tube paths 
at the same time.  In the off chance that you contemplated surrounding 
the cap with liquid explosive of a sufficent type, (which still wouldn't 
assure proper uniformity with any certainty as the liquid explosive is as 
likely to detonate slightly off left to right as up to down) you still have 
extremely difficult problems to overcome.

1>  Interference from the milling shape and accuracy of the openings to 
the tubes containing the liquid explosive.

2>  Mild to obscure impurities in the liquid explosives causing 
differences in velocity with respect to other tubes.  Even small changes 
in pressures within the tubes might cause enough timing problems to make 
uniform initiation of the primary high explosive assembly impossible.

3>  Interference from the milling shape and accuracy of the terminus of 
the tubes containing the liquid explosive.

4>  Overpressure in the device causing premature detonation of the near 
portion of the high explosive assembly.

All of these might cause enough timing error to prevent uniform pressure 
and thus prevent uniform compression and make supercriticality impossible.

Remember, kryonic switiches are necessary even when dealing with the 
speeds of electric conductivity.  The velocities of even hydrazine based 
explosives are signigicantly lower.  The margin for error is similarly lower.

Plutonium gun is still the easiest method for the home grown nuclear 
device, even if it requires more fissile material.

> It's a race, designed so that the detonation waves reach their targets (the
> foci) at 
> the same time.  If the detonation velocity was, say, 5,000 meters per 
> second, an accuracy of 0.5 millimeter in length would produce a delay 
> accuracy  of 100 nanoseconds.
>
> Whatcha think?
> 
> Now where did I put that pit...   
>
> Jim Bell
> jimbell at pacifier.com
> 
> Klaatu Burada Nikto
> 
> -----BEGIN PGP SIGNATURE-----
[...]
> -----END PGP SIGNATURE----- 

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From fstuart at vetmed.auburn.edu  Wed Feb 21 04:00:09 1996
From: fstuart at vetmed.auburn.edu (Frank Stuart)
Date: Wed, 21 Feb 1996 20:00:09 +0800
Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
Message-ID: <199602211141.FAA00492@snoopy.vetmed.auburn.edu>


>[Please forward along to fight-censorship if non-redundant]
>
>I applaud your quick response. However, you should read more and consult
>people with area expertise. At least do the five-minute AltaVista and 
>DejaNews search I did; don't just trust the information that gets sent to 
>you, or you're likely to be used. 
[...]

Good advice.  In this case, the copy of the banned issue of _The Post_ came
from a confidential source, but I have reason to believe it is a true copy.
I know very little about Zambia and had nothing to do with the additional
commentary.


                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.





From unicorn at schloss.li  Wed Feb 21 20:02:03 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 21 Feb 96 20:02:03 PST
Subject: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 


On Mon, 19 Feb 1996, Brian Davis wrote:

> On Mon, 19 Feb 1996, jim bell wrote:
> 
> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> > to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
>   ^^^^^^
> 
> No shit.

So, it would seem, is nuclear weapons design.

> 
> > Jim Bell
> > 
> > jimbell at pacifier.com.
> 
> EBD
> 

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From declan at well.com  Wed Feb 21 04:22:24 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 21 Feb 1996 20:22:24 +0800
Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: 
Message-ID: 


Rich:

You assume I did little research; this assumption is incorrect. Did you
actually read the documents your search turned up, including the ones in
Swedish? 

I spent a few hours last night reading documents that Altavista found,
including the U.S. State Department's report on human rights in Zambia
under Chiluba. It says in part: 

     Police often ignore procedural requirements and engage in abusive
     and brutal behavior, including beating and at times killing criminal
     suspects and detainees... The press and other media continued to run
     afoul of legal restraints on freedom of expression and suffered
     political reprisals for expressing independent views.

I also read enough back issues of _The Post_ to get a feel for their
editorial tone, and even if they had ties to the former dictator (an
assertion you don't back up), their recent coverage of events was not
unfair, IMHO. 

I've also read three reports by the Media Institute of South Africa
(MISA), calling for sanctions and a withholding of foreign aid to Zambia
for their human rights abuses, especially of members of the media. I
agree, and I also called for pressure through foreign aid. 

You seem to be unduly critical of my report. *shrug* I don't expect
everyone to agree with me, and I suppose I should be happy that you think
I'm "95% right," whatever that means.

-Declan




On Wed, 21 Feb 1996, Rich Graves wrote:

> Date: Wed, 21 Feb 1996 01:55:01 -0800 (PST)
> From: Rich Graves 
> To: Declan McCullagh 
> Cc: cypherpunks at toad.com
> Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
> 
> [Please forward along to fight-censorship if non-redundant]
> 
> I applaud your quick response. However, you should read more and consult
> people with area expertise. At least do the five-minute AltaVista and 
> DejaNews search I did; don't just trust the information that gets sent to 
> you, or you're likely to be used. 
> 
> I think you're at least 95% right here, but it is worth noting that The
> Post has ties to the former dictator of Zambia, who was replaced by the
> more or less democratically elected Chiluba whose ouster you so
> precipitously are demanding. First impressions and fast action are often
> necessary, but it's not responsible to stop there. Life & death politics
> isn't a toy. Chiluba is no saint, but he's no two-bit dictator, either.
> I'd probably rate him a notch or two below Aristide, no worse. He's
> certainly no Castro, Kim, or Idi Amin.Chiluba is pretty good by
> Sub-Saharan African standards (which, unfortunately, isn't saying much). 
> 
> For informed opinion, you should start with the Association of Concerned
> African Scholars: 
> 
>  http://www.prairienet.org/acas/
> 
> You might want to add Amnesty International's 1995 report on Sub-Saharan
> Africa, which has some background on Zambia and Chiluba: 
> 
>  http://www.amnesty.org/Africa95/360195.AFR.txt
> 
> For those who read Swedish, this appears to be a more specific Amnesty 
> report:
> 
>  http://www.everyday.se/amnesty/zambia2.html
> 
> See Chiluba's comments on Nigerian human rights violations:
> 
>  http://www.prairienet.org/acas/chiluba.html
> 
> Official statements of the Zambian government:
> 
>  http://www.zamnet.zm/zamnet/grz/govstate.html
> 
> Two trivial stylistic whines:
> 
> HTML bug:
> You need to prepend mailto: to the link to fstuart at vetmed.auburn.edu
> 
> Graphical excess:
> And as I'm sure you're aware, the lead graphic is a bit large for most 
> browsers. It takes up the whole 13" screen I have at home.
> 
> -rich
> 





From rah at shipwright.com  Wed Feb 21 21:45:11 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 21 Feb 96 21:45:11 PST
Subject: "and two forms of ID"
Message-ID: 



>I'm sufficiently impressed with the arguments against name credentials
>that Carl Ellison has made that I'm looking seriously into systems
>that don't do any sort of conventional certificate binding at all...

... and I bet, Wei Dai's contentions to the contrary, that they'll be
*cheaper* to use than those which do certificate binding, all other things
being equal.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From proff at suburbia.net  Wed Feb 21 22:07:59 1996
From: proff at suburbia.net (Julian Assange)
Date: Wed, 21 Feb 96 22:07:59 PST
Subject: Kerberos vulnerability
In-Reply-To: <9602210339.AA22431@anon.penet.fi>
Message-ID: <199602220606.RAA04537@suburbia.net>


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> A Kerberos V4 session key is chosen by calling random() repeatedly.
> THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
> where p is a static integer set to getpid() ^ gethostid() on the first
> call and n is a static counter.
> 
> Is there any entropy here???  Most, if not all, Kerberos servers run one
> time synchronization protocol or another, which reduces the entropy to a
> few bits at most.
> 
> DEADBEAT 

usec grainlessness typically doesn't approach anything like a usec on most
OS implimentations either.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From stevenw at best.com  Wed Feb 21 22:13:19 1996
From: stevenw at best.com (Steven Weller)
Date: Wed, 21 Feb 96 22:13:19 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


>Perry:
>
>"Stubborness and dogmatism are the surest signs of stupidity - is there
> anything more resolute and disdainful than an ass!" Montaigne
>
>You have an yellow streak down your back  infinitely wide - you may or
>may not be a physical coward but you are certainly an intellectual coward
>- you have the opportunity to save human lives, as you asserted and you
>just brushed that asside -

[etc. elided]

My personal theory is that Perry has developed a particularly nasty form of
multiple personality disorder and it is causing him to voraciously troll
himself on this list.

It's not going to be pretty, folks.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From m5 at dev.tivoli.com  Wed Feb 21 06:24:43 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Wed, 21 Feb 1996 22:24:43 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <9602211404.AA16345@alpha>



IPG Sales writes:
 > We do not keep copies, we would not be in business 30 days if 
 > we did.

How do you ensure that the keys are not intercepted, duplicated by a
man-in-the-middle, and forwarded?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From ac at hawk.twinds.com  Wed Feb 21 06:32:01 1996
From: ac at hawk.twinds.com (Arley Carter)
Date: Wed, 21 Feb 1996 22:32:01 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


On Tue, 20 Feb 1996, IPG Sales wrote:

Fess up guys. You are either:

1.  A team of undergrads or graduate students conducting an "exploit". 
2.  A Detweiller tentacle. Dr. FC ?
3.  The return of Alice D'nonymous ?
4.  The reason the coderpunks lists was started.

You've got to be ROTFL. 
See my sig.

Arley Carter
Tradewinds Technologies, Inc.
email: ac at hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from ."
 

> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
>      
> 
> 
> 
>     
> 
> 
> 
> 
> 





From bruce at aracnet.com  Wed Feb 21 22:34:31 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Wed, 21 Feb 96 22:34:31 PST
Subject: Portland Cypherpunks Get-Together
Message-ID: <2.2.32.19960222063604.006858ac@mail.aracnet.com>


-----BEGIN PGP SIGNED MESSAGE-----

I just wanted to remind y'all that this Saturday is the second quasi-monthly
Portland (OR) cypherpunks MST3K fest, key-signing, and general social event.
E-mail for further information.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSwOAn3AXR8sjiylAQHoHAfRAZ0NJpB/pzmKwwRtJJygkQfE4vLQxrO3
f51RlzysBE3u7OFGnNYmy8QLXzsaclppN0ssfbFkxs13vwgiztudl9D3LkGrdw44
HgRAAV+FTuuR+nzehOc3DHQDDnPLoXh7NrS+bYfYGHv2GB8OZYpFXD5VEirJFmEj
uq7dEV4wy8+ml7BsMXxxZNwhP1ISRXvH9ODKLZnWx/6ngkFbzJBw1cvyHiuqjwRg
5HM31+HKSe5qi+Xx9ZlEfLY5d3U6HiN9cgKL+Jo301VGsZmEvIPyK0Yjyt4EUzgN
6vawqU6Kvzj76tOMe1lnUs3eSR4rUmNlaYXNRZuxy7FObqc=
=uaR5
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From blake at bcdev.com  Wed Feb 21 06:40:32 1996
From: blake at bcdev.com (Blake Coverett)
Date: Wed, 21 Feb 1996 22:40:32 +0800
Subject: Internet Privacy Guaranteed
Message-ID: <01BAFF6F.3016C000@bcdev.com>


>Err... okay, maybe I don't have this figured out.  Still sounds like OTPs,
>and someone selling random data at $15 a pop per month.  Having multiple
>floppies mailed to me monthly, with all the inherent difficulties, sounds
>like a lot more work than public-key management.  My bozometer is pegged.

It gets even worse by my reading of this thread.  They send out the first lot
of pseudo-OTP via some *nominally* secure channel, but then the send you
the subsequent months via the Internet.  (Presumably encrypted with one of
your existing keys.)

This adds up to a system that isn't event a pseudo-OPT.  It's just a conventional
rotor-based cryptosystem, with an unevaluated implementation.  Break one message
containing a batch of new keys and the entire system is defeated forever.

-Blake






From sagi at physic.ut.ee  Wed Feb 21 06:44:52 1996
From: sagi at physic.ut.ee (Kristian Sagi)
Date: Wed, 21 Feb 1996 22:44:52 +0800
Subject: Telephone card tech. howto needed
Message-ID: 


Hello guys !


Here is used such telephone cards like this one here ... Sorry , not
very good picture here ;-) ... In the middle of this plastic card

 /------------\    is a chip ... See this picture here :
 |            |
 |            |                             
 |            |      [1] [2] [3] [4]
 |            |       |   |   |   | 
 |            |       |   |   |   |
 |    ___     |        |  |   |  | 
 |   |   |    |         | |   | |
 |   |   |    |          [ Chip ] 
 |   -----    |           |     \
 |            |           |      \      
 \------------/       |   |   |   |   
                     [5] [6] [7] [8]

As you see this chip has 6 legs ... and telephone card has 8 connectors ... 
Only 6 are connected ... Has anyone ideas, how this card works ... i mean 
something like telephone card hardware tutorials or something ... I have some
ideas ... There is a something : when disconnect connector number [8] then 
The machine can't decrement the money value in card ... maybe he reads the value..
then he decrement the value in card , then reads "the new value" and if comparing
between the old and the new value are the same , then machine disconnects 
he's telephone line ... Ok ... this is only one point ... But i want to know
how this tech. works ... Anything is welcome ... please ... BTW Don't put
answers to here , please mail-to me : sagi at physic.ut.ee

Kristian







From nobody at REPLAY.COM  Wed Feb 21 22:59:49 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Wed, 21 Feb 96 22:59:49 PST
Subject: IBM Breakthrough?
In-Reply-To: <199602220503.VAA24389@netcom17.netcom.com>
Message-ID: <199602220659.HAA24961@utopia.hacktic.nl>



> An IBM scientist and his colleagues have discovered a way to
> make an object disintegrate in one place and reappear intact
> in another.

Beam me up Scotty!





From dsmith at midwest.net  Wed Feb 21 23:00:23 1996
From: dsmith at midwest.net (David E. Smith)
Date: Wed, 21 Feb 96 23:00:23 PST
Subject: Internet shutdown Feb 29?
Message-ID: <2.2.32.19960222070058.0067c96c@204.248.40.2>


This looks completely, totally, and insanely bogus, but I
need some kind of verification for this bizarre little
piece of mail that somehow ended up in my mailbox.

Anybody from MIT ever heard of "Kim Dereksen"?

dave "I'm busy laughing, can you call back?"

 *** Attention ***

 It's that time again!

 As many of you know, each leap year the Internet must be shut down for 24
 hours in order to allow us to clean it.  The cleaning process, which
 eliminates dead email and inactive ftp, www and gopher sites, allows for
 a better-working and faster Internet.

 This year, the cleaning process will take place from 12:01 a.m. GMT on
 Feb. 29 until 12:01 a.m. GMT on March 1.  During that 24-hour period,
 five powerful Internet-crawling robots situated around the world will
 search the Internet and delete any data that they find.

 In order to protect your valuable data from deletion we ask that you do
 the following:

 1.  Disconnect all terminals and local area networks from their Internet
 connections.

 2.  Shut down all Internet servers, or disconnect them from the Internet.

 3.  Disconnect all disks and hardrives from any connections to the
 Internet.

 4.  Refrain from connecting any computer to the Internet in any way.

 We understand the inconvenience that this may cause some Internet users,
 and we apologize.  However, we are certain that any inconveniences will
 be more than made up for by the increased speed and efficiency of the
 Internet, once it has been cleared of electronic flotsam and jetsam.

 We thank you for your cooperation.

 Kim Dereksen
 Interconnected Network Maintenance staff
 Main branch, Massachusetts Institute of Technology

 Sysops and others:  Since the last Internet cleaning, the number of
 Internet users has grown dramatically.  Please assist us in alerting the
 public of the upcoming Internet cleaning by posting this message where
 your users will be able to read it.  Please pass this message on to other
 sysops and Internet users as well.  Thank you.
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net,  dave at nym.alias.net,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From jsw at netscape.com  Wed Feb 21 23:13:46 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Wed, 21 Feb 96 23:13:46 PST
Subject: Web Browsers and Anonymous Mail (Was: NSA net trolling)
In-Reply-To: <199602210740.CAA13722@thor.cs.umass.edu>
Message-ID: <312C161C.7E73@netscape.com>


lmccarth at cs.umass.edu wrote:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. I'm not aware of any public remailers previously
> operated by Netscape Communications Corp. that have now shut down. ;)

  Actually I believe that the quote from Madsen is his overblowing and
misinterpretation of our agreement to sell the government fortezza enabled
products.  There is no agreement that I know of between us and the NSA
regarding anonymity or e-mail.  Since I'm the one doing the code, someone
had better tell me if there is...

> At any rate, it's an excuse for me to ask some questions:
> 
> (0) I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool,
> etc.} for applet calls to the local mail agent that's configured in the
> browser ?
> 
> I would prefer not to reimplement SMTP using the Socket class in my own
> applets. Ideally I'd like to have an applet that presents a form with some
> entry boxes and check boxes, quantizes and encrypts the input according to
> the check box settings, and spews the resulting byte streams to the MTA.

  We do not curently allow Java to get access to our mail subsystem.

> (1) As I recall, I used to be able to set (as an Option) the path and name of
> the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape.
> That seems to have disappeared in Navigator 2.0. Is there indeed no longer a
> way to set that ?
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.

  I believe that we have always spoken SMTP via direct connection to port 25
on your designated mail server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From adam at lighthouse.homeport.org  Wed Feb 21 07:21:10 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Wed, 21 Feb 1996 23:21:10 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602211501.KAA05974@homeport.org>


	I don't know about Futplex, but Derek and I are well paid for
our time.  In order to find the time to fairly judge this system, I
would expect to be compensated for time spent, in advance.  After all,
I wouldn't want to see your bank account disapear should your system
be broken and the company sold.

	I would be happy to not let this money influence my judging.
After all, the money is in pocket, and I've already expressed doubts
about the system.

	So, if IPG is really interested in retaining me as a judge,
lets discuss terms & conditions.

Adam

IPG Sales wrote:

| Let Derek, Inccarth, and Adam be the aribtion committee, decide whether 
| the system is fataklly flawed or not - we will accept their findings 
| subject to only one caveat, that they have the intellectual honesty to 
| tell the truth. I believe that since Mr. Silvernail and Mr. Metzger have 
| exluded themselves, that Derek, Inccarth and Adam do have that 
| intellectual honesty to tell the truth - is that weighted too much in 
| IPGs favor.   

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From jimbell at pacifier.com  Wed Feb 21 23:24:03 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 21 Feb 96 23:24:03 PST
Subject: Easy Nuclear Detonator
Message-ID: 


At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
>On Sun, 18 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>> >	I've been kind of busy recently (the reason I haven't responded to
>> >the more recent Assasination Politics stuff), but I'm curious what 
>> >your method is for achieving simultaneous explosions.
>> 
>> 
>> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
>> homogenous liquid 
>> explosive (for example, pure nitromethane), length accurately cut to produce 
>> the exactly desired delay.  Kept separated from each other by foam spacers 
>> to avoid inter-fiber detonations. Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front, the 
>> detonation wave travels along each tube simultaneously at (presumably) 
>> identical velocity."
>
>This method is so dependent on the uniformity of the initiator (the cap 
>in this instance) as to be nearly useless.  Normal blasting caps do not 
>detonate with the uniformity required to initiate each of the tube paths 
>at the same time.  In the off chance that you contemplated surrounding 
>the cap with liquid explosive of a sufficent type, (which still wouldn't 
>assure proper uniformity with any certainty as the liquid explosive is as 
>likely to detonate slightly off left to right as up to down) you still have 
>extremely difficult problems to overcome.

Re-read my whole statement.  I copy the relevant commentary that you
sloppily forgot to read:

>> Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front,

I already entirely anticipated your objection.  And destroyed it.

>1>  Interference from the milling shape and accuracy of the openings to 
>the tubes containing the liquid explosive.

Quantify, quantify.  How much of a problem?  (Hint:  If you seriously 
believed there was a problem with this idea, you would be able to give a few 
examples on how to avoid them.  Reading your commentary, you did none of 
this.  

>2>  Mild to obscure impurities in the liquid explosives causing 
>differences in velocity with respect to other tubes. 

All the tubes can be filled at the last minute by pulling a vacuum on the
system and letting atmospheric pressure fill all the tubes.  No impurities,
or at least it's a perfectly homogeneous mixture.

> Even small changes 
>in pressures within the tubes might cause enough timing problems to make 
>uniform initiation of the primary high explosive assembly impossible.

"might"?  Well, could you be more specific?  How many nanoseconds would be
too many?


>3>  Interference from the milling shape and accuracy of the terminus of 
>the tubes containing the liquid explosive.

So what's your point?

>4>  Overpressure in the device causing premature detonation of the near 
>portion of the high explosive assembly.

Sure about that?

>All of these might cause enough timing error to prevent uniform pressure 
>and thus prevent uniform compression and make supercriticality impossible.

Pigs might fly.

>Remember, kryonic switiches are necessary even when dealing with the 
>speeds of electric conductivity.  The velocities of even hydrazine based 
>explosives are signigicantly lower.  The margin for error is similarly lower.

How low?  Be specific.

>Plutonium gun is still the easiest method for the home grown nuclear 
>device, even if it requires more fissile material.

The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
"Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
rapidly to use the "gun" method.   The 
scientists knew that in 1945.  You seem to be at least 50 years behind the 
times.

Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
perhaps more likely, this is a specific DIS-information campaign.   You want 
someone to waste a critical-mass worth of plutonium.   






From blancw at accessone.com  Wed Feb 21 23:28:56 1996
From: blancw at accessone.com (blanc)
Date: Wed, 21 Feb 96 23:28:56 PST
Subject: "consent of the governed"
Message-ID: <01BB00B5.C41C7320@blancw.accessone.com>


From: 	Vladimir Z. Nuri

I was musing over this phrase, "a government rules by consent of the governed"   [.......]
does it mean, "majority of the governed?" how exactly is consent expressed?
.......................................................................................

.  How exactly is consent extractedH^H^H^H^H^H^ requested?

.  When exactly is consent identified? 

.  How exactly is government applied to the consentees? 
   (caning, jailing, fines, etc.)

.  How exactly do consentors change methodologies when they suddenly realize that they, too, can be subject to their own device?

.  Why should non-consenting citizens live with governing methods which in fact conflict with the pursuit of those three human virtues:  life, liberty, happiness?

Supposedly, government is devised for ruling the "unruly";  a matter for definition and (dis)agreement which can provide endless hours of amusement for authoritarians, especially in court.

I hear tell that many who are no longer amused are now learning the many uses of encryption.  Thus the list.  

(end of my comments)
    ..
Blanc





From lmccarth at cs.umass.edu  Wed Feb 21 23:47:51 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 21 Feb 96 23:47:51 PST
Subject: Internet shutdown Feb 29?
In-Reply-To: <2.2.32.19960222070058.0067c96c@204.248.40.2>
Message-ID: <199602220747.CAA16381@thor.cs.umass.edu>


David E. Smith forwarded:
[...]
>  Please assist us in alerting the
>  public of the upcoming Internet cleaning by posting this message where
>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

Batten down the hatches, mateys, this one's gonna be drenching us for the next
week....




From jimbell at pacifier.com  Wed Feb 21 23:50:07 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 21 Feb 96 23:50:07 PST
Subject: Easy Nuclear Detonator
Message-ID: 


At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
>On Mon, 19 Feb 1996, Brian Davis wrote:
>
>> On Mon, 19 Feb 1996, jim bell wrote:
>> 
>> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> > to me.
^^^^^^^^^^^^^^^^^^ > 
>>   ^^^^^^
>> 
>> No shit.
>
>So, it would seem, is nuclear weapons design.

I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
some idea about the subject?


>> A hell of a lot easier, I'm sure!  Multiple krytrons and coaxial capacitors 
>> is WAY too complicated.
>
>I've often wondered why not one circuit and all in series. If you had
>enough juice to fire them all, the exploding wire forms a conductive
>plasma to maintain the circuit. That, as I understand it, is what makes
>them so effective. Is it just a power limitation, or would it be
>impossible to match up the resistances between the wires well enough to
>get the proper timing?

It's probably a partly practical consideration.  For a given (reasonable) 
size of wire, it's going to take a certain amount of current to explode it 
sufficiently rapidly, and that translates into an approximate voltage.  For 
argument's sake, assume that the voltage necessary is 5000 volts.  (I don't 
know what the "real" number is...)  Capacitors of 5000 volts are reasonably 
easily "doable."  However, if you try to hook all those wires together, and 
if you have a couple of dozen trigger locations, that works out to 125,000 
volts total, which is a rather impractically high voltage for "routine" use. 
(to say nothing of the ability to SWITCH such high voltages).   I suspect 
that "parts availability" drives nuclear detonators just as it does most 
more innocuous electronics. 'course, their budgets are a lot higher!

In addition (and this is probably at least as important a reason, if not 
more so),  if you put multiple wires in series, while the current through 
them is equal, the voltage across each one may vary.  Thus, the energy put 
into each wire will also vary, and those where the voltage is higher get 
more power, and get hotter, and higher resistance, and more voltage, and 
more power, etc.

In other words, it's an unstable equilibrium, and this would almost 
certainly lead to a situation where some some triggers happened 
substantially later than the others.  Putting them all in PARALLEL would 
avoid this, sorta, but that has its own problems.

>> That's right, the "lenses" would still be necessary. I'm not clear on what 
>> kind of "transformer" they use to efficiently couple the blast energy into 
>> the dense plutonium;  I would guess that it would be the shock-wave 
>> equivalent of an "anti-reflection coating," which might require a material 
>> with the geometric mean of the mechanical impedance between the detonating 
>> explosive and the plutonium. 
>
>Well, there is a spacer or air gap between the core and "hammer" but
>I've never read what the hammer is made of. This part could be
>simulated in one dimension, and an optimization function used to find
>the best density. 

A few weeks ago, I downloaded a GIF of the H-bomb, and it shows an element 
which it referred to as a "shock absorber" (at the appropriate location)and 
identified the material as graphite.  Graphite is very stiff; a high modulus 
of elasticity (Young's modulus).  But it isn't very dense.  I would imagine 
that the velocity of sound in graphite is about as high as you can get in a 
solid material.  I haven't done any math to determine how effective a match 
this would be, but maybe it doesn't really matter.

Oh, one more thing.  What the lay person (or even the person who THINKS he 
"knows it all", as opposed to US, who do.  !) doesn't realize about bomb
design 
is that the "highest tech" bombs are not the largest, but are in fact the 
SMALLEST bombs.  Chances are good that a Hiroshima-sized bomb was just about 
the smallest that was technically do-able in the 1940's.   I would imagine 
that most of the work that has gone into bomb design in the last 30 years 
has been the technology to develop smaller (LESS explosive power) bombs,  
aside from making them physically small enough to fit in a launch bus.

I forgot about the beryllium.  Beryllium, I understand, is described as a 
"neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
but if you're trying to make a bomb with the smallest amount of material at 
the primary's core it would help a great deal to have a neutron reflector.  
Presumably, it would be used to coat the inside of the "hammer."  If 
beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
with walls which were perfect mirrors, and "you" were invisible, you would 
see "forever" and the volume of space you were in would appear to be 
infinite), and you could make the core as small as you want.  (But it isn't, 
so the improvement effected by beryllium is limited.)

It might also help to make the "pit" hollow, but I don't know about that.  
This might assist in the mechanical impedance match, too.  If you could get 
the chemical implosion timed  "just right" you might be able to get away 
with using a really THIN layer of plutonium that crashes together at the 
core.  This might provide optimum densification because you would be able to 
accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
speeds, which would result in very effective density increases.

There is also supposed to be a beam trigger in modern bombs.  It ionizes
helium to 
form alphas, which are fired at beryllium targets which releases neutrons at 
"just the right time" to start the compacted core going at just the right 
time.  (More on this if you're interested...)


(BTW, keep in mind as you read what I'm writing that I've never had a nuke-E 
course, never talked to a bomb maker or anyone who ever talked to one (and 
probably never talked to anyone who talked to a person who talked to a 
bomb-maker, etc), have had zero access to classified information of any type 
(including non-nuclear).   So take what I'm saying with a grain of sodium 
chloride.  

Actually, I'm not particularly interested in bomb design anyway, so I really 
don't know why I started this thread?!?  


>Using high-density explosives (RDX/HMX based I would
>think) would provide a better 'impedance match'.

That's probably true, but it's still likely to be a very mismatched system.  
The density of plutonium is really high.  Now we know why computers were so 
important in the 1960's and 1970's to bomb design (and still are, I guess!): 
 Doing a quasi-3 dimensional simulation of the trigger is vastly cheaper 
than actually exploding a bomb, and you can get far more information from 
the simulation as well.  Probably the only reason they kept setting off real 
bombs was to ensure that their mathematics represented reality. (Well, also 
to test the reliability of "working" warheads...)

BTW, a few years ago I heard about a new explosive material, 
octanitrocubane.  If you are familiar with chemistry, you'll suspect from 
the name what it is:  A cube-shaped arrangement of eight carbon atoms, each 
connected to a nitro (NOT nitrate) group.  It has at least two things going 
for it:

1.  It is stoichiometric internal to the molecule.

2.  It has ENORMOUS ring strain, which translates into a dramatically 
greater detonation energy.    It is probably the current record-holder for 
carbon/nitrogen/hydrogen/oxygen explosives, by a long shot.

Its main disadvantage is predictable, if you know any organic chemistry:  It 
is an extremely difficult compound to synthesize, or at least to develop the 
synthesis for.  Thus, it is probably exceedingly expensive.  That means that 
for "ordinary" use, almost any common explosive is better.  This material is 
only going to be practical for the "highest-level" usages of explosives, and 
nuclear detonators are one of these.  Of course, since we're DISMANTLING 
bombs and not building them (at least as much as we used to!) then new 
technology to build bombs isn't  particularly useful.  I'm "sure" Los Alamos 
has probably simulated an octanitrocubane-triggered bomb, for curiosity's 
sake if nothing else.  


>Also, how do they keep the core at the exact center of the air gap?
>Thin wires or pins to hold it there? Or is the "gap" actually some
>Styrofoam-like low-density but rigid material?

The B-28 (?) H-bomb GIF identified this gap as being "vacuum," but we know 
there is no reason to have an actual vacuum there.  In fact, as I have read, 
plutonium "pits" get warm to the touch due to radioactive decay.  If it were 
REALLY put in a "vacuum" it would be so well insulated that it would get 
EXTREMELY hot before radiative cooling equilibrated the temperature.  Since 
air is 99.9% of the way to a perfect vacuum compared to a solid, air (in a 
foam) is plausible, like a harder version of styrofoam.  Plenty of such 
foams exist today.  And it's possible they augment and stabilize the 
position by embedding a few relatively thin carbon rods radially between the 
pit and the hammer.

>Interesting that in 'The Curve of Binding Energy' the author hinted at
>this as in "I can't be specific, but I can say this: if you drive a
>nail, do you put the hammer against the nail and push?" At that time,
>it (the air gap) was still classified. Now it's widely known.

After a while, things become obvious, don't they?

Even so, and even though my "mechanical engineering" background is weak, I 
find it hard to believe that modern technology can't provide some sort of 
"graded impedance" covering that acts like a broadband anti-reflection 
coating.  (the mechanical equivalent to the covering for the Stealth bomber 
and fighter plane.)   The main problem would have been simulating such a 
complex material on a computer, at least in the 1960's.  Something tells me 
they would have pursued this at least theoretically,  perhaps lacking 
anything else to do.

The real problem, it seems to me, is that to do this simulation would 
require a pressure-versus-density curve for plutonium up to nearly a million 
atmospheres.  This is, of course, hard to test, and that is one reason it 
would be useful to have deeper atomic physics background.  Perhaps 
physicists would have been able to estimate such a curve on theoretical grounds.


>In reading about this one gets the feeling that bomb design is as much
>art as science, and that if a reasonably sharp person had the
>opportunity to experiment, with real explosives but not necessarily
>real plutonium, they would get the hang of it after a while.

That's exactly what computer simulation is intended to avoid the need for.  
I'm sure instrumentation is a real headache for the testers.

>Alternatively, a Nuclear Bomb Construction Kit - a freeware program
>that helps you to accurately design and play with simulated bombs -
>would be a very interesting political experiment. Combine this with a
>searchable database of available information on the subject. There must
>be lots of publicly available information that, combined and made
>searchable, would be of considerable help to the prospective
>bomb-maker. That would make one hell of a thesis for someone, if
>nothing else.

But not for me.  I have no "nuke E" credentials, and don't enjoy 
programming, and I'm busily working on my "Assassination Politics" debate.  
(which, incidentally, will (I believe) force the dismantling of all nuclear 
weapons in the world, if you've followed the debate, as well as eliminating 
all wars and militaries and governments.  Tell me, who do you think will win?)


>> You're pretty sharp; the version I've read is that amines (substituted 
>> ammonia, but possibly ammonia as well) makes nitromethane 
>> supersonic-rifle-bullet sensitive, but just barely.  Haven't tried this, 
>> however.  I would imagine that a blasting cap would set off pure 
>> nitromethane with no amine contamination at all.
>
>Let's see: Nitromethane and sawdust gives you a medium-power explosive
>that requires a compound detonator. 

Why put it in sawdust?  The only reason I can think of is to keep it from 
flowing like a liquid.  Nitromethane is "oxygen-poor" to start out with.

>Nitromethane with ammonium nitrate
>gives you "a direct substitute for TNT" which can be set off with a
>blasting cap.

Easily.  And even better, ammonium nitrate is "oxygen rich" so tht you can 
get efficient use of the nitromethane.  A 2-1 mixture by weight (AN, 2,
nitromethane, 
1) is stoichiometric, as I recall.  They are not miscible in all 
proportions, however, so you'd have to settle for a finely-powdered slurry.

That's why I specified a HOMOGENOUS liquid as the tube-filler.  At least 
that way you know it's a consistent mix, as opposed to a slurry which would 
settle.


>) The liquid if sensitized can be detonated with a blasting
>cap but a compound detonator produces higher velocity. They claim that
>nitromethane won't detonate in its pure state,

I doubt this.  I'll test it, however, within the next year or so.

> but if sensitized is more powerful than TNT.

That wouldn't be surprising.  TNT is EXTRAORDINARILY 'oxygen-poor.'  It's 
about as far as you get from being an "efficient" explosive. 

>Nitromethane is used for racing fuel and other high-volume purposes,
>and must be transported in tanker-truck quantities. If someone wanted
>to make a very large conventional bomb quickly, such a truck is about
>as close as you get to a ready-made bomb. It could be ready within
>hours after the truck was hijacked.

Hours?  Aw, C'mon!  Minutes!  Maybe even 60 seconds.   The biggest 
impediment is figuring out how to open the tank, but even that could be 
avoided by drilling through the wall with a self-sealing "screw" assembly, 
one that would drain a bit of liquid into a detonator channel...    These 
tankers are probably usually made either of aluminum or stainless steel, and 
they could probably be pierced comparatively easily with a screw or a 
pointed  probe, or even a drill arranged to seal after the flukes had 
pierced. (Makita's are REALLY useful!) Drilling aluminum is easy; drilling 
stainless steel's normally a bitch because it work-hardens, but you're not 
looking for a pretty result so you'd just design with a nicely-sharpened 
carbide tip (a little work with a masonry bit and a sacrificial grinding 
wheel will work wonders) and be prepared for anything up to and including 
tool steel.  The hole would only have to be 1/8" or even smaller (or maybe 
not even necessary, triggering through the wall is certainly possible, too, 
but it would require more than a lowly cap.) and you can apply enormous 
forces to a short drill bit.

>
>If you had more time to kill, so to speak, mix it with a larger
>quantity of ammonium nitrate to get a lot more bang for your buck.

I don't think it would be worth it.  If the tanker was full, you'd merely be 
replacing one fair explosive with another, and it would take a lot of work 
to grind up the AN and mix it with the contents of the tank.   You'd be 
wasting time, risking the operation of an anti-highjacking alarm system,  
and risking detection and leaving evidence of intent.  Just highjacking the 
truck, later followed  by a huge explosion, would "leave 'em guessing" about 
what really happened.

I guess the world is fortunate I'm not into this sorta stuff, huh?!?


>> > I'm not sure what the
>> >minimum cross-sectional area is for a proper detonation.
>> 
>> That's a good question; I really don't know.  It ought to be rather low for 
>> a liquid explosive, but when the opportunity presents itself I'll do my own 
>> experiments.
>
>What would be the simplest way to compare relative arrival times
>between two tubes? Since the result of an explosion is a plasma,
>electrodes placed in the tube at the far end should become conductive
>as the wave reaches them. So a dual channel oscilloscope, with the
>sweep triggered as the cap is detonated, should be able to compare the
>propagation through two tubes detonated by the same cap.

Me, I'd do it digitally.  Set up a master 100 MHz clock, for 10 nsec time 
resolution, feed it to a master counter made up of modern 74ACXXX 
synchronous counters, then take the count chain and buffer it into a bus 
connected to a slew of edge-triggered latches, with appropriate amplifiers 
and  extra circuitry to guard against double-clocking.  You could connect up 
as many latches as you wanted, fed from various points in a triggered 
system.  ("fanout limited," but then again, multiple buffering is easy to 
do, as well.)   "All" the data could be taken in one shot, maybe.  Dozens or 
even hundreds of locations.

I'd test simultaneity after multiple long lenths of parallel fine tubing, 
variations in velocity with diameter, effect of curvature, everything.  One 
"bang" and I'm done.  It would be easy to measure the detonation velocities 
of the "lens" explosives as well, probably to well under 0.1% accuracy.  (I 
wonder if nitromethane could act as one of them?!? Would it dissolve or 
weaken a solid explosive?  Can a solid explosive with a "compatible" 
detonation velocity be found?)

I only have a fair background in optics, but since the principle of the 
lensing effect is general it should be easy to figure out what the shape of 
the lenses would be.  Casting the lenses is probably the technique I'd use, 
since surprisingly enough most nitrated organic explosives will melt long 
before they might be inclined to explode.  TNT, for instance, has long been 
poured as a liquid into artillery shells, melted in steam-jacketed kettles.

At least four molds would be necessary:  Pentagonal and hexagonal versions 
of the inner and outer explosive.

>> Again, that's a matter I'm unsure of.  Part of the reason I specifi
ed THIN 
>> tubing is so it "appears" to be linear, from a detonation-velocity point of 
>> view.  All of this should be easily measureable, however.  I'd probably 
also 
>> want to measure the relative velocity in two different-sized tubes, to find 
>> out if there is a significant difference that could be exploited or avoided.
>
>This would be fun to play with, and the kind of thing the government
>would not like to see written up. Measure the speed versus tube
>diameter and radius of curvature. If radius has a significant effect,
>things get complex.

True, but I suspect that the variation is going to be smaller than is 
significant, or at least it can be measured and compensated for.  Chances 
are that "military-grade" accuracies are straightforwardly possible.

BTW, feel free to keep and forward this note to anyone you feel would be 
interested in this information.  I'd appreciate getting confirmation or 
corrections, for curiosity's sake if nothing else.


Jim Bell
jimbell at pacifier.com






From erc at dal1820.computek.net  Thu Feb 22 00:06:27 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Thu, 22 Feb 96 00:06:27 PST
Subject: A Challenge (perhaps!)
In-Reply-To: <2@illumini.demon.co.uk>
Message-ID: 


On Wed, 21 Feb 1996, KarL MarX wrote:

> The application is written in Visual Basic and I could probably get a copy
> of the compiled (well VB is actually interpreted, but that's neither here or
> there) .EXE file....

It would be much more useful to see the actual source code...
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From roy at sendai.cybrspc.mn.org  Thu Feb 22 00:11:42 1996
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 22 Feb 96 00:11:42 PST
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <960222.004814.8i7.rnr.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales at cyberstation.net writes:

> Who said that we are expanding OTP's -

I believe you did, when you stated that your "OTP" (and I am only using
"OTP" in this case to point up your misusage of the term, and not to
claim that what you are doing is any such thing) is used to seed your
"RNG" (another misnomer).

> we are using them to drive RNG's
> please read my mail back and forth with Derek and Roy Silvernail,

Do remember that the majority of my mail has not been copied to the
list.

> I belive that both of then recognize that an extremely large key, 2
> to some large number, let us say for the time being 2 to 12288 bits
> can be derived from a OTP when generated-

Not a chance, slick.  A One-Time Pad is well defined within the art, and
your PRNG system is no such thing.  I will thank you to not postulate
what I may or may not recognize.
- -- 
Roy M. Silvernail --  roy at cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSwTVhvikii9febJAQEtpgP+MqcESnrisA8tYT+GulGamEhMIa9gTKAn
Dc1ylyG4pgMRW+osZnnBJcWeZq8Yx7aTzteTmkNYmpXZP9liVaySSOVce36ORG4X
BnRO2OGLI3JD8ssgMbifxbZay/00bDdCuMthGnXA+xKAW27p9i9tHLrPIyJhdjZa
Jd3rHWCqwCc=
=Cx0p
-----END PGP SIGNATURE-----





From ghudson at mit.edu  Thu Feb 22 00:13:00 1996
From: ghudson at mit.edu (Greg Hudson)
Date: Thu, 22 Feb 96 00:13:00 PST
Subject: Internet shutdown Feb 29?
Message-ID: <199602220812.DAA08705@glacier.MIT.EDU>


> This looks completely, totally, and insanely bogus, but I need some
> kind of verification for this bizarre little piece of mail that
> somehow ended up in my mailbox.

If you really need verification, there's no one with the last name of
"Dereksen" on MIT's directory (which lists students and staff; "finger
dereksen at mit.edu"), and there's certainly no departments at MIT called
the "Main branch" or "Interconnected Network Maintenance staff".

At least this one is funny.  I particular like the beginning: "It's
that time again!"






From jimbell at pacifier.com  Thu Feb 22 00:28:16 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 22 Feb 96 00:28:16 PST
Subject: Assassination Poltics 8:  Asahi article
Message-ID: 


"Assassination Politics" Part 8

The following article appeared in the Sunday, February 4, 1996 issue of 
Asahi Evening News, in an article written by columnist Paul Maxwell, page 6. 
He writes a regular column about the Internet for this newspaper.

"Networks:  Paul Maxwell"

"Dial Internet for murder"

'The first thing we do, let's kill all the lawyers."  (Shakespeare, Henry VI).

A startling and controversial idea has surfaced on the Internet 
recently--fear with me for a moment while I explain it.  It is based on two 
technological developments:  digital cash and encryption software.

Briefly, digital cash is a system for transferring funds from one person to 
another on the Net.  For this system to be as good as cash, the transactions 
must be capable of being conducted anonymously, just like in real life.  
(You go into the Seven-Eleven, buy a Cafe Latte, and nobody knows your name 
or your credit history.  The purchase is not recorded in a database of your 
consumer preferences.)

Several competing schemes for digital cash have been launched,  but the one 
that eventually gains universal acceptance will surely have this anonymity 
feature.

The second innovation is a kind of software called public-key encryption.  
It allows you to send a file or an email message that is "locked" in such a 
way that it can only be opened by the intended recipient.  The recipient, 
however, cannot open it until given a "key."  This "key" may then be used to 
encrypt a return message that can only be opened by the original sender.

Freelance visionary and tinkerer Jim Bell has been following both of these 
developments for the past few years.  Recently, he asked himself a couple of 
tough questions:  "How can we translate the freedom afforded by the Internet 
to ordinary life?"  How can we keep government from banning encryption, 
digital cash, and other systems that will improve our freedom?"

Suddenly, Bell had a revolutionary idea.  ("Revolutionary" is the word he 
uses, and it fits.)  You and me--the little guys, the ordinary working 
people of the world--could get together, all pitch in, and pay to have every 
rotten scoundrel in politics assassinated.  And we could do it legally.  
Sort of.

Bell imagined an organization that would award "a cash prize to somebody who 
correctly 'predicted' the death of one of a list of violators of rights, 
usually either government employees, officeholders, or appointees.  It could 
ask for anonymous contributions from the public, and individuals would be 
able to send those contributions using digital cash."


He explains that "using modern methods of public-key encryption and 
anonymous digital cash, it would be possible to make such awards in such a 
way so that nobody knows who is getting awarded the money,  only that the 
award is being given.  Even the organization itself would have no 
information that could help the authorities find the 
person responsible for the prediction, let alone the one who caused the death."


Are you following this?  Let's say that we, the public, decide we've finally 
had enough of [insert name of villain].  Ten dollars from me, ten from 
you--suddenly there's a million dollars in a fund.  The money will go to the 
first person who can "predict" the date, time, and circumstances of the 
villain's death.  Obviously, this information is only known in advance by 
the assassin.

He sends an anonymous, "locked" message.  He kills the villain.  He sends 
the "key" to the message.  He has, without ever revealing his identity,  
"correctly predicted" the murder.  The "key" that he has provided is then 
used to "lock the award money in a file that is then publicly posted on the 
Internet.  Only the person who originated the key may open the file and 
claim the digital cash.

In other words, public anger could finance cash awards for assassinations.  
The organization that collected the money and announced a list of possible 
targets would never know about a crime in advance, and would never know the 
identity or whereabouts of a criminal.  It would not technically be guilty of 
conspiracy or complicity.

Jim Bell has thought about this a lot, and feels that the idea is 
technically feasible, practical, even foolproof.  Suppose for 
a moment he's right?  What are the implications?

World leaders live with the threat of assassination every day of their 
lives.  But at the local level, this could really have 
an impact.  And the "target" list wouldn't necessarily to politicians--any 
offensive public  personality would be fair game.  Picture yourself a year 
from now, sitting around with friends.   Somebody says, "Remember when Juice 
Newton got whacked?"   And you say, "Yeah--best ten bucks I ever spent."

Satisfying as it might be to declare war on asinine pop singers, Bell has a 
more civic-minded suggestion:  Let's kill all the car thieves.  He reasons 
that a very small number of career criminals are responsible for nearly all 
car thefts.  If one million car owners in a given metropolitan area 
contributed just four dollars a year, it would create $10,000 a day in 
"prize money" for the "predictor" of any car thief's death.

"Assuming that amount is far more than enough to get a typical car thief's 
'friends' to 'off' him," he writes, "there is simply no way that a 
substantial car-theft subculture could possibly be maintained."

Jim as high hopes for his plan--he thinks it could eventually lead to the 
end of political tyranny.  But if you don't like this idea, he has others.  
In a recent email exchange, I asked what he was doing now.

"I recommend that you rent the movie, "The Day the Earth Stood Still.," he 
answered.  "I'm working on a similar project."

[end of article]










From lmccarth at cs.umass.edu  Thu Feb 22 00:34:29 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Thu, 22 Feb 96 00:34:29 PST
Subject: mixmaster info?
In-Reply-To: <2.2.32.19960221110350.0067df28@arn.net>
Message-ID: <199602220834.DAA14797@thor.cs.umass.edu>


Dave Merriman writes:
> could someone point me at the 'specs' for Mixmaster remailers? 
> I'm after how messages are sliced, diced, repackaged, and shipped, etc.

http://www.obscura.com/~loki/remailer/remailer-essay.html

Funky things are apparently happening with the obscura DNS records etc. due to
some equipment moves Lance is doing, so you may or may not find this 
convenient to retrieve at the moment.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From adam at lighthouse.homeport.org  Wed Feb 21 08:38:24 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Thu, 22 Feb 1996 00:38:24 +0800
Subject: Patient medical files on Net
In-Reply-To: <9601208248.AA824855630@cc1.dttus.com>
Message-ID: <199602211521.KAA06043@homeport.org>


	When I was working in a reasearch lab at a large hospital, we
considered using SSL for protecting some non-anonymized patient
information.

	We decided against putting those records on the web for a
number of reasons.  First was a general distrust of the SSL protocol.
Versions 1 & 2 were designed by amatuer cryptographers, to protect
credit card numbers.  We considered patient records much more private
than that.  Next was the de facto 40 bit keysize of Netscape.  We
didn't want to try to teach surgeons the difference between the 40 bit
crypto in the free version & the 128 bit in the pay for version.  They
were already convinced that Netscape was unbreakable encryption.
(Fortunately, this was about 2 days before the random numbers got to
the front page of the New York Times, so they believe me now.)  The
last reason was becuase I fully expect web servers to become the
sendmails of the 90s.  Big, badly configured, and used as a means of
breaking into a server.  Once someone breaks into a web server, all
the encryption in the world won't help; those files need to be
decrypted so they can be sent out under SSL's arbitrary keys.

Adam

|      Some obvious proposals would be to use something like SSL to do server 
|      to workstation encryption.  I don't know what issues may exist such as 
|      the effort to install SSL, key management, and processing delays due 
|      to session keys and traffic encryption.  In addition, how could an 
|      on-call doctor access patient records through an ISP and maintain 
|      patient privacy.  An obvious issue (which I know have been discussed 
|      on this list) has to do with the trade-off between key size and 
|      privacy.
|      
|      Any other thoughts?
|      
|      Martin G. Diehl
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From weidai at eskimo.com  Thu Feb 22 00:39:41 1996
From: weidai at eskimo.com (Wei Dai)
Date: Thu, 22 Feb 96 00:39:41 PST
Subject: "and two forms of ID"
In-Reply-To: 
Message-ID: 


On Thu, 22 Feb 1996, Robert Hettinga wrote:

> >I'm sufficiently impressed with the arguments against name credentials
> >that Carl Ellison has made that I'm looking seriously into systems
> >that don't do any sort of conventional certificate binding at all...
> 
> ... and I bet, Wei Dai's contentions to the contrary, that they'll be
> *cheaper* to use than those which do certificate binding, all other things
> being equal.

You got my position completely backward on this.  I've always supported 
Carl's arguments in the past on this issue (for example see the tread 
"subjective names...").  You may be thinking of what I said about the 
cost of defeating traffic analysis.

The natural state of the Net seems to be a kind of semi-anonymity.  
Trying to push it in either direction (complete traceability or 
anonymity) is costly.

Wei Dai





From perry at piermont.com  Wed Feb 21 08:40:14 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 00:40:14 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: <199602211522.KAA09387@jekyll.piermont.com>



Mike McNally writes:
> 
> IPG Sales writes:
>  > We do not keep copies, we would not be in business 30 days if 
>  > we did.
> 
> How do you ensure that the keys are not intercepted, duplicated by a
> man-in-the-middle, and forwarded?

Besides, how do we KNOW they don't keep the keys? Other than their
vigorous protestations, of course -- and even were they paragons of
virtue instead of being about as slimey as they come it wouldn't be
acceptable.

Any system in which a third, untrusted party generates your keys for
you is, plain and simple, totally unacceptable. Period. I cannot
conceive of the circumstances under which I would allow a client to
use such a system if they had anything more important to protect than
their grocery list.

Perry





From alano at teleport.com  Thu Feb 22 00:56:25 1996
From: alano at teleport.com (Alan Olsen)
Date: Thu, 22 Feb 96 00:56:25 PST
Subject: IPG hoax?
Message-ID: <2.2.32.19960222085605.008bff38@mail.teleport.com>


At 12:32 PM 2/21/96 -0800, Wink Junior wrote:

>I must admit that after the first day I've been wondering if this whole
>IPG thing isn't some kind of deep troll or early April Fool's joke.  

It is part of the "Trolling Cryptographers Protocol Internet Protocol".  The
"TCP/IP" is a secret government project to keep cryptographers busy by
posting trolls to various newsgroups where they hang out.  (Sometimes they
cross post to various groups using the same technique.  This is known as a
"Troll Bridge".)  It is a followup to the evil and ancient "Asyncronous
Protocols of the Elders of Zion. (Also known as IPv1.) The next upcoming
plot is when they Imminatize the Eschaton with the most evil plot of all...
IPv666!  (Thankfully it only works under Windows 95 so far.)
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From fletch at ain.bls.com  Wed Feb 21 08:58:30 1996
From: fletch at ain.bls.com (Mike Fletcher)
Date: Thu, 22 Feb 1996 00:58:30 +0800
Subject: Public Access Obsolete. Capitalism offers free email
In-Reply-To: <199602210325.WAA12218@thor.cs.umass.edu>
Message-ID: <9602211527.AA29311@outland>


> Nobody writes:
> > It might be a cheap safe way to set up a remailer too...
> 
> I'd be (very pleasantly) surprised if they will let you run code on the free
> email account. After all, if you could, you could install a filter like 
> procmail and automatically trash most of the junk mail :}

	Who says the code has to run on their machine.  Just forward
all incoming mail off to another box, and send all the outgoing mail out
from the free account.  Depending of course on whether it's some sort
of shell account or if you POP/SMTP to their box.

	Just an idea.

---
Fletch                                                     __`'/|
fletch at ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------







From dan at milliways.org  Wed Feb 21 09:10:07 1996
From: dan at milliways.org (Dan Bailey)
Date: Thu, 22 Feb 1996 01:10:07 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602211534.KAA02195@remus.ultranet.com>


Perhaps you should apply for an export license for your software.  I'm
sure that the ability to use your system across national borders fits
nicely within your marketing strategy.  To do so, you simply submit
your product to the U.S. National Security Agency, and submit a
Commodity Jurisdiction application to the State Department.  After the
NSA evaluates its security, you'll be able to sell your product
overseas.  Please see pages 610-618 of Applied Cryptography, Second
Edition for general information on the process.
	By the way, you might note that Cypherpunks is only a mailing list,
there is no way to get the signed consent of everyone on the list to
agree to anything, much less formal rules of a contest.  My suggestion
is to post the OTP-expansion algorithm to sci.crypt.  It's really in
all of our best interests to have the greatest number of people
examining your product.  Think of the publicity it will generate. 
Your work will remain protected with whatever patents or copyrights
you have applied for.  This approach is nothing new, RC2 and RC4 were
both posted to sci.crypt.  Both are in wider use today because of it. 
Both algorithms stood up to many people's tight scrutiny.  I think
your algorithm should be given the chance to do the same.
						Dan

**************************************************************************
Support your local info-calypse				 dan at milliways.org
"The Internet cannot be regulated.  It's not that laws aren't relevant, 
     it's that the nation state is not relevant." Nicholas Negroponte, 1996
       The Cypherpunks: Civil liberties through complex mathematics.
**************************************************************************






From olbon at dynetics.com  Wed Feb 21 09:20:38 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Thu, 22 Feb 1996 01:20:38 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 10:08 PM 2/20/96, IPG Sales wrote:

>Unlike Mr. Silvernail, we have a much simplier definition of what we mean
>by a one time pad - given a message/file of length N, where N is a finite
>practical number say less than 10 to the 1000th power, that the encrypted
>ciphertext can be any of the N to the 256th power possibile clear/plain
>text messages/files.  To prove that the IPG system does not work, all you
>have to do is to prove that is not the case - that our system, without
>artifically imposed boundary conditions will generate a subset of those
>possibilities  - that is simple and strsight forward - not
>hyperbole but action - everyone stated how simple it was to break the system,
>now everyone is back paddling aa fast as they can, like Mr. Metzger and
>some of the other big bad cyphermouths.

PROOF:

        Given that N is the length of the message in bits. The number of
possible combinations of bits is 2^N.  For any message length N > 1,
2^N < N^256.  Simple example.  Message length is 3 bits.  The maximum
number of possible combinations of these bits is 8.  This is far less than
3^256 (which is more than 10^100, i.e. it overflows the calculator on my
Mac).  Sorry guys.  Try learning some simple math before you try and sell
crypto.

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From perry at piermont.com  Wed Feb 21 09:22:57 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 01:22:57 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211534.KAA02195@remus.ultranet.com>
Message-ID: <199602211545.KAA09477@jekyll.piermont.com>



Dan Bailey writes:
> My suggestion
> is to post the OTP-expansion algorithm to sci.crypt.

Call it what it is -- a pseudo-random number generator, at best. As
you likely know (but the IPG folks don't seem to care) you can't
"expand" a one time pad. One time means ONE TIME. Look at how the NSA
broke the Venona intercepts of of even two-time use of keying material.

Perry





From perry at piermont.com  Wed Feb 21 09:34:59 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 01:34:59 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602211553.KAA09492@jekyll.piermont.com>



IPG Sales writes:
[garbage about what a one time pad is]

Er, you guys redefine the word "Oxygen" to mean "A brown liquid
produced by fermenting barley and hops", too?

A one time pad crypto system requires that the length of the
completely random key (not "practically random", not "nearly random")
is equal to the length of the plaintext, and that which said key is
used once and *only once*. Using a key to produce a pseudo-random
sequence which is used to encrypt is *NOT* a one-time pad, and any
claim that it is constitutes fraud, pure and simple, just like a claim
that sugar water pills are antibiotics or that drops of red dye in a
mixture of grain alchohol and water are French red wine.

> this is also my answer to Mr. Metzger - do as you like, I have
> absolutely no ability to force you to do anything,

Of course not. However, I'll point out that you've annoyed me by
peddling merchandise that can potentially harm your clients and bring
a bad name to the field of cryptography.  People do have the ability
to go to your state's Attorney General, you know. Keep marketing this
crap and believe me, someone will -- very possibly even me. I am
almost sure that defrauding customers continues to be against the law
everywhere in the United States.

Perry





From roy at sendai.cybrspc.mn.org  Wed Feb 21 09:39:33 1996
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 22 Feb 1996 01:39:33 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <960221.070612.7F0.rnr.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales at cyberstation.net writes:

> Unlike Mr. Silvernail, we have a much simplier definition of what we mean 
> by a one time pad

First of all, I note to the list that I have exchanged some email with
IPGsales, whence this reference comes.  I had hoped there would be
enough integrity in IPGsales that sie would note the difference between
private mail and mail to the list.

The gist of my mail has been that IPGsales likes to redefine accepted
terms of art to their own benefit.  I didn't (and don't) define what a
one time pad is.  I simply noted that PRNG-based systems are not one time
pads, and asked that IPGsales refrain from mislabeling their system as
such.

> I do not want to argue semantics with Mr. Silvernail, or Mr. Metzger - 
> they have an opinion - that does not prove them right - they are entitled 
> to their opinion - but they would rather castigate us out of hand than 
> prove us wrong -

Any castigation I offered was far from "out of hand".  IPGsales is
promoting a system using plainly incorrect terminology.  IMHO, this
choice of terminology speaks volumes about the crypto expertise (or lack
thereof) they have brought to the table.

> they want to talk, talk, talk but not do anything. It is
> obviously that both are dodging the issue, by taking their own narrow 
> minded view of what is and is not the truth  - both are all talk but no 
> action - a lot of bull and arbitrary  posturing, but that is all itis, pure 
> unadultarated bull - .

Consider it, then, a response in kind to your own unadulterated bull.

> I believe that since Mr. Silvernail and Mr. Metzger have
> exluded themselves, that Derek, Inccarth and Adam do have that 
> intellectual honesty to tell the truth - is that weighted too much in 
> IPGs favor.

I'll guess here that my refusal to accept IPGsales' new definitions for
accepted terms has been taken as 'excluding myself'.  So be it.  Perhaps
IPGsales is miffed that I said I would advise my clients against their
product.

> What can be more fair than that, you own members can be the entire 
> judging committee - are you afraid of the truth - if you cannot accept 
> that you are. Tthat could be your only real reason fornot  facing it. I 
> believe that many of you are now backtracfking because you are afraid of 
> the truth - we invite whatever number you might choose to try - if some 
> subset of Cyberpunks break the system, then they can publish everything -

(can anyone else parse this?)  BTW, this ain't alt.cyberpunk.  More
problems with terminology?

I don't have to break the IPG system.  It was born broken.  I am not
about to trust my key generation to people who can't even get basic
technical terms correct, much less trust them not to send copies of the
keys offsite to the NSA^H^H^H^H^H^H^H^H^H^H^H for disposal.  (recall that
IPGsales said no copies of the keys were retained _by them_)

Snake oil is only good if you have a squeaky snake.
- -- 
Roy M. Silvernail, writing from roy at cybrspc.mn.org
"Ah, man.. you hit the nails right on the heads there.  However, I think
you drove them right into your own forehead."
        -- datsun at wasteland.spam.org (Datsun Q. Wanderer)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSsdlhvikii9febJAQEXIwP/bEIyYaP8/meDg5Hdlg48vDlubHRVPJOL
q88FrEdbu/EQa+WFcDmAwPRxg1M5BWGVgerFG+mYZnguPDr/qZ2vMEbuAzjhe4M2
iNdtE6C+JvrZfnRWDnGDywIrRXf9BYmWAZgkj2T4inP7thANcF8El0attCe7553M
xC4lXeDLtaA=
=xZEt
-----END PGP SIGNATURE-----





From lmccarth at cs.umass.edu  Wed Feb 21 09:42:01 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Thu, 22 Feb 1996 01:42:01 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602211610.LAA14937@opine.cs.umass.edu>


Clay writes:
>         Given that N is the length of the message in bits. The number of
> possible combinations of bits is 2^N.  For any message length N > 1,
> 2^N < N^256.  

Uh, nope. 2^N grows asymptotically faster than N^256. Actually, for any 
constants A and B, A^N grows asymptotically faster than N^B. For A=2, B=256,
the crossover happens somewhere before N=4096. 
2^4096 = 2^(16*256) > 2^(12*256) = (2^12)^256 = (4096)^256

If the IPG people are using N=5600 (weird choice) then certainly 
2^5600 > 5600^256, for what little that's worth.

(Ah, my computer science B.S. pays off ;)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From mark at evol.resnet.jmu.edu  Wed Feb 21 10:36:58 1996
From: mark at evol.resnet.jmu.edu (Mark Cornick)
Date: Thu, 22 Feb 1996 02:36:58 +0800
Subject: Public Access Obsolete. Capitalism offers free email
In-Reply-To: <9602211527.AA29311@outland>
Message-ID: <199602211728.MAA13068@evol.resnet.jmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> > > It might be a cheap safe way to set up a remailer too...
> > 
> > I'd be (very pleasantly) surprised if they will let you run code on the free
> > email account. After all, if you could, you could install a filter like 
> > procmail and automatically trash most of the junk mail :}
> 
> 	Who says the code has to run on their machine.  Just forward
> all incoming mail off to another box, and send all the outgoing mail out
> from the free account.  Depending of course on whether it's some sort
> of shell account or if you POP/SMTP to their box.

Although I haven't looked into this at all, somehow I can see them
requiring some sort of proprietary mailreader that *won't* let you
delete the ads without reading them (and probably not standards-based
either, so you couldn't replace it with something that would let you
skip the ads.)

Foo. You get what you pay for.

- --mark

Mark S. Cornick                      mailto:mark at evol.resnet.jmu.edu
Harrisonburg, VA                   http://evol.resnet.jmu.edu/~mark/
(for not much longer, though)         pgp key 84F8C8AD on keyservers
                                    or mail w/ subject "get pgp-key"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMStWNQJ9CGSE+MitAQE/igP+N+N8bVMw/B+5ZqaYzrAZ4qpicCaHw3aM
+luk5/JQtPxFZ64dUMoSJOS2sSw/VIfI2KCL++UcB0+y0Mzv+LlMZsbHwkZjmUXH
2F1HiFvTql+U4rfGWVO7C/lOXQn1jENbesG7zrRkhPeruoKPr5Wjiec1rm3s4s9t
nUu3txVQnfY=
=JVFc
-----END PGP SIGNATURE-----





From anonymous-remailer at shell.portal.com  Wed Feb 21 10:37:53 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Thu, 22 Feb 1996 02:37:53 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602211728.JAA28234@jobe.shell.portal.com>


> Unlike Mr. Silvernail, we have a much simplier definition of what we mean
> by a one time pad - given a message/file of length N, where N is a finite 
> practical number say less than 10 to the 1000th power, that the encrypted 
> ciphertext can be any of the N to the 256th power possibile clear/plain 
> text messages/files.  To prove that the IPG system does not work, all you 
> have to do is to prove that is not the case - that our system, without 
> artifically imposed boundary conditions will generate a subset of those 
> possibilities  - that is simple and strsight forward - not 
> hyperbole but action - everyone stated how simple it was to break the system,
> now everyone is back paddling aa fast as they can, like Mr. Metzger and some of the other big bad cyphermouths. 

We can be generous and characterize this as a typo.  If N is the length
in bytes, then the number of possible such messages is of course 256 to
the Nth power, not N to the 256th power as the message says.  For N=1,
for example, 256 to the Nth is 256, while N to the 256th is 1, and of
course there are 256 possible one-byte messages, not 1.

The wording is a little unclear, so let me offer this proposed
clarification, and see if IPG would agree.  It is a slight rewording of
what they wrote but I think means the same as what they said:

> Given a ciphertext of length N bytes, where N is less than 10 to the
> 1000th power, the corresponding plaintext can be any of the 256 to the
> Nth power possible plaintext messages of length N bytes.

I haven't followed the IPG discussion, but if their cipher actually does
satisfy this criterion it would be at least pretty close to a one-time
pad.

One definition of a OTP is that the output tells you nothing about the
input (except its length).  For any given output, all possible input
messages of that length are equally possible.

The definition proposed by IPG is similar to this; they say that for a
given output, the input could be any message of that length (at least, I
think that is what they are saying).  To be really as strong as a OTP
they should further have it that all these possible inputs are equally
probable.  However I suspect that if they can actually arrange that all
inputs are possible, then they will actually be equiprobable.

It follows from their definition that for a given plaintext message,
all possible cyphertexts of that length might result.  (Because if there
was some ciphertext that didn't result from a given plaintext, then for
that ciphertet message it would not be the case that the plaintext might
be any of the 256 to the Nth possibilities; it could not be that one.)

One thing I don't quite understand is whether keys are in fact reused
from message to message.  If the system is capable of encrypting, say, a
2K byte message such that all possible 2K byte cyphertexts might result,
then it should be capable of encrypting two 1K byte messages such that
the outputs are unrelated even if the inputs are the same.  So I don't
see why a system capable of satisfying the definition above would reuse
keys.

Can we agree that if the IPG system meets the definition they offered
(as clarified here) it would be as good as a OTP?





From jya at pipeline.com  Wed Feb 21 11:04:33 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 03:04:33 +0800
Subject: OECD Canberra Papers
Message-ID: <199602211800.NAA21640@pipe1.nyc.pipeline.com>


Papers from the Australian/OECD Conference in Canberra are 
starting to appear, though none are specifically identified as 
coming from the restricted Group of Experts meeting on February 
9:

     
_________________________________________________________________

   

    http://www.nla.gov.au/gii/papers.html


   Joint Australian/OECD Conference on
   Security, Privacy and Intellectual Property Protection in 
the Global
   Information Infrastructure
   Canberra, 7 - 8 February 1996

     
_________________________________________________________________



The one by Shane Simpson thoughtfully examines the way 
technology is affecting the sharing of information once 
considered to be proprietary or secret or private. Among other 
topics, it also explores the release of government information, 
prying by Big Bro in the "public interest" and other 
long-standing practices being re-shaped by technology. Some 
mention of the spread of cryptography and the consequent power 
disputes.

     
_________________________________________________________________

   

     http://www.nla.gov.au/gii/simpson.html

   
    Managing Risks in the Global Information Infrastructure
  
    Professor Shane Simpson
    
   Founder and Director, Technology Risk Management Centre,
   Faculty of Law, University of Wollongong
   






From olbon at dynetics.com  Wed Feb 21 11:05:46 1996
From: olbon at dynetics.com (Clay Olbon II)
Date: Thu, 22 Feb 1996 03:05:46 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: 


At 11:10 AM 2/21/96, lmccarth at cs.umass.edu wrote:
>Clay writes:
>>         Given that N is the length of the message in bits. The number of
>> possible combinations of bits is 2^N.  For any message length N > 1,
>> 2^N < N^256.
>
>Uh, nope. 2^N grows asymptotically faster than N^256. Actually, for any
>constants A and B, A^N grows asymptotically faster than N^B. For A=2, B=256,
>the crossover happens somewhere before N=4096.
>2^4096 = 2^(16*256) > 2^(12*256) = (2^12)^256 = (4096)^256
>
>If the IPG people are using N=5600 (weird choice) then certainly
>2^5600 > 5600^256, for what little that's worth.
>
>(Ah, my computer science B.S. pays off ;)
>
>-Lewis  "You're always disappointed, nothing seems to keep you high -- drive
>        your bargains, push your papers, win your medals, fuck your strangers;
>        don't it leave you on the empty side ?"  (Joni Mitchell, 1972)

Oops.  Thanks for pointing this out.  I should probably just shut up about
this, but snake-oil salesmen really get under my skin.  Of course, being
wrong hasn't kept me from opening my mouth in the past so ...

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon at dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------







From pmonta at qualcomm.com  Wed Feb 21 11:40:33 1996
From: pmonta at qualcomm.com (Peter Monta)
Date: Thu, 22 Feb 1996 03:40:33 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602211851.KAA13160@mage.qualcomm.com>


> > [ IPG Sales ]
> >
> >... any of the N to the 256th power possibile clear/plain text
> >messages/files.

Excuse me?  256^N.

> [ Clay Olbon ]
> PROOF:
> 
> For any message length N > 1, 2^N < N^256.

Excuse me?  2^N is not O(N^k).

Cypherpunks used to be a place where I could fairly reliably see
high-SNR commentary from real cryptographers/number theorists.
Now we have the blind replying to the blind's obfuscatory
nonsense, and the useful posts take some effort to find.

> Try learning some simple math before you try and sell crypto.

Surely it's not a requirement these days.

Peter Monta   pmonta at qualcomm.com
Qualcomm, Inc./Globalstar







From iang at cs.berkeley.edu  Wed Feb 21 11:50:20 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Thu, 22 Feb 1996 03:50:20 +0800
Subject: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <312B66B0.3A8B3AD1@cs.berkeley.edu>


Mike Rose wrote:
> 
> >>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M."  said:
> 
> >On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> >>Changing the email address known to netscape doesn't help.  Your email
> >>address is in the message sent, regardless of what netscape thinks
> >>your identity is.
> 
> >I'm not sure I understand what you are saying.  The Javascript program
> >uses Netscape to send the e-mail.  The only way Netscape knows your actual
> >e-mail address is if you tell Netscape what it is.
> 
> Netscape doesn't need to know your email address.  Your email address
> is put into the headers by sendmail.  Netscape will make a "from"
> header of what you claim in the "indentity" field, but your real
> address is also in the headers - "sender:" in mine.
> 
I was under the impression that netscape doesn't run sendmail at all;
it speaks SMTP directly.  In that case, changing your email adress
in the options should suffice.

However, if you do this, actually sending mail and news from netscape
will get messed up, won't it?

   - Ian





From jya at pipeline.com  Wed Feb 21 12:54:28 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 04:54:28 +0800
Subject: XON_rot
Message-ID: <199602211919.OAA05834@pipe4.nyc.pipeline.com>


   Computerworld, February 19, 1996:

   Internet Privacy: How far should federal regulation go?

   "Only The Force of Law Can Deter Pornographers." by Sen.
   Jim Exon

      Don't let opponents of CDA fool you: Nothing in it
      applies to constitutionally protected speech between
      consenting adults. Opponents forsake reason when they
      say they want to protect children from indecency,
      seduction and harassment but maintain that the
      overriding issue is freedom of access to anything by
      anybody. There is too much of the self-serving
      philosophy of the hands-off elite.

   "The 'Net Doesn't Need Thought Police." by Marc Rotenberg

      The U.S. is getting drawn into this craziness because
      religious zealots and their allies in Congress have
      decided they know what is good for us and our children.
      CDA gives federal investigators the right to comb
      through Web sites, newsgroup posts and even private
      electronic mail to find evidence of indecent speech. The
      bill even threatens the right to use privacy
      technologies, such as encryption, because the government
      now will have the right to open private E-mail if it
      suspects the message contains offensive language.

   XON_rot

   [Thanks to BC for these]







From moroni at scranton.com  Wed Feb 21 12:54:51 1996
From: moroni at scranton.com (Moroni)
Date: Thu, 22 Feb 1996 04:54:51 +0800
Subject: Credit card numbers
In-Reply-To: <312A4F73.12A8@cs.bonn.edu>
Message-ID: 


  Hi guys,
    Long time no post. Credit card numbers are determined by 
algorithmns.If s credit card number is no fitting to that algorithmn it 
is phoney. The only way that I know of to determine the validity of the 
card if a person has a copy of underground algorithmn generating software 
is to use the voice number and a store acct # for a purchase of say 
$50.00 or to go through the credit bureau.What I have wondered is if 
there is a way to determine a experation date from the credit card number.
                          Bye
                               moroni








On Tue, 20 Feb 1996, Jens Thiel wrote:

> Is there something like a checksum attached to Credit Card
> Numbers. Or better: Is there a way to determine for a given
> number N if
>   -this _might_ be a valid number
>   -this can't be a valid number
> 
> Thanx,
> Jens.
> -- 
> mailto:thielj at cs.bonn.edu
> Fax: +49 228 747246
> http://www.Bonn.CityNet.DE/people/jens
> 
> 





From llurch at networking.stanford.edu  Wed Feb 21 13:20:15 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 22 Feb 1996 05:20:15 +0800
Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: 
Message-ID: 


On Wed, 21 Feb 1996, Declan McCullagh wrote:

> You seem to be unduly critical of my report. *shrug* I don't expect
> everyone to agree with me, and I suppose I should be happy that you think
> I'm "95% right," whatever that means.

No, you shouldn't care what I think. You should care about being right. 

Which I think you are, at least 95% of the time. But calling for Chiluba's
ouster after a couple hours' reading is a little hasty IMO. I'd have
stopped at something like, "Chiluba again showed his lack of respect for
democratic institutions and the free press by censoring the newspaper
reproduced below. He has also been criticized by the US State Department
and Amnesty International, though Zambia's record is better than that of
many other Sub-Saharan African states, most notably Nigeria, Rwanda, and
Burundi (which you might consider small praise indeed)." 

He's no hero, but I'd reserve the "Get the hell out" rhetoric for complete
tyrants who kill people for fun, and tolerate no independent press at all. 
There's plenty of those around. You'll be taken more seriously (and I 
think you SHOULD be taken more seriously) if you don't overreact.

-rich





From jya at pipeline.com  Wed Feb 21 13:54:52 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 05:54:52 +0800
Subject: Schneier Attacks
Message-ID: <199602211940.OAA07616@pipe4.nyc.pipeline.com>


   Schneier says in a March SciAm brief on Kocher's timing
   attack: "In theory there are other attacks. You can measure
   power consumption or heat dissipation of a chip; timing is
   just one way."







From tcmay at got.net  Wed Feb 21 13:58:59 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 22 Feb 1996 05:58:59 +0800
Subject: "This is not Coderpunks--we don't need no steenking cryptography!"
Message-ID: 


At 6:51 PM 2/21/96, Peter Monta wrote:

>Cypherpunks used to be a place where I could fairly reliably see
>high-SNR commentary from real cryptographers/number theorists.
>Now we have the blind replying to the blind's obfuscatory
>nonsense, and the useful posts take some effort to find.

I believe this is why the "real cryptographers/number theorists" are now
supposed to post to "Coderpunks."

While I agree with your points, it now appears that this is the way things
are dividing up:

* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
BSAFE, RSAREF, etc.

* Cypherpunks -- nuclear bomb triggers, why women are more free under the
will of Allah than in Western decadent societies, movie reviews, SS
Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
Antarctica, Himalayan treks, etc.

Coderpunks is a membership-only list, with a list.cop who approves
membership and who expels those who post inappropriate material.
Cypherpunks is an open list, with no one ever having been expelled.

So, if anyone asks "What does this have to do with cryptography?!?!," point
out to him that this is Cypherpunks, not Coderpunks!

"Cryptography? You want _crytography_? This is not _Coderpunks_! We don't
have to show you no steenking cryptography!"


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ipgsales at cyberstation.net  Wed Feb 21 15:26:04 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 07:26:04 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


Tim  - Thank you for your open mindess -  Perhaps you, Lucky and some of 
the others would like to know how the manufacturing process is done:

1. The OTPs are generated on a standalone diskette only system, no hard 
   disk, networking or anything else - they are generated in packets, 
   10 Nvelopes, or OTPs at a time - a however many packets will fit on a 
   diskette - currently 120 packets, but that may go down -  the 
   diskettes are not labelled,  or identifed in any way.

2. From there, they go to QC - we perform:

   A: Full autocorrelation to determine if there is any singing, 
      ringing, reverberation, RFI,  or other anomalies present -
      if so discarded, if not continued -

   B. Cross Correlation to determine the existence of staccatic noise 
       or discontinuities if any - if so discaarded - if not continued

   C. Bit, Character, and Couplet, Triplet tests for Standard Deviation, 
      Chi Square - Delta ICs (Deltas on incremental changes), First 
      Differences, Second Differences, and a repaeating sequnce test -) 
      These all must pass threshold tests. They are not perfect, to do so 
      would destroy randomness, but they must meet certain thresholds. 
      If they fail to pass  then they are discarded - if they pass -
      still no labels but-

   D. System Integration - if they are to be downloaded to a customer,    
      they are encrypted for that customer - off line on a network system 
      - but directly from diskette to encrypted form - no labels or 
      anything to identify the data sets. So now it resides off line in a 
      form that can be sent encrypted to the customer. This system does 
      allow decryption, only encryption.

   E. It is then loaded onto a Internet capable system and 
      transmitted to the customer - 

   F. If the system is is a first time delivery - a template is used to 
      design the system - number of users, user types - and the like - 
      the data is unlabelled - there is no way to determine what the data
      is. The system is still unlabelled at this point - but the system 
      size is noted from a manufacture order but no designation of who it 
      is to be sent to - it is then sent to shipping where labels from 
      shipping orders are finally assigned.

      Where during this process do employees have access to the dqta to 
      make copies or determine what the OTPs are?


      Furthermore: For those unsatisfied with the security set out 
                   above, as soon as we can get it set up properly, we 
                   will invite any customer who so desires to come to 
                   our facilities and  manufacture there own OTPs on 
                   their own computers - hard drives disconnectd - in 
                   a RFI and radiation shielded environment - they can 
                   manufacture six months supply, or a year or 
                   whatever - 

        Additionally, we will not - repeat will not comply with any 
        court order to supply copies to anyone - we will go to jail or be 
        shut down first and always -

There is a lot more, but that is a general rundown - 

Thank you again for yuour openmindness - we are sure that we cannot 
satisgfy anyone about the integrity of our security - our 
manufacturing employees - primarily middle aged women operators with 
little if any technical expertise - do not have any access to the OTPs.

Appreciatively,
Ralph 


Stubborness and stupidity are twins - Sophocles






From ipgsales at cyberstation.net  Wed Feb 21 15:40:23 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 07:40:23 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


We are reconsidering the Canadian restrictions - and may change them -
it is certainly not the ITAR quexstion, but another matter - we expect 
that Canadians will be included shortly - as to the question of using 
Cypherpunks - we are not saying taht we will not make changes based on 
any weaknesses that you discover, we will - but we do believe that if you 
fail to break the system with a spevfic time frame, that is fair game.

Why do you want to make it a one way street? We believe fair is fair - if 
you want to chop off our neck, then we should be able to tell people that 
you tried and could not at some point in time - 

Appreciatively,
Ralph 

There is no subject so old that something new cannot be said about it - 
Dostovesty - A Diary of a Writer






From vznuri at netcom.com  Wed Feb 21 15:53:23 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 22 Feb 1996 07:53:23 +0800
Subject: "consent of the governed"
Message-ID: <199602212023.MAA22936@netcom13.netcom.com>



I was musing over this phrase, "a government rules by consent of the
governed" which popped up in an earlier essay on digital cash (microcurrency)
I wrote here and deserves further elaboration. 
it seems like a basic and obvious truth on some levels, a concept 
held sacred by our founding fathers, but on the other hand its exact 
meaning has escaped precise analysis for many centuries, and in various
sense our government seems to have strayed far from this promise. 
what does it mean?

does it mean, "majority of the governed?" how exactly is consent 
expressed?

Barlow brings up this topic in his recent "cyberspace declaration of
independence" (which can clearly be criticized as out of touch with 
physical reality but is nevertheless compelling). the essay comes 
close to the major point I want to make:

I believe that the phrase "a government rules with the consent of the
governed" is one of those magic statements that is going to become
increasingly defined by new technology. 

often, the clear intent of
a law is not obvious until new technology is introduced that tests
its meaning. for example,
the "right to bear arms"-- does that mean submachinegun, handguns?
what about armor-piercing bullets? new technology is always constantly
forcing a new interpretation of laws.

or how about "the right to free speech" -- is cyberspace a place for
"speech", or is it something where things are published? which laws
apply? does it mean I am free to encrypt anything I want in any way
I choose?

interestingly, does the "freedom from illegal search and seizure" apply
to cryptographic encoding? in other words, is there such a thing
as search and seizure of bits (plaintext) in encoded messages?

these are all questions that have various answers (and I'm not really
too interested in debating them), but which in one
sense anything besides what a court decides is not relevant. and most
of these above questions could take decades to sort out in courts, if
ever.

===

anyway, my main point here: I believe that "a government rules with
the consent of the governed" is a phrase that is going to be tested
in the next few years, and more closely defined, because the emergence
of new cyberspatial technology. it seems to me
that libertarians would tend to say, "oh yeah, wouldn't it be great
if that were true. no one ever asked ME if I wanted to be in this
system". well, what if there was an actual overt choice of government
that when on with the citizen? what if we really could choose our
government? would be tend to believe that all governments are corrupt
inherently, or could new systems based on voluntary cooperation from
the start work?

in a sense, any government that uses force on its populace is violating
a charter rule, (if it was one), that a government rules by the consent
of the governed. if some segment of the populace is resisting this 
government, then obviously there is no consent among that sliver.

all this raises the question of how much a government can be split up
over a population. what is the "granularity" of government? to date,
governments are based on geographic region. they are often circumscribed
by various geographic features such as oceans or continents. but
would it be possible to construct a governing system in which 
geographic location is irrelevant? such that anyone, anywhere, can
pick whatever government they want? surely if such a thing is possible,
cyberspace comes the closest to facilitating it. but it would not
really be a government in the current sense of the word.

===

in my digital cash essay, I introduced a radical new interpretation
of the phrase "consent of the governed" that went largely unnoticed but
deserves further thought. in it, I proposed that "consent of the 
governed" is measured by whether people pay their taxes to a government.
in other words, not paying taxes is a basic test of whether an individual
does not subscribe to a particular government system.  there are other
obvious tests such as civil disobedience, but I believe this one is
going to serve as the basic operative test of the future.

this is radical for the following reason: today supposedly a government
has the authority to coerce "inhabitants" to pay their taxes and punish
them if they don't. interestingly, our whole country was started as
a sort of tax revolt, and yet today our taxes are arguably just as 
onerous and oppressive as any other country's. it is a heresy within
government circles to propose that citizens should have a choice in
paying taxes. "we could never permit it. it would never work". "nobody
would pay them". but is that to say, admittedly, "we do not have the 
consent of the governed"?

I believe that digital cash will give rise to the ability to have
completely "black" economic systems on scales far larger than ever
before practical. what this means is that anyone who wants to can
simply "opt out" of being seen by the existing government in their
economic transactions. I think this may actually lead to "underground
governments" in which people voluntarily subscribe to certain 
communities and their "laws" while at the same time opting out of
participation in the "overt" system they are geographically constrained 
to.

hence "we could never permit it" said by bureacrats may be true, but
not relevant-- their permission has nothing to do with what technology
permits. "it would never work" may actually be tested outright by
new technology and systems of mass cooperation (in a sense, the basic
point of government) developed in cyberspace.

in any case, I do believe Barlow has some very important points and
that we are on the verge of new forms of government that remove many
of the nagging difficulties of earlier human models. much of this
innovation will center around new definitions/explorations of the 
basic concept that "a government rules by the consent of the governed",
and the approach to collection of dues, or taxes, and the way that they
are allocated based on group decision processes, will be a chief area of 
experimentation and new approaches.







From jya at pipeline.com  Wed Feb 21 15:54:35 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 07:54:35 +0800
Subject: CPU_nks
Message-ID: <199602212018.PAA08790@pipe2.nyc.pipeline.com>


   SciAm, March, 1996

   "Privacy and Data Collection on the Net."

      There are still a few eccentric souls who gamely try to
      hold on to what lingering shreds of anonymity they
      possess. They never fill out questionnaires; they give
      their Social Security numbers only to their bank and to
      their broker. They encrypt their e-mail; they bypass the
      supermarket discount card that links identity to
      purchases; they pay cash for medical procedures they do
      not want known; and they wait patiently for e-cash to
      become a reality. Joining these hardy individualists are
      privacy advocates such as EPIC and Net groups like 
      cypherpunks which believe in untraceable communications 
      and in the technology needed to achieve it.

   CPU_nks













From winkjr at teleport.com  Wed Feb 21 16:18:59 1996
From: winkjr at teleport.com (Wink Junior)
Date: Thu, 22 Feb 1996 08:18:59 +0800
Subject: IPG hoax?
Message-ID: <199602212032.MAA19513@julie.teleport.com>


Arley Carter sez:

>Fess up guys. You are either:
>1.  A team of undergrads or graduate students conducting an "exploit". 
>2.  A Detweiller tentacle. Dr. FC ?
>3.  The return of Alice D'nonymous ?
>4.  The reason the coderpunks lists was started.

I must admit that after the first day I've been wondering if this whole
IPG thing isn't some kind of deep troll or early April Fool's joke.  Has
anyone actually spoken on the phone with IPG or confirmed their existence
in any way?  For the record, I'd like to state that I saw their ad posted
in comp.security.firewalls and forwarded an edited copy (technical details
only) to the list, but if this turns out to be a hoax of some sort, I was
and am not a willing participant.

Would IPG Sales please post an address and phone number so we can confirm
the company exists?

Wink





From ipgsales at cyberstation.net  Wed Feb 21 16:20:46 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 08:20:46 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 




On Tue, 20 Feb 1996, Lucky Green wrote:

> At 17:22 2/20/96, IPG Sales wrote:
> 
> >If you are able to break the system, and everyone knows what we mean by
> >break, then we will publicly admit that we are snake oil salesmen, and
> >all the other things that Perry Metzger and others called us.
> 
> It is by no means clear to me what "breaking the system" means. One does
> not have to be able to decipher a single message to prove a system to be
> insecure. Moreover, cryptanalysis is economics: is it more expensive to get
> the information by analyzing the crypto than it is to get it by other
> means?
> 
> Do we have to show an exploitable flaw? Or we have to do the exploit? That
> might be expensive. Who would judge the contest?
> 
> The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> read the messages. End of story.
> 
Hedging, hedging, hedging - why? I did not noitice this in my first 
reply - in addition to giving you the company if you can break the 
system, we will give you the company if you can establish, through our 
employees or any other method, that we retain any Ocopies of the TPs, 
any! - for very large systems, we maintain a temporary copy to insure 
safe arrival, by excuting the check system menu item - 
it is immediate destroyed upon system notification. Anyone that wants to 
audit us cazn do so, unannounced at any time - subject to payment ofd 
expenses! We do not keep copies, we would not be in business 30 days if 
we did.

> 
> -- Lucky Green 
>    PGP encrypted mail preferred.
> 
> 
> 





From perry at piermont.com  Wed Feb 21 16:31:58 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 08:31:58 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602212043.PAA10048@jekyll.piermont.com>



IPG Sales writes:
> Stubborness and stupidity are twins - Sophocles

IPG is both stubborn and stupid. How appropriate.

Let me give you another quote. It is acually a long extract of a
document written by Phil Zimmermann. Read it.

    Beware of Snake Oil
    ===================
    
    When examining a cryptographic software package, the question always
    remains, why should you trust this product?  Even if you examined the
    source code yourself, not everyone has the cryptographic experience
    to judge the security.  Even if you are an experienced cryptographer,
    subtle weaknesses in the algorithms could still elude you. 
    
    When I was in college in the early seventies, I devised what I
    believed was a brilliant encryption scheme.  A simple pseudorandom
    number stream was added to the plaintext stream to create
    ciphertext.  This would seemingly thwart any frequency analysis of
    the ciphertext, and would be uncrackable even to the most resourceful
    Government intelligence agencies.  I felt so smug about my
    achievement.  So cock-sure.  
    
    Years later, I discovered this same scheme in several introductory
    cryptography texts and tutorial papers.  How nice.  Other
    cryptographers had thought of the same scheme.  Unfortunately, the
    scheme was presented as a simple homework assignment on how to use
    elementary cryptanalytic techniques to trivially crack it.  So much
    for my brilliant scheme.
    
    From this humbling experience I learned how easy it is to fall into a
    false sense of security when devising an encryption algorithm.  Most
    people don't realize how fiendishly difficult it is to devise an
    encryption algorithm that can withstand a prolonged and determined
    attack by a resourceful opponent.  Many mainstream software engineers
    have developed equally naive encryption schemes (often even the very
    same encryption scheme), and some of them have been incorporated into
    commercial encryption software packages and sold for good money to
    thousands of unsuspecting users. 
    
    This is like selling automotive seat belts that look good and feel
    good, but snap open in even the slowest crash test.  Depending on
    them may be worse than not wearing seat belts at all.  No one
    suspects they are bad until a real crash.  Depending on weak
    cryptographic software may cause you to unknowingly place sensitive
    information at risk.  You might not otherwise have done so if you had
    no cryptographic software at all.  Perhaps you may never even
    discover your data has been compromised.
    
    Sometimes commercial packages use the Federal Data Encryption
    Standard (DES), a fairly good conventional algorithm recommended by
    the Government for commercial use (but not for classified
    information, oddly enough-- hmmm).  There are several "modes of
    operation" the DES can use, some of them better than others.  The
    Government specifically recommends not using the weakest simplest
    mode for messages, the Electronic Codebook (ECB) mode.  But they do
    recommend the stronger and more complex Cipher Feedback (CFB) or
    Cipher Block Chaining (CBC) modes.  
    
    Unfortunately, most of the commercial encryption packages I've looked
    at use ECB mode.  When I've talked to the authors of a number of
    these implementations, they say they've never heard of CBC or CFB
    modes, and didn't know anything about the weaknesses of ECB mode. 
    The very fact that they haven't even learned enough cryptography to
    know these elementary concepts is not reassuring.  And they sometimes
    manage their DES keys in inappropriate or insecure ways.  Also, these
    same software packages often include a second faster encryption
    algorithm that can be used instead of the slower DES.  The author of
    the package often thinks his proprietary faster algorithm is as
    secure as the DES, but after questioning him I usually discover that
    it's just a variation of my own brilliant scheme from college days. 
    Or maybe he won't even reveal how his proprietary encryption scheme
    works, but assures me it's a brilliant scheme and I should trust it. 
    I'm sure he believes that his algorithm is brilliant, but how can I
    know that without seeing it?  
    
    In all fairness I must point out that in most cases these terribly
    weak products do not come from companies that specialize in
    cryptographic technology.
    
    Even the really good software packages, that use the DES in the
    correct modes of operation, still have problems.  Standard DES uses a
    56-bit key, which is too small by today's standards, and may now be
    easily broken by exhaustive key searches on special high-speed
    machines.  The DES has reached the end of its useful life, and so has
    any software package that relies on it.
    
    There is a company called AccessData (87 East 600 South, Orem, Utah
    84058, phone 1-800-658-5199) that sells a package for $185 that
    cracks the built-in encryption schemes used by WordPerfect, Lotus
    1-2-3, MS Excel, Symphony, Quattro Pro, Paradox, and MS Word 2.0.  It
    doesn't simply guess passwords-- it does real cryptanalysis.  Some
    people buy it when they forget their password for their own files. 
    Law enforcement agencies buy it too, so they can read files they
    seize.  I talked to Eric Thompson, the author, and he said his
    program only takes a split second to crack them, but he put in some
    delay loops to slow it down so it doesn't look so easy to the
    customer.  He also told me that the password encryption feature of
    PKZIP files can often be easily broken, and that his law enforcement
    customers already have that service regularly provided to them from
    another vendor. 
    
    In some ways, cryptography is like pharmaceuticals.  Its integrity
    may be absolutely crucial.  Bad penicillin looks the same as good
    penicillin.  You can tell if your spreadsheet software is wrong, but
    how do you tell if your cryptography package is weak?  The ciphertext
    produced by a weak encryption algorithm looks as good as ciphertext
    produced by a strong encryption algorithm.  There's a lot of snake
    oil out there.  A lot of quack cures.  Unlike the patent medicine
    hucksters of old, these software implementors usually don't even know
    their stuff is snake oil.  They may be good software engineers, but 
    they usually haven't even read any of the academic literature in
    cryptography.  But they think they can write good cryptographic
    software.  And why not?  After all, it seems intuitively easy to do
    so.  And their software seems to work okay.    
    
    Anyone who thinks they have devised an unbreakable encryption scheme
    either is an incredibly rare genius or is naive and inexperienced. 
    Unfortunately, I sometimes have to deal with would-be cryptographers
    who want to make "improvements" to PGP by adding encryption
    algorithms of their own design.
    
    I remember a conversation with Brian Snow, a highly placed senior
    cryptographer with the NSA.  He said he would never trust an
    encryption algorithm designed by someone who had not "earned their
    bones" by first spending a lot of time cracking codes.  That did make
    a lot of sense.  I observed that practically no one in the commercial
    world of cryptography qualified under this criterion.  "Yes", he said
    with a self assured smile, "And that makes our job at NSA so much
    easier."  A chilling thought.  I didn't qualify either.
    
    The Government has peddled snake oil too.  After World War II, the US
    sold German Enigma ciphering machines to third world governments.
    But they didn't tell them that the Allies cracked the Enigma code
    during the war, a fact that remained classified for many years.  Even
    today many Unix systems worldwide use the Enigma cipher for file
    encryption, in part because the Government has created legal
    obstacles against using better algorithms.  They even tried to
    prevent the initial publication of the RSA algorithm in 1977.  And
    they have squashed essentially all commercial efforts to develop
    effective secure telephones for the general public. 
    
    The principal job of the US Government's National Security Agency is
    to gather intelligence, principally by covertly tapping into people's
    private communications (see James Bamford's book, "The Puzzle
    Palace").  The NSA has amassed considerable skill and resources for
    cracking codes.  When people can't get good cryptography to protect
    themselves, it makes NSA's job much easier.  NSA also has the
    responsibility of approving and recommending encryption algorithms. 
    Some critics charge that this is a conflict of interest, like putting
    the fox in charge of guarding the hen house.  NSA has been pushing a
    conventional encryption algorithm that they designed, and they won't
    tell anybody how it works because that's classified.  They want
    others to trust it and use it.  But any cryptographer can tell you
    that a well-designed encryption algorithm does not have to be
    classified to remain secure.  Only the keys should need protection. 
    How does anyone else really know if NSA's classified algorithm is
    secure?  It's not that hard for NSA to design an encryption algorithm
    that only they can crack, if no one else can review the algorithm. 
    Are they deliberately selling snake oil? 
    
    There are three main factors that have undermined the quality of
    commercial cryptographic software in the US.  The first is the
    virtually universal lack of competence of implementors of commercial
    encryption software (although this is starting to change since the
    publication of PGP).  Every software engineer fancies himself a
    cryptographer, which has led to the proliferation of really bad
    crypto software.  The second is the NSA deliberately and
    systematically suppressing all the good commercial encryption
    technology, by legal intimidation and economic pressure.  Part of
    this pressure is brought to bear by stringent export controls on
    encryption software which, by the economics of software marketing,
    has the net effect of suppressing domestic encryption software.  The
    other principle method of suppression comes from the granting all the
    software patents for all the public key encryption algorithms to a
    single company, affording a single choke point to suppress the spread
    of this technology.  The net effect of all this is that before PGP
    was published, there was almost no highly secure general purpose
    encryption software available in the US.
    
    I'm not as certain about the security of PGP as I once was about my
    brilliant encryption software from college.  If I were, that would be
    a bad sign.  But I'm pretty sure that PGP does not contain any
    glaring weaknesses (although it may contain bugs).  The crypto
    algorithms were developed by people at high levels of civilian
    cryptographic academia, and have been individually subject to
    extensive peer review.  Source code is available to facilitate peer
    review of PGP and to help dispel the fears of some users.  It's
    reasonably well researched, and has been years in the making.  And I
    don't work for the NSA.  I hope it doesn't require too large a "leap
    of faith" to trust the security of PGP.
    
             -- Phil Zimmerman, in the PGP manual.


IPG Sales writes:
> 1. The OTPs are generated on a standalone diskette only system,

They are not One Time Pads. They are keys for a random number
generator. Your continued assertion that they are One Time Pads is
fraudulent. They are not one time pads by any definition ever
previously used.

Furthermore, as has been stated, it is completely unacceptable for
keys to be generated by third parties.

> 2. From there, they go to QC - we perform:

The QC you perform is irrelevant.

The system you sell is insecure in a practical sense, likely uses an
insecure PRNG, and uses names and makes claims that come very close to
being fraudlent. It is harder, not easier, to manage the keys from
your system that supposedly "eliminates key management", and you don't
even have any shame about the fact that you are ignorant of the field
you work in.

> Ralph 
    
Perry
    





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb 21 16:37:14 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 22 Feb 1996 08:37:14 +0800
Subject: NOT CRYPTO (Sort of): Fwd: OPPOSITION: AFA seeks to expand CDA
Message-ID: <01I1HB6C6F6GAKTKDL@mbcl.rutgers.edu>


     One wonders if anyone at the American Family Association is selling ISP
stock short? If so, and it could be found out, it would be kind of embarrasing
to them.
     -Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Wed Feb 21 16:44:40 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Thu, 22 Feb 1996 08:44:40 +0800
Subject: Edupage, 20 Feb 1996
Message-ID: <01I1HB2WG0DCAKTKDL@mbcl.rutgers.edu>


From:	IN%"educom at elanor.oit.unc.edu" 21-FEB-1996 11:56:31.71

>*****************************************************************
>Edupage, 20 February 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

     As I recall, this is incorrect. Without a signature/physical presence,
it's the _merchant_ who is liable. Thus, a lack of (sufficient) encryption
is a problem for the merchant, who thus may decide to not sell products via
the Net - a loss for the consumer.

>CREDIT CARD SCARE TACTICS
>Sending your credit card information over the Internet is really no big
>deal, says Simson Garfinkel, author of a book on Pretty Good Privacy
>encryption software.  "The whole thing about encryption over the Internet is
>that it's not to protect the customer -- it's to protect the credit-card
>companies.  By law, if there is no signature, the customer is liable for
>nothing.  If there's a signature, they're liable for $50.  The reason the
>credit-card companies want cryptography is to limit their own liability.  It
>has nothing to do with protecting the consumer."  And although Netscape
>Navigator sends a stern message each time a user attempts to send
>information over the Web, Garfinkel labels the warning just another scare
>tactic:  "Netscape Navigator is printing those messages because they're
>trying to sell encrypted servers.  It's an ad.  It doesn't look like an ad,
>but it is."  (Tampa Tribune 19 Feb 96 B&F3)

Friendly policy:

>BANYAN SPONSORS E-MAIL SWITCHBOARD
>Banyan Systems is offering a new service on the Web -- a directory of e-mail
>addresses and other information for 93 million people and 11 million
>businesses worldwide.  Switchboard includes a feature similar to Caller ID,
>that alerts a listed person whenever someone asks for that person's address,
>and allows them to decide whether to allow that information to be given out.
>The service also features public key certificates for secure communications
>between users.  < http://www.switchboard.com >  (Information Week 12 Feb 96
>p24)

Sigh... why am I not surprised?

>EUROPE BACKS V-CHIP
>The European Parliament has followed the lead of the United States in
>supporting the use of Canadian-developed V-chip technology that allows
>parents to screen violent or adult content from their televisions.
>(Montreal Gazette 20 Feb 96 C7)

>Edupage is written by John Gehl (gehl at educom.edu) & Suzanne Douglas
>(douglas at educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>*************************************************************** 
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage:
>send a message to: listproc at educom.unc.edu and in the body of the
>message type: subscribe edupage Abraham Lincoln (assuming that your
>name is Abraham Lincoln;  if it's not, substitute your own name).  ...
>To cancel, send a message to: listproc at educom.unc.edu and in the body of
>the message type: unsubscribe edupage.   (Subscription problems?  Send mail
>to educom at educom.unc.edu.)





From ipgsales at cyberstation.net  Wed Feb 21 17:08:50 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 09:08:50 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: 


Mike, the keys are encrypted with an OTP that only the intended recipient 
can open - a special, subsystem used for that purpose only - employing 
the same techniquers, but entirely separate and apart from the primary 
user system -  any inteceptor would have to break trhe system, which we 
claim is impossible.


On Wed, 21 Feb 1996, Mike McNally wrote:

> 
> IPG Sales writes:
>  > We do not keep copies, we would not be in business 30 days if 
>  > we did.
> 
> How do you ensure that the keys are not intercepted, duplicated by a
> man-in-the-middle, and forwarded?
> 
> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
>        m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
>                *_______________________________
> 





From ipgsales at cyberstation.net  Wed Feb 21 17:50:28 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 09:50:28 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


I find less and less disagreeement with your comments - with one major 
exception - for a given message length - say 10 to the 500th power, a 
OTP seeded algorithm, a better term would be to call it an OTP driven 
algorithm,  can produce the exact same effect as an OTP of that length - 
that is, the encrypted text can be any possible message of that length, 
and it is not possible to predict in way what the RNG generated stream
is - 

We can prove that to your or anyone eleses satisfaction - 
It obviously fails to do that somewhat short of infinity, but not short of 
what is  needed to prove system integrity for practical limits. If all 
the paricles in the Universe, 10 to the 80th, were Cray T3Es, and they 
had been calculating since the big bang, according to my rough 
calculations, it would still take over 10 to the 370th power years to 
just generate the message possibilities -for a 10 to the 500th power 
message length possibilities - we assert that if it can do that, and it 
can, it functions like a OTP of that length - and is unbreakable 

We also have a light, but only a slight disagreement, about whether the 
the key is truly symmetrical - we assert that because of the aprticlaur 
data feedback system employed it is not symmetrical, but that is entirely 
beside the point, we believe 10 to the 500th, or whatever should be 
sufficient 

Appreciatively, 

Ralph 















From ipgsales at cyberstation.net  Wed Feb 21 17:58:41 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 09:58:41 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211501.KAA05974@homeport.org>
Message-ID: 


I do not recall that I said that we would retain you - The question was 
asked about unbiased judges - we simply stated that we would agree to 
you, Derek, and Immcarth as Judges - As I recall, it was Derek who asked 
for the Algorithms employed for investigation by the Cypherpunks, as he 
referred to them as a loose knit organization - but if you prefer, we 
will call them a mailing list - running fakers like us out of business 
should be its own reward 

Please do as you choose - you too  seem to be skating - please put up or 
shutup - I do not mean to be rude, and apolgise, but everytime we agree 
to something, everyone wants more - 

Appreciatively, 
Ralph

The greater our knowledge increases, the greater our ignorance unfolds
- John F. Kennedy at Rice University








From adam at lighthouse.homeport.org  Wed Feb 21 18:47:39 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Thu, 22 Feb 1996 10:47:39 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602212203.RAA07291@homeport.org>


I did not agree to be a judge.  If I seem to be skating, skidding, or
otherwise not in contempt of the snake oil you're selling, I
apologize.  I see your system as smoke and mirrors, and will continue
to do so until respected cryptographers tell me its not.  If you'd
like me to sit down and read the stuff you're spewing, I'd be happy
to.  For a fee.  Failing that, I'll maintain my opinion with no
further investigation.  Close minded?  I don't investigate
UFO sightings.

	To reiterate, I don't care about your system until
cryptographers I respect tell me its worth looking at, or
cryptographically interesting.  (I'll allow any two cryptographers
with two or more publications in the proceedings of an IACR sponsored
conference as respectable.)

Adam

| I do not recall that I said that we would retain you - The question was 
| asked about unbiased judges - we simply stated that we would agree to 
| you, Derek, and Immcarth as Judges - As I recall, it was Derek who asked 
| for the Algorithms employed for investigation by the Cypherpunks, as he 
| referred to them as a loose knit organization - but if you prefer, we 
| will call them a mailing list - running fakers like us out of business 
| should be its own reward 
| 
| Please do as you choose - you too  seem to be skating - please put up or 
| shutup - I do not mean to be rude, and apolgise, but everytime we agree 
| to something, everyone wants more - 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From perry at piermont.com  Wed Feb 21 19:02:04 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 11:02:04 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602212200.RAA10175@jekyll.piermont.com>



IPG Sales writes:
> I find less and less disagreeement with your comments - with one major 
> exception - for a given message length - say 10 to the 500th power, a 
> OTP seeded algorithm, a better term would be to call it an OTP driven 
> algorithm,  can produce the exact same effect as an OTP of that length - 
> that is, the encrypted text can be any possible message of that length, 
> and it is not possible to predict in way what the RNG generated stream
> is - 

That is manifestly untrue. Read any information theory text.

There is only so much entropy in your stream of random numbers,
period. No amount of prayer, tantric meditation, or anything else will
generate more. It is not the "exact same effect" no matter how much
you might like it to be.

What you are flogging here is a pseudo-random number generator. You
are using this to produce what is properly called a stream cipher, NOT
a one time pad. We in the crypto community have been working with this
sort of thing for years.

If you start with 100 bits of entropy, your stream will have only 100
bits of entropy. If you start with 1024 bits, you will have a kilobit
of entropy, and so forth.

This may seem like a lot, but it really isn't.  Its easy to calculate
the unicity distance of a given key. The unicity distance is most
easily explained as the amount of ciphertext after which only one
possible decoding is possible and in theory brute force will extract
the key. The unicity distance is the information content of the key
(which is the log base two of the number of possible keys, or in this
case the equivalent, the number of bits of key) divided by the
redundancy of the language in question. The rate of english text is
somewhere around 1.3 bits per letter, so the redundancy of ASCII is
somewhere around 6.7 bits. For a 1024 bit key the unicity distance
will be, at best, around 150 characters. For a 5000 bit key, the
unicity distance would be around 746 characters. That means that there
is one, and only one, probable decoding of the ciphertext stream
resulting from your system after a fairly short period of time, and
one, and only one, possible key.

Now, finding that key is hard. Done right, it can be VERY HARD.
However, it is indeed possible given enough time.  There is a big
difference between something that is hard or very hard and something
that is information theoretically impossible. Breaking a PRNG is
always possible given enough compute cycles. Breaking a one time pad
is not. That is the difference.

Your phrase "can produce the exact same results as a one time pad"
are, in short, bogus. Claude Shannon proved this fourty years ago.

Perry





From perry at piermont.com  Wed Feb 21 19:13:01 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 11:13:01 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602212217.RAA10215@jekyll.piermont.com>



IPG Sales writes:
> Perry:
> 
> "Stubborness and dogmatism are the surest signs of stupidity - is there 
>  anything more resolute and disdainful than an ass!" Montaigne

They laughed at Fulton, but they also laughed at Bozo the Clown.

You, however, aren't funny. You're basically a laetrille salesman.

> Who said that we are expanding OTP's - we are using them to drive RNG's 

1) Anything used to drive an algorithm is a KEY. A One Time Pad is not
   something you use as the key for a PSEUDO-random number
   generator. Use the term KEY and not OTP.
2) The term is PSEUDO-random number generator, not random number
   generator. Software cannot produce truly random numbers. It can at
   best take a key for use as a seed in doing so.

> If you ever learn to listen, then you might recognize that there might be 
> more to this than meets the eye

There is less than meets the eye. All you guys are doing is running a
PRNG stream cipher from what I can tell. Who knows how bad it is given
the rest of your competence. Your babbling about "wheels" and "prime
numbers" makes one wonder.

> you have been given the opportunity to save all these lives 

If I actually feel you are a threat to anyone, I'll simply let your
local police and prosecutor take care of you. I have better things to
do with my time than bargain with con men.

Perry





From pmonta at qualcomm.com  Wed Feb 21 19:24:30 1996
From: pmonta at qualcomm.com (Peter Monta)
Date: Thu, 22 Feb 1996 11:24:30 +0800
Subject: "This is not Coderpunks--we don't need no steenking cryptography!"
In-Reply-To: 
Message-ID: <199602212227.OAA14459@mage.qualcomm.com>


Tim May writes:

> So, if anyone asks "What does this have to do with cryptography?!?!,"
> point out to him that this is Cypherpunks, not Coderpunks!

This is a reasonable distinction, and it's certainly the interface
between cryptography and social/net/monetary/freedom issues where
I find cypherpunks valuable.

Your laundry list is amusing, and I think the IPG debunking
traffic is useful, but sooner or later there has to be
effectively an "end of story".

Cheers,
Peter Monta   pmonta at qualcomm.com
Qualcomm, Inc./Globalstar






From andreas at artcom.de  Wed Feb 21 20:06:54 1996
From: andreas at artcom.de (Andreas Bogk)
Date: Thu, 22 Feb 1996 12:06:54 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Derek" == Derek Atkins  writes:

    Derek> Actually, this statement is false.  What you have is a
    Derek> pseudo one-time pad, not a true one-time pad.  It's close,
    Derek> though.  The problem is that the means that you use to

It's not even close. A PRNG-stream can be brute-forced, even if it
uses an otherwise secure RNG. A OTP cannot.

Andreas



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSuiMEyjTSyISdw9AQEwAgQAm74qTRVpjsmRdp0bneTzyqwb2+XCUPFh
DKkzIulI1gqqE8P4iRFJQVhulO2//aPkhDy1+QnGAKA/wms/RB4vBD5U1IcpJ7uT
70U84hPKM57qWpU3OFBTowIutR84syEf+jb3YJQM16MZm5dU3LEBA8nJRi431ttR
+fzxs+80xD4=
=wycE
-----END PGP SIGNATURE-----





From ipgsales at cyberstation.net  Wed Feb 21 20:11:21 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Thu, 22 Feb 1996 12:11:21 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


We fess up - we are pig farmers from TexasL, we never have been to 
these high fluting things you call schools, so we do not even 
know what you are talking about, much less anything about Cryptography.

On Wed, 21 Feb 1996, Arley Carter wrote:

> On Tue, 20 Feb 1996, IPG Sales wrote:
> 
> Fess up guys. You are either:
> 
> 1.  A team of undergrads or graduate students conducting an "exploit". 
> 2.  A Detweiller tentacle. Dr. FC ?
> 3.  The return of Alice D'nonymous ?
> 4.  The reason the coderpunks lists was started.
> 
> You've got to be ROTFL. 
> See my sig.
> 
> Arley Carter
> Tradewinds Technologies, Inc.
> email: ac at hawk.twinds.com
> www: http://www.twinds.com
> 
> "Trust me. This is a secure product. I'm from  corporation or government agency>."
>  
Appreciately,

Ralph

> 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >  
> >      
> > 
> > 
> > 
> >     
> > 
> > 
> > 
> > 
> > 
> 






From sunder at dorsai.dorsai.org  Wed Feb 21 20:11:27 1996
From: sunder at dorsai.dorsai.org (Ray Arachelian)
Date: Thu, 22 Feb 1996 12:11:27 +0800
Subject: Public access: Welcome to Juno! (fwd)
Message-ID: 


Okay, I took the bait and signed up. Looks like these guys aren't yet 
ready just yet, but it doesn't look too bad.  It is an automated setup.  
Which means that since you upload and download mail and work OFFLINE, 
there is the possibility of hacking something together so that you can 
run some automators on your mailbox...  i.e. ftp by mail, pass to pgp, 
remailer, etc...

---------- Forwarded message ----------
Date: Wed, 21 Feb 1996 16:30:29 -0500
From: signup at juno.com
Subject: Welcome to Juno!

Thank you for your interest in Juno, our free Internet e-mail service. We
are currently preparing for our launch, which we expect to take place
before the end of the first quarter of 1996. 



President
Juno Online Services, L.P.

__________________________________________________________________________
FREQUENTLY ASKED QUESTIONS:

1) WHEN WILL JUNO BE AVAILABLE?

We plan to release Juno in the first quarter of this year.

2) IS JUNO REALLY FREE?

Yes.  There are no monthly charges to use the service, no set-up fees, no
per-message fees, and no hourly charges. You will be able to download the
software off the Internet (or get it in a variety of other ways). 

3) WHAT ABOUT PHONE CHARGES?

It won't be necessary to dial a long-distance telephone number to reach us.
We expect that ultimately the bulk of our users will dial into local access
numbers we provide; we may also use toll-free numbers to supplement our
coverage in some areas where local access numbers are not available.

Also, note that when you use Juno, you are only connected by telephone to
our central computers while you are in the process of uploading and
downloading your new mail.  When you're reading and writing your mail, you
are offline.  This means that the phone calls you do make are likely to be
very short -- under one minute, in most cases.

[*** All we need to do is figgure out their data structures for storing 
email and we're set to write something to process it. ***]



7) WILL JUNO GIVE ME ACCESS TO THE INTERNET?

Yes.  Your messages will go out over the Internet, meaning that you will be
able to send mail to and receive mail from anyone on the Internet or any of
the commercial online services (such as America Online, CompuServe, and
Prodigy).  However, your computer will not be connected *directly* to the
Internet.  Your computer will be connected to our central computers, and
our computers will be connected to the Internet.

8) DO I NEED TO HAVE INTERNET ACCESS FROM ANOTHER SOURCE TO USE JUNO?

No.  Juno gives you everything you need to send and receive e-mail over the
Internet.

<*** Here's the strings ****>

9) WHAT WILL THE ADVERTISING BE LIKE?

One of the major reasons that we are able to provide you with e-mail for
free is that Juno will carry advertising.  (It's the same model that's used
by radio and television.)  However, it is our hope (and plan) to make the
advertising we carry be of greater interest and value to you, and less of a
nuisance, than the advertising you are so often bombarded with over other
media.

Each Juno user will fill out a "member profile" that will help us determine
which advertisements to send to that user, what new services he or she
might be most interested in hearing about, and what other sorts of
information he or she might find useful.  Our goal is to provide users with
information that interests them and is relevant to their needs.

The advertisements on Juno may take several forms; we don't know yet what
all of them will be.  Some ads will appear as interactive banners in the
horizontal "Sponsor's Panel" at the upper right-hand corner of the screen.
If you are interested in a product you see featured in this space, you
will be able to click on the advertisement to request additional
information. Other ads might appear while you are in the process of
uploading and downloading your mail; still others might take the form of
e-mail messages that arrive in your Inbox. (Never more than one or two of
the latter in a given session, though, since getting a mailbox full of
commercial e-mail messages would be very annoying. In most sessions you'll
probably get none.) We plan to experiment with a variety of different
approaches and figure out, by looking at people's responses, what works
best. 







From mpd at netcom.com  Wed Feb 21 23:28:49 1996
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 22 Feb 1996 15:28:49 +0800
Subject: IBM Breakthrough?
In-Reply-To: <199602220244.VAA12908@pipe1.nyc.pipeline.com>
Message-ID: <199602220503.VAA24389@netcom17.netcom.com>


John Young  writes:

 > IBM has an ad in the Feb 26 New Yorker where a joker e-
 > mails a recipe-swapping friend in Osaka that "I'll teleport
 > you some goulash." The text then states:

 > Margit is a little premature, but we are working on it.

 > An IBM scientist and his colleagues have discovered a way to
 > make an object disintegrate in one place and reappear intact
 > in another.

 > It sounds like magic. But their breakthrough could affect
 > everything from the future of computers to our knowledge of
 > the cosmos.

 > What is this breakthrough or is it just a chump tease?

The ad overstates the result a bit. :)

You may recall, a few years back, that there was some interest in
the possibility that the non-local collapse of a quantum
mechanical wave function could be used to transmit information in
violation of causality, that is, faster than the speed of light.

The central idea was this.  You generate a system consisting of
two things whose wavefunctions are correlated, and after they
have separated some distance, you perform a measurement which
collapses the wavefunction of one of them and yields some result.
This might be the polarization of a photon, the spin of a
particle along some axis, or where on a photographic plate an ion
will strike after passing through a Stern-Gerlach device.

Since the wavefunctions are correlated, you now know the exact
same information about the twin system and have collapsed its
wavefunction non-locally without directly performing a
measurement on it.  This general notion is known as the
Einstein-Podolsky-Rosen(EPR) Effect, and measurements of
canonically conjugate variables on branch systems having a
spacelike separation give a unique result according to Quantum
Mechanics which is distinct from the classical case and which
requires this superluminal transmission of wavefunction
information.

Now actually building an apparatus which does such a thing is
tricky, since light moves pretty fast, but a few years back, this
result was experimentally confirmed with a device that produced
photons with correlated spins moving in opposite directions, and
managed to make measurements that were instantaneous enough to be
spacelike in separation.

Unfortunately, the scientists found that there was no way to use
the EPR Effect to transmit information, since although the
measurements made had a correlation, you needed the information
from the original system to decode the output of the other in a
meaningful way.

Now on to IBM's result.  Although the EPR Effect cannot be used
to transmit information (read the results of measurements), it
can be used to transmit mixed quantum states, which an attempt at
measurement would destroy.  So if you haven't measured something,
and it's value is indeterminate for a system, then you can tunnel
that unmeasured something anywhere else using the EPR Effect and
measure it there.

The general method for such teleporation is as follows.  You
create an "entangled" pair of particles whose wavefunctions are
perfectly correlated and unmeasured.  One interacts with the
particle to be teleported and the other at some distance
interacts with another identical particle to which you wish to
transfer the state of the first.  Everything is arranged so that
the state of the teleported particle is destroyed by interaction
with the first of the pair of particles, and it twin, perfectly
correlated with the first and inheriting its state via the EPR
Effect, transfers that captured state to the copy.

Now this has some interesting implications.  One of the problems
with teleportation devices in Science Fiction stories is that
they allow for the creation of duplicates.  They reduce an object
to a pattern by measuring it, and then recreate it at a distance
by assembling atoms of the same types according to the
appropriate directions.  There is no theoretical reason why, once
the pattern has been saved, this process could not be repeated
multiple times.  This has implications for things like souls and
self-awareness that many people would rather not think about.

The preceeding method for teleporting mixed quantum states does
not have such a problem, since only things which have not been
measured can be transferred in such a way, and the duplicate can
only be created if the original has been destroyed.  If
consciousness is truly a phenomena involving quantum mechanical
superposition, then we need never worry about being replicated,
and the "transporter accidents" of Star Trek are forever
relagated to the realm of fiction.

In any case, it should be noted that this method works at present
only with single particles, and not with large aggregate systems
like Goulash.  Extending it to systems would appear to be an
intractable engineering problem given current technology.

Those wishing to read IBM's explanation of this new technology
may browse their Web page on Quantum Teleportation at...

  http://www.research.ibm.com/quantuminfo/teleportation/

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From tallpaul at pipeline.com  Wed Feb 21 23:48:45 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Thu, 22 Feb 1996 15:48:45 +0800
Subject: Fuck Islam and the Apologists Cluttering Up this List with Defenses of It
Message-ID: <199602212358.SAA25640@pipe10.nyc.pipeline.com>


On Feb 19, 1996 18:52:04, 'tcmay at got.net (Timothy C. May)' wrote: 
 
 
> 
>Please don't send me separate copies (in addition to what is sent to the 
>IslamPunks mailing list) of this Muslim crap....it's bad enough seeing the

>pro-Muslim apologists explaining why the Word of Allah (hollow be his
name) 
>is more liberating than any decadent, Western system can be, about how 
>women are more free under Islam because they have the freedom to be 
>obedient to the will of her husband and Allah (hollow be his name), the 
>freedom to be beaten with sticks if they show their face in public, and
the 
>freedom to have their devil organs removed. 
> 
 
I must have missed these e-messages when they were oriignally posted. 
 
Could you send me pointers to the messages to which you refer? 
 
Thanks. 
 
--tallpaul 
"I'm voting for Forbes. He's only wrong about one thing."





From llurch at networking.stanford.edu  Thu Feb 22 00:29:01 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Thu, 22 Feb 1996 16:29:01 +0800
Subject: "consent of the governed"
In-Reply-To: <199602212023.MAA22936@netcom13.netcom.com>
Message-ID: 


You're taking this phrase out of context. What the Declaration said was:

1. There are certain universal human rights, like life, liberty, and 
   property^H^H^H^H^H^H^H^H the pursuit of happiness.
2. To protect these rights, people form governments. Only the baddest kid 
   on the block can protect her own rights, and only if she never sleeps. 
   The rest of us need the police.
3. Ergo, government derives its just powers from the consent of the 
   governed. I read this more as a conclusion than as a premise.

This is all that Hobbes, Locke, and Montequieu said. Rousseau was 
different, but he was a kook.

This is quite different from saying, "The government has the right to do
what the majority says it can do." Government doesn't have any rights,
only delegated powers.

A utilitarian like Mill or a positivist like Comte or a trader like Smith,
or I, would say that government power shouldn't be restricted to the
protection of basic rights. Public goods should also be pooled to do
things that people can't or won't do by themselves -- garbage collection,
health and disability insurance, protecting "the commons" with
environmental regulations, etc. But these utilitarian-type interests 
don't really fall into the power/rights game.

-rich





From jya at pipeline.com  Thu Feb 22 01:37:26 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 17:37:26 +0800
Subject: IBM Breakthrough?
Message-ID: <199602220244.VAA12908@pipe1.nyc.pipeline.com>


   IBM has an ad in the Feb 26 New Yorker where a joker e-
   mails a recipe-swapping friend in Osaka that "I'll teleport
   you some goulash." The text then states:

      Margit is a little premature, but we are working on it.

      An IBM scientist and his colleagues have discovered a
      way to make an object disintegrate in one place and
      reappear intact in another.

      It sounds like magic. But their breakthrough could
      affect everything from the future of computers to our
      knowledge of the cosmos.

   What is this breakthrough or is it just a chump tease?








From owner-cypherpunks at toad.com  Thu Feb 22 01:45:12 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 17:45:12 +0800
Subject: No Subject
Message-ID: 



>I'm sufficiently impressed with the arguments against name credentials
>that Carl Ellison has made that I'm looking seriously into systems
>that don't do any sort of conventional certificate binding at all...

... and I bet, Wei Dai's contentions to the contrary, that they'll be
*cheaper* to use than those which do certificate binding, all other things
being equal.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From owner-cypherpunks at toad.com  Thu Feb 22 01:47:56 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 17:47:56 +0800
Subject: No Subject
Message-ID: 


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> A Kerberos V4 session key is chosen by calling random() repeatedly.
> THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
> where p is a static integer set to getpid() ^ gethostid() on the first
> call and n is a static counter.
> 
> Is there any entropy here???  Most, if not all, Kerberos servers run one
> time synchronization protocol or another, which reduces the entropy to a
> few bits at most.
> 
> DEADBEAT 

usec grainlessness typically doesn't approach anything like a usec on most
OS implimentations either.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff at suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From owner-cypherpunks at toad.com  Thu Feb 22 01:53:35 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 17:53:35 +0800
Subject: No Subject
Message-ID: 


>Perry:
>
>"Stubborness and dogmatism are the surest signs of stupidity - is there
> anything more resolute and disdainful than an ass!" Montaigne
>
>You have an yellow streak down your back  infinitely wide - you may or
>may not be a physical coward but you are certainly an intellectual coward
>- you have the opportunity to save human lives, as you asserted and you
>just brushed that asside -

[etc. elided]

My personal theory is that Perry has developed a particularly nasty form of
multiple personality disorder and it is causing him to voraciously troll
himself on this list.

It's not going to be pretty, folks.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw at best.com                   |       -- Time Magazine, 3 July 1995







From owner-cypherpunks at toad.com  Thu Feb 22 01:57:45 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 17:57:45 +0800
Subject: No Subject
Message-ID: 



> An IBM scientist and his colleagues have discovered a way to
> make an object disintegrate in one place and reappear intact
> in another.

Beam me up Scotty!





From owner-cypherpunks at toad.com  Thu Feb 22 01:58:12 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 17:58:12 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

I just wanted to remind y'all that this Saturday is the second quasi-monthly
Portland (OR) cypherpunks MST3K fest, key-signing, and general social event.
E-mail for further information.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSwOAn3AXR8sjiylAQHoHAfRAZ0NJpB/pzmKwwRtJJygkQfE4vLQxrO3
f51RlzysBE3u7OFGnNYmy8QLXzsaclppN0ssfbFkxs13vwgiztudl9D3LkGrdw44
HgRAAV+FTuuR+nzehOc3DHQDDnPLoXh7NrS+bYfYGHv2GB8OZYpFXD5VEirJFmEj
uq7dEV4wy8+ml7BsMXxxZNwhP1ISRXvH9ODKLZnWx/6ngkFbzJBw1cvyHiuqjwRg
5HM31+HKSe5qi+Xx9ZlEfLY5d3U6HiN9cgKL+Jo301VGsZmEvIPyK0Yjyt4EUzgN
6vawqU6Kvzj76tOMe1lnUs3eSR4rUmNlaYXNRZuxy7FObqc=
=uaR5
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From owner-cypherpunks at toad.com  Thu Feb 22 02:18:53 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:18:53 +0800
Subject: No Subject
Message-ID: 


This looks completely, totally, and insanely bogus, but I
need some kind of verification for this bizarre little
piece of mail that somehow ended up in my mailbox.

Anybody from MIT ever heard of "Kim Dereksen"?

dave "I'm busy laughing, can you call back?"

 *** Attention ***

 It's that time again!

 As many of you know, each leap year the Internet must be shut down for 24
 hours in order to allow us to clean it.  The cleaning process, which
 eliminates dead email and inactive ftp, www and gopher sites, allows for
 a better-working and faster Internet.

 This year, the cleaning process will take place from 12:01 a.m. GMT on
 Feb. 29 until 12:01 a.m. GMT on March 1.  During that 24-hour period,
 five powerful Internet-crawling robots situated around the world will
 search the Internet and delete any data that they find.

 In order to protect your valuable data from deletion we ask that you do
 the following:

 1.  Disconnect all terminals and local area networks from their Internet
 connections.

 2.  Shut down all Internet servers, or disconnect them from the Internet.

 3.  Disconnect all disks and hardrives from any connections to the
 Internet.

 4.  Refrain from connecting any computer to the Internet in any way.

 We understand the inconvenience that this may cause some Internet users,
 and we apologize.  However, we are certain that any inconveniences will
 be more than made up for by the increased speed and efficiency of the
 Internet, once it has been cleared of electronic flotsam and jetsam.

 We thank you for your cooperation.

 Kim Dereksen
 Interconnected Network Maintenance staff
 Main branch, Massachusetts Institute of Technology

 Sysops and others:  Since the last Internet cleaning, the number of
 Internet users has grown dramatically.  Please assist us in alerting the
 public of the upcoming Internet cleaning by posting this message where
 your users will be able to read it.  Please pass this message on to other
 sysops and Internet users as well.  Thank you.
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith at midwest.net,  dave at nym.alias.net,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."





From owner-cypherpunks at toad.com  Thu Feb 22 02:21:17 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:21:17 +0800
Subject: No Subject
Message-ID: 


lmccarth at cs.umass.edu wrote:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. I'm not aware of any public remailers previously
> operated by Netscape Communications Corp. that have now shut down. ;)

  Actually I believe that the quote from Madsen is his overblowing and
misinterpretation of our agreement to sell the government fortezza enabled
products.  There is no agreement that I know of between us and the NSA
regarding anonymity or e-mail.  Since I'm the one doing the code, someone
had better tell me if there is...

> At any rate, it's an excuse for me to ask some questions:
> 
> (0) I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool,
> etc.} for applet calls to the local mail agent that's configured in the
> browser ?
> 
> I would prefer not to reimplement SMTP using the Socket class in my own
> applets. Ideally I'd like to have an applet that presents a form with some
> entry boxes and check boxes, quantizes and encrypts the input according to
> the check box settings, and spews the resulting byte streams to the MTA.

  We do not curently allow Java to get access to our mail subsystem.

> (1) As I recall, I used to be able to set (as an Option) the path and name of
> the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape.
> That seems to have disappeared in Navigator 2.0. Is there indeed no longer a
> way to set that ?
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.

  I believe that we have always spoken SMTP via direct connection to port 25
on your designated mail server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From owner-cypherpunks at toad.com  Thu Feb 22 02:24:12 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:24:12 +0800
Subject: No Subject
Message-ID: 


From: 	Vladimir Z. Nuri

I was musing over this phrase, "a government rules by consent of the =
governed"   [.......]
does it mean, "majority of the governed?" how exactly is consent =
expressed?
........................................................................=
...............

.  How exactly is consent extractedH^H^H^H^H^H^ requested?

.  When exactly is consent identified?=20

.  How exactly is government applied to the consentees?=20
   (caning, jailing, fines, etc.)

.  How exactly do consentors change methodologies when they suddenly =
realize that they, too, can be subject to their own device?

.  Why should non-consenting citizens live with governing methods which =
in fact conflict with the pursuit of those three human virtues:  life, =
liberty, happiness?

Supposedly, government is devised for ruling the "unruly";  a matter for =
definition and (dis)agreement which can provide endless hours of =
amusement for authoritarians, especially in court.

I hear tell that many who are no longer amused are now learning the many =
uses of encryption.  Thus the list. =20

(end of my comments)
    ..
Blanc





From owner-cypherpunks at toad.com  Thu Feb 22 02:28:18 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:28:18 +0800
Subject: No Subject
Message-ID: 


David E. Smith forwarded:
[...]
>  Please assist us in alerting the
>  public of the upcoming Internet cleaning by posting this message where
>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

Batten down the hatches, mateys, this one's gonna be drenching us for the next
week....





From owner-cypherpunks at toad.com  Thu Feb 22 02:57:45 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:57:45 +0800
Subject: No Subject
Message-ID: 


On Wed, 21 Feb 1996, KarL MarX wrote:

> The application is written in Visual Basic and I could probably get a copy
> of the compiled (well VB is actually interpreted, but that's neither here or
> there) .EXE file....

It would be much more useful to see the actual source code...
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring






From owner-cypherpunks at toad.com  Thu Feb 22 02:58:28 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 18:58:28 +0800
Subject: No Subject
Message-ID: 


At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
>On Sun, 18 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>> >	I've been kind of busy recently (the reason I haven't responded to
>> >the more recent Assasination Politics stuff), but I'm curious what 
>> >your method is for achieving simultaneous explosions.
>> 
>> 
>> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
>> homogenous liquid 
>> explosive (for example, pure nitromethane), length accurately cut to produce 
>> the exactly desired delay.  Kept separated from each other by foam spacers 
>> to avoid inter-fiber detonations. Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front, the 
>> detonation wave travels along each tube simultaneously at (presumably) 
>> identical velocity."
>
>This method is so dependent on the uniformity of the initiator (the cap 
>in this instance) as to be nearly useless.  Normal blasting caps do not 
>detonate with the uniformity required to initiate each of the tube paths 
>at the same time.  In the off chance that you contemplated surrounding 
>the cap with liquid explosive of a sufficent type, (which still wouldn't 
>assure proper uniformity with any certainty as the liquid explosive is as 
>likely to detonate slightly off left to right as up to down) you still have 
>extremely difficult problems to overcome.

Re-read my whole statement.  I copy the relevant commentary that you
sloppily forgot to read:

>> Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front,

I already entirely anticipated your objection.  And destroyed it.

>1>  Interference from the milling shape and accuracy of the openings to 
>the tubes containing the liquid explosive.

Quantify, quantify.  How much of a problem?  (Hint:  If you seriously 
believed there was a problem with this idea, you would be able to give a few 
examples on how to avoid them.  Reading your commentary, you did none of 
this.  

>2>  Mild to obscure impurities in the liquid explosives causing 
>differences in velocity with respect to other tubes. 

All the tubes can be filled at the last minute by pulling a vacuum on the
system and letting atmospheric pressure fill all the tubes.  No impurities,
or at least it's a perfectly homogeneous mixture.

> Even small changes 
>in pressures within the tubes might cause enough timing problems to make 
>uniform initiation of the primary high explosive assembly impossible.

"might"?  Well, could you be more specific?  How many nanoseconds would be
too many?


>3>  Interference from the milling shape and accuracy of the terminus of 
>the tubes containing the liquid explosive.

So what's your point?

>4>  Overpressure in the device causing premature detonation of the near 
>portion of the high explosive assembly.

Sure about that?

>All of these might cause enough timing error to prevent uniform pressure 
>and thus prevent uniform compression and make supercriticality impossible.

Pigs might fly.

>Remember, kryonic switiches are necessary even when dealing with the 
>speeds of electric conductivity.  The velocities of even hydrazine based 
>explosives are signigicantly lower.  The margin for error is similarly lower.

How low?  Be specific.

>Plutonium gun is still the easiest method for the home grown nuclear 
>device, even if it requires more fissile material.

The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
"Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
rapidly to use the "gun" method.   The 
scientists knew that in 1945.  You seem to be at least 50 years behind the 
times.

Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
perhaps more likely, this is a specific DIS-information campaign.   You want 
someone to waste a critical-mass worth of plutonium.   






From owner-cypherpunks at toad.com  Thu Feb 22 03:07:26 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:07:26 +0800
Subject: No Subject
Message-ID: 



Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean 
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]





From owner-cypherpunks at toad.com  Thu Feb 22 03:15:14 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:15:14 +0800
Subject: No Subject
Message-ID: 


Finally, an honest man at IPG. Y'all are a hoot. I'll hire you as bozos 
for my kid's next birthday party. 
ROTFL

Arley Carter
Tradewinds Technologies, Inc.
email: ac at hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from ."

 

 On Wed, 21 Feb 1996, IPG Sales wrote:

> We fess up - we are pig farmers from TexasL, we never have been to 
> these high fluting things you call schools, so we do not even 
> know what you are talking about, much less anything about Cryptography.
> 
> On Wed, 21 Feb 1996, Arley Carter wrote:
> 
> > On Tue, 20 Feb 1996, IPG Sales wrote:
> > 
> > Fess up guys. You are either:
> > 
> > 1.  A team of undergrads or graduate students conducting an "exploit". 
> > 2.  A Detweiller tentacle. Dr. FC ?
> > 3.  The return of Alice D'nonymous ?
> > 4.  The reason the coderpunks lists was started.
> > 
> > You've got to be ROTFL. 
> > See my sig.
> > 
> > Arley Carter
> > Tradewinds Technologies, Inc.
> > email: ac at hawk.twinds.com
> > www: http://www.twinds.com
> > 
> > "Trust me. This is a secure product. I'm from  > corporation or government agency>."
> >  
> Appreciately,
> 
> Ralph
> 
> > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  
> > >      
> > > 
> > > 
> > > 
> > >     
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 





From owner-cypherpunks at toad.com  Thu Feb 22 03:18:47 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:18:47 +0800
Subject: No Subject
Message-ID: 


At 01:11 PM 2/21/96 -0800, tcmay at got.net (Timothy C. May) wrote:

>* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
>stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
>BSAFE, RSAREF, etc.
>
>* Cypherpunks -- nuclear bomb triggers, why women are more free under the
>will of Allah than in Western decadent societies, movie reviews, SS
>Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
>Antarctica, Himalayan treks, etc.

Pretty much, yep. The only part of this that really annoys me is that there
isn't currently any real place to talk about actual crypto matters from a
user's point of view.

Sure, I can carve out space for myself on my own Web pages to talk about the
things that interest/concern me - and I have - but it's tough to find
anyplace to _learn_ in any way except random experimentation. And sure, if I
could read C well enough to puzzle through the remailer code and had the
UNIX knowledge necessary to compile and run one myself, for instance, I
could answer all my questions about remailer operation. But I don't. And I
wish I didn't have to. Unfortunately, there seems to be a huge gap between
the tiny handful of people who create the stuff and the bulk of us who are
merely interested in using it.

At this point, I acknowledge that I'm reinventing Alan's screed about how
"cypherpunks teach" should be as true as "cypherpunks write code". If more
people don't work on bridging the aforementioned gap, smart people of good
will who happen to be occupied enough with other things not to be able (or
interested) to become themselves good programmers and cryptographers are SOL.
 

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From owner-cypherpunks at toad.com  Thu Feb 22 03:26:53 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:26:53 +0800
Subject: No Subject
Message-ID: 


Dave Merriman writes:
> could someone point me at the 'specs' for Mixmaster remailers? 
> I'm after how messages are sliced, diced, repackaged, and shipped, etc.

http://www.obscura.com/~loki/remailer/remailer-essay.html

Funky things are apparently happening with the obscura DNS records etc. due to
some equipment moves Lance is doing, so you may or may not find this 
convenient to retrieve at the moment.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From owner-cypherpunks at toad.com  Thu Feb 22 03:31:26 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:31:26 +0800
Subject: No Subject
Message-ID: 


On Thu, 22 Feb 1996, Robert Hettinga wrote:

> >I'm sufficiently impressed with the arguments against name credentials
> >that Carl Ellison has made that I'm looking seriously into systems
> >that don't do any sort of conventional certificate binding at all...
> 
> ... and I bet, Wei Dai's contentions to the contrary, that they'll be
> *cheaper* to use than those which do certificate binding, all other things
> being equal.

You got my position completely backward on this.  I've always supported 
Carl's arguments in the past on this issue (for example see the tread 
"subjective names...").  You may be thinking of what I said about the 
cost of defeating traffic analysis.

The natural state of the Net seems to be a kind of semi-anonymity.  
Trying to push it in either direction (complete traceability or 
anonymity) is costly.

Wei Dai





From owner-cypherpunks at toad.com  Thu Feb 22 03:35:56 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:35:56 +0800
Subject: No Subject
Message-ID: 


IPG Sales  wrote:

>  See my reply to Tim Phillip - it is checked extensively 
> 
> If the algorithm sucks, prove it - please read the messages back and 

See my comment below.
[..]
> > [..]
> > > In general, you will find the kernel of the propgations consists of 64
> > > equation sets of the form:
> > > 
> > >        Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers
> > >        ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
> > >        OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic
> > 
> > Bah. Looks to me like simple garbling, only using a large stream.
> > 
> > Encrypt a stream of zeros with that method, and you'll get repeated
> > strings of OTP[Bi]'s.  An unsophisticated high school student could
> > crack that.


 





From owner-cypherpunks at toad.com  Thu Feb 22 03:40:54 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:40:54 +0800
Subject: No Subject
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales at cyberstation.net writes:

> Who said that we are expanding OTP's -

I believe you did, when you stated that your "OTP" (and I am only using
"OTP" in this case to point up your misusage of the term, and not to
claim that what you are doing is any such thing) is used to seed your
"RNG" (another misnomer).

> we are using them to drive RNG's
> please read my mail back and forth with Derek and Roy Silvernail,

Do remember that the majority of my mail has not been copied to the
list.

> I belive that both of then recognize that an extremely large key, 2
> to some large number, let us say for the time being 2 to 12288 bits
> can be derived from a OTP when generated-

Not a chance, slick.  A One-Time Pad is well defined within the art, and
your PRNG system is no such thing.  I will thank you to not postulate
what I may or may not recognize.
- -- 
Roy M. Silvernail --  roy at cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSwTVhvikii9febJAQEtpgP+MqcESnrisA8tYT+GulGamEhMIa9gTKAn
Dc1ylyG4pgMRW+osZnnBJcWeZq8Yx7aTzteTmkNYmpXZP9liVaySSOVce36ORG4X
BnRO2OGLI3JD8ssgMbifxbZay/00bDdCuMthGnXA+xKAW27p9i9tHLrPIyJhdjZa
Jd3rHWCqwCc=
=Cx0p
-----END PGP SIGNATURE-----





From owner-cypherpunks at toad.com  Thu Feb 22 03:43:36 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:43:36 +0800
Subject: No Subject
Message-ID: 


"Assassination Politics" Part 8

The following article appeared in the Sunday, February 4, 1996 issue of 
Asahi Evening News, in an article written by columnist Paul Maxwell, page 6. 
He writes a regular column about the Internet for this newspaper.

"Networks:  Paul Maxwell"

"Dial Internet for murder"

'The first thing we do, let's kill all the lawyers."  (Shakespeare, Henry VI).

A startling and controversial idea has surfaced on the Internet 
recently--fear with me for a moment while I explain it.  It is based on two 
technological developments:  digital cash and encryption software.

Briefly, digital cash is a system for transferring funds from one person to 
another on the Net.  For this system to be as good as cash, the transactions 
must be capable of being conducted anonymously, just like in real life.  
(You go into the Seven-Eleven, buy a Cafe Latte, and nobody knows your name 
or your credit history.  The purchase is not recorded in a database of your 
consumer preferences.)

Several competing schemes for digital cash have been launched,  but the one 
that eventually gains universal acceptance will surely have this anonymity 
feature.

The second innovation is a kind of software called public-key encryption.  
It allows you to send a file or an email message that is "locked" in such a 
way that it can only be opened by the intended recipient.  The recipient, 
however, cannot open it until given a "key."  This "key" may then be used to 
encrypt a return message that can only be opened by the original sender.

Freelance visionary and tinkerer Jim Bell has been following both of these 
developments for the past few years.  Recently, he asked himself a couple of 
tough questions:  "How can we translate the freedom afforded by the Internet 
to ordinary life?"  How can we keep government from banning encryption, 
digital cash, and other systems that will improve our freedom?"

Suddenly, Bell had a revolutionary idea.  ("Revolutionary" is the word he 
uses, and it fits.)  You and me--the little guys, the ordinary working 
people of the world--could get together, all pitch in, and pay to have every 
rotten scoundrel in politics assassinated.  And we could do it legally.  
Sort of.

Bell imagined an organization that would award "a cash prize to somebody who 
correctly 'predicted' the death of one of a list of violators of rights, 
usually either government employees, officeholders, or appointees.  It could 
ask for anonymous contributions from the public, and individuals would be 
able to send those contributions using digital cash."


He explains that "using modern methods of public-key encryption and 
anonymous digital cash, it would be possible to make such awards in such a 
way so that nobody knows who is getting awarded the money,  only that the 
award is being given.  Even the organization itself would have no 
information that could help the authorities find the 
person responsible for the prediction, let alone the one who caused the death."


Are you following this?  Let's say that we, the public, decide we've finally 
had enough of [insert name of villain].  Ten dollars from me, ten from 
you--suddenly there's a million dollars in a fund.  The money will go to the 
first person who can "predict" the date, time, and circumstances of the 
villain's death.  Obviously, this information is only known in advance by 
the assassin.

He sends an anonymous, "locked" message.  He kills the villain.  He sends 
the "key" to the message.  He has, without ever revealing his identity,  
"correctly predicted" the murder.  The "key" that he has provided is then 
used to "lock the award money in a file that is then publicly posted on the 
Internet.  Only the person who originated the key may open the file and 
claim the digital cash.

In other words, public anger could finance cash awards for assassinations.  
The organization that collected the money and announced a list of possible 
targets would never know about a crime in advance, and would never know the 
identity or whereabouts of a criminal.  It would not technically be guilty of 
conspiracy or complicity.

Jim Bell has thought about this a lot, and feels that the idea is 
technically feasible, practical, even foolproof.  Suppose for 
a moment he's right?  What are the implications?

World leaders live with the threat of assassination every day of their 
lives.  But at the local level, this could really have 
an impact.  And the "target" list wouldn't necessarily to politicians--any 
offensive public  personality would be fair game.  Picture yourself a year 
from now, sitting around with friends.   Somebody says, "Remember when Juice 
Newton got whacked?"   And you say, "Yeah--best ten bucks I ever spent."

Satisfying as it might be to declare war on asinine pop singers, Bell has a 
more civic-minded suggestion:  Let's kill all the car thieves.  He reasons 
that a very small number of career criminals are responsible for nearly all 
car thefts.  If one million car owners in a given metropolitan area 
contributed just four dollars a year, it would create $10,000 a day in 
"prize money" for the "predictor" of any car thief's death.

"Assuming that amount is far more than enough to get a typical car thief's 
'friends' to 'off' him," he writes, "there is simply no way that a 
substantial car-theft subculture could possibly be maintained."

Jim as high hopes for his plan--he thinks it could eventually lead to the 
end of political tyranny.  But if you don't like this idea, he has others.  
In a recent email exchange, I asked what he was doing now.

"I recommend that you rent the movie, "The Day the Earth Stood Still.," he 
answered.  "I'm working on a similar project."

[end of article]










From owner-cypherpunks at toad.com  Thu Feb 22 03:43:46 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Thu, 22 Feb 1996 19:43:46 +0800
Subject: No Subject
Message-ID: 


On Sun, 18 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
> >	I've been kind of busy recently (the reason I haven't responded to
> >the more recent Assasination Politics stuff), but I'm curious what 
> >your method is for achieving simultaneous explosions.
> 
> 
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid 
> explosive (for example, pure nitromethane), length accurately cut to produce 
> the exactly desired delay.  Kept separated from each other by foam spacers 
> to avoid inter-fiber detonations. Detonated from a single cap, with an 
> intermediary chamber of liquid explosive to stabilize the shock front, the 
> detonation wave travels along each tube simultaneously at (presumably) 
> identical velocity."

This method is so dependent on the uniformity of the initiator (the cap 
in this instance) as to be nearly useless.  Normal blasting caps do not 
detonate with the uniformity required to initiate each of the tube paths 
at the same time.  In the off chance that you contemplated surrounding 
the cap with liquid explosive of a sufficent type, (which still wouldn't 
assure proper uniformity with any certainty as the liquid explosive is as 
likely to detonate slightly off left to right as up to down) you still have 
extremely difficult problems to overcome.

1>  Interference from the milling shape and accuracy of the openings to 
the tubes containing the liquid explosive.

2>  Mild to obscure impurities in the liquid explosives causing 
differences in velocity with respect to other tubes.  Even small changes 
in pressures within the tubes might cause enough timing problems to make 
uniform initiation of the primary high explosive assembly impossible.

3>  Interference from the milling shape and accuracy of the terminus of 
the tubes containing the liquid explosive.

4>  Overpressure in the device causing premature detonation of the near 
portion of the high explosive assembly.

All of these might cause enough timing error to prevent uniform pressure 
and thus prevent uniform compression and make supercriticality impossible.

Remember, kryonic switiches are necessary even when dealing with the 
speeds of electric conductivity.  The velocities of even hydrazine based 
explosives are signigicantly lower.  The margin for error is similarly lower.

Plutonium gun is still the easiest method for the home grown nuclear 
device, even if it requires more fissile material.

> It's a race, designed so that the detonation waves reach their targets (the
> foci) at 
> the same time.  If the detonation velocity was, say, 5,000 meters per 
> second, an accuracy of 0.5 millimeter in length would produce a delay 
> accuracy  of 100 nanoseconds.
>
> Whatcha think?
> 
> Now where did I put that pit...   
>
> Jim Bell
> jimbell at pacifier.com
> 
> Klaatu Burada Nikto
> 
> -----BEGIN PGP SIGNATURE-----
[...]
> -----END PGP SIGNATURE----- 

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From bruce at aracnet.com  Thu Feb 22 03:57:10 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Thu, 22 Feb 1996 19:57:10 +0800
Subject: A Challenge (perhaps!)
Message-ID: <2.2.32.19960222104535.006945e8@mail.aracnet.com>


>I know it doesn't exercise key technology and relies on the secrecy of the
>algorithm (which from my very limited knowledge on cryptography I think makes
>it almost doomed from the start (?))... 

Yes, it does. Without the slightest insult of any kind to your friend, the
problem is that the vast majority of "new" algorithms have actually been
invented time and time again long ago. And the vast majority of those have
been shown to have vulnerabilities. Phil Zimmerman writes about this in the
PGP docs. It is overwhelmingly likely that your friend has, no doubt with
the best of intentions, stumbled across something that has a simple flaw he
doesn't know about.

Further, secrets are hard to keep. PGP works _because of_ its publicity, not
in spite of it. When the algorithm must be kept secret, every little thing
must be watched. Just a few months ago, someone cracked the encryption on
Microsoft's Win95 registry database by taking a snapshot of the contents of
memory at a key moment. Other hacks break other efforts at secrecy.

In fact, no sensible user should trust anything to a secret algorithm. I may
not be able to tell the difference between Diffie-Hellman and Lillian
Helman...but I can go talk to those who can. If the coders and evaluators I
trust tell me there's a problem, I can go hunt up another solution. Doing
anything else buying a pig in a poke.

Now, there are a lot of not-sensible users out there. Slick marketing can
result in a bundle being made. But it's not the best way to go.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From merriman at arn.net  Thu Feb 22 03:59:31 1996
From: merriman at arn.net (David K. Merriman)
Date: Thu, 22 Feb 1996 19:59:31 +0800
Subject: mixmaster info?
Message-ID: <2.2.32.19960221110350.0067df28@arn.net>


I hate to bring up the topic of privacy/crypto (yech! :-), but could someone point me at the 'specs' for Mixmaster remailers? I'm after how messages are sliced, diced, repackaged, and shipped, etc.

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From sinclai at ecf.toronto.edu  Thu Feb 22 04:01:04 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Thu, 22 Feb 1996 20:01:04 +0800
Subject: IPG OTM expansion
Message-ID: <96Feb21.173106edt.9978@cannon.ecf.toronto.edu>


I have a guess as to IPG's "OTP" expansion algorithm.  The clue is the
prime wheels.  It reminded me of something I read in Kahn that was originally
done with paper tape.

Take two random streams, A and B.  Their lengths are relatively prime.  Let's
use 1000 and 999.  An expanded stream C is computed thus:

C[i] = A[i % 1000] ^ B[i % 999]

C thus does not repeat until 999000 values have gone past.  Using more than
two relatively prime wheels will produce very large streams.  The key,
of course, is that *the entropy does not increase*.  I am sure that this
sort of expansion is vulnerable to attack.  It certainly does not warrant
the name OTP.

Am I close, Ralph?





From perry at piermont.com  Thu Feb 22 04:01:39 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 22 Feb 1996 20:01:39 +0800
Subject: IPG OTM expansion
In-Reply-To: <96Feb21.173106edt.9978@cannon.ecf.toronto.edu>
Message-ID: <199602212307.SAA10309@jekyll.piermont.com>



SINCLAIR DOUGLAS N writes:
> I have a guess as to IPG's "OTP" expansion algorithm.  The clue is the
> prime wheels.  It reminded me of something I read in Kahn that was originally
> done with paper tape.
> 
> Take two random streams, A and B.  Their lengths are relatively prime.  Let's
> use 1000 and 999.  An expanded stream C is computed thus:
> 
> C[i] = A[i % 1000] ^ B[i % 999]
> 
> C thus does not repeat until 999000 values have gone past.  Using more than
> two relatively prime wheels will produce very large streams.  The key,
> of course, is that *the entropy does not increase*.  I am sure that this
> sort of expansion is vulnerable to attack.

Indeed it is. It is fairly straightforward to crack this. If you read
the same chapter of "The Codebreakers" you will note that, in fact,
this same method was tried and broken way, way back.

> Am I close, Ralph?






From andreas at artcom.de  Thu Feb 22 04:01:51 1996
From: andreas at artcom.de (Andreas Bogk)
Date: Thu, 22 Feb 1996 20:01:51 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "IPG" == IPG Sales  writes:

    IPG> I find less and less disagreeement with your comments - with
    IPG> one major exception - for a given message length - say 10 to
    IPG> the 500th power, a OTP seeded algorithm, a better term would
    IPG> be to call it an OTP driven algorithm, can produce the exact
    IPG> same effect as an OTP of that length - that is, the encrypted
    IPG> text can be any possible message of that length, and it is
    IPG> not possible to predict in way what the RNG generated stream
    IPG> is -

First, what you describe is commonly called a keyed RNG. Such a system
is provably less secure than an OTP, because the number of possible
plaintexts from any given ciphertext is limited by the number of
possible keys. This makes an exhaustive search of all keys possible,
because it is very unlikely that a given ciphertext decrypts to
multiple plaintexts that make sense. In contrast, with a OTP there are
as many keys as there are possible plaintexts, so any given plaintext
can be reached, making it impossible to recognize the correct
plaintext. Of course, searching the whole keyspace might be impossible
if the number of possible keys is large enough.

But there are other ways of attacking a croyptosystem besides trying
all possible keys. Your cryptosystem seems to be based on what is
called a linear congruential generator in combination whith an
RC4-like 8*8 S-box, although somewhat simpler.

I don't want to make any claim about the security of the algorithm,
but linear congruential generators can't be considered secure for any
cryptographic use. Your only chance is that the security of that
algorithm does not depend on the generator, but I doubt that.

For further reference, go out and buy "Applied Cryptography" by Bruce
Schneier.

The pseodo-code snipped describing your algorithm, for other people's
reference:

    IPG> Bi=(Bi+Ci MOD Di) Mod 256              Large prime numbers
    IPG> ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi     Encryption
    IPG> OTP[Bi]=ENCRYPTEXTi                    Makes the OTP Dynamic

Andreas

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSu6OEyjTSyISdw9AQGKIQP+MqE5Scq99kGfLT8CdN3h9abJZNhj9qzm
rUFGsnXfdAvyRzfLz6v8FsfLHgnkgu10MG++NABFBz0I+U0iGFi8Zivkd3Ae9/6J
qOHqbGjiS4r3QN8IOLDwAW6eO6pF4Z0A/+FqLVR+zB+OZF/7TzUmgWpa8+cLWQkH
Hndr5tAVekw=
=bY+f
-----END PGP SIGNATURE-----





From stewarts at ix.netcom.com  Thu Feb 22 04:02:01 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Thu, 22 Feb 1996 20:02:01 +0800
Subject: PRNG in VB
Message-ID: <199602212243.OAA13710@ix15.ix.netcom.com>


At 10:05 PM 2/20/96 -0800, you wrote:
>I am answering the courteous inquiry from Thomas Womack about my request for 
>help with a Visual Basic-only PRNG.  The premise is that those who will not or
>can not afford hardware-based RNG's need something relatively secure in the
>face of nothing at all or at best a lesser implementation.
...
>the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.

The ViaCrypt PGP has a nice feature that pops up a window for you to wave your
mouse around in or type random characters if you'd rather.  It's _much_ nicer,
and generally faster, to wave the mouse.  If you need a few bits of
randomness when you're putting up the splash screen, you could also watch the 
mouse any time it's in your window on the way to the "ok" button,
though of course that doesn't help if your users are using the Enter or Esc key
instead of the mouse.


Of course, if you're trying to do crypto processing, you probably also feed
the data into MD5 before using any of it.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From cp at proust.suba.com  Thu Feb 22 04:02:41 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Thu, 22 Feb 1996 20:02:41 +0800
Subject: "This is not Coderpunks--we don't need no steenking cryptography!"
In-Reply-To: 
Message-ID: <199602212254.QAA03552@proust.suba.com>


> Coderpunks is a membership-only list, with a list.cop who approves
> membership and who expels those who post inappropriate material.
> Cypherpunks is an open list, with no one ever having been expelled.

I'm sort of surprised that no one besides Tim seems to be bothered by
coderpunks.  The idea of a cliquish technical elite developing crypto code
out of the public eye isn't very cyberpunkish. 

But at the same time, we ought to keep a couple of things in mind.  First
of all, the problem that coderpunks was organized to solve is a real one
-- cypherpunks takes a lot of time, there's a lot of noise, and it's often
frustrating.

What's more, the coderpunks list is a lot more open than some of the early
rhetoric suggested it would be.  Making the list archives available at
hks.net is a very positive gesture.  There was a post here last week 
claiming that no one had been denied membership to coderpunks -- that's 
very different from the policy advocated in some early coderpunks posts, 
which called for allowing new subscriptions by invitation only.  
Coderpunks seems to be shaping up as a reasonably open list that demands 
that its members stay on topic.  That doesn't seem unreasonable to me.

I hope the new list catches on, and that it makes it easier for its
members to develop new tools.  But I'd also like to be able to continue 
to read it -- I hope that the members will see the value of not closing 
it off any tighter than necessary to keep their s/n ratio high.








From rmartin at aw.sgi.com  Thu Feb 22 04:03:14 1996
From: rmartin at aw.sgi.com (Richard Martin)
Date: Thu, 22 Feb 1996 20:03:14 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <9602211759.ZM15248@glacius.alias.com>



-----BEGIN PGP SIGNED MESSAGE-----

On Feb 21,  3:16pm, IPG Sales wrote:
> Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
> Mike, the keys are encrypted with an OTP that only the intended recipient
> can open - a special, subsystem used for that purpose only - employing
> the same techniquers, but entirely separate and apart from the primary
> user system -  any inteceptor would have to break trhe system, which we
> claim is impossible.

see
http://www.marcus.rts.com.au/faq/one-time.html for a really brief summary
of the assumptions I'm about to use.

a) if I use a chunk of data A to encrypt another chunk of data B, then
   my method of encryption is *not* a one-time pad if size(A) < size(B)

b) the security of a one-time-pad O is only as good as any encryption used
   to exchange O between two parties, which leads to...

c) if C. lu`Lez, an Idiotic Pseudo-security Generator, wishes to transmit
   a chunk of data A to L. User, then for A (if A is truly random to begin
   with) to have the security of a one-time pad, A must be exchanged using
   a one-time pad B where size(B) > size(A)

d) CONTRADICTION: If C and L already share B, which is greater in size
   than A, *why is C sending more keys*?

Of course, it all works out if you stop expecting A to be a one-time pad when
it gets to L.

richard

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSuj3h1gtCYLvIJ1AQF1hwP/a7RabRjyXfLSa1IbpdJjP91Su/Rskwjh
8k9GiihQsiQ/nyWkqp8wbNehjNj/n8smz0q+3wQUu5tSotWtv6ws8qJA4ntQhMGi
MePVQBX/1XMg2pMOr7VUca0cys/GXxXyJAOgzU/muSLxUkLtlGxwLV06yc5npuo0
j+y4M6igowI=
=TVkd
-----END PGP SIGNATURE-----

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992





From perobich at ingr.com  Thu Feb 22 04:03:23 1996
From: perobich at ingr.com (Robichaux, Paul E)
Date: Thu, 22 Feb 1996 20:03:23 +0800
Subject: Big Java security hole
Message-ID: 



Forwarded to me by a fellow webmaster; I don't know the original source.

-Paul


Date: Sun, 18 Feb 1996 23:57:02 -0500
From: Drew Dean 
Subject: Java security problems

We have discovered a serious security problem with Netscape Navigator's 2.0
Java implementation.  (The problem is also present in the 1.0 release of the
Java Development Kit from Sun.)  An applet is normally allowed to connect
only to the host from which it was loaded.  However, this restriction is not
properly enforced.  A malicious applet can open a connection to an arbitrary
host on the Internet.  At this point, bugs in any TCP/IP-based network
service can be exploited.  We have implemented (as a proof of concept) an
exploitation of an old sendmail bug.

If the user viewing the applet is behind a firewall, this attack can
be used against any other machine behind the same firewall.  The
firewall will fail to defend against attacks on internal networks,
because the attack originates behind the firewall.

The immediate fix for this problem is to disable Java from Netscape's
"Security Preferences" dialog.  An HTTP proxy server could also
disable Java applets by refusing to fetch Java ".class" files.  We've
sent a more detailed description of this bug to CERT, Sun, and
Netscape.

A second, also serious, bug exists in javap, the bytecode
disassembler.  An overly long method name can overflow a stack
allocated buffer, potentially causing arbitrary native code to be
executed.  The problem is an unchecked sprintf() call, just like the
syslog(3) problem last year.  Many such bugs were in the alpha 3
release's runtime, but were carefully fixed in the beta release.  The
disassembler bug apparently slipped through.  This attack only works
on users who disassemble applets.  The fix is to not run javap until
Sun releases a patch.

Note that we've only had success in exploiting the first flaw on an SGI.
Windows 95 and DEC Alpha versions of Netscape have other bugs in their
socket implementations that make it harder (although not necessarily
impossible) to exploit the problem.  This is the second time that unrelated
implementation bugs have prevented us from demonstrating security problems
in Java.

http://www.cs.princeton.edu/~ddean/java will contain more information
soon, including a revised version of our paper, to appear in the 1996
IEEE Symposium on Security and Privacy.

Drew Dean       
Ed Felten       
Dan Wallach     
  Department of Computer Science, Princeton University

For more information, please contact Ed Felten, 609-258-5906, FAX 
609-258-1771.

_______________________________________________________
Travis Weller               WebMaster, Metrowerks, Inc.
tcweller at metrowerks.com     http://www.metrowerks.com/










From Chris.Claborne at SanDiegoCA.ATTGIS.com  Thu Feb 22 04:04:43 1996
From: Chris.Claborne at SanDiegoCA.ATTGIS.com (Chris Claborne)
Date: Thu, 22 Feb 1996 20:04:43 +0800
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960221221410.00745c18@opus.SanDiegoCA.ATTGIS.com>


San Diego Area CPUNKS symposium  Thursday, Feb 29, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's new
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There might also be an announcement of a new Internet
Service Provider in San Diego providing, among it's other premier services,
anonymous remailers and other privacy services.

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne at SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.






From bplib at wat.hookup.net  Thu Feb 22 04:06:04 1996
From: bplib at wat.hookup.net (Tim Philp)
Date: Thu, 22 Feb 1996 20:06:04 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 



On Wed, 21 Feb 1996, IPG Sales wrote:

> We are reconsidering the Canadian restrictions - and may change them -
> it is certainly not the ITAR quexstion, but another matter - we expect 
                                          ^^^^^^^^^^^^^^^^^^
> that Canadians will be included shortly - as to the question of using 

Just what is this 'other matter'


> Why do you want to make it a one way street? We believe fair is fair - if 
> you want to chop off our neck, then we should be able to tell people that 
> you tried and could not at some point in time - 

	I fail to see how this is a 'one way street'. You are interested
in feedback on your system and want us to examine it and tell you of
weaknesses. We are interested in any new system that claims to be secure
and we can learn from the developments, and yes, mistakes of others.  This
sounds like a perfect quid pro quo to me. 
	You seem to want more. You want to be able to use the 'name' of
the cypherpunks to assist your marketing for whatever benefits that you
see by exploiting our name. I say again, as others have said, we are
simply a mailing list of people brought together by a common interest in
cryptography. There is nothing to stop you from making your claims 
without our 'consent' or the 'Cypherpunks seal of approval'.
	The real problem that you have, is that there are knowledgable
people on this list who have expressed doubts about your system. These
people are well known to the press and in the security community and are
not shy about expressing their opinions (right Perry? ). These are the
people who you have to convince if you want to have our approval (whatever
that is).
	Look at the history of algorithms that are generally considered 
secure. The code has been placed on the net for public comment and 
review. I think that all have benefited from this process.
	You have made the same mistake as some others who posted long 
samples of marketing 'noise' to the list using all of the keywords that 
we have come to regard as 'snake oil'. I have no idea if your product is 
indeed secure or snake oil. You have not published enough information for 
any reasonable  person to make a determination. The form of your 
announcement was not appropriate for this forum or your needs.
	I submit that a better approach would have been to post the code
to sci.crypt and send a short note to this list asking for comments. 
People who ask for help, and co-operate with us usually receive help. 
People who publish marketing junk, as you did, get abused.
	Let's concentrate on substance rather than form.

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys at swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From silber  Thu Feb 22 20:56:20 1996
From: silber (Andy Silber)
Date: Thu, 22 Feb 1996 20:56:20 -0800 (PST)
Subject: No Subject
Message-ID: <199602230456.UAA00520@mark.allyn.com>


>        NED_PUEV ,
>        Radar ,
>        Denise HP TechSupport ,
>        sgajar 
>Subject: FW: FWD>Bill O Rights
>Date: Wed, 21 Feb 96 14:27:43 PST
>Encoding: 120 TEXT
>X-Mailer: Microsoft Mail V3.0
>Status:
>
>
>
> ----------
>From: Dave Behrns
>To: MIS Mail Group
>Subject: FW: FWD>Bill O Rights
>Date: Wednesday, February 21, 1996 2:10PM
>
>
>
>>>To whoever may read this,
>>>
>>>This is not a typical letter, in that by passing it on to as
>>>many people as you can, you are taking part in what may yet become the
>>>world's biggest practical joke. The U.S. Government has rece ntly
>>>passed an act which enforces censorship on the internet. A group of
>>>internet users has now come together to kick back at this oppression,
>>>and have a bit of fun at the same time. >The aim of this exercise is
>>>to re-establish the United States as "The land of the Free", not a
>>>fascist state where freedom of speech and thought are curtailed.
>>>Communist Russia fell as a result of s uch limits being placed upon
>>>the minds of the general populus. On receiving this letter, please
>>>pass it on to as many friends or E-mail lists as you can. We predict
>>>that if everybody copies the lette r to 5 other addresses, by February
>>>29th 1996, this letter should have reached in excess of 2 million
>>>people. That's when the fun begins........ >On February 29th, please
>>>send the message:
>>>
>>>Dear Mr. President,
>>>Do you remember this:
>>>
>>>And afterwards enclose the pre-typed copy of the Bill of rights. By
>>>sending the letter on the date above, you will contribute to either
>>>one huge petition for freedom, or else lead to a crash of the
>>>whitehouse server.Send all letters to: >President at Whitehouse.gov
>>>
>>>Remember that solidarity is the key to success !!!!!
>>>
>>>
>>>---------------------------------------------------
>>>
>>>THE BILL OF RIGHTS
>>>
>>>Amendment I
>>>
>>>Congress shall make no law respecting an establishment of religion, or
>>>prohibiting the free exercise thereof; or abridging the freedom of
>>>speech, or of the press; or the right of the people peaceably to
>>>assemble, and to petition the government for a redress of grievances.
>>>
>>>Amendment II
>>>
>>>A well regulated militia, being necessary to the security of a free
>>>state, the right of the people to keep and bear arms, shall not be
>>>infringed.
>>>
>>>Amendment III
>>>
>>>No soldier shall, in time of peace be quartered in any house, without
>>>the consent of the owner, nor in time of war, but in a manner to be
>>>prescribed by law.
>>>
>>>Amendment IV
>>>
>>>The right of the people to be secure in their persons, houses,
>>>papers, and
>>>effects, against unreasonable searches and seizures, shall not be
>>>violated, and no warrants shall issue, but upon probable cause,
>>>supported by oath or affirmation, and particularly describing the
>>>place to be searched, and the persons or things to be seized.
>>>
>>>Amendment V
>>>
>>>No person shall be held to answer for a capital, or otherwise
>>>infamous
>>>crime, unless on a presentment or indictment of a grand jury, except
>>>in cases arising in the land or naval forces, or in the militia, when
>>>in actual service in time of war or public danger; nor shall any
>>>person be subject for the same offense to be twice put in jeopardy of
>>>life or limb; nor shall be compelled in any criminal case to be a
>>>witness against himself, nor be deprived of life, liberty, or
>>>property, without due process of law; nor shall private property be
>>>taken for public use, without just compensation.
>>>
>>>Amendment VI
>>>
>>>In all criminal prosecutions, the accused shall enjoy the right to a
>>>speedy and public trial, by an impartial jury of the state and
>>>district wherein the crime shall have been committed, which district
>>>shall have been previously ascertained by law, and to be informed of
>>>the nature and cause of the accusation; to be confronted with the
>>>witnesses against him; to have compulsory process for obtaining
>>>witnesses in his favor, and to have the assistance of counsel for his
>>>defense.
>>>
>>>Amendment VII
>>>
>>>In suits at common law, where the value in controversy shall exceed
>>>twenty dollars, the right of trial by jury shall be preserved, and no
>>>fact tried by a jury, shall be otherwise reexamined in any court of
>>>the United States, than according to the rules of the common law.
>>>
>>>Amendment VIII
>>>
>>>Excessive bail shall not be required, nor excessive fines imposed, nor
>>>cruel and unusual punishments inflicted.
>>>
>>>Amendment IX
>>>
>>>The enumeration in the Constitution, of certain rights, shall not be
>>>construed to deny or disparage others retained by the people.
>>>
>>>Amendment X
>>>
>>>The powers not delegated to the United States by the Constitution, nor
>>>prohibited by it to the states, are reserved to the states
>>>respectively, or to the people.
>>
>>
>>
>






From rah at shipwright.com  Thu Feb 22 05:26:06 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 22 Feb 1996 21:26:06 +0800
Subject: "and two forms of ID"
Message-ID: 


>You got my position completely backward on this.

I feel much better now. :-). I really didn't want to cross swords with
someone who's S/N ratio is as high as yours is around here.

>You may be thinking of what I said about the
>cost of defeating traffic analysis.

That must have been it.

>The natural state of the Net seems to be a kind of semi-anonymity.

Ah. I believe this is what I'm talking about...

>Trying to push it in either direction (complete traceability or
>anonymity) is costly.

I'm going to build a rant about this pretty soon, but I think that in a
geodesic network, audit trails of any kind cost more money, particularly in
the "fringes" of the network, where all the processor growth is going to
happen, assymetries or not. As processors handle smaller and smaller stuff
faster and faster, it becomes harder and harder to "control" and monitor
all of them. To operate efficiently, they have to be more and more
autonomous.

One way to provide decision rules for autonomous processors is to introduce
micro-e$ auction markets into the net's infrastructure. A good example
might be packet routing. Suppose you attach some very skinny money to a
packet  (something issued with Micromint, maybe?), and strip it off as the
packet goes through the network, sender pays.  Routers price their
throughput based on their load at any given moment. When you create this
"economy of switches", it becomes harder to establish the hierarchical
book-entry control/coodination models we all know and love, certificate
hierarchies among them.

I think that something like this might work as a way of randomizing traffic
in a network of remailers, by the way. Let the market determine the
remailer path. Specify the number of hops left, and attach enough money for
that number of hops. This is one way for people to pay for the use of
remailers, and eventually, it could map to packet-level-anonymity someday.

For the moment, I'm going to claim that anonymous auction markets are
always more efficient than identified, command economies, just like flight
is faster than surface travel.

At least that's what I think this morning. :-). More as I get some time.

However, I do agree that it's foolish to simply declare that everything
must be unauditable, just as it is to declare universal auditability. It's
better to let the market figure this out. ;-).

Cheers,
Bob Hettinga










-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From m5 at dev.tivoli.com  Thu Feb 22 05:48:34 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 21:48:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <9602221320.AA16955@alpha>



Perry E. Metzger writes:
 > If you start with 100 bits of entropy, your stream will have only 100
 > bits of entropy. If you start with 1024 bits, you will have a kilobit
 > of entropy, and so forth.
 > 
 > This may seem like a lot, but it really isn't.

...and note that IPG does us the favor of ensuring the keys conform to
this elaborate battery of statistical tests.  Thus, there are bunches
of keys that "aren't random enough" and thus not among the set to be
considered when trying to break one.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From m5 at dev.tivoli.com  Thu Feb 22 06:06:17 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 22:06:17 +0800
Subject: BIG JAVA SECURITY HOLE
In-Reply-To: 
Message-ID: <9602221339.AA15504@alpha>



Perry E. Metzger quotes:

 > > A second, also serious, bug exists in javap, the bytecode
 > > disassembler.

I haven't figured out how this is anything more than a simple bug,
unless one presumes you could concoct a trojan horse in the form of a
"really cool applet that ya just gotta disassemble dudez".

[Maybe that really is it.]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From jya at pipeline.com  Thu Feb 22 06:11:52 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 22:11:52 +0800
Subject: IBM Breakthrough?
Message-ID: <199602221351.IAA14781@pipe2.nyc.pipeline.com>



Responding to msg by mpd at netcom.com (Mike Duvos) on Wed, 21 Feb 
 9:3  PM

>Those wishing to read IBM's explanation of this new 
>technology  may browse their Web page on Quantum 
>Teleportation at...
>  
>http://www.research.ibm.com/quantuminfo/teleportation/


   Thanks much for your precis and the IBM pointer. 

   IBM's ad seems inspired by Clarke's "Any sufficiently
   advanced technology is indistinguishable from magic."

   The teleportation site hiply introduces the topic with 
   its science fiction ancestry.  The site even has a link to
   the "goulash" featured in the ad, so the tease is PR for
   IBM's magical research explorations.

   It was illuminating to read the tie of teleportation to
   quantum research -- cryptograpy, communication and who
   knows what else burbling in that wizard Watson lab.

   Because my Lynx could not get into IBM's "quantum
   cryptography," perhaps Blue is onto some Lotus-like 
   Q-Crypto soon to be teased in ads for cosmos-wide Net
   security or surveillance-proof chips and goulash.












From m5 at dev.tivoli.com  Thu Feb 22 06:20:33 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 22:20:33 +0800
Subject: A Challenge (perhaps!)
In-Reply-To: <2.2.32.19960222104535.006945e8@mail.aracnet.com>
Message-ID: <9602221346.AA16948@alpha>



Bruce Baugh writes:
 > >I know it doesn't exercise key technology and relies on the secrecy of the
 > >algorithm (which from my very limited knowledge on cryptography I think makes
 > >it almost doomed from the start (?))... 
 > 
 > Yes, it does. 

The way I like to think of such a scheme is to consider the secret
algorithm itself to be the key, which then drives the cryptosystem
composed of the CPU instruction sequencer on the encrypting machine.
Thus all messages are encrypted with the same key; it should be easy
to see why that isn't secure.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From jya at pipeline.com  Thu Feb 22 06:30:20 1996
From: jya at pipeline.com (John Young)
Date: Thu, 22 Feb 1996 22:30:20 +0800
Subject: ASS_alt
Message-ID: <199602221415.JAA16726@pipe2.nyc.pipeline.com>


   EcoMist of Feb 17 has more on The Seychelles lure for
   wealthy outlaws; a look at Richleson's new book on spying;
   and the assault on Swiss vaults for outlaws and spies by
   outlaw, spying prosecutors.


   ASS_alt (for the 3)


   [Thanks to AS]







From alanh at infi.net  Thu Feb 22 06:46:46 1996
From: alanh at infi.net (Alan Horowitz)
Date: Thu, 22 Feb 1996 22:46:46 +0800
Subject: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: 


I dare say that it would be easier to look over the target's shoulder 
than to accurately measure differential amounts of heat dissapaiting out 
of a chip, covertly.





From nobody at c2.org  Thu Feb 22 06:48:34 1996
From: nobody at c2.org (Anonymous User)
Date: Thu, 22 Feb 1996 22:48:34 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220305.TAA08725@infinity.c2.org>


IPG Sales wrote:
> running fakers like us out of business should be its own reward

On the contrary: it's a voluntary waste of time, for which there seems
to be an unending supply of fodder.







From cmca at alpha.c2.org  Thu Feb 22 06:48:37 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Thu, 22 Feb 1996 22:48:37 +0800
Subject: Need SSL firewall
Message-ID: <199602220147.RAA25486@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: shamrock at netcom.com (Lucky Green)]
[Cc: cypherpunks at toad.com]
[Subject: Re:  Need SSL firewall]

Why not get BSDI's current version and run it on a PC. Rumor has it that
is what Microsloth uses for a firewall.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSvHLoHskC9sh/+lAQHoVwP/V9D1VmvK0awiKDvqXs27StkTy5yXSrR7
a4zs6aWF2+pz23bINhMqbdN73tzEkuHQWnFrXuAVY3XxrWH1mMARwuBZGnEctDjI
d1PyFWuahyIkZgJokNPgzyoENE29WF2mMRk7LK7/BwPLNk4JGnzWPt9XhQk37NZQ
MoQsoRHSujA=
=gD6Y
-----END PGP SIGNATURE-----





From stend at grendel.texas.net  Thu Feb 22 06:51:41 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Thu, 22 Feb 1996 22:51:41 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: <199602220355.VAA10221@grendel.texas.net>


IPG Sales  said:

IS> Mike, the keys are encrypted with an OTP that only the intended
IS> recipient can open - a special, subsystem used for that purpose
IS> only - employing the same techniquers, but entirely separate and
IS> apart from the primary user system - any inteceptor would have to
IS> break trhe system, which we claim is impossible.

	So you send not one, but two sets of one time pads out of
band?  Well, if _both_ OTP shipments are intercepted and duplicated,
what keeps the interceptor from getting the keys?

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From wlkngowl at unix.asb.com  Thu Feb 22 06:52:08 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Thu, 22 Feb 1996 22:52:08 +0800
Subject: IPG hoax?
Message-ID: <199602220409.XAA17058@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Wink Junior wrote:
> I must admit that after the first day I've been wondering if this whole
> IPG thing isn't some kind of deep troll or early April Fool's joke.  
> anyone actually spoken on the phone with IPG or confirmed their existence
> in any way?  For the record, I'd like to state that I saw their ad [..]

Been wondering the same thing. The noise generated by this is awfully
suspicious.  It's also rather suspicious that a couple of my posts here
have mysteriously not showed up in the archives, although I've received
replies to them (but that's another issue altogether).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSvslCoZzwIn1bdtAQGomgF/ckqMkUKfMmmkkz9EoadDUYetwmZHedSY
RYSEAo/sTtXdBzgbKEEOTj20ZA7z5O72
=Ar7E
-----END PGP SIGNATURE-----





From cmca at alpha.c2.org  Thu Feb 22 06:52:15 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Thu, 22 Feb 1996 22:52:15 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220145.RAA25449@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: IPG Sales ]
[cc: cypherpunks at toad.com]
[Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)]

IPG Sales  blathered:
>that the encrypted ciphertext can be any of the N to the
>256th power possibile clear/plain text messages/files.

That would be 256^N, actually, a somewhat bigger number generally
speaking. I hope your cryptography is better than your combinatorics,
but I (like a lot of others) doubt it.

Why, in your challenge, is your system to be tested by only US citizens?
Why not submit it to the NSA and in 15 days you could get a CJR for
it... then the c'punks in France, Germany and News Zealand could work on
it too, and you will have saved a lot of time.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSvGToHskC9sh/+lAQFHNwQAsVYB9OodDBRqJshya+TyAKFURc4EqmKf
Sj23Y7605XteUAxlPuF+vm3KnXnAV73hWTpQu+x296oO8ubwmM5XybhyLZqN/8Wa
uT4qatkTVIvrGwtbUpYrjqnO+AgdPZvxoRbrf7QZu4O7k8ONF8J9C0DVRtvGS8BU
Y6ABbc5H3GI=
=5PWi
-----END PGP SIGNATURE-----





From karlmarx at illumini.demon.co.uk  Thu Feb 22 06:52:18 1996
From: karlmarx at illumini.demon.co.uk (KarL MarX)
Date: Thu, 22 Feb 1996 22:52:18 +0800
Subject: A Challenge (perhaps!)
Message-ID: <2@illumini.demon.co.uk>



Hi!

My friend has just written a new crypto program that he is trying to get
included on a PC Magazine CD-ROM over here... 

I don't know too much about it at the moment, but he said he thought it
would be a good idea to see if anyone on this list could crack it and thus
help to make it more secure. I don't know too much about it ATM...

I know it doesn't exercise key technology and relies on the secrecy of the
algorithm (which from my very limited knowledge on cryptography I think makes
it almost doomed from the start (?))... I have some ciphertext of this 
application but apart from that I have nothing else... Would anyone have any
objectiosn to this being posted to the list? If not, could someone tell me
what I should post to the list, plaintext and resulting ciphertext, would
that be enough, or shoudl I post some info on the algorithms as well ???

The application is written in Visual Basic and I could probably get a copy
of the compiled (well VB is actually interpreted, but that's neither here or
there) .EXE file....

-- 
Karl Marx





From jtl at molehill.org  Thu Feb 22 06:53:22 1996
From: jtl at molehill.org (Todd Larason)
Date: Thu, 22 Feb 1996 22:53:22 +0800
Subject: XON_rot
In-Reply-To: <199602211919.OAA05834@pipe4.nyc.pipeline.com>
Message-ID: 


On Wed, 21 Feb 1996, John Young wrote:

>    Computerworld, February 19, 1996:
> 
>    Internet Privacy: How far should federal regulation go?
> 
>    "Only The Force of Law Can Deter Pornographers." by Sen.
>    Jim Exon
> 
>       Don't let opponents of CDA fool you: Nothing in it
>       applies to constitutionally protected speech between
>       consenting adults. Opponents forsake reason when they
>       say they want to protect children from indecency,
>       seduction and harassment but maintain that the
>       overriding issue is freedom of access to anything by
>       anybody. There is too much of the self-serving
>       philosophy of the hands-off elite.
> 
>    "The 'Net Doesn't Need Thought Police." by Marc Rotenberg
> 
>       The U.S. is getting drawn into this craziness because
>       religious zealots and their allies in Congress have
>       decided they know what is good for us and our children.
>       CDA gives federal investigators the right to comb
>       through Web sites, newsgroup posts and even private
>       electronic mail to find evidence of indecent speech. The
>       bill even threatens the right to use privacy
>       technologies, such as encryption, because the government
>       now will have the right to open private E-mail if it
>       suspects the message contains offensive language.
> 
>    XON_rot
> 
>    [Thanks to BC for these]
> 
> 





From frissell at panix.com  Thu Feb 22 07:31:03 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 22 Feb 1996 23:31:03 +0800
Subject: Edupage, 20 Feb 1996
Message-ID: <2.2.32.19960222150734.00720bd0@panix.com>


>>EUROPE BACKS V-CHIP
>>The European Parliament has followed the lead of the United States in
>>supporting the use of Canadian-developed V-chip technology that allows
>>parents to screen violent or adult content from their televisions.
>>(Montreal Gazette 20 Feb 96 C7)

Why, Oh why is there so so much talk about the V Chip.  This stupid device
only covers over-the-air broadcast TV a dying part of the spectrum.  It does
not cover cable-only programs (HBO, etc) and it does not cover net-based
audio and (soon) video programming.  It is meaningless.

DCF






From pp at pfawww.pp.se  Thu Feb 22 07:47:27 1996
From: pp at pfawww.pp.se (Per Persson)
Date: Thu, 22 Feb 1996 23:47:27 +0800
Subject: new "obscenity" law on the net
In-Reply-To: <199602031732.KAA04018@goldman.gnu.ai.mit.edu>
Message-ID: 


[Ben sent this to rms at 'Sat, 3 Feb 1996 10:32:00 -0700'];

"Ben A. Mesander"  writes:

>Just curious - will the new law outlawing obscenity on the net in the us
>cause you to make changes to some of the comments in the emacs source code?

Some weeks ago, Lars and Richard went through the Gnus source and
removed 'fuck' two times and 'fucking' one time (if I didn't get it
all wrong). I wonder if that's your fault.

/pp.

-- 
anum meum aperies, asperge me spermate tuo et inquinabor
url; http://pfawww.pp.se/~pp/   email; 
phone#'s;  work/home/fax: +46 (0)18 100899/247473/103737






From jkeith at panix.com  Thu Feb 22 07:59:55 1996
From: jkeith at panix.com (Jack Keith)
Date: Thu, 22 Feb 1996 23:59:55 +0800
Subject: Digital Signature Legislation (fwd)
Message-ID: 




---------- Forwarded message ----------
Date: Wed, 21 Feb 1996 10:25:39 -0800 (PST)
From: Phil Agre 
To: rre at weber.ucsd.edu
Subject: Digital Signature Legislation

[This message includes some interesting information about significant
consumer and privacy issues in state-level "digital signature" legislation
that is being modeled on Utah's law -- http://www.state.ut.us/ccjj/digsig/
It is also an example of a trend I'd like to encourage: academics using the
Internet to propagate ideas in concise, useful form while getting feedback
from a broad public before their work gets frozen forever in journals.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 20 Feb 1996 20:54:03 -0800 (PST)
From: C. Bradford Biddle 
To: ca-digsig at commerce.net
Subject: Digital Signature Legislation


DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN

by Brad Biddle 
February 20, 1996

[Copyright 1996 by Brad Biddle; permission granted for non-commercial 
electronic redistribution]

A recent flurry of state digital signature legislation should provoke some
concern among consumer activists, privacy advocates, and others interested
in the evolving legal landscape of cyberspace. 

At least ten states are developing or have already implemented digital
signature legislation. Much of this legislation is based on the pioneering
Utah Digital Signature Act, passed in 1995 (and currently in the process
of being amended). States which have introduced legislation based on the
Utah Act include Arizona, Georgia, Hawaii, Oregon, and Washington.
California has passed a different form of digital signature legislation,
and a bill is pending in Illinois which is similar to the California
approach. Florida and Virginia have formal resolutions pending which call
for legislative investigation into digital signature laws. 

The American Bar Association's Information Security Committee (a
sub-committee of the Section of Science and Technology) released its
Digital Signature Guidelines in October of 1995. These Guidelines are
"general, abstract statements of principle" and are not intended as model
legislation. The Information Security Committee intended to release model
digital signature legislation in June of 1995, but this effort has been,
as one report describes it, "stymied by bureaucratic maneuvering."
(Information Law Alert, 10/13/95). In the absence of this model
legislation, the Utah Act has become a de facto model act. 

The intent of this message (distributed to the "ca-digsig" mailing list
and to some other folks via direct e-mail) is to raise some concerns about
the Utah Digital Signature Act and its progeny. The author of this message
is a second-year law student at the University of San Diego School of Law,
and is writing an article on this topic for the San Diego Law Review.
Feedback and criticism are very welcome, and will likely be incorporated
into the developing article. 

THE UTAH DIGITAL SIGNATURE ACT 
[Sec. 46-3-101 et seq., Utah Code Annotated 1953]

No attempt will be made here to explain or summarize the complex and
detailed provisions of the Act. Generally, the Act envisions an
infrastructure in which computer users utilize state-licensed
certification authorities, online databases called repositories, and
public-key encryption technology in order to "sign"  electronic documents
in a legally binding fashion. The Utah Act sets out an ambitious legal and
regulatory framework intended to implement a public key infrastructure. 
It also carves out a place for digital signatures in the broader legal
landscape.  That is, it provides digital signatures with legal status as
valid signatures and addresses a variety of issues relating to the place
of electronic documents in contract and evidence law. 

Much of what the Utah Act accomplishes is laudable, and demonstrates how
legislation can effectively solve unsettled issues in the novel arena of
cyberspace. However, several aspects of the Act are troubling. The
potential problem areas can be categorized generally as liability,
privacy, and costs. A very brief discussion of each of these problem areas
follows. 

LIABILITY

The Utah Act makes two policy choices concerning liability allocation
which are potentially troubling. First, consumers who participate in the
infrastructure developed under the Utah Act subject themselves to a far
greater risk of extensive liability than they face in other electronic
transactions, such as credit card or debit card transactions. Most
electronic transactions made by consumers are subject the Electronic Funds
Transfer Act (EFTA) which limits consumer liability in the event of fraud
to (in most cases) $50. Even if a consumer is negligent, liability is
still capped at a rather low fixed amount. Critics of this scheme argue
that it is paternalistic and ultimately drives up costs for other
consumers who are careful to avoid exposing themselves to fraud.
Supporters argue that if consumers were exposed to potential unlimited
liability when engaging in electronic transactions they would not
participate in these transactions at all, and the potential benefits of
electronic transactions would not be achieved. Also, supporters say,
consumers are often unable to prevent fraud, and forcing consumers to
prove they were not negligent anytime fraud occurs would be an
unreasonable burden. 

Under the Utah Act, consumers are held to a negligence standard in
guarding their private encryption key. Thus, if a criminal obtains a
consumer's private key and commits fraud, the consumer is financially
responsible for that fraud unless the consumer can prove that the consumer
used reasonable care in guarding the private key. If the consumer cannot
prove this in court, or if the consumer was in fact negligent, then the
consumer will bear all losses resulting from the fraud. The arguments in
support of the EFTA may be applicable here. Will consumers participate in
a system which subjects them to unlimited liability? Is it sensible to
make consumers prove the absence of negligence? 

(Two related points are worth noting. First, drafters of the Utah Act
initially advocated a strict liability standard, rather than negligence,
for the security of private keys -- even "worse" for consumers -- and the
drafters continue to advocate strict liability as an alternative for other
state legislators considering digital signature laws. Second, a plausible
argument can be made that the federal EFTA should preempt the state
digital signature legislation on this issue -- this question is
unsettled.)

There is a second troubling policy choice relating to liability. The Utah
Act limits the potential liability of one actor in the infrastructure --
the certification authority -- to a fixed amount (termed a "suitable
guarantee" and determined by a complex formula or by administrative rule).
This amount may be less than the actual damages a certification authority
can cause. This policy decision, designed to create certainty for an
entrepreneur contemplating a certification authority business and foster
development of a certification authority industry, may have unintended
consequences. It is easy to envision a scenario in which a certification
authority's private key is compromised -- by brute force cryptanalysis,
bribery, or incompetence, for example. A criminal with a certification
authority's private key could cause an immense amount of financial damage,
imposing huge losses on a number of innocent parties. These innocent
parties would be unable to recover their full losses from the
certification authority if the total of these losses was greater than the
amount of the "suitable guarantee" -- even if the certification authority
was totally at fault in creating the circumstances that led to the losses. 
Because the certification authority would not have to bear the full costs
of any losses resulting from a compromised private key, they may not have
the incentive to take expensive precautions to protect against that
occurrence. 


PRIVACY

The system contemplated by the Utah Act also raises several different
types of privacy-related concerns. At a broad level, one commentator has
pronounced the general type of system embodied in the Utah Act a "cultural
misfit"  because every merchant and consumer potentially must register
with an outside authority in order to acquire the basic capacity to
transact commerce. In light of the more limited scope of the Utah Act and
the current state of electronic commerce, however, this argument is not
particularly persuasive. 

More significantly, under the Utah Act's approach certain entities -- the
online databases of public encryption keys termed "recognized
repositories" -- will have unrestricted access to valuable
transaction-generated information that could expose sensitive
relationships among individuals or businesses. If Company A sends a
digitally signed message to Company B, Company B must verify the digital
signature by connecting to a state-recognized privately-managed database,
verifying the digital signature and making sure that Company A's
certificate is not on a certificate revocation list. This process, of
course, will leave electronic footprints. Could the owner of the
recognized repository disclose the fact that A and B were corresponding?
What if A and B were discussing a possible merger, or other transaction
with significant consequences in the securities markets?  Similarly, could
the owner of the repository disclose to Joe Whistleblower's
defense-contractor employer that Whistleblower was verifying digital
signatures of a reporter from the New York Times? The Utah Act is totally
silent on this issue. 

Additionally, the public databases contemplated by the Act could expose
financial data, information about affiliations, and other private
information to public scrutiny -- and put this information into the direct
marketing universe. Publicly-accessible certificates will contain the name
of subscribers and a "recommended reliance limit," a dollar figure that
may be a good indication of general financial standing. Certificates may
also indicate an individual's affiliation with a company or other
organization. There is no provision for anonymous or pseudonymous
certificates. Proponents of the Utah Act point out that participation in
the system established by the Act is voluntary, and that non-licensed
certification authorities will be available for individuals who object to
the requirements of the Act. However, in light of the advantages the Act
gives to licensed certification authorities (liability limitations,
presumptions concerning the legality of digital signatures, and the like)
this may not in fact turn out to be true. Additionally, some individuals
may be forced to use certificates in the course of their employment. Would
an employee who did not want to be listed in an easily searchable database
(perhaps because they were being harassed) be forced to quit his or her
job? 


Finally, a very important privacy-related issue that is purposefully not
addressed in the Utah Act concerns whether the infrastructure contemplated
by the Act will support confidentiality of messages as well as legally
binding digital signatures (a technically feasible proposition, but a
politically sensitive one). The Utah Act empowers an administrative agency
to determine which public key encryption algorithms are appropriate. A
public key algorithm like RSA can be used both for encryption and digital
signatures. A public key algorithm like DSA (implemented in DSS) can only
be used for digital signatures -- it cannot be used to encrypt messages.
Should such a fundamental policy decision be made in the obscurity of an
administrative agency's rulemaking process? 

COSTS

The Utah Digital Signature Act also raises several issues relating to
costs. The institutional overhead associated with creating and maintaining
the Act's infrastructure will be passed along to participants, and
participants must have access to expensive computer hardware and software
in order to participate in the system. One issue not addressed by the Utah
Act is whether citizens who are unable to afford these costs should be
provided with subsidized or reduced-cost access to th infrastructure. A
prominent commentator has noted that, in the long term, the type of system
embodied in the Utah Act is "anticipated to become indispensable for
conducting government, business, and even private affairs." 

Another cost-related issue concerns the costs associated with legislative
endorsement of one particular technology (public-key encryption
technology, or more narrowly, specific implementations of this technology)
and whether this endorsement will affect the development of alternative
solutions to the problems posed by communications over open computer
networks. An advocate of a particular biometric technology has argued that
the type of infrastructure contemplated by the Utah Act is costly
overkill, and is far more complex and expensive than is necessary. Even if
one accepts the appropriateness of a public-key approach, note that costs
could vary widely depending upon which particular proprietary encryption
algorithms are licensed. 

As originally passed, the Utah Act limited the role of certification
authority to Utah-licensed attorneys, financial institutions, title
companies, and government agencies. This sort of oligopolistic arrangement
is, of course, anathema to a vibrant, competitive market which would drive
down costs for consumers. The pending amendments to the Utah Act eliminate
this requirement. Some of the states which are following the Utah Act as a
model have retained this limitation, however. 

CONCLUSION

Legislative activity concerning digital signatures is generally
appropriate and potentially helpful. The Utah Digital Signature Act,
particularly its provisions establishing the legal status of digital
signatures, is a step in the right direction. However, lawmakers
contemplating digital signature legislation should reconsider some of the
policy choices made by the Utah Act. 

-------------------------------------------------


Brad Biddle, Legal Intern 
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc

[The views expressed in this article are not necessarily those of the 
Privacy Rights Clearinghouse or the Center for Public Interest Law.]








From geeman at best.com  Thu Feb 22 08:35:45 1996
From: geeman at best.com (geeman at best.com)
Date: Fri, 23 Feb 1996 00:35:45 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602221529.HAA06532@napalm.noc.best.net>



 IDG: Get real.  Publish the stuff like the rest of the world does.  The
only ones who don't are just not players in the game.  If you want to try to
snow consumer-types then go ahead.  But if you want validation from the
crypto community you'll have to just publish it. 

And if you don't, and just continue the marketing fluff, then people from
this list, and others in the community, will be all over you and the
publications (lists, press, etc) with the theoretical and inferred
weaknesses of your system. 

I would say the onus is on you to put up or shut up and don't try to
orchestrate or control the parameters of the disclosure.  It's really in
your own interests, I would think.







From jf_avon at citenet.net  Thu Feb 22 09:13:33 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Fri, 23 Feb 1996 01:13:33 +0800
Subject: [humor] What is an elephant?
Message-ID: <9602221542.AB03476@cti02.citenet.net>


In a conversation where jim bell, black unicorn and brian davis discussed
such things as nuclear detonator and high explosive reciepes, the following sentence was written:

>Chances 
>are that "military-grade" accuracies are straightforwardly possible.


Q: What is an elephant?

A: A mouse, built to MIL specs...

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From jf_avon at citenet.net  Thu Feb 22 09:21:59 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Fri, 23 Feb 1996 01:21:59 +0800
Subject: 
Message-ID: <9602221542.AA03476@cti02.citenet.net>


>> This looks completely, totally, and insanely bogus, but I need some
>> kind of verification for this bizarre little piece of mail that
>> somehow ended up in my mailbox.
>
>If you really need verification, there's no one with the last name of
>"Dereksen" on MIT's directory (which lists students and staff; "finger
>dereksen at mit.edu"), and there's certainly no departments at MIT called
>the "Main branch" or "Interconnected Network Maintenance staff".
>
>At least this one is funny.  I particular like the beginning: "It's
>that time again!"

And BTW, since they told you to disconnect your machine from the net, 
*where* exactly are they gonna find "lost e-mail" ?  Lying around
*clogging* telephone wires and optical fibers?  :-)

I can just picture the usual disclaimer:
WARNING: FIRE HAZARD!
if you let old, undiscarded e-mail accumulate in your modem/computer
it might catch fire!  E-paper is just as flamable as the regular one...

ROTFL!
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From maldrich at grctechs.va.grci.com  Thu Feb 22 09:27:29 1996
From: maldrich at grctechs.va.grci.com (Mark Aldrich)
Date: Fri, 23 Feb 1996 01:27:29 +0800
Subject: pcmcia
In-Reply-To: <199602221313.IAA09759@homeport.org>
Message-ID: 


On Thu, 22 Feb 1996, Adam Shostack wrote:

> P.J. Ponder wrote:
> 
> | obligatory crypto comment: has anyone looked at the iPower card and 
> | gotten one to play with? Where else could one get a PCMCIA card that was 
> | programmable and had a little memory on it? How hard would it be to make 
> | one - in other words, what could we get the cost down to for an 
> | encrypting pcmcia card? there couldn't be much to it, really, could there?
> 
> 	I got one, its very badly documented; theres some source in
> Visual basic for windoze.  I haven't had time to track down real docs
> so I can do anything.  Anyone know who I can call to get real
> documentation?
> 

We've been doing some work with the thing and have actually got a crypto 
product built for a customer.  Some things to know:

1.  It' unbelievably slow.  Key generation on this things takes an order 
of magnitude longer than what you see in the "average" PC environment.  
Encrypt/decrypt times are equally extended, but aren't that obnoxious if 
5-20 second/'average' e-mail message lag times don't torque your user.

2.  Buy the PersonaCard API Developer's Kit or you're hosed.  It's the 
only real source of relevant data.  It's got Visual C++ source in it, 
etc.  You also can then contact Nat-Semi with questions.  You can order 
the thing (I think it's around $100, but I'm not sure) from:

iPower Technical Support
iPower Business Unit
National Semiconductor Corporation
1090 Kifer Road, Mail Stop 16-225
Sunnyvale, CA 94086-3737

3.  The drivers suck.  They appear to be essentially a "protocol stack" 
that gets loaded into memory (LOTS of memory) and then they conflict with 
just about everything.  Lock ups are common.  These things have to load 
in sequence, before anything else, or they won't work.  We have not been 
able to get them to peacefully coexist with any other PCMCIA drivers, nor 
with such things as CD-ROM drivers or tape backup drivers.

Summary:  A fun thing to play with, interesting toy, but probably not 
something you can actually make useful (yet).

Enjoy.

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich at grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich at dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From sinclai at ecf.toronto.edu  Thu Feb 22 09:31:43 1996
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Fri, 23 Feb 1996 01:31:43 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602221320.AA16955@alpha>
Message-ID: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>


> ...and note that IPG does us the favor of ensuring the keys conform to
> this elaborate battery of statistical tests.  Thus, there are bunches
> of keys that "aren't random enough" and thus not among the set to be
> considered when trying to break one.

I wouldn't fault them on that.  For example, let's say they have a
sample of 1000 bits.  They count the number of 1 bits, and discard
any samples that have less than 450 or more than 550.

They have thrown away a number of bits of entropy here.  Somewhere
between 10 and 100 at a guess -- my combinatorics is nonexistant.
So what?  There are plenty of bits there still.  If they really
are using 5600 bit keys, they can afford to lose some and still be
invulnerable to brute-force attacks.

What they have gained is the knowledge that their random number source
isn't broken.  If your RNG started spewing 0 bits by the thousand would
you say "This stream is just as likely as any other stream that I can
imagine so there is no problem", or "My RNG is broken".  Of course,
in nice mathematical abstractions your RNG never breaks, but we live in
a nasty world of thermal failiures and cold solder joints.





From cme at acm.org  Thu Feb 22 10:22:48 1996
From: cme at acm.org (Carl M. Ellison)
Date: Fri, 23 Feb 1996 02:22:48 +0800
Subject: cke.html
Message-ID: <9602221744.AA29479@cybercash.com.cybercash.com>


http://www.tis.com/crypto/cke.html

have you guys checked out this page recently?  It shows TIS's change
to a dual [domestic, international] approach to key recovery.

 - Carl








From owner-cypherpunks at toad.com  Thu Feb 22 10:26:43 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:26:43 +0800
Subject: No Subject
Message-ID: 


> This looks completely, totally, and insanely bogus, but I need some
> kind of verification for this bizarre little piece of mail that
> somehow ended up in my mailbox.

If you really need verification, there's no one with the last name of
"Dereksen" on MIT's directory (which lists students and staff; "finger
dereksen at mit.edu"), and there's certainly no departments at MIT called
the "Main branch" or "Interconnected Network Maintenance staff".

At least this one is funny.  I particular like the beginning: "It's
that time again!"






From owner-cypherpunks at toad.com  Thu Feb 22 10:26:56 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:26:56 +0800
Subject: No Subject
Message-ID: 


On Mon, 19 Feb 1996, Brian Davis wrote:

> On Mon, 19 Feb 1996, jim bell wrote:
> 
> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> > to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
>   ^^^^^^
> 
> No shit.

So, it would seem, is nuclear weapons design.

> 
> > Jim Bell
> > 
> > jimbell at pacifier.com.
> 
> EBD
> 

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From owner-cypherpunks at toad.com  Thu Feb 22 10:27:00 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:27:00 +0800
Subject: No Subject
Message-ID: 


> > Is there something like a checksum attached to Credit Card
> > Numbers. Or better: Is there a way to determine for a given
> > number N if
> >   -this _might_ be a valid number
> >   -this can't be a valid number

This was posted by Wayne D. Hoxsie Jr. :

#include 

v(char *s)
{
  int i=0,j=0,k;

  k=!(!s[16]);
  for(;*s;*s++)
    i+=(++j%2-k)?(*s-'0')*2>9?((*s-'0')*2)-9:(*s-'0')*2:*s-'0';
  return (i%10);
}
main()
{
  char s[160];

  printf("Enter credit card number\n");
  scanf("%s",s);
  printf("Credit card number is %svalid\n",v(s)?"in":"");
}

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From owner-cypherpunks at toad.com  Thu Feb 22 10:27:26 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:27:26 +0800
Subject: No Subject
Message-ID: 


At 12:32 PM 2/21/96 -0800, Wink Junior wrote:

>I must admit that after the first day I've been wondering if this whole
>IPG thing isn't some kind of deep troll or early April Fool's joke.  

It is part of the "Trolling Cryptographers Protocol Internet Protocol".  The
"TCP/IP" is a secret government project to keep cryptographers busy by
posting trolls to various newsgroups where they hang out.  (Sometimes they
cross post to various groups using the same technique.  This is known as a
"Troll Bridge".)  It is a followup to the evil and ancient "Asyncronous
Protocols of the Elders of Zion. (Also known as IPv1.) The next upcoming
plot is when they Imminatize the Eschaton with the most evil plot of all...
IPv666!  (Thankfully it only works under Windows 95 so far.)
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From owner-cypherpunks at toad.com  Thu Feb 22 10:31:04 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:31:04 +0800
Subject: No Subject
Message-ID: 


At 11:53 PM 2/21/96, Adam philipp wrote:

>   Don't forget to bring your public key fingerprint (and two forms of ID).
>If you can figure out how to get a PGP fingerprint on the back of a business
>card, that would be cool.

This is an unusual development, asking for "two forms of ID." If I attend,
can I use the "May Company" ID card I had printed up, or are only State of
California and El Cajon Public Library cards accepted?

We've had several key-signings in the Bay Area, and at none of the ones
I've seen has there been any demand for "two forms of ID." In fact, I
understand that some of the keys signed were for people whose nom de list
differs from what Sacramento knows them by. Lucky Green might want to
comment.

This gets back to the familiar issue of what it is a name credential really
means, and whether we care.

--Tim May, the name I use for this list


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From lull at acm.org  Thu Feb 22 10:31:32 1996
From: lull at acm.org (John Lull)
Date: Fri, 23 Feb 1996 02:31:32 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>
Message-ID: <312cab4d.13399722@smtp.ix.netcom.com>


On Thu, 22 Feb 1996 11:08:37 -0500, SINCLAIR DOUGLAS N
 wrote:

> What they have gained is the knowledge that their random number source
> isn't broken.  If your RNG started spewing 0 bits by the thousand would
> you say "This stream is just as likely as any other stream that I can
> imagine so there is no problem", or "My RNG is broken".  Of course,
> in nice mathematical abstractions your RNG never breaks, but we live in
> a nasty world of thermal failiures and cold solder joints.

No, they really haven't.  Their initial post indicated that they are
throwing away some 50% of their generated sets of "random" data.  This
indicates either their random number generator is seriously broken, or
their analysis of the numbers produced is seriously broken.  Either
way, they have a significant problem which they are NOT addressing.


In any truly random data stream, you would expect a certain percentage
of blocks to have statistics outside whatever you decide is the
"typical" range.  If their generator is producing significantly more
or less than the expected number of "atypical" blocks, it is broken.
If is producing about the expected number of such blocks, it is likely
working as designed, and such blocks are still TRULY random.

In any case, throwing away some selected portion of its output is NOT
an appropriate cure for a broken random number generator.

The proper cure is fixing the generator.


As a separate issue, if your cryptosystem has a set of "weak keys" it
may make sense to screen your random numbers to prevent use of such
weak keys.  This, however, appears not to be what IPG is doing.





From lharrison at mhv.net  Thu Feb 22 10:33:30 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Fri, 23 Feb 1996 02:33:30 +0800
Subject: CDA: DoJ's Brief opposing TRO
Message-ID: <9602221754.AA14686@mhv.net>


  A copy of the government's brief opposing the TRO has been posted at the
following site:
http://www.law.miami.edu/~froomkin/seminar/ACLU-Reno-TRO-Justice-brief.htm

Regards -
Lynne



*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison at mhv.net         |      - Go to bed."
*******************************************************






From owner-cypherpunks at toad.com  Thu Feb 22 10:47:06 1996
From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com)
Date: Fri, 23 Feb 1996 02:47:06 +0800
Subject: No Subject
Message-ID: 


At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
>On Mon, 19 Feb 1996, Brian Davis wrote:
>
>> On Mon, 19 Feb 1996, jim bell wrote:
>> 
>> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> > to me.
^^^^^^^^^^^^^^^^^^ > 
>>   ^^^^^^
>> 
>> No shit.
>
>So, it would seem, is nuclear weapons design.

I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
some idea about the subject?


>> A hell of a lot easier, I'm sure!  Multiple krytrons and coaxial capacitors 
>> is WAY too complicated.
>
>I've often wondered why not one circuit and all in series. If you had
>enough juice to fire them all, the exploding wire forms a conductive
>plasma to maintain the circuit. That, as I understand it, is what makes
>them so effective. Is it just a power limitation, or would it be
>impossible to match up the resistances between the wires well enough to
>get the proper timing?

It's probably a partly practical consideration.  For a given (reasonable) 
size of wire, it's going to take a certain amount of current to explode it 
sufficiently rapidly, and that translates into an approximate voltage.  For 
argument's sake, assume that the voltage necessary is 5000 volts.  (I don't 
know what the "real" number is...)  Capacitors of 5000 volts are reasonably 
easily "doable."  However, if you try to hook all those wires together, and 
if you have a couple of dozen trigger locations, that works out to 125,000 
volts total, which is a rather impractically high voltage for "routine" use. 
(to say nothing of the ability to SWITCH such high voltages).   I suspect 
that "parts availability" drives nuclear detonators just as it does most 
more innocuous electronics. 'course, their budgets are a lot higher!

In addition (and this is probably at least as important a reason, if not 
more so),  if you put multiple wires in series, while the current through 
them is equal, the voltage across each one may vary.  Thus, the energy put 
into each wire will also vary, and those where the voltage is higher get 
more power, and get hotter, and higher resistance, and more voltage, and 
more power, etc.

In other words, it's an unstable equilibrium, and this would almost 
certainly lead to a situation where some some triggers happened 
substantially later than the others.  Putting them all in PARALLEL would 
avoid this, sorta, but that has its own problems.

>> That's right, the "lenses" would still be necessary. I'm not clear on what 
>> kind of "transformer" they use to efficiently couple the blast energy into 
>> the dense plutonium;  I would guess that it would be the shock-wave 
>> equivalent of an "anti-reflection coating," which might require a material 
>> with the geometric mean of the mechanical impedance between the detonating 
>> explosive and the plutonium. 
>
>Well, there is a spacer or air gap between the core and "hammer" but
>I've never read what the hammer is made of. This part could be
>simulated in one dimension, and an optimization function used to find
>the best density. 

A few weeks ago, I downloaded a GIF of the H-bomb, and it shows an element 
which it referred to as a "shock absorber" (at the appropriate location)and 
identified the material as graphite.  Graphite is very stiff; a high modulus 
of elasticity (Young's modulus).  But it isn't very dense.  I would imagine 
that the velocity of sound in graphite is about as high as you can get in a 
solid material.  I haven't done any math to determine how effective a match 
this would be, but maybe it doesn't really matter.

Oh, one more thing.  What the lay person (or even the person who THINKS he 
"knows it all", as opposed to US, who do.  !) doesn't realize about bomb
design 
is that the "highest tech" bombs are not the largest, but are in fact the 
SMALLEST bombs.  Chances are good that a Hiroshima-sized bomb was just about 
the smallest that was technically do-able in the 1940's.   I would imagine 
that most of the work that has gone into bomb design in the last 30 years 
has been the technology to develop smaller (LESS explosive power) bombs,  
aside from making them physically small enough to fit in a launch bus.

I forgot about the beryllium.  Beryllium, I understand, is described as a 
"neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
but if you're trying to make a bomb with the smallest amount of material at 
the primary's core it would help a great deal to have a neutron reflector.  
Presumably, it would be used to coat the inside of the "hammer."  If 
beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
with walls which were perfect mirrors, and "you" were invisible, you would 
see "forever" and the volume of space you were in would appear to be 
infinite), and you could make the core as small as you want.  (But it isn't, 
so the improvement effected by beryllium is limited.)

It might also help to make the "pit" hollow, but I don't know about that.  
This might assist in the mechanical impedance match, too.  If you could get 
the chemical implosion timed  "just right" you might be able to get away 
with using a really THIN layer of plutonium that crashes together at the 
core.  This might provide optimum densification because you would be able to 
accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
speeds, which would result in very effective density increases.

There is also supposed to be a beam trigger in modern bombs.  It ionizes
helium to 
form alphas, which are fired at beryllium targets which releases neutrons at 
"just the right time" to start the compacted core going at just the right 
time.  (More on this if you're interested...)


(BTW, keep in mind as you read what I'm writing that I've never had a nuke-E 
course, never talked to a bomb maker or anyone who ever talked to one (and 
probably never talked to anyone who talked to a person who talked to a 
bomb-maker, etc), have had zero access to classified information of any type 
(including non-nuclear).   So take what I'm saying with a grain of sodium 
chloride.  

Actually, I'm not particularly interested in bomb design anyway, so I really 
don't know why I started this thread?!?  


>Using high-density explosives (RDX/HMX based I would
>think) would provide a better 'impedance match'.

That's probably true, but it's still likely to be a very mismatched system.  
The density of plutonium is really high.  Now we know why computers were so 
important in the 1960's and 1970's to bomb design (and still are, I guess!): 
 Doing a quasi-3 dimensional simulation of the trigger is vastly cheaper 
than actually exploding a bomb, and you can get far more information from 
the simulation as well.  Probably the only reason they kept setting off real 
bombs was to ensure that their mathematics represented reality. (Well, also 
to test the reliability of "working" warheads...)

BTW, a few years ago I heard about a new explosive material, 
octanitrocubane.  If you are familiar with chemistry, you'll suspect from 
the name what it is:  A cube-shaped arrangement of eight carbon atoms, each 
connected to a nitro (NOT nitrate) group.  It has at least two things going 
for it:

1.  It is stoichiometric internal to the molecule.

2.  It has ENORMOUS ring strain, which translates into a dramatically 
greater detonation energy.    It is probably the current record-holder for 
carbon/nitrogen/hydrogen/oxygen explosives, by a long shot.

Its main disadvantage is predictable, if you know any organic chemistry:  It 
is an extremely difficult compound to synthesize, or at least to develop the 
synthesis for.  Thus, it is probably exceedingly expensive.  That means that 
for "ordinary" use, almost any common explosive is better.  This material is 
only going to be practical for the "highest-level" usages of explosives, and 
nuclear detonators are one of these.  Of course, since we're DISMANTLING 
bombs and not building them (at least as much as we used to!) then new 
technology to build bombs isn't  particularly useful.  I'm "sure" Los Alamos 
has probably simulated an octanitrocubane-triggered bomb, for curiosity's 
sake if nothing else.  


>Also, how do they keep the core at the exact center of the air gap?
>Thin wires or pins to hold it there? Or is the "gap" actually some
>Styrofoam-like low-density but rigid material?

The B-28 (?) H-bomb GIF identified this gap as being "vacuum," but we know 
there is no reason to have an actual vacuum there.  In fact, as I have read, 
plutonium "pits" get warm to the touch due to radioactive decay.  If it were 
REALLY put in a "vacuum" it would be so well insulated that it would get 
EXTREMELY hot before radiative cooling equilibrated the temperature.  Since 
air is 99.9% of the way to a perfect vacuum compared to a solid, air (in a 
foam) is plausible, like a harder version of styrofoam.  Plenty of such 
foams exist today.  And it's possible they augment and stabilize the 
position by embedding a few relatively thin carbon rods radially between the 
pit and the hammer.

>Interesting that in 'The Curve of Binding Energy' the author hinted at
>this as in "I can't be specific, but I can say this: if you drive a
>nail, do you put the hammer against the nail and push?" At that time,
>it (the air gap) was still classified. Now it's widely known.

After a while, things become obvious, don't they?

Even so, and even though my "mechanical engineering" background is weak, I 
find it hard to believe that modern technology can't provide some sort of 
"graded impedance" covering that acts like a broadband anti-reflection 
coating.  (the mechanical equivalent to the covering for the Stealth bomber 
and fighter plane.)   The main problem would have been simulating such a 
complex material on a computer, at least in the 1960's.  Something tells me 
they would have pursued this at least theoretically,  perhaps lacking 
anything else to do.

The real problem, it seems to me, is that to do this simulation would 
require a pressure-versus-density curve for plutonium up to nearly a million 
atmospheres.  This is, of course, hard to test, and that is one reason it 
would be useful to have deeper atomic physics background.  Perhaps 
physicists would have been able to estimate such a curve on theoretical grounds.


>In reading about this one gets the feeling that bomb design is as much
>art as science, and that if a reasonably sharp person had the
>opportunity to experiment, with real explosives but not necessarily
>real plutonium, they would get the hang of it after a while.

That's exactly what computer simulation is intended to avoid the need for.  
I'm sure instrumentation is a real headache for the testers.

>Alternatively, a Nuclear Bomb Construction Kit - a freeware program
>that helps you to accurately design and play with simulated bombs -
>would be a very interesting political experiment. Combine this with a
>searchable database of available information on the subject. There must
>be lots of publicly available information that, combined and made
>searchable, would be of considerable help to the prospective
>bomb-maker. That would make one hell of a thesis for someone, if
>nothing else.

But not for me.  I have no "nuke E" credentials, and don't enjoy 
programming, and I'm busily working on my "Assassination Politics" debate.  
(which, incidentally, will (I believe) force the dismantling of all nuclear 
weapons in the world, if you've followed the debate, as well as eliminating 
all wars and militaries and governments.  Tell me, who do you think will win?)


>> You're pretty sharp; the version I've read is that amines (substituted 
>> ammonia, but possibly ammonia as well) makes nitromethane 
>> supersonic-rifle-bullet sensitive, but just barely.  Haven't tried this, 
>> however.  I would imagine that a blasting cap would set off pure 
>> nitromethane with no amine contamination at all.
>
>Let's see: Nitromethane and sawdust gives you a medium-power explosive
>that requires a compound detonator. 

Why put it in sawdust?  The only reason I can think of is to keep it from 
flowing like a liquid.  Nitromethane is "oxygen-poor" to start out with.

>Nitromethane with ammonium nitrate
>gives you "a direct substitute for TNT" which can be set off with a
>blasting cap.

Easily.  And even better, ammonium nitrate is "oxygen rich" so tht you can 
get efficient use of the nitromethane.  A 2-1 mixture by weight (AN, 2,
nitromethane, 
1) is stoichiometric, as I recall.  They are not miscible in all 
proportions, however, so you'd have to settle for a finely-powdered slurry.

That's why I specified a HOMOGENOUS liquid as the tube-filler.  At least 
that way you know it's a consistent mix, as opposed to a slurry which would 
settle.


>) The liquid if sensitized can be detonated with a blasting
>cap but a compound detonator produces higher velocity. They claim that
>nitromethane won't detonate in its pure state,

I doubt this.  I'll test it, however, within the next year or so.

> but if sensitized is more powerful than TNT.

That wouldn't be surprising.  TNT is EXTRAORDINARILY 'oxygen-poor.'  It's 
about as far as you get from being an "efficient" explosive. 

>Nitromethane is used for racing fuel and other high-volume purposes,
>and must be transported in tanker-truck quantities. If someone wanted
>to make a very large conventional bomb quickly, such a truck is about
>as close as you get to a ready-made bomb. It could be ready within
>hours after the truck was hijacked.

Hours?  Aw, C'mon!  Minutes!  Maybe even 60 seconds.   The biggest 
impediment is figuring out how to open the tank, but even that could be 
avoided by drilling through the wall with a self-sealing "screw" assembly, 
one that would drain a bit of liquid into a detonator channel...    These 
tankers are probably usually made either of aluminum or stainless steel, and 
they could probably be pierced comparatively easily with a screw or a 
pointed  probe, or even a drill arranged to seal after the flukes had 
pierced. (Makita's are REALLY useful!) Drilling aluminum is easy; drilling 
stainless steel's normally a bitch because it work-hardens, but you're not 
looking for a pretty result so you'd just design with a nicely-sharpened 
carbide tip (a little work with a masonry bit and a sacrificial grinding 
wheel will work wonders) and be prepared for anything up to and including 
tool steel.  The hole would only have to be 1/8" or even smaller (or maybe 
not even necessary, triggering through the wall is certainly possible, too, 
but it would require more than a lowly cap.) and you can apply enormous 
forces to a short drill bit.

>
>If you had more time to kill, so to speak, mix it with a larger
>quantity of ammonium nitrate to get a lot more bang for your buck.

I don't think it would be worth it.  If the tanker was full, you'd merely be 
replacing one fair explosive with another, and it would take a lot of work 
to grind up the AN and mix it with the contents of the tank.   You'd be 
wasting time, risking the operation of an anti-highjacking alarm system,  
and risking detection and leaving evidence of intent.  Just highjacking the 
truck, later followed  by a huge explosion, would "leave 'em guessing" about 
what really happened.

I guess the world is fortunate I'm not into this sorta stuff, huh?!?


>> > I'm not sure what the
>> >minimum cross-sectional area is for a proper detonation.
>> 
>> That's a good question; I really don't know.  It ought to be rather low for 
>> a liquid explosive, but when the opportunity presents itself I'll do my own 
>> experiments.
>
>What would be the simplest way to compare relative arrival times
>between two tubes? Since the result of an explosion is a plasma,
>electrodes placed in the tube at the far end should become conductive
>as the wave reaches them. So a dual channel oscilloscope, with the
>sweep triggered as the cap is detonated, should be able to compare the
>propagation through two tubes detonated by the same cap.

Me, I'd do it digitally.  Set up a master 100 MHz clock, for 10 nsec time 
resolution, feed it to a master counter made up of modern 74ACXXX 
synchronous counters, then take the count chain and buffer it into a bus 
connected to a slew of edge-triggered latches, with appropriate amplifiers 
and  extra circuitry to guard against double-clocking.  You could connect up 
as many latches as you wanted, fed from various points in a triggered 
system.  ("fanout limited," but then again, multiple buffering is easy to 
do, as well.)   "All" the data could be taken in one shot, maybe.  Dozens or 
even hundreds of locations.

I'd test simultaneity after multiple long lenths of parallel fine tubing, 
variations in velocity with diameter, effect of curvature, everything.  One 
"bang" and I'm done.  It would be easy to measure the detonation velocities 
of the "lens" explosives as well, probably to well under 0.1% accuracy.  (I 
wonder if nitromethane could act as one of them?!? Would it dissolve or 
weaken a solid explosive?  Can a solid explosive with a "compatible" 
detonation velocity be found?)

I only have a fair background in optics, but since the principle of the 
lensing effect is general it should be easy to figure out what the shape of 
the lenses would be.  Casting the lenses is probably the technique I'd use, 
since surprisingly enough most nitrated organic explosives will melt long 
before they might be inclined to explode.  TNT, for instance, has long been 
poured as a liquid into artillery shells, melted in steam-jacketed kettles.

At least four molds would be necessary:  Pentagonal and hexagonal versions 
of the inner and outer explosive.

>> Again, that's a matter I'm unsure of.  Part of the reason I specifi
ed THIN 
>> tubing is so it "appears" to be linear, from a detonation-velocity point of 
>> view.  All of this should be easily measureable, however.  I'd probably 
also 
>> want to measure the relative velocity in two different-sized tubes, to find 
>> out if there is a significant difference that could be exploited or avoided.
>
>This would be fun to play with, and the kind of thing the government
>would not like to see written up. Measure the speed versus tube
>diameter and radius of curvature. If radius has a significant effect,
>things get complex.

True, but I suspect that the variation is going to be smaller than is 
significant, or at least it can be measured and compensated for.  Chances 
are that "military-grade" accuracies are straightforwardly possible.

BTW, feel free to keep and forward this note to anyone you feel would be 
interested in this information.  I'd appreciate getting confirmation or 
corrections, for curiosity's sake if nothing else.


Jim Bell
jimbell at pacifier.com






From bruce at aracnet.com  Thu Feb 22 11:16:58 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Fri, 23 Feb 1996 03:16:58 +0800
Subject: A Challenge (perhaps!)
Message-ID: <2.2.32.19960222184558.006a4aa0@mail.aracnet.com>


At 07:46 AM 2/22/96 -0600, m5 at dev.tivoli.com (Mike McNally) wrote:

>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, which then drives the cryptosystem
>composed of the CPU instruction sequencer on the encrypting machine.
>Thus all messages are encrypted with the same key; it should be easy
>to see why that isn't secure.

That's a very effective way of putting it. I like that.

As it happens, it appears that I may have persuaded yet another developer
what I Strongly Suspect to be hideously insecure to post info here, or have
me do it. Turns out he's genuinely interested in doing it right. I _really_
hope this turns into a trend :-) - two in one week is pretty nifty. Good
will is a precious thing.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From tcmay at got.net  Thu Feb 22 11:32:47 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 03:32:47 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 


At 12:47 PM 2/22/96, Carl M. Ellison wrote:
>http://www.tis.com/crypto/cke.html
>
>have you guys checked out this page recently?  It shows TIS's change
>to a dual [domestic, international] approach to key recovery.
>

I hadn't looked at the TIS site in a while, so thanks for the heads up.

I just looked at it, and am not cheered by what I see. It looks to me that
any company with international sites it wishes to include in its overall
system (meaning, integrating key recovery in overall communications), must
use the more restrictive Commercial Key Escrow (tm) system:

"CKE meets the following U.S. Government requirements: 1.) tamper-resistant
escrow functionality, 2). no interoperation with non-export-approved
cryptosystems, 3). Data Recovery Centers must meet government ownership
qualifications, and 4). escrow access must be available at either end of a
communication (sender or receiver)."

Item #2 indicates that a company or organization--such as Intel or Amnesty
International or Bank of America--has two choices:

1. Use the stronger Commercial Key Recovery (CKR) for domestic
communications, the weaker, BB-Enabled (Big Brother-Enabled) Commercial Key
Escrow for offshore sites, with no interoperability...

or

2. Use the BB-Enabled CKE for all communications, thus allowing domestic
sites to communicate with their offshore sites.

My hunch is that NSA is hoping that the escrowed system, complete with weak
64-bit keys!, will be adopted as the default system, thus allowing one less
system to worry about and letting multinational companies (and what company
isn't multinational these days?) use one system. Or that Netscape and other
such companies will adopt CKE as a standard.

I haven't studied the Commercial Key Recovery (CKR) variant....I'm no
expert on these confusing protocols and see no need to become one. It is
also complicated, and it's not clear to me just how free users are to
select, say, their grandmother or their lawyer, as the holder of their
"lockbox key." I'm not claiming they're not free to do so, just that CKR
may also have unacceptable intrusions into private communications that
aren't obvious from the TIS statements I read. (The TIS statement points
out that: "Separate licensing arrangements are necessary for organizations
desiring Data Recovery
Center ownership.", so there is the chance that if I want Grandma to be my
spare key holder she might have to pay bucks to TIS and pass their
scrutiny...if so, not a very nice option, and one which could turn even CKR
into BB-Enabled software with a change in DRC policies...see point below.)

One thing to look out for is a TIS/Netscape/Lotus/etc. situation wherein
both services are offered, but the BB-enabled version is much easier to get
approval for, or even easier to set up and use, so that the skids are
greased in favor of the BB-enabled version and companies just say, "Oh, to
hell with the CKR version, let's just standardize on CKE...we have nothing
to hide."

Another thing to look for is any structural evidence in the specs for CKR
that indicates it could be "turned into" the CKE BB-Enable version by the
flip of a switch. What I mean by this is that we should always be wary of
systems which look to preserve liberties but which can be "switched" easily
once widely deployed. (Not to make a gun rights argument here, but this is
essentially what the folks worried about "gun registration" are concerned
about: any system in which guns can be registered could be converted with
the stroke of a pen into a system for confiscation; this is the main reason
they fight gun registration. I would look to see if any such parallels can
be found in the CKR variant: can the CKR variant be turned into the CKE
variant when President Buchanan decides he's had enough of these U.S.
companies communicating with those foreigners and their un-Christian ways?)

Be worried, be very worried.

(Side note: Of course, we're back to asking what the policies of the
offshore site countries may be. Imagine how thrilled the Department of
Commerce and NSA will be when Intel informs them that the government of
Japan insists that all communications with Japanese sites must use "Nippon
Key Escrow," to ensure that Chobetsu (Japanese NSA) can read Intel's
discussions of chip yields and production plans. Or that Israel wants the
Jew bits set....)

Thanks, TIS, for putting a "Big Brother Inside" sticker on your products.

No thanks.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From declan at well.com  Thu Feb 22 11:58:04 1996
From: declan at well.com (Declan McCullagh)
Date: Fri, 23 Feb 1996 03:58:04 +0800
Subject: Stop by HotWired's Club Wired tonight...
Message-ID: 


In the spirit of unabashed self-promotion... -Declan

---------- Forwarded message ----------
Date: Thu, 22 Feb 1996 07:03:00 -0800 (PST)
From: Jon Lebkowsky 
To: Declan McCullagh 
Subject: tonight

I'm spreading the word about our HotWired discussion tonight... if you
want to post the info anywhere, here's the extract:

Electronic Frontiers Forum, Club Wired
http://www.wired.com/club
telnet://chat.wired.com:2428                

                Thursday, 22 February:
                7 p.m. PST (Friday 03:00 GMT)
                Online activist Declan McCullagh discusses recent
                attempts at direct and indirect censorship of content on
                the Internet.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky                       http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays 
Vice President, EFF-Austin                     
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=







From tcmay at got.net  Thu Feb 22 12:28:22 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 04:28:22 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 


In my last message I wrote:

---
....
statements I read. (The TIS statement points out that: "Separate licensing
arrangements are necessary for organizations desiring Data Recovery
Center ownership.", so there is the chance that if I want Grandma to be my
spare key holder she might have to pay bucks to TIS and pass their
scrutiny...if so, not a very nice option, and one which could turn even CKR
into BB-Enabled software with a change in DRC policies...see point below.)
....
---

Well, I've been looking at the DRC licensing steps, and it makes it clear
that becoming a DRC is an expensive proposition:

"A DRC technology license is priced at $30,000 for the first DRC, and
$10,000 for each additional DRC to the same customer. A mandatory secure
DRC computer system is available for $20,000 for each DRC location, plus an
annual maintenance fee of $10,000 for the first DRC and $5,000 for
each additional DRC. In addition, a royalty is charged against DRC service
fees at the rate of 10% of the revenue stream."

Not so expensive for a bank or other such business, but not something Mom
and Pop will be getting into anytime soon!

Also, it's clear to me that a DRC located in the United States is subject
to court orders and subpoenas to release keys (there is no "protection
against self-incrimination" in such cases, as the DRC is not in danger of
being incriminated....there _may_ be attorney-client privilege, depending
on whether the DRC is one's lawyer....lots of legal issues to explore).

And it's not clear from the documents if TIS (or the government) will
license/approve DRCs located in offshore locations, such as Anguilla or
Switzerland. (I don't mean for CKE use, and with CKE strength, I mean DRCs
for U.S. users of CKR.)

(Depends on what channel the DRCs use to communicate with U.S. operations,
doesn't it? If the Anguilla-based DRC must use CKE itself, then the
stronger CKR is only as strong as the weaker CKE used in the offshore
operation! Cache-22.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From abostick at netcom.com  Thu Feb 22 12:30:26 1996
From: abostick at netcom.com (Alan Bostick)
Date: Fri, 23 Feb 1996 04:30:26 +0800
Subject: NOISE Re: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In article ,
jim bell  wrote:

> At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
> >On Mon, 19 Feb 1996, Brian Davis wrote:
> >
> >> On Mon, 19 Feb 1996, jim bell wrote:
> >> 
> >> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> >> > to me.
> ^^^^^^^^^^^^^^^^^^ > 
> >>   ^^^^^^
> >> 
> >> No shit.
> >
> >So, it would seem, is nuclear weapons design.
> 
> I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
> some idea about the subject?

[snip]

> I forgot about the beryllium.  Beryllium, I understand, is described as a 
> "neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
> but if you're trying to make a bomb with the smallest amount of material at 
> the primary's core it would help a great deal to have a neutron reflector.  
> Presumably, it would be used to coat the inside of the "hammer."  If 
> beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
> amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
> with walls which were perfect mirrors, and "you" were invisible, you would 
> see "forever" and the volume of space you were in would appear to be 
> infinite), and you could make the core as small as you want.  (But it isn't, 
> so the improvement effected by beryllium is limited.)
> 
> It might also help to make the "pit" hollow, but I don't know about that.  
> This might assist in the mechanical impedance match, too.  If you could get 
> the chemical implosion timed  "just right" you might be able to get away 
> with using a really THIN layer of plutonium that crashes together at the 
> core.  This might provide optimum densification because you would be able to 
> accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
> speeds, which would result in very effective density increases.

I vote that you don't know jack shit about bomb design.

If you don't have a properly-designed initiator at the core, an implosion
device is just a mess of high explosives surrounding a dense metal object.

Stick to a gun device; it's tried-and-true.  The yield is lower, but at
least it works.


- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSzAt+VevBgtmhnpAQEX1gL+MOIeJF/0BpM0nUn+Rv8AQoMsS8DdXsOn
jhU8ABxWz4mKhhKH+QA6iq7RIPz56DItnZ4hrAwmGS8NQ2q+f2LpgRnBhG+3kDK+
jJ29JJ7uJIuQBzQdn/BNFpGQzYD4UrLu
=Oubq
-----END PGP SIGNATURE-----





From m5 at dev.tivoli.com  Thu Feb 22 12:57:23 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Fri, 23 Feb 1996 04:57:23 +0800
Subject: url
Message-ID: <9602221938.AA17154@alpha>



At  find
some interesting "surveillance" applications of Javascript.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From vznuri at netcom.com  Thu Feb 22 13:07:45 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Fri, 23 Feb 1996 05:07:45 +0800
Subject: "consent of the governed"
In-Reply-To: 
Message-ID: <199602221939.LAA26638@netcom22.netcom.com>



Rich Graves 

>You're taking this phrase out of context. What the Declaration said was:

true, I didn't put in the associated reasoning.

>1. There are certain universal human rights, like life, liberty, and 
>   property^H^H^H^H^H^H^H^H the pursuit of happiness.
>2. To protect these rights, people form governments. Only the baddest kid 
>   on the block can protect her own rights, and only if she never sleeps. 
>   The rest of us need the police.

I tend to define government more liberally in that it does not
merely exist to protect rights-- the 20th century saw a rise in
government that tried to be a social force. this may have failed, 
but it does point out that people want a government to do more
than merely protect their rights.  in other words, the 1776 definition
of government is reasonably slightly modified. government in its
essence is a form of organized human collaboration/cooperation imho.
it is a nervous system for a society.

>3. Ergo, government derives its just powers from the consent of the 
>   governed. I read this more as a conclusion than as a premise.

I think it is both. it is a conclusion of the reasoning and the 
premise for government. if the government does not have the
consent of the governed, it is not a legitimate government-- that
is the basic implication.

>This is all that Hobbes, Locke, and Montequieu said. Rousseau was 
>different, but he was a kook.

ah, but all great visionaries are usually first considered kooks.
the whole idea that government exists by consent of the governed
was a quite radical idea challenging the existing dogma of divine
right of kings.

>This is quite different from saying, "The government has the right to do
>what the majority says it can do." Government doesn't have any rights,
>only delegated powers.

that's what I tried to point out. it all hinges on the phrase, "the
government exists by the consent of the governed".

I don't really see how any of your points are contrary to anything
I wrote in the essay, despite your seeming to present them as if they
are.





From froomkin at law.miami.edu  Thu Feb 22 13:17:39 1996
From: froomkin at law.miami.edu (Michael Froomkin)
Date: Fri, 23 Feb 1996 05:17:39 +0800
Subject: Search engines: query on queries
Message-ID: 


I have seen occasional references to various reports on what kinds of 
queries are submitted to Altavista and other search engines.  Can anyone 
point me to an authoritative report?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From jya at pipeline.com  Thu Feb 22 13:18:05 1996
From: jya at pipeline.com (John Young)
Date: Fri, 23 Feb 1996 05:18:05 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602221950.OAA27083@pipe1.nyc.pipeline.com>


   To supplement TIS's Web site information on CKE, here's a
   mailing from Steve Walker earlier this month:


   TRUSTED INFORMATION SYSTEMS, INC.

   February 2, 1996


   There has been amazing progress on TIS's Commercial Key
   Escrow (CKE) initiative since my last status report.

   In November, we submitted a Commodity Jurisdiction (CJ)
   request to the U.S. Department of State for our Gauntlet
   Internet Firewall Product with CKE-based IP Encryption,
   which constitutes our Global Virtual Private Network (GVPN)
   system (see figure 1). Our Gauntlet system has had a
   Virtual Private Network (VPN) capability using the Data
   Encryption Standard (DES) algorithm to encrypt
   firewall-to-firewall communications for the past year. But
   because of U.S. export controls, we have not been able to
   sell this option outside of the U.S. and Canada. By adding
   CKE technology to our firewalls, the Gauntlet system with
   DES and CKE now meets the U.S. government requirements for
   export to most parts of the world.

   In the course of several meetings with U.S. government
   representatives. we were told that it will take a while
   longer for all the details of the CJ process to be worked
   out, but that the U.S. government was willing to consider
   a temporary (up to 4-year) export license until the CJ
   process is in place. In early December, we submitted such
   a request and on January 19, 1996, it was approved (see
   figure 2).

   While this temporary export license has limitations (there
   must be a Data Recovey Center in the U.S. as well as in the
   foreign country because reciprocal agreements do not yet
   exist between the U.S. and foreign governments), it
   represents the first export approval of a DES-based key
   escrow encryption system, a small step but a giant leap
   toward full exportability of good cryptography when
   equipped with user-controlled key recovery. We are now
   discussing Global Virtual Private Networks, based on our
   Gauntlet-CKE system, with several multinational companies.

   In December, I attended a special meeting of the
   Organization for Economic Cooperation and Development
   (OECD) in Paris to discuss the international ramifications
   of the U.S. key escrow initiative. The consensus of the
   meeting was that user-controlled key escrow provides the
   only workable solution to the long-standing dilemma between
   the private sector's need for encryption protection and
   governments' needs to be able to decrypt the communications
   of criminals, terrorists, and other adversaries. Other
   meetings will follow, but it appears that most major
   governments endorse the U.S. government's user-controlled
   key escrow initiative as the only practical way through the
   cryptography maze.

   In mid-January, Microsoft announced its long-awaited
   Cryptographic Application Programming Interface (CAPI).
   This development promises to finally provide a well-defined
   separation between applications calling on cryptography and
   the actual performance of the cryptography. Now users will
   be able to request cryptographic functions in hundreds of
   applications and select precisely which cryptography to use
   at the time of program execution rather than program
   purchase. Cryptographic Service Providers (CSPs) can now
   evolve independent of applications, and users can choose
   whatever cryptography is available wherever they are in the
   world. TIS is working closely with CSP vendors to ensure
   that CSPs with good cryptography are available in domestic
   and exportable versions as soon as possible based on the
   U.S. government's key escrow initiative.

   In a presentation at the recent RSA Conference, I tried to
   put all this in perspective by conducting a "thought
   experiment" (see attachment 3).

   +  Suppose the U.S. government had never thought of placing
      export controls on cryptography...

      We would now have widespread use of encryption, both
      domestically and worldwide; we would be in a state of
      "Utopia," with widespread availability of cryptography
      with unlimited key lengths. But, once in this state, we
      will face situations where we need a file that had been
      encrypted by an associate who is unavailable (illness,
      traffic jam, or change of jobs). We will then realize
      that we must have some systematic way to recover our
      encrypted information when the keys are unavailable.

      When we add a user-controlled key recovery capability to
      our Utopia, we find ourselves in an "Ultimate Utopia,"
      with unlimited key length cryptography, widely available
      through mass market applications, and user-controlled
      key recovery.

   +  But, unfortunately, the U.S. government *did* think of
      cryptographic export controls. And over the past several
      years, we have been frustrated by repeated unsuccessful
      attempts to resolve this dilemma...

      In 1992, the U.S. government allowed the export of
      40-bit keys, a solution so weak no one wanted it.

      In 1993, the U.S. government announced Clipper, an
      attempt to give users good cryptography while preserving
      the U.S. government's prerogatives. But almost everyone
      hated U.S. Government-controlled key escrow, including
      most foreign governments.

      In 1994, industry rebelled with the proposed Cantwell
      legislative initiative to remove cryptography from U.S.
      State Department control. And, behind the scenes, the
      U.S. government orchestrated a massive counterattack.
      The result: a study that acknowledged the widespread
      availability of foreign cryptography yet proposed no
      change in U.S. government policies on cryptographic
      exports.

   +  Then in 1995, the U.S. government announced its key
      escrow initiative: allow the export of up to 64-bit
      cryptography (a remarkable concession) when accompanied
      by an acceptable form of user-controlled key escrow
      (critical component to this policy being that "an
      acceptable escrow system" must have sufficient integrity
      to give the government confidence that, with a warrant,
      the keys will be available.)...

      Some in the computer industry labeled this just another
      form of Clipper and vowed to continue the fight against
      U.S. government regulation of encryption in any form -- 
      presumably forever. On the other hand, once the new
      escrowed encryption policy was announced, U.S.
      government agencies -- the FBI, NSA, White House, DoD,
      DoJ, NIST, and NSC -- closed ranks behind it and have
      shown little interest in discussing any other
      approaches. In addition, neither political party has
      shown any interest in taking up the argument in the
      Congress, probably because it is a complex issue and
      there is no obvious "winning" position. But, depending
      upon how the definition of user-controlled key escrow is
      resolved, the new escrow policy could just be the
      long-sought compromise between government and industry
      that gets us through this morass.

   +  If we can ensure that organizations can control the
      security of backup access to their encrypted information
      through well-designed commercial key recovery systems --
      yet also ensure that governments have access when
      justified via normal legal procedures -- we may have
      truly found the "Ultimate Utopia" solution to a dilemma
      that has existed all of our professional lives and
      threatens to continue through the next generation...

   Thus, in my thought experiment I have come to the
   conclusion that we (industry and government) are all
   heading towards the same objective, but on a different path
   from what some of us originally wanted. Yet, to my way of
   thinking, that path has to accomodate us all if we are ever
   to arrive at any mutually agreeable destination. When one
   group of participants raises insurmountable barriers for
   another group, it simply blocks everyone from progressing
   down any path, and the net result is that U.S. industry is
   not able to export any good crypto-based security.

   We at TIS are dedicated to finding a solution acceptable to
   all sides. We ask your help in this struggle. If you want
   exportable cryptography routinely available in your
   lifetime and believe that user-controlled key recovery is
   an important, if not vital, capability, please contact us
   at . If you want to integrate exportable CKE
   into your product line, we are ready to help. If you want
   to buy internationally deployable good cryptography with
   your favorite applications, tell your application vendor
   you want escrow-enabled applications.

   We all have an opportunity to make a major difference here.
   The opportunity is ours to take or forgo. Help us make this
   happen. Visit our www site, at http://www.tis.com/, and
   learn more about this vital initiative.

   Sincerely,
   Stephen T. Walker

   Attachments:

   1. Global Virtual Private networks with CKE/Gauntlet
      transaction security diagram.

   2. CJ Application for "Escrow-enabled Gauntlet Firewall
      Model 3.2 with Gauntlet Data Recovery Center."

   3. Diagram of cryptography evolution from 1992 to 1995,
      with Yesterday, Today, "Utopia" and "Ultimate Utopia."

   -----













From perry at piermont.com  Thu Feb 22 13:21:47 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 23 Feb 1996 05:21:47 +0800
Subject: url
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <199602221952.OAA22697@jekyll.piermont.com>



Mike McNally writes:
> At  find
> some interesting "surveillance" applications of Javascript.

Okay. We have some netscape people here on this list.

When is the patch to let you disable JavaScript inside Netscape going
to go out? Its more than time.

Perry





From frantz at netcom.com  Thu Feb 22 13:51:54 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 23 Feb 1996 05:51:54 +0800
Subject: Digital Signature Legislation (fwd)
Message-ID: <199602222030.MAA04720@netcom7.netcom.com>


At  20:54 AM 2/20/96 -0500, C. Bradford Biddle  wrote:
>---------- Forwarded message ----------
>
>DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN
>
>[Copyright 1996 by Brad Biddle; permission granted for non-commercial 
>electronic redistribution]
>
>...

>LIABILITY
>
>The Utah Act makes two policy choices concerning liability allocation
>Under the Utah Act, consumers are held to a negligence standard in
>guarding their private encryption key. Thus, if a criminal obtains a
>consumer's private key and commits fraud, the consumer is financially
>responsible for that fraud unless the consumer can prove that the consumer
>used reasonable care in guarding the private key. ...

One important point here is what is "reasonable care"?  In a very real
sense, all consumer computer operating systems are not secure.  I have
posted a theoretical virus born attack on PGP's secret key to the
cypherpunks mailing list (archives at http://www.hks.net/cpunks/). 
Nathinal Borenstein of First Virtual has posted to the same list, a
description of a partially implemented attack on credit card numbers which
has received heavy response.  If there is enough reward, these attacks will
occur.

The question I have is, does "reasonable care" include keeping your machine
"virus free"?  


>There is a second troubling policy choice relating to liability. The Utah
>Act limits the potential liability of one actor in the infrastructure --
>the certification authority -- to a fixed amount (termed a "suitable
>guarantee" and determined by a complex formula or by administrative rule).

The historic precedent is the liability limit on nuclear power plants.

For both these problems, a relatively low liability limit would force
people to use other techniques (e.g. old style signed contracts) for large
transactions.  While we are working the bugs out of a new technology, with
new standards of "reasonable care", everyone might win if the risks are
limited.


>PRIVACY

I believe the area of privacy is where the real problems lie.  I will let
other, more qualified, people suggest alternatives to the Utah law
proposal.


>
>Brad Biddle, Legal Intern 
>Privacy Rights Clearinghouse, Ctr for Public Interest Law
>http://pwa.acusd.edu/~prc
>
>[The views expressed in this article are not necessarily those of the 
>Privacy Rights Clearinghouse or the Center for Public Interest Law.]

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From anon-remailer at utopia.hacktic.nl  Thu Feb 22 15:35:24 1996
From: anon-remailer at utopia.hacktic.nl (Anonymous)
Date: Fri, 23 Feb 1996 07:35:24 +0800
Subject: IPG HoaxRe: IPG Hoax?
Message-ID: <199602222131.WAA27984@utopia.hacktic.nl>


> I must admit that after the first day I've been wondering if this whole
> IPG thing isn't some kind of deep troll or early April Fool's joke.  

Well, not only is "Ralph" detweiling more intensely than anyone
since the original, hitting as many hot buttons as possible,
but he does an impressive job of trying to sound erudite by
quoting various literary figures while misspellling their names
(and misspeling other words far be-yond his obvious typ1ng defishncies.)

And, of course, if he _isn't_ a hoax, he's probably representative
of the rest of his company's quality process.

Either way, he's quite impressive!

                                Dos-toy-evsky






From sophi at best.com  Thu Feb 22 15:38:44 1996
From: sophi at best.com (Greg Kucharo)
Date: Fri, 23 Feb 1996 07:38:44 +0800
Subject: IBM Breakthrough?
In-Reply-To: <199602221351.IAA14781@pipe2.nyc.pipeline.com>
Message-ID: <312CD36B.1A8B@best.com>


Does this IBM breakthough mean they can go back in time and not hire 
Bill Gates to do DOS?





-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----





From frantz at netcom.com  Thu Feb 22 15:42:27 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 23 Feb 1996 07:42:27 +0800
Subject: url
Message-ID: <199602222059.MAA07863@netcom7.netcom.com>


At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
>Mike McNally writes:
>> At  find
>> some interesting "surveillance" applications of Javascript.
>
>Okay. We have some netscape people here on this list.
>
>When is the patch to let you disable JavaScript inside Netscape going
>to go out? Its more than time.

Why Perry, it's called Netscape 1.1N.  :-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb 22 15:42:27 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 23 Feb 1996 07:42:27 +0800
Subject: Digital Signature Legislation
Message-ID: <01I1IR12398SAKTL4K@mbcl.rutgers.edu>


	I find it interesting to note that Dr. Biddle's concerns on the
economic aspects of the legislation are almost the reverse of those on the
cypherpunks list. For instance, he is concerned about too much liability by
the consumer (and I would agree that the "strict liability" rather than
"negligence" model is a problem). The concern on the list has been that there
is too much liability for the CA, given the potential of unlimited liability
for all transactions such as Dr. Biddle appears to be favoring.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb 22 16:03:07 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 23 Feb 1996 08:03:07 +0800
Subject: Public Access Obsolete. Capitalism offers free email
Message-ID: <01I1IRFBEE2UAKTL4K@mbcl.rutgers.edu>


From:	IN%"fletch at ain.bls.com"  "Mike Fletcher" 22-FEB-1996 03:53:16.20

>	Who says the code has to run on their machine.  Just forward
>all incoming mail off to another box, and send all the outgoing mail out
>from the free account.  Depending of course on whether it's some sort
>of shell account or if you POP/SMTP to their box.

	I'd guess it's some sort of dialin (possibly via tymnet or some such).
In that case, you'd simply have your remailer on your system at home, calling
the system up at some (probably randomly determined) time and downloading the
incoming mail and uploading whatever outgoing mail that (given latency) you
wanted to go out at that point. (Any on-encrypted email, such as their ads,
you'd be able to filter out very easily). You could even potentially run it
off of a portable computer. For unattended running, the hardware RNG would be
best, of course.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb 22 16:29:42 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 23 Feb 1996 08:29:42 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <01I1IS42QX3KAKTL4K@mbcl.rutgers.edu>


From:	IN%"lull at acm.org" 22-FEB-1996 13:20:54.73

>In any case, throwing away some selected portion of its output is NOT
>an appropriate cure for a broken random number generator.

>The proper cure is fixing the generator.

	If I understand the matter correctly, looking at and sorting out a
given set of outputs is bad. Looking at a sample (that is _not_ used) and
using it to decide how much putting-together (XORing) of the rest to do is OK.
They appear to be doing the former.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb 22 16:33:19 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 23 Feb 1996 08:33:19 +0800
Subject: Edupage, 20 Feb 1996
Message-ID: <01I1IS0WU5SAAKTL4K@mbcl.rutgers.edu>


From:	IN%"frissell at panix.com"  "Duncan Frissell" 22-FEB-1996 12:01:13.17

>Why, Oh why is there so so much talk about the V Chip.  This stupid device
>only covers over-the-air broadcast TV a dying part of the spectrum.  It does
>not cover cable-only programs (HBO, etc) and it does not cover net-based
>audio and (soon) video programming.  It is meaningless.

	If I recall correctly, Europe still has a lot of over-the-air
broadcast TV. Moreover, if the device works from signals cosent with the TV
broadcast, it could perfectly well work with cable. Indeed, I had thought it
did - the companies that mainly produce stuff for cable seemed to be protesting
it just as much as the broadcast networks.
	-Allen





From pat at next.stop.is.the.white.house  Thu Feb 22 16:53:25 1996
From: pat at next.stop.is.the.white.house (Pat Buchanan)
Date: Fri, 23 Feb 1996 08:53:25 +0800
Subject: Here I come.
Message-ID: <199602220430.MAA29247@infolink2.infolink.net>


Dear boys.

Enjoy this list while you can.

Signed
Pat







From unicorn at schloss.li  Thu Feb 22 16:54:44 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 23 Feb 1996 08:54:44 +0800
Subject: DOG_lyz
In-Reply-To: <199602171804.NAA13797@pipe1.nyc.pipeline.com>
Message-ID: 


> 
>    DOG_lyz





From tcmay at got.net  Thu Feb 22 16:55:25 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 08:55:25 +0800
Subject: Let the Snake Oil Flow
Message-ID: 



There have been several purveyors of (potential) snake oil here.
Predictably, critics have been drawn into "trying to break" these allegedly
strong systems. Some of the purveyors are even saying things like
[paraphrased, but with charming misspellings emulated]:

"See, even the smarty-pants Cyphurpunks are unabble to brake ouir system!
Our virtuel one-time pad, which converts 10 randumly picked bits into 1000
or 10,000 or even a bazillion!, by our patented processo of "entropy
enhancemate," has defeated even immacarthy and metzger. Our system rulez!"

And so it goes....

Predictably, others are asking/expecting "the Cypherpunks" to break their
systems. Just as predictably, many of us are patiently (and impatiently)
explaining that breakages cost money and resources. And so the "developers"
gleefully respond that this proves the "Cyperpunks" [sic] are helpless
before their software.

Well, it seems to me that letting some real snake oil out there could be a
Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone
who puts valuable information into "PowerPads" and "Stream-of-Consciousness
Ciphers" pretty much deserves what he or she gets. I am not losing any
sleep that Snake Oil Enterprises is hyping a conceptually flawed system.

A few highly publicized failures could be educational, and ultimately help
to strengthen the Net. You don't get better bridges without some
highly-visible bridge collapses. Raises consumer awareness of what good
design really is.

Personally, I'm much more worried about the behind-the-scenes goings on
with key escrow, the pressures being applied to Netscape, Lotus, Microsoft,
TIS, etc., than I am in Yet Another Clueless Crypto Product (tm).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From perry at piermont.com  Thu Feb 22 16:57:27 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 23 Feb 1996 08:57:27 +0800
Subject: "and two forms of ID"
In-Reply-To: 
Message-ID: <199602220351.WAA11201@jekyll.piermont.com>



Timothy C. May writes:
> This gets back to the familiar issue of what it is a name credential really
> means, and whether we care.

I'm sufficiently impressed with the arguments against name credentials
that Carl Ellison has made that I'm looking seriously into systems
that don't do any sort of conventional certificate binding at all...

Perry





From jya at pipeline.com  Thu Feb 22 16:57:44 1996
From: jya at pipeline.com (John Young)
Date: Fri, 23 Feb 1996 08:57:44 +0800
Subject: Schneier Attacks
Message-ID: <199602212337.SAA27146@pipe1.nyc.pipeline.com>



Responding to msg by tighe at spectrum.titan.com (Mike Tighe) on 
Wed, 21 Feb  4:17 PM


>You could also count the number of electrons, as well 
>as their direction  across the chips.


True, Bruce eggs-on the credulous SciAm reporter:


"Is the timing attack a real threat to security? 'Oh, God, 
yes!' exclaims Bruce Schneier. 'You can't belittle the realness 
of it. It's not only a theoretical attack -- you can do this!' 
"


And a current IBM ad exclaims! that one of its scientists can 
dematerialize objects for transmission over the Internet with 
rematerialization at the other end! And that this technology 
will transform the world of information!


Here comes IPO Photon-optical!!!









From mixmaster at obscura.obscura.com  Thu Feb 22 16:57:56 1996
From: mixmaster at obscura.obscura.com (Mixmaster)
Date: Fri, 23 Feb 1996 08:57:56 +0800
Subject: No Subject
Message-ID: <199602220450.UAA30737@obscura.com>


IPG Sales  wrote:
>
>We fess up - we are pig farmers from TexasL, we never have been to 
>these high fluting things you call schools, so we do not even 
>know what you are talking about, much less anything about Cryptography.

This explains your spelling skills, which a number of people have
already pointed out. TexasL, whatever it is, might offer something
called a highschool "GED." You should look into it.

>On Wed, 21 Feb 1996, Arley Carter wrote:
>
>> On Tue, 20 Feb 1996, IPG Sales wrote:
>> 
>> Fess up guys. You are either:
>> 
>> 1.  A team of undergrads or graduate students conducting an "exploit". 

My money's on this one, I hear that Ann Landers gets these all the time.

>> 2.  A Detweiller tentacle. Dr. FC ?

"Vlad" does seem a bit low on his medication, lately. Dr. Fred has been
pretty quiet as well. You don't suppose the two of them got together...

>> 3.  The return of Alice D'nonymous ?

Gawd! Please, don't give him any ideas!!

>> 4.  The reason the coderpunks lists was started.

Possibly, but did you notice how quickly "IPG Sales" found this list?

>>
>> > 








From adam at sirius.infonex.com  Thu Feb 22 16:58:23 1996
From: adam at sirius.infonex.com (Adam philipp)
Date: Fri, 23 Feb 1996 08:58:23 +0800
Subject: San Diego CPunks Symposium
Message-ID: <199602212353.PAA21681@sirius.infonex.com>


San Diego Area CPUNKS symposium  Thursday, February 29 (we're lucky this was
a leap year...) 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were we will get updates on Lance's new ISP, perhaps the
new Win32 mixmaster client, and other new goodies. As a special *BONUS* we
can also exchange keys, and discuss other topical subjects.

   Don't forget to bring your public key fingerprint (and two forms of ID).
If you can figure out how to get a PGP fingerprint on the back of a business
card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Blvd. in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and Garnet.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New people, don't forget your fingerprint.

Drop me a note if you plan to attend.

   Adam, Esq.



--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|  My PGP key is available on my  |Unauthorized interception violates |
| home page: http://www.rosa.com  |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/






From jya at pipeline.com  Thu Feb 22 17:54:00 1996
From: jya at pipeline.com (John Young)
Date: Fri, 23 Feb 1996 09:54:00 +0800
Subject: BLO_bak
Message-ID: <199602222336.SAA28235@pipe3.nyc.pipeline.com>


   2-22-96. TWP:

   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
   for Covert Work."

      A controversial loophole permitting the CIA to recruit
      American journalists as agents also allows the agency to
      waive a similar 19-year-old ban on employing clerics or
      missionaries. An official also disclosed that CIA
      regulations prohibit recruiting employees of members of
      Congress or congressional committees "without the
      approval of the member" for whom they work.

   "The CIA: No Cover For Failure."

      Now we know why the CIA, the NSA and the DIA and all
      those other spook agencies that get $25 billion-plus
      every year can't bring down Saddam Hussein: They have
      not been able to use journalists or priests -- the
      latest the Washington/New York national security
      establishment has come up with to ride out the lean
      years after the Cold War. In a justification for
      continued massive spending on spying, the experts ask us
      to focus on the extraneous and stupid, rather than look
      at the obvious.

   "Again, the CIA and the Press." [Editorial]

   "My Spy Story." [NYT Op-Ed]


   2ND_job (for 4)







From bruce at aracnet.com  Thu Feb 22 18:24:54 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Fri, 23 Feb 1996 10:24:54 +0800
Subject: Analysis wanted
Message-ID: <2.2.32.19960222214441.006945b8@mail.aracnet.com>


If anyone is interested in helping out the gentleman quoted below by
ruthlessly savaging :-) his algorithm and assumptions, would you please
e-mail me so I can hook you up with him? (He decided not to post to the list
directly to avoid the usual signal-to-noise problems. Can't blame him. But I
offered to forward along relevant info and queries.)

>Is there a way of someone trustworthy to try and break VGP and express an
>opinion on it's strength or weakness.  I can basically describe the
>encryption approach and the reencryption, number of passes, final conversion
>to clean text from a binary etc. with you to try to give you some level of
>comfort without sharing the code.  I would also like to have someone
>competent run it through the paces, and then if it is not worthy, go back to
>the drawing board.
>
>In short, I appreciate your comments and frankness, and assure you I am
>interested in your opinion or anyones opinion, and interested in making the
>system rugged.  I agree with your point, and perhaps it sums the whole issue
>up in one line, and that is that "bad encryption is worse than no
>encryption".  encouraging a false sense of security is not something I want
>to be part of, I do want to be responsible to others.

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From winkjr at teleport.com  Thu Feb 22 18:57:04 1996
From: winkjr at teleport.com (Wink Junior)
Date: Fri, 23 Feb 1996 10:57:04 +0800
Subject: Bell Labs' Alternative to Java
Message-ID: <199602230131.RAA26502@kelly.teleport.com>


Looks like Java might have some competition.  Perry and others who are
concerned that Java has inherent security flaws might want to get a word
in with the Bell Labs folks while the project is still in development.

Wink

>BELL LABS, RITCHIE "DO SIMPLER RIVAL TO JAVA"
>(February 20th 1995) AT&T Corp's Bell Laboratories is working
>feverishly on a rival to Sun Microsystems Inc's Java, according to
>the San Jose Mercury News. The paper reckons that the project has
>been accorded such a high priority that most of the 10 or so software
>engineers working on the Plan 9 OS have been pulled off that to get
>the new language, code-named Inferno, finished. 
>
>According to Silicon Valley's local paper, Dennis Ritchie, credited
>with creating both Unix and C, made a brief reference to Inferno in a
>speech last Tuesday night at UniForum and was reluctantly persuaded
>to enlarge on it a little later. He said that while Java has been the
>beneficiary of a lot of hype, the underlying idea behind it was
>compelling, but he was worried that Java had become too large and
>complex; he also suggested that any Bell Labs version would be useful
>in a wider variety of machines, including future television sets.
>"Java does not go far enough," he said. 
>
>Ritchie did not say how far along Inferno was, and implied that no
>decision had been made about whether it would ever be brought to
>market as a product. Bell Labs is of course in the early stages of
>moving - not physically but in its allegiance - from AT&T to the
>$20,000m-a-year fledgling Lucent Technologies Inc.





From 72124.3234 at compuserve.com  Thu Feb 22 19:13:42 1996
From: 72124.3234 at compuserve.com (Kent Briggs)
Date: Fri, 23 Feb 1996 11:13:42 +0800
Subject: Puffer 2.0 Released
Message-ID: <199602230155.UAA23263@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

FOR IMMEDIATE RELEASE                          Information Contact:
                                               Kent Briggs
February 22, 1996                              (817) 666-7737
                                               kbriggs at execpc.com
                                               CIS: 72124,3234


           NEW RELEASE OF WINDOWS ENCRYPTION UTILITY

Hewitt, Texas - Kent Briggs, author of Puffer, has announced the
release of version 2.0 of the popular shareware encryption utility.
Puffer is a password-based data file and e-mail encryption program
for Windows.  Encryption software allows users to keep their
personal, business, and electronic transmitted data private.

New for version 2.0 is the addition of a very fast stream cipher,
PC1.  PC1 operates with a 40-bit encryption key and produces the
same stream output as RC4, the most secure encryption technology
allowed for export from the United States.  Puffer retains the
160-bit Blowfish block cipher in the registered version provided
to customers in the U.S. and Canada.

Puffer's revamped interface features a tabbed-notebook layout and
a new built-in text editor.  Users can now encrypt and decrypt data
and e-mail directly from disk files, the editor, or the Windows
clipboard.  An LZ77 data compression option is also available.  The
ability to produce ASCII, binary, and self-extracting archives is
also retained in version 2.0.

New data wiping features have been added to Puffer to prevent
sensitive data from being unerased on your disk drive.  In addition
to wiping data files, Puffer now has options to wipe file slack and
unused disk space.  The user can select from one to seven random
stream passes for each wipe operation.  A separate DOS utility is
provided to securely wipe the contents of the Windows permanent swap
file.

The shareware version (PUFF20.ZIP, 368K) can be downloaded directly
from the author's web site at http://execpc.com/~kbriggs


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS0emCoZzwIn1bdtAQGMCwF5AYfneePdqO96gzCDNZYB6doioAtAMOh4
K/V0mZ5vx/b8xOj1SIsc/Zy0Z95UlFXx
=JWRm
-----END PGP SIGNATURE-----





From jya at pipeline.com  Thu Feb 22 21:53:03 1996
From: jya at pipeline.com (John Young)
Date: Fri, 23 Feb 1996 13:53:03 +0800
Subject: BLO_bak
Message-ID: <199602222337.SAA28314@pipe3.nyc.pipeline.com>


   2-22-96. TWP:

   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
   for Covert Work."

      A controversial loophole permitting the CIA to recruit
      American journalists as agents also allows the agency to
      waive a similar 19-year-old ban on employing clerics or
      missionaries. An official also disclosed that CIA
      regulations prohibit recruiting employees of members of
      Congress or congressional committees "without the
      approval of the member" for whom they work.

   "The CIA: No Cover For Failure."

      Now we know why the CIA, the NSA and the DIA and all
      those other spook agencies that get $25 billion-plus
      every year can't bring down Saddam Hussein: They have
      not been able to use journalists or priests -- the
      latest the Washington/New York national security
      establishment has come up with to ride out the lean
      years after the Cold War. In a justification for
      continued massive spending on spying, the experts ask us
      to focus on the extraneous and stupid, rather than look
      at the obvious.

   "Again, the CIA and the Press." [Editorial]

   "My Spy Story." [NYT Op-Ed]


   BLO_bak (for 4)







From andreas at artcom.de  Thu Feb 22 22:06:05 1996
From: andreas at artcom.de (Andreas Bogk)
Date: Fri, 23 Feb 1996 14:06:05 +0800
Subject: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "John" == John Young  writes:

    John>    Schneier says in a March SciAm brief on Kocher's timing
    John> attack: "In theory there are other attacks. You can measure
    John> power consumption or heat dissipation of a chip; timing is
    John> just one way."

And you could measure emissions, without even getting close to the
chip itself.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSu6x0yjTSyISdw9AQHHwAP/TrNlmlJkHvojhI0F2ZXykIfXWqJOSjD3
/EqWvhM3e/l3N2OnrMelAhJDf3c/m6E823vQpwYMIRbOwdRkBgEGM/WJGyAPpLqU
n0sgNrfD0E+zq9wKCw6HorFJc/UNIz6T3A9XGTv9ymK+eWdOjMdL0HLyedTdOgmh
l74jDaRIYzg=
=aMZl
-----END PGP SIGNATURE-----





From ponder at wane-leon-mail.scri.fsu.edu  Thu Feb 22 22:33:39 1996
From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder)
Date: Fri, 23 Feb 1996 14:33:39 +0800
Subject: IMC resolving security workshop
Message-ID: 


Thanks to Raph for his excellent write-up on the IMC workshop "Resolving 
e-mail Security".

Thanks to IMC for sponsoring it and having an agenda, etc.

Thanks to the companies supporting IMC with corporate memberships, too.
hint, hint.

I am also concerned (as many on this list must be) about the 40 bits
and public perception.  If everyone thinks that Damien and the combined 
computing power of France is needed for two weeks to break it, then there 
is more teaching to be done, certainly.

Speaking of teaching, writing up one's notes after a meeting or 
conference and posting them to the list is an excellent benefit to those 
of us that didn't get to go.

ObSecureMail: I got the beta Pronto secure mail, but haven't had tome to 
fool with it yet, then I got a mesage about a bad key or something. 
What's up with that?
--
P.J. Ponder, individual member, IMC. (and proud of it)
--
EXTRA NOISE PART: I am trying to clean up al my typos so none will think 
I am IPGSales. (Yikes.)






From stewarts at ix.netcom.com  Thu Feb 22 22:57:02 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 23 Feb 1996 14:57:02 +0800
Subject: A Challenge (perhaps!)
Message-ID: <199602222131.NAA21573@ix6.ix.netcom.com>


At 12:39 PM 2/21/96 GMT, karlmarx at illumini.demon.co.uk wrote:

>My friend has just written a new crypto program that he is trying to get
>included on a PC Magazine CD-ROM over here... 
>I don't know too much about it at the moment, but he said he thought it
>would be a good idea to see if anyone on this list could crack it and thus
>help to make it more secure. I don't know too much about it ATM...

Great - we'd be happy to see it here.  Bad code is still code :-)
If it's good crypto, or even bad crypto with a good user interface,
it may be useful to people.  If it's bad crypto, we may be able to
educate your friend on plugging in good algorithms or at least discourage
having bad crypto made available to people who might be hurt by trusting it.


>I know it doesn't exercise key technology and relies on the secrecy of the
>algorithm (which from my very limited knowledge on cryptography I think makes
>it almost doomed from the start (?))

If you're going to distribute even executables, people can figure out
the algorithm you're using; keeping keys secret is tough enough...
Also, if you've got an algorithm that's strong enough to be useful,
you can do mathematical analysis of how long it takes to break,
and get an idea of how secure your data will be.

>The application is written in Visual Basic and I could probably get a copy
>of the compiled (well VB is actually interpreted, but that's neither here or
>there) .EXE file....

VB is readable, more or less, and I suspect if there's anything useful
from your friend's code, it'll be the user interface (because even someone
who can't do the math to do decent cryptography may still have some
taste about what user interfaces are friendly.)  From a tool-builder's
perspective, it's better to have tools that can be used as components
of larger systems than tools that _require_ a GUI interface or a
clumsy command-line interface, but that won't stop us from stealing a good
GUI :-)
and throwing away the bogus crypto.  Besides, PGP's user interface is
far clumsier than a command-line interface needs to be.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !






From tighe at spectrum.titan.com  Fri Feb 23 00:00:58 1996
From: tighe at spectrum.titan.com (Mike Tighe)
Date: Fri, 23 Feb 1996 16:00:58 +0800
Subject: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: <199602212217.QAA22922@softserv.tcst.com>


John Young writes:

>   Schneier says in a March SciAm brief on Kocher's timing
>   attack: "In theory there are other attacks. You can measure
>   power consumption or heat dissipation of a chip; timing is
>   just one way."

You could also count the number of electrons, as well as their direction
across the chips.





From ipgsales at cyberstation.net  Fri Feb 23 00:04:50 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Fri, 23 Feb 1996 16:04:50 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211553.KAA09492@jekyll.piermont.com>
Message-ID: 


Perry, fractions of what you say are true, but only small fractions,

Stubborness and stupidity are twins - 

Save all those lives you were talking about a few days agao, show us how 
easy it is to break the system - and reqad the messages form others - you 
are spouting a bunch of supercilious crap and everyone else knows that, 
except maybe you, you are obviously too stupid to recognize that - please 
save all those lives at stake




On Wed, 21 Feb 1996, Perry E. Metzger wrote:

> 
> IPG Sales writes:
> [garbage about what a one time pad is]
> 
> Er, you guys redefine the word "Oxygen" to mean "A brown liquid
> produced by fermenting barley and hops", too?
> 
> A one time pad crypto system requires that the length of the
> completely random key (not "practically random", not "nearly random")
> is equal to the length of the plaintext, and that which said key is
> used once and *only once*. Using a key to produce a pseudo-random
> sequence which is used to encrypt is *NOT* a one-time pad, and any
> claim that it is constitutes fraud, pure and simple, just like a claim
> that sugar water pills are antibiotics or that drops of red dye in a
> mixture of grain alchohol and water are French red wine.
> 
> > this is also my answer to Mr. Metzger - do as you like, I have
> > absolutely no ability to force you to do anything,
> 
> Of course not. However, I'll point out that you've annoyed me by
> peddling merchandise that can potentially harm your clients and bring
> a bad name to the field of cryptography.  People do have the ability
> to go to your state's Attorney General, you know. Keep marketing this
> crap and believe me, someone will -- very possibly even me. I am
> almost sure that defrauding customers continues to be against the law
> everywhere in the United States.
> 
> Perry
> 





From perry at piermont.com  Fri Feb 23 00:07:53 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 23 Feb 1996 16:07:53 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: <199602212203.RAA10183@jekyll.piermont.com>



IPG Sales writes:
> Mike, the keys are encrypted with an OTP that only the intended recipient 
> can open - a special, subsystem used for that purpose only - employing 
> the same techniquers, but entirely separate and apart from the primary 

Could you please learn how to spell?

You cannot possible send your keys to the recipients encrypted in a
one time pad, because a one time pad can be used only once. Every bit
of keying material you would send your clients would use up one bit of
the material they had. That would mean that you could never send your
clients new keying material this way.

The phrase one time pad is a fraud, plain and simple. I mean that in
the most technical, legal sense. Advertise using that term and the FTC
can and will throw you in jail.

What you have here is some sort of conventional stream cipher conked
up from a PRNG. You've solved no key management problems. What you've
done is simply generate lots of hype. When I see the PRNG I suspect
that I'll discover that the thing is nothing more than some sort of
multi-pass linear congruential generator that cracks open like an egg.

> user system -  any inteceptor would have to break trhe system, which we 
> claim is impossible.
> 
> 
> On Wed, 21 Feb 1996, Mike McNally wrote:
> 
> > 
> > IPG Sales writes:
> >  > We do not keep copies, we would not be in business 30 days if 
> >  > we did.
> > 
> > How do you ensure that the keys are not intercepted, duplicated by a
> > man-in-the-middle, and forwarded?
> > 
> > ______c____________________________________________________________________
_
> > Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
> >        m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
> >                *______________________________
_
> > 
> 





From ipgsales at cyberstation.net  Fri Feb 23 00:10:20 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Fri, 23 Feb 1996 16:10:20 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: 
Message-ID: 


Yes, in trying to answer all the questions you that were posed, we made 
that mistake, obviously it was a typo - unlike so many of you, we are not 
perfect - the 10 to the 1000 is correct though

On Wed, 21 Feb 1996, Clay Olbon II wrote:

> At 10:08 PM 2/20/96, IPG Sales wrote:
> 
> >Unlike Mr. Silvernail, we have a much simplier definition of what we mean
> >by a one time pad - given a message/file of length N, where N is a finite
> >practical number say less than 10 to the 1000th power, that the encrypted
> >ciphertext can be any of the N to the 256th power possibile clear/plain
> >text messages/files.  To prove that the IPG system does not work, all you
> >have to do is to prove that is not the case - that our system, without
> >artifically imposed boundary conditions will generate a subset of those
> >possibilities  - that is simple and strsight forward - not
> >hyperbole but action - everyone stated how simple it was to break the system,
> >now everyone is back paddling aa fast as they can, like Mr. Metzger and
> >some of the other big bad cyphermouths.
> 
> PROOF:
> 
>         Given that N is the length of the message in bits. The number of
> possible combinations of bits is 2^N.  For any message length N > 1,
> 2^N < N^256.  Simple example.  Message length is 3 bits.  The maximum
> number of possible combinations of these bits is 8.  This is far less than
> 3^256 (which is more than 10^100, i.e. it overflows the calculator on my
> Mac).  Sorry guys.  Try learning some simple math before you try and sell
> crypto.
> 
>         Clay
> 
> ---------------------------------------------------------------------------
> Clay Olbon II            | olbon at dynetics.com
> Systems Engineer         | ph: (810) 589-9930 fax 9934
> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
> 550 Stephenson Hwy       | PGP262 public key: finger olbon at mgr.dynetics.com
> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>     "To escape the evil curse, you must quote a bible verse; thou
>      shalt not ... Doooh" - Homer (Simpson, not the other one)
> ---------------------------------------------------------------------------
> 
> 
> 





From brad at his.com  Fri Feb 23 02:30:02 1996
From: brad at his.com (Brad Knowles)
Date: Fri, 23 Feb 1996 18:30:02 +0800
Subject: 
Message-ID: 


At 4:55 PM 2/22/96, Raph Levien wrote:

>    One of the goals of the IMC is to involve users, not just
> developers. I was ready to "officially" represent the "cypherpunk user
> community," but fortunately, I didn't need to. In fact, the strongest
> advocacy of strong crypto came from an employee of a "large service
> provider in America."

    I consider myself a neophyte CypherPunk, in that I just
joined the DC CypherPunk mailing list.  If you check a
particular issue of _Communications of the ACM_ in the "ACM
Forum" section, you'll see that I've been kicking around this
kind of stuff for a little while.  For anyone who is interested,
I'll post or privately email the information on which issue it
was, as soon as I can remember which issue it was.

>    There were five contenders on the field going into the day, and two
> and a half at the end. MOSS was one of the casualties. A lot of us
> were sorry to see it go, but eliminating candidates has got to happen
> if we're going to have interoperation.

    I would have to say that MOSS does have the advantage of
being very well MIME-integrated, and therefore can serve as a
good framework on how to use something that is not necessarily
PEM-based.  I'm seriously hoping that whatever we finally come
up with, it won't look too very different from RFC 1848, except
where specific algorithms are discussed or perhaps additional
features.

>    There was a lot of energy around S/MIME. People are implementing
> it. Internally, it's pretty kludgely, but it does provide pretty good
> cryptographic services. (as an aside, my favorite kludge anecdote is
> the fact that X.509 certificates use an IA5 character set rather than
> ASCII, so that the @ in email addresses has to be represented as (a)
> instead).

    Oh, yeah.  We (the community interested in secure Internet
email) need to decide if we're willing to have an internal and
an external representation differ in this manner, since we
obviously can't show IA5 strings to the user or expect them to
type in IA5 strings.  My personal opinion is that the IA5
strings need to be dumped in favour of a proper Internet email
address format (which I'm sure is specified by one of the
bazillion email-related RFCs, I just don't know which one to
reference).

>    The biggest problem with S/MIME is that the signed and encrypted
> format reveals who made the signatures. Obviously, this has severe
> consequences for anonymous mail. Believe it or not, a lot of people
> care.

    IMO, this has to be fixed as well.  The good thing is that
the folks who have an investment in S/MIME seem to be willing to
make changes to the specification to suit the desires of the
larger secure Internet email connunity at large.  I hope that
companies like VeriSign (that help other comapnies to implement
this kind of technology) also agree to follow suit.

>    One strength of PGP has traditionally been its unity. PGP means one
> message format (the PGP one), one suite of crypto algorithms (the PGP
> one), one key format (the PGP one), one application (PGP itself). Most
> of the other proposals are modular in some way, especially with
> respect to algorithms. PGP is moving in that direction.

    IMO, unity in this case is both a benefit and a deficit.
Because it has not historically been separable, it's either all
or none of PGP, and that's not an implementory style that's
likely to win friends or marketshare.  To that degree, I think
PGP has probably been less successful than it could have been.
To the degree that this is changing is one indicator of its
potential to continue to be a player.

>    Earlier, I mentioned that two and a half protocols survived the
> day. The remaining one is MSP. It's actually not a bad protocol. It
> has two features that none of the others have: the ability to label
> classified messages, and a cryptographically strong signed receipt.
> Both of these functions are highly important for government users. It
> looks like government suppliers are going to go ahead and implement
> it, and the government is going to use it.

    Although these benefits are present in the current MSP, I
don't see anything inherent in MSP that makes it necessarily
superior in these areas.  If you were doing normal MIME-type
receipts (whatever that means, since I think there are three
different drafts under way currently), and you simply added the
ability to cryptographically sign a timestamp in the "proper"
MIME receipt type, then MSP would lose this advantage.

    I think labeling could potentially be done by follow-on
versions of other packages as well, since I think we all agree
that generic labeling which can be used both for standard
gov't-style classification levels and compartments, as well as
for business-style sensitivity labeling.  In fact, I'd almost be
inclined to say that it would likely be as easy (or easier) to
create a new general-purpose labeling system for use with any of
the competitors than it would be to modify MSP to support
business-style labels in addition to the gov't-style labels I'm
sure it has today (maybe it already has labels, but I don't
think that this is that tough of a problem to solve in any
event).

>    My feeling is that the main differences are cultural. MSP still has
> a very ASN.1, OSI, governmental flavor. Its proponents are making the
> effort to be responsive to users, but I think there's still a bit of
> skepticism about that, perhaps misguided, perhaps not.

    Yes, ASN.1.  Ugh.  Dave, have you been able to dig up that
penultimate discourse upon ANS.1 from your brother?


    On the whole, I haven't read anything of MSP yet, so perhaps
I'm totally off-base.  Maybe I'm misguided on this, but when it
comes to "new" protocols or standards that just suddenly drop
onto my radar screen, I sometimes wonder why I haven't heard of
them before and what someone is trying to hide.

>    My advice to US developers: don't even try to export a 40-bit
> version of your product. Just leave crypto out of the export version.
> Your product will have better performance and many fewer configuration
> problems. Include 40-bit in the US product if you have to, but don't
> allow it to be used silently. For example, put up a little dialog that
> says, "are you _sure_ you want to use 40-bit encryption? It's not
> secure, you know."

    This is where I say that what we need to do is neither cave
in to the limitation imposed by the gov't nor do we accept that
we have to rip out encryption from our products to be shipped
overseas or used in the U.S. on the behalf of overseas
customers.  We need to (on a daily basis) wipe the gov't nose in
this mess that they've created, until such time as they learn
that it stinks and that they shouldn't do that indoors anymore.

    ITAR be damned.


>    If care about offering crypto in the non-US market, form a
> partnership with overseas developers to add the crypto.
>
>    Non-US developers, now is a fabulous opportunity. Get those
> implementations underway, the sooner the better.

    And own the crown jewels to every single company in the U.S.
all that much faster.  It's not like the NSA is help to protect
them from espionage that originates from competitors or from
what used to be the political espionage organizations that are
now fighting to keep their jobs.  It's not like companies will
have a single moments interest in having to deal with two
different standards for their U.S. customers and overseas
customers, or worse, their U.S. subsidiaries and their overseas
subsidiaries.


    Everybody should buy their encryption technology from a
country where this kind of thing isn't under export control, and
then ship (or operate) from that country.  When all the
companies have moved overseas somewhere (or at least moved the
official bits that they have to move in order to make this
happen), maybe the U.S. gov't will wake up.  But of course, by
then it will be too late.  And the NSA (and other governmental
entities) will have succeeded in doing "Very Grave Harm to
National Security Interests" because there won't be much of a
Nation left behind when all the companies (and therefore
workers) are overseas.



    Sorry, this has been a *major* sore point with me for years.

>    Most serious email vendors plan to "implement everything that's
> real." That means S/MIME for sure, PGP/MIME assuming they can get
> their hands on a decent implementation, and MSP if they sell a lot of
> stuff to the government.

    I'm hoping that we'll be able to significantly reduce the
playing field of "what's real".

>                                              Over the next few months,
> we will see some very high profile, mass market implementations.

    You may see them from others, but I don't think you're
likely to see them from us anytime soon.  See my comments above
about ITAR.  We're a world-wide company (and trying to become
even moreso) with world-wide customers.  Hell, we could even get
completely cut off from certain countries because they deem that
we're providing access to "illegal" or "unapproved" encryption
technologies.

>    At the end of the meeting, Dave asked the room for consensus on
> several points. First, there was strong consensus that the encryption
> protocols converge on multipart/security for their signed message
> format.

    You mean "multipart/signed", right?

    There was also strong support for changing the
"octet-stream" definition of "multipart/encrypted" to something
more meaningful (hopefully simply state that it's one of the
standard MIME types, and can presumably be safely converted to
and from things like base64 or quoted-printable, or that its
canonical form is one of the seven-bit safe formats).  With that
change, there was strong support that I heard voiced for
supporting "multipart/encrypted" as well.

>    I'd say that's quite a remarkable achievement for a such a
> difficult area.

    Agreed.  I think Dave Crocker deserves a lot of credit for
how well he managed to shepard us "cats" and that he didn't let
things get far enough off-track that we turned into "hostile
cats".

        -Brad







From sameer at c2.org  Fri Feb 23 02:52:34 1996
From: sameer at c2.org (sameer)
Date: Fri, 23 Feb 1996 18:52:34 +0800
Subject: Let the Snake Oil Flow
In-Reply-To: 
Message-ID: <199602230422.UAA12375@infinity.c2.org>


	All valid points, but when the likes of Nathaniel Borenstein &
his cohorts use the failures of snake oil to discredit all
cryptography, then we have a problem. (Not to say that Netscape is
selling snake oil... but I figure that FV would capitalize on a snake
oil failure to further their anti-cryptography agenda just as they
have used the Netscape RNG bug)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From sameer at c2.org  Fri Feb 23 02:53:54 1996
From: sameer at c2.org (sameer)
Date: Fri, 23 Feb 1996 18:53:54 +0800
Subject: Let the Snake Oil Flow
In-Reply-To: 
Message-ID: <199602230438.UAA14284@infinity.c2.org>


> 
> Please don't misunderstand...I'm not _approving_ of snake oil, just
> suggesting that maybe the list shouldn't go into paroxysms every time
> someone reveals their Captain Midnight Decoder Ring crypto system.

	Right. it's a tough call though. Suppose the list didn't go
into paroxysms and someone lost big by using snake oil. Then our
friends at FV will say "oh look at this crypto which lost people
money". -- and we did nothing to prevent that opportunity.
	I'm not saying that paroxysms are -good-, just that one should
be wary of the consequences of what may happen if someone loses big to
snake oil.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From tcmay at got.net  Fri Feb 23 02:54:07 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 18:54:07 +0800
Subject: Let the Snake Oil Flow
Message-ID: 


At 4:22 AM 2/23/96, sameer wrote:
>        All valid points, but when the likes of Nathaniel Borenstein &
>his cohorts use the failures of snake oil to discredit all
>cryptography, then we have a problem. (Not to say that Netscape is
>selling snake oil... but I figure that FV would capitalize on a snake
>oil failure to further their anti-cryptography agenda just as they
>have used the Netscape RNG bug)

Please don't misunderstand...I'm not _approving_ of snake oil, just
suggesting that maybe the list shouldn't go into paroxysms every time
someone reveals their Captain Midnight Decoder Ring crypto system.

Sci.crypt used to be wracked with such issues...I don't look at it much
these days, so I don't know if it still is. But the Cypherpunks list has
become the de facto place to debate new crypto systems, which we can look
at as an achievement as well as a curse, so it's inevitable that new
flavors of snake oil will be sold here every few weeks.

--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.







From tcmay at got.net  Fri Feb 23 02:54:23 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 18:54:23 +0800
Subject: Let the Snake Oil Flow
Message-ID: 


At 4:38 AM 2/23/96, sameer wrote:
>>
>> Please don't misunderstand...I'm not _approving_ of snake oil, just
>> suggesting that maybe the list shouldn't go into paroxysms every time
>> someone reveals their Captain Midnight Decoder Ring crypto system.
>
>        Right. it's a tough call though. Suppose the list didn't go
>into paroxysms and someone lost big by using snake oil. Then our
>friends at FV will say "oh look at this crypto which lost people
>money". -- and we did nothing to prevent that opportunity.
>        I'm not saying that paroxysms are -good-, just that one should
>be wary of the consequences of what may happen if someone loses big to
>snake oil.

Right, a tough call.

Some people are more _interventionist_ than others. Me, I'm not too worried
that someone will "lose big" by listening to snake oil salesmen...people
lose big every day, by smoking, driving too fast, enlisting in the Army,
whatever. I long ago gave up trying to protect others.

(Why I participate so strongly in this list has various possible answers.
Nothing better to do is one theory. An interest in the implications of
strong cryptography is another theory. Being an introvert--in Jung's actual
terms, not the popular misinterpretation of Jung--is another.)

I guess I gave up on worrying too much about other people making the wrong
decsions. And given that "the Cypherpunks" have no organization, no role in
evaluating and recommending crypto code, except insofar as they act as
individuals, I don't worry too much about lost sheep going astray.

Those who used to believe in snake oil--the original kind--got culled out
of the population as a result. Religion now serves the same role,
especially Christian Science. Frankly, if people want to believe that First
Virtual is better than cryptography, or that Internet Security Guaranteed
can really guaranty security with their fabulations about prime wheels and
reusable one-time pads, then maybe the crypto-gullible will be culled--the
gullible are cullable.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jsw at netscape.com  Fri Feb 23 03:23:32 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Fri, 23 Feb 1996 19:23:32 +0800
Subject: url
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <312D9E32.5689@netscape.com>


Perry E. Metzger wrote:
> 
> Mike McNally writes:
> > At  find
> > some interesting "surveillance" applications of Javascript.
> 
> Okay. We have some netscape people here on this list.
> 
> When is the patch to let you disable JavaScript inside Netscape going
> to go out? Its more than time.

  I agree.  I asked for this option several times over the course of the products
development.  I consider it a grave mistake on my part to not have forced the
issue.  It will be corrected shortly.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From mailer-daemon at anon.com  Fri Feb 23 20:07:44 1996
From: mailer-daemon at anon.com (System Mail Manager)
Date: Fri, 23 Feb 1996 20:07:44 -0800
Subject: Twelve Days of Christmas
Message-ID: 



--  --
UNDELIVERABLE MAIL: Unknown Host("PeppermintPty at loacst.org")
UNDELIVERABLE MAIL: Bad Key

--  --

*** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
*** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***

DAY 10: DR. BLACK located a promising entry point at the target site. DR.
BLACK recovered four of the six password tokens before his position was
compromised. DR. BLACK will be replaced by DR. ORANGE.

Estimated time to recover the remaining two password tokens and gain access
to target: EIGHT DAYS (03.01.96)

Confidence is HIGH.

My team has been working around the clock for a month now. Please tell your
people to be more tolerant. Yelling doesn't help anything.

Marcie










From lmccarth at cs.umass.edu  Fri Feb 23 04:13:50 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 23 Feb 1996 20:13:50 +0800
Subject: Puffer 2.0 Released
In-Reply-To: <199602230155.UAA23263@bb.hks.net>
Message-ID: <199602230948.EAA23344@opine.cs.umass.edu>


Kent Briggs writes:
[re: Puffer 2.0]
> New for version 2.0 is the addition of a very fast stream cipher,
> PC1.  PC1 operates with a 40-bit encryption key and produces the
> same stream output as RC4, 

Is PC1 a stream cipher implemented in a "clean room", by reference to an 
abstract specification of the algorithm implied by the Alleged-RC4 source
code, that interoperates with RC4-40 ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From cmca at alpha.c2.org  Fri Feb 23 05:03:12 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Fri, 23 Feb 1996 21:03:12 +0800
Subject: Easy Nuclear Detonator
Message-ID: <199602230232.SAA14224@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: jim bell ]
[Cc: cypherpunks at toad.com]
[Subject: Re: Easy Nuclear Detonator]

In one of his less lucid moments, jim bell  typed:
>I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have
>some idea about the subject?

I think it was a Heinlein character who observed that "you can vote all
you like, it doesn't change reality". The HGTTG also makes a similar
observation regarding the emigrants from Golgafrincham.

The fact that you call for votes at all makes me less inclined to
believe your expostulations.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMS0aK4HskC9sh/+lAQEqaAQAw7wyEp0eWra32f7xIzdpa5Z+No6WI9Dr
VIklNbXWE/TPTMMBfTtMu0tCiEGQ70tvCp+N3BeSqH9bEI6FCWbOa9XNhhGcAiZT
VQVwGfyUiJW61HkqNqfH/HCgxRJnnA3dNwbNPQ1FJsVvIPT/RBVPGc4K0hoNp5nd
WjDAsFDCQjM=
=dejF
-----END PGP SIGNATURE-----





From adam at lighthouse.homeport.org  Fri Feb 23 05:03:31 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 23 Feb 1996 21:03:31 +0800
Subject: Let the Snake Oil Flow
In-Reply-To: 
Message-ID: <199602230206.VAA12870@homeport.org>


	While I'd never disagree with my good buddy Tim, let me tell
you all about the neatest medial hack since anesthesia, TMS, or
Transcranial Magnetic Stimulation!

	This astounding use of magnetic fields can stimulate or deaden
nerves through the skull!  Its being used right now in research
hospitals to create functional mappings of the human brain!

	An experiment I witnessed involved a volunteer who had his
cold nerves turned off by placing a small probe over his head.  He was
completely unable to feel the cold of an ice cube placed on his bare
skin!

	Snake oil?  No.  Its really out there, and is has real
possibilites.  But how is the lay person to tell?  With a car, you can
see if it turns on.  With a replacement for anesthetics, you can
decide if it works pretty easily.  "Can you tell that I just cut your
arm?"  But with crypto, you need to wade through the excellent, but
quite long, sci.crypt FAQ, if you even find a pointer to it. 

	Altavista comes back with 48000 hits when asked for Crypto.
"Introduction to cryptography" is a more tolerable 100 documents, but
how to know which are good, and which are snake oil?  The reputation
software to help filter is lacking.

	So, I see a value to flaming the snake oil salesmen loudly,
today.  Not that we shouldn't let the market handle the situation, but
part of that market is that crypto enthusiasts (aka cypherpunks) will
flame the snake oil salesmen.  Not that other issues you mention (such
as the behinds the scenes deals) aren't important, but in the face of
no information, we can't discuss that much.


Adam

Timothy C. May wrote:

| Well, it seems to me that letting some real snake oil out there could be a
| Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone
| who puts valuable information into "PowerPads" and "Stream-of-Consciousness
| Ciphers" pretty much deserves what he or she gets. I am not losing any
| sleep that Snake Oil Enterprises is hyping a conceptually flawed system.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From mpd at netcom.com  Fri Feb 23 05:03:47 1996
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 23 Feb 1996 21:03:47 +0800
Subject: Let the Snake Oil Flow
In-Reply-To: 
Message-ID: <199602230110.RAA11717@netcom11.netcom.com>


tcmay at got.net (Timothy C. May) writes:

 > Predictably, others are asking/expecting "the Cypherpunks"
 > to break their systems. Just as predictably, many of us are
 > patiently (and impatiently) explaining that breakages cost
 > money and resources. And so the "developers" gleefully
 > respond that this proves the "Cyperpunks" [sic] are helpless
 > before their software.

Which is patently silly, of course.  Unless some TLA writes me an
obscenely large check, I am unlikely to try and break anything
that hasn't achieved significant market penetration and
widespread use, whether it is an operating system, or an
application which utilizes encryption.

I'm not even interested in breaking the individual building
blocks of such things, such as block ciphers and RNGs, outside of
the context of their use in a specific application.  Unless
something is obviously braindead on delivery, it makes little
sense to attack it in the abstract, and the nicest weaknesses in
systems often depend upon the little details, as the Netscape and
Kerberos folk have discovered.

All of this means that challenges by the snake oil peddlers, and
even well-advertised public floggings of new ciphers, like RC5,
really don't do much to discover design flaws or weaknesses. It's
like the ten people who post "I have invented an unbreakable
cipher" to sci.crypt each week, and when no one cares, proudly
declare victory and go home.

 > A few highly publicized failures could be educational, and
 > ultimately help to strengthen the Net. You don't get better
 > bridges without some highly-visible bridge collapses. Raises
 > consumer awareness of what good design really is.

Yes - one neat hack against Netscape or Microsoft is worth an
infinite number of dull papers in "Cryptologia" as far as public
relations are concerned.

 > Personally, I'm much more worried about the
 > behind-the-scenes goings on with key escrow, the pressures
 > being applied to Netscape, Lotus, Microsoft, TIS, etc., than
 > I am in Yet Another Clueless Crypto Product (tm).

Let a thousand Clueless Crypto Products bloom today. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From unicorn at schloss.li  Fri Feb 23 05:04:36 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 23 Feb 1996 21:04:36 +0800
Subject: [Off topic] Re: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 



Way off topic, still....

On Wed, 21 Feb 1996, jim bell wrote:

> At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
> >On Sun, 18 Feb 1996, jim bell wrote:

[easy nuclear initiation device described, key in design are:]

> >> 
> >> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> >> homogenous liquid 
> >> explosive (for example, pure nitromethane)

To which I reply:

> >This method is so dependent on the uniformity of the initiator (the cap 
> >in this instance) as to be nearly useless.  Normal blasting caps do not 
> >detonate with the uniformity required to initiate each of the tube paths 
> >at the same time.  In the off chance that you contemplated surrounding 
> >the cap with liquid explosive of a sufficent type, (which still wouldn't 
> >assure proper uniformity with any certainty as the liquid explosive is as 
> >likely to detonate slightly off left to right as up to down) you still have 
> >extremely difficult problems to overcome.
> 
> Re-read my whole statement.  I copy the relevant commentary that you
> sloppily forgot to read:
> 
> >> Detonated from a single cap, with an 
> >> intermediary chamber of liquid explosive to stabilize the shock front,

You, quite inadvertantly I am sure, managed to ignore the following:

> >In the off chance that you contemplated surrounding
> >the cap with liquid explosive of a sufficent type, (which still wouldn't
> >assure proper uniformity with any certainty as the liquid explosive is as
> >likely to detonate slightly off left to right as up to down) you still 
> >have extremely difficult problems to overcome.

And thus boast:

> I already entirely anticipated your objection.  And destroyed it.

Actually, your design still is vulnerable to my objection, as my 
objection was specifically to your intermediary chamber concept.

Your intermediary chamber, if surrounding the blasting cap, is likely to 
detonate to one side first, at a right angle to the axis of the chamber 
to the explosive assembly.  Blasting caps tend to rupture their casings 
on one side before the other.  In this case you will have a left to right 
detonation in the intermediary chamber, as I indicated.  If you have your 
tubes spun off the chamber like a starfish, your initiation times will 
vary, probably significantly.  In the worst case, the duration determined 
by diameter of chamber/velocity of detonation.  In the event your chamber 
is 1/5 of the length of the tubes themselves, you will have one side of 
your explosive assembly detonating when another tube has 1/5 a length to 
go.  As you have not specified any of the dimentions of your chamber or 
tubes, or the exact liquid explosive you intend to use, the delay is 
impossible to quantify exactly.  Attempting to mitigate the delay by 
shortening the tubes brings the explosive assembly closer to the 
intermediary chamber, with associated hazards.  Most problematic, 
disruption of the reflector orientations.

Also note, that if starfished, the worst possible timing error will 
occur, that being, the tubes with the most extreme difference in 
initiation time will be those at opposite poles of the quasi-sphere of 
the explosive assembly.  Bad news for uniform compression.

If you intend to run the intermediary chamber into a funnel before 
seperating into your individual tubes, you have the same problem as if 
you never had a chamber at all, namely the initiation of one or the other 
tubes before the rest.  While the funnel may limit the effect of radial 
differences in initiation timing, it complicates things by requiring 
very precise milling of the connections of the tubes to the intermediary 
chamber as well as such milling at the ends which meet your explosive 
assembly.

> >1>  Interference from the milling shape and accuracy of the openings to 
> >the tubes containing the liquid explosive.
> 
> Quantify, quantify.  How much of a problem?

Clever question given that I am without any information as to the exact 
shape of your tubes, if they are bowled down towards the explosive 
assembly, or what their exact width (excepting your vague 1mm figure) 
might be.  You make some guesses as to material, but these two are fairly 
flimsy even by your own admission.

All you need to realize to appreciate the problem is that if you do not 
have a precisely milled end, with a precise depth into the compressing high 
explosive outer face, you have differences in how and when the various 
faces of the explosive assembly are going to initiate.  If you make your 
tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
you widen the tubes, it exagerates the distortive effect of 
irregularities in the tube ends.

It's very simple, if you don't have a precisely flat end of tube, you 
have a shaped charge in effect.  On the other end, you have problems with 
easy of initiation.

  (Hint:  If you seriously 
> believed there was a problem with this idea, you would be able to give a few 
> examples on how to avoid them.  Reading your commentary, you did none of 
> this.  

I'm not in the business of designing nuclear initiators.  I expose poorly 
thought out explosive engineering as a hobby.  Your best solution is to 
mill each tube exactly alike, right down the the degree of bend and slope 
of arc as well as shape of either end.  But you could have figured that 
out without me spelling it our for you.

> >2>  Mild to obscure impurities in the liquid explosives causing 
> >differences in velocity with respect to other tubes. 
> 
> All the tubes can be filled at the last minute by pulling a vacuum on the
> system and letting atmospheric pressure fill all the tubes.  No impurities,
> or at least it's a perfectly homogeneous mixture.

Hard to prevent with a hydrazine explosive.  Hydrazine based explosives 
may vary as much as 10-15% in velocity of detonation with mere .1% 
changes in pressure and 1% changes in temp.  I don't know how impurity 
comes into play exactly, but I suspect they are very sensitive to such 
changes as well.

> > Even small changes 
> >in pressures within the tubes might cause enough timing problems to make 
> >uniform initiation of the primary high explosive assembly impossible.
> 
> "might"?  Well, could you be more specific?  How many nanoseconds would be
> too many?

What is the mass of your subcritial material?  What shape are you using?  
Simple sphere or multifaceted polygon?  What is the thickness of your 
compressive explosive?  What kind of explosive is it?  How deep are the 
initiators inserted into the compressive explosive?  What is the material 
of your tubes?  Glass or metalic?  (Metalic will be force conductive 
before failure, glass will merely shatter, the difference in initiation 
points in the compressive explosive will be equal to the depth of the 
tubes when comparing glass and metalic tubes.  Glass is likely to 
initiatite at the surface, metalic tubes at the point of tube terminus.

> >3>  Interference from the milling shape and accuracy of the terminus of 
> >the tubes containing the liquid explosive.
> 
> So what's your point?

You might have signifincantly different characteristics in the initiation 
of your compressive explosive.  As I said before, anything but a 
precisely milled flat end on your tubes will effectively be a shaped charge.
The effects of various shapes at the ends of tubes are left as an 
exercise for the reader.

> >4>  Overpressure in the device causing premature detonation of the near 
> >portion of the high explosive assembly.
> 
> Sure about that?

Quite.  It was a big problem in the first compressive devices.  Some 
early experimentation produced mushroom like shapes in the compressed 
material (inert for experimentation) because one side of the compressive 
explosive was initiated by presure of the impact of the casing itself.  
Supercriticality would not have been achieved in these instances of 
failure.
  
Further experimentation attempted to rectify the problem by placing the 
entire inner chamber at .25 of an atmosphere.  I think their eventual 
solution got around overpressure initiation in a simplier way, but I 
don't recall what it was.  (Might have been new explosives for the 
compression phase)

> 
> >All of these might cause enough timing error to prevent uniform pressure 
> >and thus prevent uniform compression and make supercriticality impossible.
> 
> Pigs might fly.

But they don't.  The timing problem is quite significant.  Why do you 
think high speed and superaccurate switches are so well guarded?  There 
isn't an easy grassroots substitute, if there were, the switches would be 
fairly useless.

> >Remember, kryonic switiches are necessary even when dealing with the 
> >speeds of electric conductivity.  The velocities of even hydrazine based 
> >explosives are signigicantly lower.  The margin for error is similarly lower.
> 
> How low?  Be specific.

Again, I don't know what your dimentions are.  Hydrazine explosives tend 
to detonate around 8500-10000 m/s.  The speed of transmission of electric 
impulses through a given conductive medium is certainly much higher.

> >Plutonium gun is still the easiest method for the home grown nuclear 
> >device, even if it requires more fissile material.
> 
> The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
> WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
> "Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
> rapidly to use the "gun" method.   The 
> scientists knew that in 1945.  You seem to be at least 50 years behind the 
> times.

You are correct this time.  My fault.  Uranium should have been in there.  
Typo on my part.  Doesn't change the fact that it's much easier as an initiator.

> Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
> perhaps more likely, this is a specific DIS-information campaign.   You want 
> someone to waste a critical-mass worth of plutonium.   

Hey, be my guest.  If you had a critical mass worth of plutonium you're 
playing around with the wrong list, and, I might add, wasting your time 
with anything but the black market for the material.

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From jya at pipeline.com  Fri Feb 23 05:07:27 1996
From: jya at pipeline.com (John Young)
Date: Fri, 23 Feb 1996 21:07:27 +0800
Subject: Bell Labs' Alternative to Java
Message-ID: <199602230157.UAA03547@pipe4.nyc.pipeline.com>


March BYTE has an article on the Plan 9 OS, by Paul Fillinich, 
a marketing manager at AT&T, pp. 143-44.


He credits "researchers Rob Pike, Dave Presotto, Ken Thompson, 
Howard Trickey, and Phil Winterbottom, with support from Dennis 
Ritchie."


Plan 9 resources cited:

     Anonymous FTP: plan9.att.com


University of Toronto site:

     http://www.ecf.toronto.edu/plan9


For those without BYTE access: PLN_9os








From adam at lighthouse.homeport.org  Fri Feb 23 05:07:30 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 23 Feb 1996 21:07:30 +0800
Subject: I'd like a decaf, please (was Today's JavaScript bug)
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <199602230109.UAA12579@homeport.org>



| At  find
| some interesting "surveillance" applications of Javascript.

	I pointed to a need for configurability for Livescript in
December (http://www.homeport.org/~adam/java.html).  Now, it seems
that Javascript a bigger security hole than Java.  We can turn off
Java, but only downgrade to version 1 to avoid Javascript.

	The problems in Javascript are due to (in no particular order)
lack of design for security, lack of configurability, lack of
authentication in scripts, and a lack of control over whose scripts
are run.

	A design for security would have compartmentalized Javascript,
so that it only ran with access to the browser main window.  It would
not have access to the screen, nor to disk, or memory owned by
Netscape, except where parts of Netscape *explicitly grant* access to
JavaScript.

	Configurability means Netscape OBEYS /etc/netscaperc,
/usr/lib/netscape/security.cf, or some other file that allows me to
turn off Java and JavaScript completely, as a security officer for a
company.  It would also accept restrictions from a gateway or proxy,
which could add http and or headers such as  and
 (and perhaps others.)

	Configurability also means that Java or Javascripts can be
made, in a sitewide manner, to ask permission to run, announce
themselves when running, log themselves, (source, output,
interactions, etc), not do things such as shrink below a certain size,
etc.

	The next needed feature is strong cryptographic authentication
in the Java/JS engines, such that only digitally signed scripts can
run.   Again, the site needs to be able to configure this, to say
'Only scripts signed by the Dalai Lama or Perry Metzger can run at
all.  Only scripts signed by Perry and the bank security officer can
get at my e-wallet.'

	The start of this is not complex.  Create a set of standard
headers that http-gw or other web proxies can add, so people behind a
firewall can have sitewide policies.  (Notice that this has the clever
effect of making locally written scripts runnable, since they don't
pass through the firewall, even if all we get is an on/OFF switch.)

	Add authentication services at several (site configurable)
levels.  Digital signatures, one time run tokens are easy to do.
They're not even that tough to do right.  (One time tokens would be
nice for meter-ware as well).



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From hoz at univel.telescan.com  Fri Feb 23 06:19:16 1996
From: hoz at univel.telescan.com (rick hoselton)
Date: Fri, 23 Feb 1996 22:19:16 +0800
Subject: A Challenge (perhaps!)
Message-ID: <9602231402.AA09643@toad.com>


Mike McNally writes:

> > >I know it doesn't exercise key technology and relies on the secrecy of the
> > >algorithm (which from my very limited knowledge on cryptography I think
makes
> > >it almost doomed from the start (?))... 

>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, ....

This seems to me to be a perfectly valid point of view.  

One absolute requirement of any decent cryptosystem is 
that weak keys be vanishingly rare.  This can be done if 
almost all keys are strong or if a simple procedure can be 
found to identify and eliminate weak keys.  

Another absolute requirement is the ability to change keys.

It is also useful to be able to negotiate keys using 
procedures like Diffie-Helman key exchange.

Your suggested viewpoint shows very clearly why systems that 
depend on secret algorithm are often quite bad.

If you have the resources to adequately evaluate an algorithm 
yourself, (like the NSA does) you might gain some security by 
keeping your algorithm secret.  Even then, you would want 
a system that allowed you to change effectively.  My personal 
guess is that an algorithm that can generate novel, secure 
ciphers is beyond the power of any human agency, and will be 
for a long time.  

Incidentally, since the "original poster's friend" knows the algorithm, 
and every person that ever uses this cipher will have a copy of it, 
why should I trust this cipher?  None of the other users know me, so 
they should never let me hack^h^hve a copy.  So, even if they have found 
a secure system, (which experience says is very doubtful) I couldn't 
possibly have any interest in it.











Rick F. Hoselton  (who doesn't claim to present opinions for others)






From m5 at dev.tivoli.com  Fri Feb 23 06:34:52 1996
From: m5 at dev.tivoli.com (Mike McNally)
Date: Fri, 23 Feb 1996 22:34:52 +0800
Subject: Internet Protest!
In-Reply-To: <199602230422.UAA12375@infinity.c2.org>
Message-ID: <9602231413.AA17645@alpha>



Mark Allyn writes:
 > Please pass along this to anyone you know who has an email account! We
 > need to have everyone take part in this protest!

Sophomoric idiocy.  I can think of few actions that would marginalize
the on-line community more than for a bunch of geeks to mailbomb the
"white house".  Some poor sysadmin will be stuck dealing with his
filled-up mailbox, and that's it.  Is anybody so seriously delusional
that they imagine poor Bill Clinton having to work his way through all
the mail with elm?

Sheesh.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5 at tivoli.com * m101 at io.com          * I want more, I want more ...
               *_______________________________





From jsw at netscape.com  Fri Feb 23 09:04:30 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Sat, 24 Feb 1996 01:04:30 +0800
Subject: "and two forms of ID"
In-Reply-To: 
Message-ID: <312D9940.3746@netscape.com>


Wei Dai wrote:
> The natural state of the Net seems to be a kind of semi-anonymity.
> Trying to push it in either direction (complete traceability or
> anonymity) is costly.

  Given that verisign and others will soon begin issuing large numbers of
certificates that do not guarantee the identity of the key holder, it seems
that this tradition will continue even with the wide deployment of X509 certs.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From s1018954 at aix2.uottawa.ca  Fri Feb 23 09:27:50 1996
From: s1018954 at aix2.uottawa.ca (s1018954 at aix2.uottawa.ca)
Date: Sat, 24 Feb 1996 01:27:50 +0800
Subject: NSA agent arrested
Message-ID: 


I just heard a very short blurb on CBC radio about a KGB mole within the NSA
from the 60's (?) getting arrested by the FBI. Pretty much no details 
were given. Any info?

(Apologies if someone else has posted this today, I'm following the list 
from the hks archives, which I assume have a minor delay.)





From geeman at best.com  Fri Feb 23 09:28:03 1996
From: geeman at best.com (geeman at best.com)
Date: Sat, 24 Feb 1996 01:28:03 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602231635.IAA22733@mail1.best.com>


>Date: Thu, 22 Feb 1996 08:56:13
>To: cypherpunks at Toad.com
>From: geeman at best.com
>Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
>
>
> IDG: Get real.  Publish the stuff like the rest of the world does.  The
only ones who don't are just not players in the game.  If you want to try to
snow consumer-types then go ahead.  But if you want validation from the
crypto community you'll have to just publish it. 
>
>And if you don't, and just continue the marketing fluff, then people from
this list, and others in the community, will be all over you and the
publications (lists, press, etc) with the theoretical and inferred
weaknesses of your system. 
>
>I would say the onus is on you to put up or shut up and don't try to
orchestrate or control the parameters of the disclosure.  It's really in
your own interests, I would think.
>
>






From s1018954 at aix2.uottawa.ca  Fri Feb 23 11:34:29 1996
From: s1018954 at aix2.uottawa.ca (s1018954 at aix2.uottawa.ca)
Date: Sat, 24 Feb 1996 03:34:29 +0800
Subject: CBC: NSA employee arrested
Message-ID: 


Here's the actual blurb (from  ) from the 11 am EST
report (and it wasn't rebroadcast or elaborated on at 12).
   
   A former employee of the american national security agency has been
   arrested on charges that he spied for the kgb in the 1960's. The f-b-i
   arrested the man at his home in pennsylvania this morning. Police say
   the arrest is important but dosn't compare in magintude to the aldrich
   ames case..,,the biggest spy scandal in u-s history. 
   





From ponder at wane-leon-mail.scri.fsu.edu  Fri Feb 23 12:50:35 1996
From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder)
Date: Sat, 24 Feb 1996 04:50:35 +0800
Subject: pcmcia
In-Reply-To: <199602221313.IAA09759@homeport.org>
Message-ID: 


I am just assuming that the Association (PCMCIA) has a way of distributing
specs, etc. I also assume they have a web page and all that, maybe 
even a citizen-unit subscribed to this mailing list who probably could
point us in the right direction.  I think PCMCIA cards offer a lot of
potential as wallets and general purpose privacy prophylaxis engines.
I don't know anything about the technology, but the device drivers, et al,
could be publicly reviewed and recompiled on trusted machines, presumably,
and the device itself could be tested (I assume) with a publicly 
available routine that once again one could install from source, etc. 

how much do the slots cost to add on to pc's that don't already have them?
Is there a parallel interface, for instance, that can plug into a 
printer port?
--
PJ
------------------------------------------------------------------------

On Thu, 22 Feb 1996, Adam Shostack wrote:

> P.J. Ponder wrote:
> 
> | obligatory crypto comment: has anyone looked at the iPower card and 
> | gotten one to play with? Where else could one get a PCMCIA card that was 
> | programmable and had a little memory on it? How hard would it be to make 
> | one - in other words, what could we get the cost down to for an 
> | encrypting pcmcia card? there couldn't be much to it, really, could there?
> 
> 	I got one, its very badly documented; theres some source in
> Visual basic for windoze.  I haven't had time to track down real docs
> so I can do anything.  Anyone know who I can call to get real
> documentation?
> 
> Adam
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 





From juggy at cerc.wvu.edu  Fri Feb 23 12:51:05 1996
From: juggy at cerc.wvu.edu (V. "Juggy" Jagannathan)
Date: Sat, 24 Feb 1996 04:51:05 +0800
Subject: Patient medical files on Net
In-Reply-To: <199602211521.KAA06043@homeport.org>
Message-ID: <9602221611.AA13184@cerc.wvu.edu>




Dear all:

We are pleased with the national attention the ARTEMIS project of the
Concurrent Engineering Research Center(CERC) sponsored by NLM has
attracted. On February 20, there was an article in
the Wall Street Journal calling ARTEMIS an "audacious experiment" by a
rural physician in West Virginia, Dr. Bruce Merkin, M.D. This was
followed by an ABC Evening News story with Peter Jennings (Feb 21,
Wednesday) which declared Dr. Merkin is "the future."

While we  are most happy to receive this attention, we are also
concerned that some people may erroneously draw the conclusion that we
are jeopardizing patient confidentiality by "putting their records on
the Web." We are both  extremely security conscious and thouroughly
familiar with all the available security technologies. We have taken a
number of steps to ensure that our experiment will not be compromized:

1. The patient records are on the INTRAnet which is secured with a
firewall and we continously monitor and evaluate the efficacy of this
protection.

2. Standard UNIX network security mechanisms with all the known security
holes addressed and verified with programs such as "Satan"

3. Multiple levels of access controls, role-based access controls,
user-id based access controls - implemented using Oracle DB mechanisms

4. Audit trails as a separate CORBA-service to track all transactions
and accesses to any patient information

We can add additional layers such as classification of sensitivity of
information, stripping patient identifying information etc as our core
infrastructure is based on CORBA.  We have and continue to experiment
with a number of security technologies. We have in our research
testbed prototypes of systems using Kerberos, PGP, MOSS, and RSA-based
public-key server technologies. We are currently investigating
commercial security technologies and technologies that can securely
bridge World Wide Web and distributed object technologies and CORBA
standards promoted by OMG. Until a satisfactory implementation of
security and a market acceptance of the mechanisms using these
emerging and potent technologies are in place, confidential patient
information will NOT be put in the "Internet".


Sincerely

Ramana Reddy, CERC
V. "Juggy" Jannathan, CERC 
Bruce Merkin, Valley Health Systems Inc.

Co-Principal Investigators

------------------------------------------------------------------
            Ramana Reddy (Also known as Y. V. Reddy) 
            Director
            Concurrent Engineering Research Center
            West Virginia University
            Morgantown, WV 26506
       e-mail: rar at cerc.wvu.edu
-------------------------------------------------------------------









From jya at pipeline.com  Fri Feb 23 12:58:20 1996
From: jya at pipeline.com (John Young)
Date: Sat, 24 Feb 1996 04:58:20 +0800
Subject: DEP_tot
Message-ID: <199602231752.MAA17029@pipe3.nyc.pipeline.com>


   2-23-96. TWP:

   "CIA Defends Rule on Use Of Reporters."

      In the face of growing criticism from American news
      organizations, CIA Director John M. Deutch yesterday
      insisted he would not rule out employing American
      journalists in secret intelligence operations where
      American lives are at stake or a weapon of mass
      destruction might be used.

   2-23-96. NYT:

   "C.I.A. Chief Defends Secrecy, in Spending and Spying, to
   Senate."

      The DCI said today that the secret budget for spying
      might be made public, and he defended a longstanding
      policy allowing clandestine officers to pose as
      reporters or to use journalists as informers. Posing as
      a reporter is an ideal cover for a spy, since both jobs
      require traveling to out-of-the-way places and prying
      out secrets.

   DEP_tot



   For Deep Throat Scowcroft parallels to the CoFR report on
   the future of intelligence see the ISD recommendations to 
   the Presidential Commission on intelligence:

   
http://sfswww.georgetown.edu/sfs/programs/isd/files/intell.htm













From jya at pipeline.com  Fri Feb 23 13:02:53 1996
From: jya at pipeline.com (John Young)
Date: Sat, 24 Feb 1996 05:02:53 +0800
Subject: REM_ote
Message-ID: <199602231751.MAA16891@pipe3.nyc.pipeline.com>


   2-23-96. WSJ:

   "H-P Acquires Most of Internet Security Firm."

      SecureWare technology is used by the Pentagon to
      safeguard transmission of military secrets. The firm's
      team of about 40 programmers is "a substantial fraction 
      of the hired guns available in the on-line security 
      world" who snake oil an extra virgin security that not 
      even hackers can cross. Hackers would question that; 
      they have a remarkable history of eventually figuring 
      out ways to get past advances in faked chastity.

   "Netscape Will Issue Fix for Flaw Found In Browser System."

      The company confirmed that Princeton researchers found
      a security flaw in the "applets" created with Java, but
      said the flaw was minor and that the company will issue
      a software fix for it next week. Jeff Treuhaft said
      exploiting the flaw would require extremely skilled
      hacking. Marianne Mueller, Java security engineer, also
      said the chances of such hacking occurring are "remote."

   REM_ote











From frantz at netcom.com  Fri Feb 23 13:48:51 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 05:48:51 +0800
Subject: Look, a chain letter :-)
Message-ID: <199602231822.KAA01569@netcom7.netcom.com>


At  7:55 AM 2/23/96 -0500, Dr. Dimitri Vulis wrote:
>I received a curious mimetic e-mail. The cypherpunks relevance is: will we
>or will we not bring down the White House server? :-)

This struck me as a mailbomb attack, which I would rather not particpate
in.  However, I have a letter on the CDA I want to send to the president. 
It might turn out that it is ready to send on Feb 29.  :-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From maldrich at grctechs.va.grci.com  Fri Feb 23 14:16:54 1996
From: maldrich at grctechs.va.grci.com (Mark Aldrich)
Date: Sat, 24 Feb 1996 06:16:54 +0800
Subject: Ascom Tech License for IDEA
Message-ID: 


The following is a statement from David Barnhart, PGP Product Manager 
from ViaCrypt, regarding Ascom Tech's position on licensing IDEA:

"In the US, ViaCrypt pays the royalties to Ascom for every copy of 
ViaCrypt PGP shipped.  Users of ViaCrypt PGP have nothing to worry 
about.  Personal users of MIT PGP in the US also have nothing to worry 
about because Ascom's published position deals with 'commercial use'. The 
only people who need to do anything are people overseas using PGP 2.6i or 
2.6ui in their businesses.  They need to license IDEA from Ascom."

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich at grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich at dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From jeffb at sware.com  Fri Feb 23 14:33:23 1996
From: jeffb at sware.com (Jeff Barber)
Date: Sat, 24 Feb 1996 06:33:23 +0800
Subject: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <199602231850.NAA05083@jafar.sware.com>


John Young writes:
> 
>    2-23-96. WSJ:
> 
>    "H-P Acquires Most of Internet Security Firm."
> 
>       SecureWare technology is used by the Pentagon to
>       safeguard transmission of military secrets. The firm's
>       team of about 40 programmers is "a substantial fraction 
>       of the hired guns available in the on-line security 
>       world" who snake oil an extra virgin security that not 
>       even hackers can cross. Hackers would question that; 
>       they have a remarkable history of eventually figuring 
>       out ways to get past advances in faked chastity.

For the record, this includes me (Yes, I work for HP now).  Please
note that most of the story content is, if not wrong, at least poorly
stated -- so what else is new?  Also, the specific quotes there --
including the "hired gun" quote above -- are from an "industry analyst"
not from anyone at either HP or SecureWare.


-- Jeff (Hired gun?  I guess so.  But who isn't?)





From adam at lighthouse.homeport.org  Fri Feb 23 14:36:25 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sat, 24 Feb 1996 06:36:25 +0800
Subject: pcmcia
In-Reply-To: 
Message-ID: <199602221313.IAA09759@homeport.org>


P.J. Ponder wrote:

| obligatory crypto comment: has anyone looked at the iPower card and 
| gotten one to play with? Where else could one get a PCMCIA card that was 
| programmable and had a little memory on it? How hard would it be to make 
| one - in other words, what could we get the cost down to for an 
| encrypting pcmcia card? there couldn't be much to it, really, could there?

	I got one, its very badly documented; theres some source in
Visual basic for windoze.  I haven't had time to track down real docs
so I can do anything.  Anyone know who I can call to get real
documentation?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From jya at pipeline.com  Fri Feb 23 14:55:01 1996
From: jya at pipeline.com (John Young)
Date: Sat, 24 Feb 1996 06:55:01 +0800
Subject: REM_ote
Message-ID: <199602231840.NAA21651@pipe3.nyc.pipeline.com>


Oops, Jeff, for the fun mirror; gotta watch these pseudo-random 
walks, what with all the Net security deals favorably affecting 
more and more c'punks.


BTW, the full REM_ote package includes articles by The Wash 
Post and Fin Times, each of which have slightly different 
descriptions of your clearly respected, and valuable!, company.


And another BTW, I hope you got a respectable slice of the 
buyout pie. If so, keep in mind as you consider where to 
dispose of your new hard-earned wealth that I design extra 
virgin fancy houses to camouflage impenetrable, and not-at-all 
cheesy, Swiss vaults.








From rjc at clark.net  Fri Feb 23 15:02:45 1996
From: rjc at clark.net (Ray Cromwell)
Date: Sat, 24 Feb 1996 07:02:45 +0800
Subject: opps, sorry about that last post
Message-ID: <199602230406.XAA27060@clark.net>



  I'm not really unsubscribing, I'm moving to a new host. Sorry about
the noise.

-Ray








From bruce at aracnet.com  Fri Feb 23 15:05:15 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sat, 24 Feb 1996 07:05:15 +0800
Subject: Remailers, Feb
Message-ID: <2.2.32.19960223034206.00686e9c@mail.aracnet.com>


-----BEGIN PGP SIGNED MESSAGE-----

I've just finished my monthly round of type I remailer testing. This test
doesn't include remailers announced after I started; they'll be inclued next
month. (Also coming in March will be tests of at least one other nym server.)


As in January, I sent posts from my PPP account here (at Aracnet, this time,
rather than Teleport) through a given remailer to an account at alpha.c2.org,
then back through the remailer to me. This is, by design, a very different
sort of test than remailer pinging and the like; in the number of hops and
chances for things to go wrong, I think it reflects actual usage much more
closely.

Trip time is the interval from being posted to mail.aracnet.com to arriving
in my mailbox there. All times are given in hours:minutes. Posts were made at
all times of day. Unsurprisingly, those made late at night (particularly in
the midnight-to-6 am range) returned most quickly.

I've included the January figures for comparison persons. I remain curious
about the differences and eager to find an explanation.

REMAILER                        FAILURES    AVERAGE     MINIMUM     MAXIMUM

hfinney at shell.portal.com
    February                    00          00:45       00:35       01:00
    January                     00          00:08       00:02       00:38
hal at alumni.caltech.edu
    February                    00          00:46       00:35       01:00
    January                     00          00:09       00:06       00:12
homer at rahul.net
    February                    00          00:50       00:37       01:08
    January                     00          00:06       00:03       00:14
remailer at utopia.hacktic.nl
    February                    00          01:10       00:47       02:03
    January                     00          00:19       00:03       01:20
remailer at tjava.com
    February                    00          001:47      00:26       05:26
    January                                 not tested
mix at zifi.genetics.utah.edu
    February                    00          01:56       00:31       03:35
    January                                 not tested
remailer at replay.com
    February                    00          03:00       00:51       07:45
    January                     01          00:31       00:13       01:14
remailer at mockingbird.alias.net
    February                    00          03:29       00:56       06:35
    January                                 not tested
mixmaster at vishnu.alias.net
    February                    00          04:29       00:40       11:27
    January                     00          00:56       00:23       02:38
mix at remail.gondolin.org
    February                    00          06:30       00:40       12:52
    January                     08          11:37       03:58       18:36
mixmaster at remailer.obscura.com
    February                    00          06:53       00:55       13:25
    January                     00          02:36      00:23        06:55
remailer at extropia.wimsey.com
    February                    00          09:15       01:35       23:50
    January                     08          01:46       01:19       02:13

amnesia at chardos.connix.com
    February                    10
    January                     10
pamphlet at idiom.com
    February                    10
    January                                 not tested
remail at c2.org
    February                    10
    January                     02          00:52       00:14       03:00
remailer at bi-node.zerberus.de
    February                    10
    January                     00          07:43       00:15       19:54

Mailers reported as down with no expectation of returning:

    hroller at c2.org
    remailer at armadillo.com

Mailers reported as down with some expectation of returning:

    remailer at valhalla.phoenix.net / wmono at spook.alias.net

I'd particularly like to thank the remailer operations who (mostly in private
mail) answered a number of questions of mine.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMS02wn3AXR8sjiylAQEd/gfMD4FdgFNMh69P6nd4xdcPogD26zMi5RwQ
JfraMZqG75ezMq4Z5kr1v5j77vNZZ2Bka5T0mR76TqYSPDzKGturPJNY1bSd7Cbn
xUdpee43uo09+QdVpR/IGPKKjxH8qUhJC4X2WvHDlfTdNRCjItIQF2gkBJPRmknJ
OCnHku/bMBs7sr+7OsQyMwvfQrkxpu3Wh/LYV/+U0vEWnCzFupOHQ9nnu+JSCaUu
naFYlqP6w0Ywl6qeTAvRJPgx+PfVDk4B0WZHnXFi1p9IMDaQ7FysxH1pc2mPkURR
M+rwz1ElfCMoMB4JiF5Y3r1aZAf9ES2HLz1sTcueji2S/g==
=O4Sc
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From bstrawse at copper.ucs.indiana.edu  Fri Feb 23 15:08:13 1996
From: bstrawse at copper.ucs.indiana.edu (Bryan Strawser)
Date: Sat, 24 Feb 1996 07:08:13 +0800
Subject: Remailers, Feb
In-Reply-To: <2.2.32.19960223034206.00686e9c@mail.aracnet.com>
Message-ID: <199602230407.XAA19370@copper.ucs.indiana.edu>


> mix at remail.gondolin.org
>     February                    00          06:30       00:40       12:52
>     January                     08          11:37       03:58       18:36

The differences here are because gondolin.org had serious DNS problems
in January that caused alot of mail to be bounced.  Those problems were
rectified.. hence our traffic flows now...

The latency differences are normal for gondolin because we are not on the
net, we get our mail via UUCP one hop away from the internet itself.  
Since our polling is fairly irregular, our latency will move up and down 
from month to month.

Bryan


-- 
= Bryan Strawser / Indiana University / bstrawse at indiana.edu =  
= Live Free or Die / http://copper.ucs.indiana.edu/~bstrawse =   
=  Gondolin Technologies / http://www.gondolin.org/gondolin  =    





From tighe at spectrum.titan.com  Fri Feb 23 15:38:36 1996
From: tighe at spectrum.titan.com (Mike Tighe)
Date: Sat, 24 Feb 1996 07:38:36 +0800
Subject: NSA agent arrested
In-Reply-To: 
Message-ID: <199602231851.MAA07830@softserv.tcst.com>


s1018954 at aix2.uottawa.ca writes:

>I just heard a very short blurb on CBC radio about a KGB mole within the NSA
>from the 60's (?) getting arrested by the FBI. Pretty much no details 
>were given. Any info?

Yeah, I got his name but was not sure of the spelling. Robert Steven
something. Lives in Millersville, PA. I think he is retired. Looks like a
victim of the cozying relationship between the FBI and the KGB-whatever
they call themselves nowadays.





From bruce at aracnet.com  Fri Feb 23 16:17:56 1996
From: bruce at aracnet.com (Bruce Baugh)
Date: Sat, 24 Feb 1996 08:17:56 +0800
Subject: Remailers, Feb
Message-ID: <2.2.32.19960223053212.0069bd94@mail.aracnet.com>


At 11:07 PM 2/22/96 -0500, Bryan Strawser 
wrote:

>The differences here are because gondolin.org had serious DNS problems
>in January that caused alot of mail to be bounced.  Those problems were
>rectified.. hence our traffic flows now...

Thank you, Bryan! This is _precisely_ the kind of info I'm interested in.

>The latency differences are normal for gondolin because we are not on the
>net, we get our mail via UUCP one hop away from the internet itself.  
>Since our polling is fairly irregular, our latency will move up and down 
>from month to month.

Makes sense. And I don't particularly care about variability as long as I
have a sense of the boundaries. Which my tests define for me. :-)

-- 
Bruce Baugh
bruce at aracnet.com
http://www.aracnet.com/~bruce






From wlkngowl at unix.asb.com  Fri Feb 23 16:18:26 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Sat, 24 Feb 1996 08:18:26 +0800
Subject: url
Message-ID: <199602230623.BAA24462@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Bill Frantz wrote:
> 
> At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
> >Mike McNally writes:
> >> At  find
> >> some interesting "surveillance" applications of Javascript.[..]
> >When is the patch to let you disable JavaScript inside Netscape going
> >to go out? Its more than time.
> 
> Why Perry, it's called Netscape 1.1N.  :-)

I think the Options menu in Netscape allows you to disable it already.

I only have the 16-bit version running, which doesn't allow it to be 
enabled anyway.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS1dZioZzwIn1bdtAQEYcwGAvQEDB1b3YqAiiMFaKzDRzprnfLtTnkHp
7rlxQtd4VtToqDNb4aiDwgTKlgs0tP4+
=dUzI
-----END PGP SIGNATURE-----





From WlkngOwl at UNiX.asb.com  Fri Feb 23 16:18:49 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Sat, 24 Feb 1996 08:18:49 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602230622.BAA11095@UNiX.asb.com>


IPG Sales  wrote:

Suggestion: wait a week until the flames on the c'punks list die 
down. Have the techie folks there read all of them, think about them, 
and come up with a coherent and well written reply that addresses all 
of those issues. Much easier to deal with than attacks from several 
dozen directions all of the time.

> Your point is well 
> taken and greatly appreciated; in make a hasty reply to but has nothing 
> to do with anything because at the time I 
> composed that, I was trying to be vague in a deliberate of 
> obscrurantism,because Derek, alone amoung you seem to understand what was 
> going on - and I made a stupid bluder -  I can do nothing about 
> that except to apologize, admit it freely and take my medicne from 
> Perry and the others - 
> 
> I can assure you that the quoted three 
> lines are not a part of the algorithms, and have never been. I 
> hope that you will forgive me for such a stupid blunder. I hope that 
> such stupidity on my part does not close your mind to even looking at 
> actual algorithms - the question is to determine justice being 
> vague,  and trying to decide to what to do about releasing the algorithms - 
> 
 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From tcmay at got.net  Fri Feb 23 16:19:48 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 08:19:48 +0800
Subject: Expect A Wave of Killings of Journalists....
Message-ID: 


At 11:36 PM 2/22/96, John Young wrote:
>   2-22-96. TWP:
>
>   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
>   for Covert Work."
>
>      A controversial loophole permitting the CIA to recruit
>      American journalists as agents also allows the agency to
>      waive a similar 19-year-old ban on employing clerics or
>      missionaries. An official also disclosed that CIA
>      regulations prohibit recruiting employees of members of
>      Congress or congressional committees "without the
>      approval of the member" for whom they work.

I watched CIA Director John Deutch (or is it Deutsch?) explain today just
how the rules are being relaxed on having journalists as CIA operatives,
and I could practically hear a collective "Oh, Shit!" echo from the
journalistic capitals of the Second and Third Worlds.

Even when journalists were reporting to the intelligence agencies, they
like the convenient fiction that such practices were forbidden. Even so, a
couple of journalists were tagged by the governments they were spying on
and disposed of.

Expect this to increase. Except now it will likely be Russian Mafiosos
garrotting the "Washington Post" economics reporter in the back alleys off
the Arbat.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jf_avon at citenet.net  Fri Feb 23 16:20:20 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sat, 24 Feb 1996 08:20:20 +0800
Subject: "consent of the governed"
Message-ID: <9602230603.AB12218@cti02.citenet.net>


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri"  wrote:

>I tend to define government more liberally in that it does
not
>merely exist to protect rights-- 

Since it is a man-made, created entity, on what vision of
reality
would you justify the existing principles of our 
collectivistic-oriented govt?

>the 20th century saw a rise in
>government that tried to be a social force. 

     The govt consists of a few individuals.

>this may have failed, 
>but it does point out that people want a government to do
more
>than merely protect their rights.

By 'peoples', do you mean productive population at large or a 
small bunch peoples who want their wishes to come true, no
matter
how many .38 special bullets it costs?

>  in other words, the 1776 definition
>of government is reasonably slightly modified.
                  ^^^^^^^^^^
?!?!!!  Would another adjective be more appropriate?

>government in its
>essence is a form of organized human collaboration/cooperation
imho.

Yeah!  With, ultimately, a *gun* under every pile of red tape,
just 
to make you "cooperate" more easily....

>it is a nervous system for a society.

Yes!  And it has epilepsy!

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMSzkYAOWptJXIUrtAQHdbwP+Kh7tCFRExtvWxxdkVG5nyuRDr8/PgAj6
jle8Rvh2ysGMwPyZguoBb8Hz0N9xp3pPEspAUcrvB6JsDo0mQUQ8Rf/zM420Yfvk
8xP5I/+H7PhZF8MbmjoFN3pIjywBi9YFykuLSlsg5snqBBSTi9EjcCiL79WfSpng
oM4XVYmTgpc=
=IQZn
-----END PGP SIGNATURE-----
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From tcmay at got.net  Fri Feb 23 16:20:22 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 08:20:22 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 


At 12:19 AM 2/23/96, P.J. Ponder wrote:

>The first paragraph here bothered me.  If a user (or an organization)
>needs to have access to data that was encrypted by an associate ( or one
>of its employees) wouldn't sound practice require that the key not be
>entrusted to just one person?  I don't see the need for any fancy
>"key-recovery" protocol with any outside entities.  We can handle this
                                                     ^^^^^^^^^^^^^^^^^^
>internally in my shop.  Some keys I give a copy to Alice, and down the
 ^^^^^^^^^^^^^^^^^^^^^^

This is my perception, too, though I haven't been in Corporate America for
almost a decade. Still, I would encourage people to take this position,
that "we don't need no steenking key escrow!" (to borrow again the B.
Traven phrase I used yesterday)

>hall Bob has some, too.  If I get hit by the bus, they can get my company
>related data back.  We don't need any "service" or "licensee" or "trusted
>third party" or any of that, thank you very much.  And we don't need any
>one developing OTPs for us either, and we don't need government agencies
>keeping copies of any of our keys.

Bravo!

And we should all remember, again, that basic observation: even if "key
escrow" is needed to recover *stored* files, it sure ain't needed for
*communications*!!

The only entity that really has a compelling need for "key escrow" for
_communications_ is Big Bro himself, nto companies or individuals. Think
about it.

TIS is just playing the shill role for Big Brother and the Holding Company.


--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.







From ponder at wane-leon-mail.scri.fsu.edu  Fri Feb 23 16:20:27 1996
From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder)
Date: Sat, 24 Feb 1996 08:20:27 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 



Steve Walker wrote to John Young:

(large piece snipped; good stuff though.)

   +  Suppose the U.S. government had never thought of placing
      export controls on cryptography...

      We would now have widespread use of encryption, both
      domestically and worldwide; we would be in a state of
      "Utopia," with widespread availability of cryptography
      with unlimited key lengths. But, once in this state, we
      will face situations where we need a file that had been
      encrypted by an associate who is unavailable (illness,
      traffic jam, or change of jobs). We will then realize
      that we must have some systematic way to recover our
      encrypted information when the keys are unavailable.

      When we add a user-controlled key recovery capability to
      our Utopia, we find ourselves in an "Ultimate Utopia,"
      with unlimited key length cryptography, widely available
      through mass market applications, and user-controlled
      key recovery.

The first paragraph here bothered me.  If a user (or an organization)
needs to have access to data that was encrypted by an associate ( or one
of its employees) wouldn't sound practice require that the key not be
entrusted to just one person?  I don't see the need for any fancy
"key-recovery" protocol with any outside entities.  We can handle this
internally in my shop.  Some keys I give a copy to Alice, and down the
hall Bob has some, too.  If I get hit by the bus, they can get my company 
related data back.  We don't need any "service" or "licensee" or "trusted 
third party" or any of that, thank you very much.  And we don't need any 
one developing OTPs for us either, and we don't need government agencies 
keeping copies of any of our keys.

Am I in the state of utopia already, is this what "user controlled key 
recovery" means?  I think it's just common sense and sound management 
practice.  If you know that your co-worker/colleague/summer intern, etc 
is encrypting your business related data, you should make sure you can 
get it back if she doesn't come back from lunch.  Let her keep her own 
PGP passphrase, though. That's her business.
--
I am now going to push a button and cause this to quantumly re-assemble 
in California.  Really two buttons (Ctrl-X). One observes, one measures.
--
send message body: "unsubscribe cypherpunks yourmailbox at domain"  to: 
majordomo at toad.com to drop off the list. Don't put it in quotes, tho.





From allyn at allyn.com  Fri Feb 23 16:20:33 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sat, 24 Feb 1996 08:20:33 +0800
Subject: Internet Protest!
In-Reply-To: <199602230422.UAA12375@infinity.c2.org>
Message-ID: <199602230525.VAA00705@mark.allyn.com>


Hello:

Please pass along this to anyone you know who has an email account! We
need to have everyone take part in this protest!

Mark


>From silber Thu Feb 22 20:56:33 1996
Received: (from silber at localhost) by mark.allyn.com (8.7/8.7) id UAA00520 for allyn; Thu, 22 Feb 1996 20:56:20 -0800 (PST)
Date: Thu, 22 Feb 1996 20:56:20 -0800 (PST)
From: Andy Silber 
Message-Id: <199602230456.UAA00520 at mark.allyn.com>
>From: Scott Bell 
>To: "Barry D. Ballard" ,
Status: RO

>        NED_PUEV ,
>        Radar ,
>        Denise HP TechSupport ,
>        sgajar 
>Subject: FW: FWD>Bill O Rights
>Date: Wed, 21 Feb 96 14:27:43 PST
>Encoding: 120 TEXT
>X-Mailer: Microsoft Mail V3.0
>Status:
>
>
>
> ----------
>From: Dave Behrns
>To: MIS Mail Group
>Subject: FW: FWD>Bill O Rights
>Date: Wednesday, February 21, 1996 2:10PM
>
>
>
>>>To whoever may read this,
>>>
>>>This is not a typical letter, in that by passing it on to as
>>>many people as you can, you are taking part in what may yet become the
>>>world's biggest practical joke. The U.S. Government has rece ntly
>>>passed an act which enforces censorship on the internet. A group of
>>>internet users has now come together to kick back at this oppression,
>>>and have a bit of fun at the same time. >The aim of this exercise is
>>>to re-establish the United States as "The land of the Free", not a
>>>fascist state where freedom of speech and thought are curtailed.
>>>Communist Russia fell as a result of s uch limits being placed upon
>>>the minds of the general populus. On receiving this letter, please
>>>pass it on to as many friends or E-mail lists as you can. We predict
>>>that if everybody copies the lette r to 5 other addresses, by February
>>>29th 1996, this letter should have reached in excess of 2 million
>>>people. That's when the fun begins........ >On February 29th, please
>>>send the message:
>>>
>>>Dear Mr. President,
>>>Do you remember this:
>>>
>>>And afterwards enclose the pre-typed copy of the Bill of rights. By
>>>sending the letter on the date above, you will contribute to either
>>>one huge petition for freedom, or else lead to a crash of the
>>>whitehouse server.Send all letters to: >President at Whitehouse.gov
>>>
>>>Remember that solidarity is the key to success !!!!!
>>>
>>>
>>>---------------------------------------------------
>>>
>>>THE BILL OF RIGHTS
>>>
>>>Amendment I
>>>
>>>Congress shall make no law respecting an establishment of religion, or
>>>prohibiting the free exercise thereof; or abridging the freedom of
>>>speech, or of the press; or the right of the people peaceably to
>>>assemble, and to petition the government for a redress of grievances.
>>>
>>>Amendment II
>>>
>>>A well regulated militia, being necessary to the security of a free
>>>state, the right of the people to keep and bear arms, shall not be
>>>infringed.
>>>
>>>Amendment III
>>>
>>>No soldier shall, in time of peace be quartered in any house, without
>>>the consent of the owner, nor in time of war, but in a manner to be
>>>prescribed by law.
>>>
>>>Amendment IV
>>>
>>>The right of the people to be secure in their persons, houses,
>>>papers, and
>>>effects, against unreasonable searches and seizures, shall not be
>>>violated, and no warrants shall issue, but upon probable cause,
>>>supported by oath or affirmation, and particularly describing the
>>>place to be searched, and the persons or things to be seized.
>>>
>>>Amendment V
>>>
>>>No person shall be held to answer for a capital, or otherwise
>>>infamous
>>>crime, unless on a presentment or indictment of a grand jury, except
>>>in cases arising in the land or naval forces, or in the militia, when
>>>in actual service in time of war or public danger; nor shall any
>>>person be subject for the same offense to be twice put in jeopardy of
>>>life or limb; nor shall be compelled in any criminal case to be a
>>>witness against himself, nor be deprived of life, liberty, or
>>>property, without due process of law; nor shall private property be
>>>taken for public use, without just compensation.
>>>
>>>Amendment VI
>>>
>>>In all criminal prosecutions, the accused shall enjoy the right to a
>>>speedy and public trial, by an impartial jury of the state and
>>>district wherein the crime shall have been committed, which district
>>>shall have been previously ascertained by law, and to be informed of
>>>the nature and cause of the accusation; to be confronted with the
>>>witnesses against him; to have compulsory process for obtaining
>>>witnesses in his favor, and to have the assistance of counsel for his
>>>defense.
>>>
>>>Amendment VII
>>>
>>>In suits at common law, where the value in controversy shall exceed
>>>twenty dollars, the right of trial by jury shall be preserved, and no
>>>fact tried by a jury, shall be otherwise reexamined in any court of
>>>the United States, than according to the rules of the common law.
>>>
>>>Amendment VIII
>>>
>>>Excessive bail shall not be required, nor excessive fines imposed, nor
>>>cruel and unusual punishments inflicted.
>>>
>>>Amendment IX
>>>
>>>The enumeration in the Constitution, of certain rights, shall not be
>>>construed to deny or disparage others retained by the people.
>>>
>>>Amendment X
>>>
>>>The powers not delegated to the United States by the Constitution, nor
>>>prohibited by it to the states, are reserved to the states
>>>respectively, or to the people.
>>
>>
>>
>






From s1018954 at aix2.uottawa.ca  Fri Feb 23 16:25:21 1996
From: s1018954 at aix2.uottawa.ca (s1018954 at aix2.uottawa.ca)
Date: Sat, 24 Feb 1996 08:25:21 +0800
Subject: NSA agent arrested
In-Reply-To: <199602231851.MAA07830@softserv.tcst.com>
Message-ID: 




On Fri, 23 Feb 1996, Mike Tighe wrote:

> Yeah, I got his name but was not sure of the spelling. Robert Steven
> something. Lives in Millersville, PA. I think he is retired. Looks like a
> victim of the cozying relationship between the FBI and the KGB-whatever
> they call themselves nowadays.

Robert Stephan Lipka. I got a note (thanks) pointing me to an article in 
the Stateside News section at the Nando Times  . The 
article's got better background than others I've ran into so far today.






From ericm at lne.com  Fri Feb 23 16:25:54 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 24 Feb 1996 08:25:54 +0800
Subject: Diffie-Hellman parameters
Message-ID: <199602231942.LAA16629@slack.lne.com>




Perhaps this is the wrong list to ask this question on, but
does anyone have any pointers to where I could find good Diffie-Hellman
parameters?  Or source code that will generate some?

-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From biddle at pwa.acusd.edu  Fri Feb 23 17:47:16 1996
From: biddle at pwa.acusd.edu (C. Bradford Biddle)
Date: Sat, 24 Feb 1996 09:47:16 +0800
Subject: Digital Signature Legislation (fwd)
In-Reply-To: <199602222030.MAA04720@netcom7.netcom.com>
Message-ID: 



On Thu, 22 Feb 1996, Bill Frantz wrote:

> At  20:54 AM 2/20/96 -0500, C. Bradford Biddle  wrote:
> >---------- Forwarded message ----------
> >
> >DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN

[...]

> >LIABILITY

[...]

> The question I have is, does "reasonable care" include keeping your machine
> "virus free"?  

A very good question, and one not answered by the Utah Act. The answer to
the question of what constitutes reasonable care for holders of private
keys will have to be addressed through the long, expensive, and inelegant
process of common law evolution: court case after court case after court
case slowly providing an answer. In contrast, the duties of certification
authorities are explicitly described in the Act. 

> >There is a second troubling policy choice relating to liability. The Utah
> >Act limits the potential liability of one actor in the infrastructure --
> >the certification authority -- to a fixed amount (termed a "suitable
> >guarantee" and determined by a complex formula or by administrative rule).
> 
> The historic precedent is the liability limit on nuclear power plants.

An interesting point, which can be spun several ways. The nuclear 
industry has been able to externalize the immense costs of waste storage, 
etc. Would the same investments have been made in nuclear energy if the 
nuclear industry was forced to internalize all of the costs it generates, 
including the costs of potential accidents? Probably not. I suspect that 
you could find people who would argue that the liability limits have had 
very good consequences (i.e., promoting investment in an ultimately 
beneficial technology) and others who would say that the current state of 
the nuclear industry points out the harm in allowing an industry to 
externalize costs.

> For both these problems, a relatively low liability limit would force
> people to use other techniques (e.g. old style signed contracts) for large
> transactions.  While we are working the bugs out of a new technology, with
> new standards of "reasonable care", everyone might win if the risks are
> limited.

Agreed. Letting market forces sort out the most appropriate risk 
allocations may be the best solution. This isn't really what the Utah Act 
does, however.

> Regards - Bill
> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA


Thank you for your thoughtful comments.

Brad

Brad Biddle, Legal Intern 
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc


For the record: Someone else who responded to my post on the Cypherpunks 
list referred to me as "Dr. Biddle." I think they were misled by Phil 
Agre's characterization of me as an "academic" in his introduction to my 
article. (Or perhaps just dazzled by the force of my arguments). I am, in 
fact, a law *student*, not a law professor.





From alano at teleport.com  Fri Feb 23 18:02:42 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 24 Feb 1996 10:02:42 +0800
Subject: Cluelessness V.S. Lack of Knowledge
Message-ID: <2.2.32.19960223212901.00899578@mail.teleport.com>


-----BEGIN PGP SIGNED MESSAGE-----

In the snake oil controversy, I see a couple of issues...

There are some people/companies out there who have the attitude
that they have some sort of "remarkable achievement in the
field of cryptography".  In fact, it is SO remarkable that they
do not have to submit to any sort of peer review or examination
by people with more skill in the field than themselves.  Some
of this can be explained by being too close to the problem to
see any of the flaws.  Most of it can be attributed to ego.
These people are pretty much hopeless.  They can be a great
source of entertainment and/or flame fest practice, but rarely
do they ever learn by their mistakes.  Their ego gets in the
way far to often.  (IPG Sales (any relation to "Soupy"?) is a
prime example of this.)

There are companies out there that are trying to build good
products.  These people can be instructed on the ways of
implementing good crypto.  Unfortunately, I have seen a number
of them pushed up against the "Wall of Attitude" when they do
ask for help.  Cypherpunks, for good or for bad, have a
reputation for being experts in the field.  People come here to
ask questions because "Cypherpunks know what Good Crypto tastes
like".  What is happening though is that they are also getting
a reputation as people who flame first and give answers later,
if ever.  This is not a "good thing".  If you want strong
crypto to exist, you have to make the people who are trying to
put it into place able to understand what it is in the first
place.  Giving them grief when they try to find out the flaws
in the ideas (and are willing to learn) is not helpful to the
community as a whole.

I know of one developer who is trying to implement a strong
cryptosystem in his app.  He is unwilling to post his
questions/concerns here because he is afraid of getting his ass
shot off on the first query.  Judging by some of the responses
I have seen, I do not blame him!  I can understand intolerance
of the sales droids who push crap.  I do not have much
tolerance for them either.  It bothers me when I see people who
are not experts in the field AND ARE TRYING TO LEARN getting
"blowed up real good" because they are not experts.

Cypherpunks not only need to teach, they need to be willing to
teach.
 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMS4xFOQCP3v30CeZAQEUlwf/SpOqOAnhk/8jZcQrH0IgDHtMgyUtjdIh
b3URbqcIpfff6qQm8dT8/bbmEsGxavoYKC8xO6H5fiLtw2TRqaFYLsQX+JyYBurd
lW7k+llMtGqRdthOPBjhVthTEnncVMhqqlT4E0axhhZMWPYNvW3h+NRjiDJSBFEl
CFXe1MgiYt3wMlwJLu7Xqwem1zDT4Jmx3h2mx4ULeyvbKyM1ZkZZPe6vBuTgrgBN
DaVw8204nc5vIO1LjTr2eY2zfwQToEVOlXlg3IgXtzmTz0eA0mFGoG/klapWKXcQ
PSGFrWBhf0fmA488z2DlboiA6Q/HaxAQ4SR9sZ05CUKT1CKgGYX+Lg==
=FY3m
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From eric at freestyle.com  Fri Feb 23 18:06:25 1996
From: eric at freestyle.com (Eric Thompson)
Date: Sat, 24 Feb 1996 10:06:25 +0800
Subject: NSA agent arrested
Message-ID: <199602232143.NAA10488@shellx.best.com>


> I just heard a very short blurb on CBC radio about a KGB mole within the NSA
> from the 60's (?) getting arrested by the FBI. Pretty much no details 
> were given. Any info?

See  http://www.cnn.com/US/9602/spy_charges/index.html

Eric





From EALLENSMITH at ocelot.Rutgers.EDU  Fri Feb 23 18:24:33 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 24 Feb 1996 10:24:33 +0800
Subject: Edited Edupage, 22 February 1996
Message-ID: <01I1K6VFSPEYAKTLYD@mbcl.rutgers.edu>


From:	IN%"educom at elanor.oit.unc.edu" 23-FEB-1996 00:27:10.72

***************************************************************** 
Edupage, 22 February 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom, a
Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

	This is the first I've heard (I think) that theirs will allow
electronic cash. Wonder what exactly this means? 

>ELECTRONIC WALLET FROM ORACLE AND VERIFONE
>Oracle, which specializes in database software, and Verifone, which
>specializes in credit card verification systems, have formed an alliance
>that will allow customers using "electronic wallets" built into Internet
>browser software to access a full range of financial transaction methods,
>including credit and debit cards, smart cards and electronic cash.  The
>companies call it an "end-to-end" system for secure electronic commerce on
>the Internet.  (Financial Times 22 Feb 96 p16)

	Somehow, the cluelessness of governments sometimes amazes even me. Have
they ever heard of companies moving?  

>TAX REVOLT ON THE INFO HIGHWAY
>When officials in Spokane, Wash. thought they could wring some extra revenue
>via a 6% tax on Internet providers, they were inundated with e-mail and
>phone calls protesting the action.  One firm even set up a Web site for
>users to vent their opposition.  The result was the city council decided to
>delay the tax pending further study, but the Spokane experience is likely to
>be played out in cities across the country as local governments look for new
>sources of cash.  (Information Week 12 Feb 96 p10)

>Edupage is written by John Gehl (gehl at educom.edu) & Suzanne Douglas
>(douglas at educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc at educom.unc.edu and in the body of the message type:
>subscribe edupage George Bernard Shaw (assuming that your name is George
>Bernard Shaw;  if it's not, substitute your own name).  ...  To cancel, send
>a message to: listproc at educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom at educom.unc.edu.)





From raph at c2.org  Fri Feb 23 18:42:23 1996
From: raph at c2.org (Raph Levien)
Date: Sat, 24 Feb 1996 10:42:23 +0800
Subject: Conference report - resolving security workshop
In-Reply-To: 
Message-ID: 


(Note: subject line restored - it got chopped because I misspelled it 
as "subect" and used raw sendmail. Also, the original text, with small 
corrections, is available at http://www.c2.org/~raph/report.html)

On Fri, 23 Feb 1996, Brad Knowles wrote:

> At 4:55 PM 2/22/96, Raph Levien wrote:
> >    The biggest problem with S/MIME is that the signed and encrypted
> > format reveals who made the signatures. Obviously, this has severe
> > consequences for anonymous mail. Believe it or not, a lot of people
> > care.
> 
>     IMO, this has to be fixed as well.  The good thing is that
> the folks who have an investment in S/MIME seem to be willing to
> make changes to the specification to suit the desires of the
> larger secure Internet email connunity at large.  I hope that
> companies like VeriSign (that help other comapnies to implement
> this kind of technology) also agree to follow suit.

   This can be fixed as easily as allowing the protected MIME part to be
an S/MIME signed message. The S/MIME spec will need to recommend that
mailers deal gracefully with this case; if not, there will be user
interface disasters. I'd recommend that mail readers treat recursive
encrypted and signed S/MIME messages identically to non-recursive (i.e. 
PKCS #7 native). Even better would be for the RSA's S/MIME toolkit to be 
able to perform the translation automatically.

   I agree with Brad that it needs to be fixed. If a large installed base 
of S/MIME clients gets deployed that cannot handle the S/MIME format 
hiding the signatory, then we will have failed in an important way.

> >    One strength of PGP has traditionally been its unity. PGP means one
> > message format (the PGP one), one suite of crypto algorithms (the PGP
> > one), one key format (the PGP one), one application (PGP itself). Most
> > of the other proposals are modular in some way, especially with
> > respect to algorithms. PGP is moving in that direction.
> 
>     IMO, unity in this case is both a benefit and a deficit.
> Because it has not historically been separable, it's either all
> or none of PGP, and that's not an implementory style that's
> likely to win friends or marketshare.  To that degree, I think
> PGP has probably been less successful than it could have been.
> To the degree that this is changing is one indicator of its
> potential to continue to be a player.

   Agreed. The changes to PGP could be good, bad, or some combination. My 
real point is that whatever the reasons have been for PGP's success or 
failure, they won't resemble much the reasons why PGP will succeed or 
fail in the future.

> >    Earlier, I mentioned that two and a half protocols survived the
> > day. The remaining one is MSP. It's actually not a bad protocol. It
> > has two features that none of the others have: the ability to label
> > classified messages, and a cryptographically strong signed receipt.
> > Both of these functions are highly important for government users. It
> > looks like government suppliers are going to go ahead and implement
> > it, and the government is going to use it.
> 
>     Although these benefits are present in the current MSP, I
> don't see anything inherent in MSP that makes it necessarily
> superior in these areas.  If you were doing normal MIME-type
> receipts (whatever that means, since I think there are three
> different drafts under way currently), and you simply added the
> ability to cryptographically sign a timestamp in the "proper"
> MIME receipt type, then MSP would lose this advantage.
> 
>     I think labeling could potentially be done by follow-on
> versions of other packages as well, since I think we all agree
> that generic labeling which can be used both for standard
> gov't-style classification levels and compartments, as well as
> for business-style sensitivity labeling.  In fact, I'd almost be
> inclined to say that it would likely be as easy (or easier) to
> create a new general-purpose labeling system for use with any of
> the competitors than it would be to modify MSP to support
> business-style labels in addition to the gov't-style labels I'm
> sure it has today (maybe it already has labels, but I don't
> think that this is that tough of a problem to solve in any
> event).

   One of the action items from the conference was for the contenders to
converge on any pieces that were not gratuitously different. For S/MIME
and PGP/MIME to simply adopt receipt and labelling standards, even to lift
them wholesale from MSP, would be well in accordance with this goal, I
think. 

>     This is where I say that what we need to do is neither cave
> in to the limitation imposed by the gov't nor do we accept that
> we have to rip out encryption from our products to be shipped
> overseas or used in the U.S. on the behalf of overseas
> customers.  We need to (on a daily basis) wipe the gov't nose in
> this mess that they've created, until such time as they learn
> that it stinks and that they shouldn't do that indoors anymore.
> 
>     ITAR be damned.

   Hear, hear. My point is that it isn't just cypherpunk advocacy of
strong crypto. Any company that ships a 40-bit product is going to get
badly burned by well publicized breaks. Their customers are going to feel
betrayed. They thought they were buying a "secure" solution, but they
weren't.
   Perhaps this is putting it a bit strongly, but using the word "secure" 
in conjunction with a 40-bit produce borders on fraud. Perhaps it makes 
more business sense to defend against the ITAR on First Amendment grounds 
than to defend against fraud charges on ITAR grounds. If not a lawsuit, 
then a disillusioned customer base, which is just as bad.

> >    If care about offering crypto in the non-US market, form a
> > partnership with overseas developers to add the crypto.
> >
> >    Non-US developers, now is a fabulous opportunity. Get those
> > implementations underway, the sooner the better.
> 
>     And own the crown jewels to every single company in the U.S.
> all that much faster.  It's not like the NSA is help to protect
> them from espionage that originates from competitors or from
> what used to be the political espionage organizations that are
> now fighting to keep their jobs.  It's not like companies will
> have a single moments interest in having to deal with two
> different standards for their U.S. customers and overseas
> customers, or worse, their U.S. subsidiaries and their overseas
> subsidiaries.
> 
> 
>     Everybody should buy their encryption technology from a
> country where this kind of thing isn't under export control, and
> then ship (or operate) from that country.  When all the
> companies have moved overseas somewhere (or at least moved the
> official bits that they have to move in order to make this
> happen), maybe the U.S. gov't will wake up.  But of course, by
> then it will be too late.  And the NSA (and other governmental
> entities) will have succeeded in doing "Very Grave Harm to
> National Security Interests" because there won't be much of a
> Nation left behind when all the companies (and therefore
> workers) are overseas.
> 
> 
> 
>     Sorry, this has been a *major* sore point with me for years.
> 
> >    Most serious email vendors plan to "implement everything that's
> > real." That means S/MIME for sure, PGP/MIME assuming they can get
> > their hands on a decent implementation, and MSP if they sell a lot of
> > stuff to the government.
> 
>     I'm hoping that we'll be able to significantly reduce the
> playing field of "what's real".

   I think we just did. The only other way for the field to reduce any
more is for PGP to tank (unlikely), for RSA to drop S/MIME (unlikely) or
for MSP to disappear (won't happen entirely - witness X.400). 

> >                                              Over the next few months,
> > we will see some very high profile, mass market implementations.
> 
>     You may see them from others, but I don't think you're
> likely to see them from us anytime soon.  See my comments above
> about ITAR.  We're a world-wide company (and trying to become
> even moreso) with world-wide customers.  Hell, we could even get
> completely cut off from certain countries because they deem that
> we're providing access to "illegal" or "unapproved" encryption
> technologies.

   I was speaking about others ;-). A lot of people have announced that 
they're going to implement S/MIME. The remaining question is whether 
they're really going to do so. Without sticking out my neck and naming 
individual companies, the impression I got is that they are.

> >    At the end of the meeting, Dave asked the room for consensus on
> > several points. First, there was strong consensus that the encryption
> > protocols converge on multipart/security for their signed message
> > format.
> 
>     You mean "multipart/signed", right?

   Yes.

>     There was also strong support for changing the
> "octet-stream" definition of "multipart/encrypted" to something
> more meaningful (hopefully simply state that it's one of the
> standard MIME types, and can presumably be safely converted to
> and from things like base64 or quoted-printable, or that its
> canonical form is one of the seven-bit safe formats).  With that
> change, there was strong support that I heard voiced for
> supporting "multipart/encrypted" as well.

   There was support, but was there consensus? My brain is just too fuzzy 
to remember.

> >    I'd say that's quite a remarkable achievement for a such a
> > difficult area.
> 
>     Agreed.  I think Dave Crocker deserves a lot of credit for
> how well he managed to shepard us "cats" and that he didn't let
> things get far enough off-track that we turned into "hostile
> cats".

   Absolutely.

Raph






From cp at proust.suba.com  Fri Feb 23 18:55:01 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sat, 24 Feb 1996 10:55:01 +0800
Subject: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <199602232332.RAA00171@proust.suba.com>


> Marianne Mueller, Java security engineer, also said the chances of such
> hacking occurring are "remote."

This is the sort of bullshit that gets companies in trouble.  Netscape has
a good record of responding to and fixing security problems.  Why should
they feel the need to do spin control?  This borders on lying.

If the hole is there, hackers will distribute toolkits that will let even
comparitively unskilled people exploit it.  Here in Chicago, there is a
group of hackers that teaches organized classes on how to break into
systems, and they give their students toolkits.

Anything you can do with a computer can be automated.  If there's a 
difficult way to hack into a machine, someone can put it in a box that 
makes it easy.





From yusuf921 at uidaho.edu  Fri Feb 23 19:08:21 1996
From: yusuf921 at uidaho.edu (Syed Yusuf)
Date: Sat, 24 Feb 1996 11:08:21 +0800
Subject: No Subject
In-Reply-To: <199602212358.SAA25640@pipe10.nyc.pipeline.com>
Message-ID: 



From: Parveez Syed
Global Media Monitoring
Shanti Communications
One Stuart Road, Thornton Heath, Surrey CR7 8RA1 UK
Tel: London-UK 44-0831-196693
Fax: 44-0181-665 0384
E-Mail INTERNET: PARVEEZ at CR78RA1UK.WIN-UK.NET

Building big brothers
book reviewed by Parveez Syed (c) Shanti RTV

   Building in Big Brother:
   The Cryptographic Policy Debate
   Edited by Lance J. Hoffman
   Springer Verlag Publishers
   Copyright: March 1995
   Price:$29.95
   ISBN 0-387-94441-9
   
"If you ever wondered how a particular computer technology could
attract the interest of the directors of three intelligence
agencies, the heavyweights in the computer industry, a gang of
programmers turned freedom fighters, and the President of the
United States, you need look no farther than Building in Big
Brother. This book outlines the next civil liberties battle in
the United States," according to Marc Rotenberg of Electronic
Privacy Information Center.
   
"One-stop-shopping for even the most sophisticated analyst of the
policy wars over cryptography," according to Michael Froomkin,
Associate Professor of Law, University of Miami Law School

"Lance Hoffman has compiled an extraordinarily useful and well
balanced collection of materials on cryptography and its 
applications. This book will instantly become a definitive 
compendium," Peter Neumann said.
   
"Though Lance Hoffman is a dedicated opponent of current 
government policy, he has assembled a volume that should be -- 
and will be -- on the desk of every cryptographic policymaker 
in Washington. He has accurately recorded the many voices in a 
debate that will profoundly affect our future, for good or ill, 
well into the twenty-first century. This book is an important 
contribution to the history of encryption. It is an even more 
important contribution to those who are struggling to shape 
that history," Stewart Baker, Steptoe & Johnson (formerly General
Counsel to the National Security Agency) added.

"An authoritative source of political writings by the major 
players in the crypto revolution," according to Philip
Zimmermann, Creator of PGP.

ends
Presented by: Shanti RTV (c) 23 Feb 1996.


-----------------------------------------------------------------
Parveez Syed's direct contact details are:
One Stuart Road, Thornton Heath, Surrey CR7 8RA1 UK
Tel: London-UK 44-0831-196693;
Fax/tel: 44-0181-665 0384 
E-Mail INTERNET: parveez at cr78ra1uk.win-uk.net 
-----------------------------------------------------------------
Food for thought?: "In politics, as in the snake oil business, it 
pays to have a short memory and a chameleon-like quality. That is 
why the relationship between a journalist and a politician should 
be like the one between a dog and a lamp-post".
But who is doing what to whom? One wonders ;-)
----------------------------------------------------------------- 







From tallpaul at pipeline.com  Fri Feb 23 19:52:35 1996
From: tallpaul at pipeline.com (tallpaul)
Date: Sat, 24 Feb 1996 11:52:35 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602240134.UAA07386@pipe11.nyc.pipeline.com>


On Feb 23, 1996 00:19:15, '"P.J. Ponder"
' wrote: 
 
 
> 
>Steve Walker wrote to John Young: 
> 
>(large piece snipped; good stuff though.) 
> 
>+  Suppose the U.S. government had never thought of placing 
>export controls on cryptography... 
> 
>We would now have widespread use of encryption, both 
>domestically and worldwide; we would be in a state of 
>"Utopia," with widespread availability of cryptography 
>with unlimited key lengths. But, once in this state, we 
>will face situations where we need a file that had been 
>encrypted by an associate who is unavailable (illness, 
>traffic jam, or change of jobs). We will then realize 
>that we must have some systematic way to recover our 
>encrypted information when the keys are unavailable. 
> 
 
The exchange of information among many trusted people all located in the
same geographical location (or with regular reliable couriers travelling to
different locations) is the ideal situation for *private* not public key
crypto. In such circumstances one uses, e.g. IDEA, not PGP. 
 
End of corporate problem. End of "worry" about problems with PGP. 
 
--tallpaul





From tcmay at got.net  Fri Feb 23 20:04:15 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 12:04:15 +0800
Subject: Cluelessness V.S. Lack of Knowledge
Message-ID: 


At 9:29 PM 2/23/96, Alan Olsen wrote:

>There are companies out there that are trying to build good
>products.  These people can be instructed on the ways of
>implementing good crypto.  Unfortunately, I have seen a number
>of them pushed up against the "Wall of Attitude" when they do
>ask for help.  Cypherpunks, for good or for bad, have a
>reputation for being experts in the field.  People come here to
>ask questions because "Cypherpunks know what Good Crypto tastes
>like".  What is happening though is that they are also getting
>a reputation as people who flame first and give answers later,
>if ever.  This is not a "good thing".  If you want strong
>crypto to exist, you have to make the people who are trying to
>put it into place able to understand what it is in the first
>place.  Giving them grief when they try to find out the flaws
>in the ideas (and are willing to learn) is not helpful to the
>community as a whole.

I disagree. There are several points to keep in mind:

1. There are many sources of information on crypto, including excellent
books on cryptography and information theory, and several FAQs readily
available. There are frequent pointers to these FAQs, books, journals, and
newsgroups.

2. Most of the "harsh criticisms" come when people do one or more of the
following:

a. announce an amazing new discovery, but refuse to give details ("we have
applied for patents on our amazing new discovery")

b. show an unawareness of basic facts which any competent cryptologist
should at least be familiar with

c. expect "the Cypherpunks" to provide free consulting and educational
training (this same issue comes up on sci.crypt all the time, too, with
people announcing some new cipher--which is usually some variant of a
well-known cipher--and expressing frustration that "nobody will help me try
to break it.")

3. "The Cypherpunks" is not a freelance consulting group, doing
"Underwriter's Laboratories" (as in "UL Approved" on your electrical
appliances) tests on proposed new systems. Even weak ciphers take time to
break. See above. Or see the many comments to this effect in sci.crypt (in
fact, I recall that it's in the FAQ for sci.crypt.)

4. In any case, with 1000 or more subscribers, and no consensus mechanism
(no official position), nearly any proposal is going to be met with some
negative comments from _someone_. Welcome to the real world. Anyone whose
skin is so thin as to be scared off from posting because he fears that
_someone_ will criticize his idea is a hopeless case.

5. Genuinely good ideas, or ideas that appear to come from someone who has
done some real research and thinking, are usually responded to pretty
favorably. I could cite the work on MixMaster, Crypto++, Blowfish, etc.


>I know of one developer who is trying to implement a strong
>cryptosystem in his app.  He is unwilling to post his
>questions/concerns here because he is afraid of getting his ass
>shot off on the first query.  Judging by some of the responses
>I have seen, I do not blame him!  I can understand intolerance
>of the sales droids who push crap.  I do not have much
>tolerance for them either.  It bothers me when I see people who
>are not experts in the field AND ARE TRYING TO LEARN getting
>"blowed up real good" because they are not experts.
>
>Cypherpunks not only need to teach, they need to be willing to
>teach.

There's a huge textbook on crypto: Schneier's book. Also, numerous books by
Koblitz, Denning, Meyer and Matyas, and on and on.

If your friend has a system which builds on basic principles, he won't be
"shot down." If his ideas are good ones, he'll be embraced as a colleague.
If he hasn't absorbed the standard theory, he'll be dismissed curtly. As it
should be.

Breaking a system, even one based on good principles, takes real work. Few
people will volunteer to put free time and computer resources into testing
the strength of unknown systems. Think about it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From carolann at censored.org  Fri Feb 23 20:22:10 1996
From: carolann at censored.org (Censored Girls Anonymous)
Date: Sat, 24 Feb 1996 12:22:10 +0800
Subject: Chain Letter to Congress, TOO!
Message-ID: <2.2.16.19960223214644.359711a6@primenet.com>


They oughta send it to the congress servers
while they are at it.

Liked the mailto: tag on the mail
Netscrape and Eudora support it.

Love Always,

Carol Anne
-----BEGIN PGP SIGNED MESSAGE-----

This is my public PGP key.
Signed and certified!

Love Always,

Carol Anne

 
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAy/ZOrAAAAEEANDo2ZIACDkf8irWB0Pi8UhcBts8hlhPguUputkwXfabtqpo
PziaSrj0/qpd+SfjjKyjC4l0TPfc8wrEHbGfNdwbMCmugBgVfaw8SBZnV7J0NxYC
GWt819ZZHhgM5+b+MjjY7DftHv6WDuo5ag0aMBW3FuDyDvaVRIrpjEWs1wBlAAUT
tBxjYWI4IDxjYXJvbGFubkBjZW5zb3JlZC5vcmc+
=8ToJ
- -----END PGP PUBLIC KEY BLOCK-----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Uncensored from heavily.censored.org

iQCVAwUBMSmN0YrpjEWs1wBlAQFLTAQAjt6NhN0GFNNLUhkVaho6pcUi+VKP1Kw8
8m7Wwyhk4baS25m2wumyeoCxIKQz2nP6pT2EwbNJXmig+g/CeMxuqlInGmSBKeuZ
evpGgc8q5rZVdnLW2q8dCyoe/uALcPa1K9WpBB030Mka8Gq/9Lc8Y7WtJ09Cnwrw
w7YE0N/X594=
=5puG
-----END PGP SIGNATURE-----






From tcmay at got.net  Fri Feb 23 20:23:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 12:23:31 +0800
Subject: NSA agent arrested
Message-ID: 


At 6:51 PM 2/23/96, Mike Tighe wrote:

>Yeah, I got his name but was not sure of the spelling. Robert Steven
>something. Lives in Millersville, PA. I think he is retired. Looks like a
>victim of the cozying relationship between the FBI and the KGB-whatever
>they call themselves nowadays.

Lipka. Details are in the usual news sources, such as Reuters
(http://www.excite.com/Bulletin/), under Net Directory in Netscape.

No CP relevance that I can see, except that Lipka didn't use remailers to
protect his identity when he tried to reestablish contact with the Soviets
()who were actually FBI).

Lipka was a low-level 20-year-old when he worked for the Army, probably
assigned to the Army Security Agency (considered part of the NSA).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at REPLAY.COM  Fri Feb 23 21:00:29 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Sat, 24 Feb 1996 13:00:29 +0800
Subject: Digital Watermark
Message-ID: <199602240347.EAA05595@utopia.hacktic.nl>



Financial Times, 22 Feb 96

Digital watermark protects copyright

Scientists at the NEC Research Institute in Princeton
believe they have developed "a fundamental enabling
technology" for protecting the copyright of images and
music on the Internet.

They have developed a secure method of producing a
digital watermark, an invisible code that identifies the
owner, which is permanently embedded in the multimedia
data.

Attempts to remove the watermark would be virtually
impossible without degrading the image quality. Moreover,
counterfeiting would be almost impossible, says NEC. the
Japanese electronics company.

The digital watermark is designed to be used in
conjunction with cryptography, which limits access to
encrypted data to legitimate users.

NEC Research Institute:
US, tel 609-520-1555
fax 609-951-2481.












From frantz at netcom.com  Fri Feb 23 21:49:39 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 13:49:39 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602230759.XAA21453@netcom7.netcom.com>


At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
>And we should all remember, again, that basic observation: even if "key
>escrow" is needed to recover *stored* files, it sure ain't needed for
>*communications*!!

If a key is being generated for two way communications, then it should be
generated via a protocol like Diffie-Hellman which leaves no recoverable
knowlege of the key outside the participants, and discarded when the
session is over of frequently, whichever occurs more often.  This procedure
will reduce the incentive for rubber hose attacks to recover these keys.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From alano at teleport.com  Fri Feb 23 21:50:05 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 24 Feb 1996 13:50:05 +0800
Subject: url
Message-ID: <2.2.32.19960223064759.008c79c4@mail.teleport.com>


At 01:23 AM 2/23/96 -0500, Mutant Rob wrote:
>Bill Frantz wrote:
>> 
>> At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
>> >Mike McNally writes:
>> >> At  find
>> >> some interesting "surveillance" applications of Javascript.[..]
>> >When is the patch to let you disable JavaScript inside Netscape going
>> >to go out? Its more than time.
>> 
>> Why Perry, it's called Netscape 1.1N.  :-)
>
>I think the Options menu in Netscape allows you to disable it already.

You can disable Java but not Javascript via the security options.
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From hal9001 at panix.com  Fri Feb 23 21:50:30 1996
From: hal9001 at panix.com (Robert A. Rosenberg)
Date: Sat, 24 Feb 1996 13:50:30 +0800
Subject: IBM Breakthrough?
Message-ID: 


At 21:03 2/21/96, Mike Duvos wrote:

>Now this has some interesting implications.  One of the problems
>with teleportation devices in Science Fiction stories is that
>they allow for the creation of duplicates.  They reduce an object
>to a pattern by measuring it, and then recreate it at a distance
>by assembling atoms of the same types according to the
>appropriate directions.  There is no theoretical reason why, once
>the pattern has been saved, this process could not be repeated
>multiple times.  This has implications for things like souls and
>self-awareness that many people would rather not think about.

Its been used in an SF Story/Series . It is the Venus Equilateral Series
by George O. Smith. Midway into the Series, they invent a method of doing
Teleportation via destruction of the original item, sending the info to the
receiver, and recreating the object. In the process of a Court Case
involving if the transmission of the signal between the two Teleportation
Devices was a transmission of Energy (which was the province of the other
party in the case) or a transmission of Data (which was VE's job), they had
to invent a Duplicator (in the process allowing the non-destructive readout
of the transmission signal). It gets vary hairy for a story or two until
Civilization gets adjusted to the Duplicator (they have to invent something
that can not be scanned and thus duplicated to act as "Paper" for Money and
Contracts/etc since the bottom fell out of the Economy due to no need for
most Factories and the lack of uncounterfeitible currency).







From alano at teleport.com  Fri Feb 23 21:51:56 1996
From: alano at teleport.com (Alan Olsen)
Date: Sat, 24 Feb 1996 13:51:56 +0800
Subject: Secure Mail (Was: IMC resolving security workshop)
Message-ID: <2.2.32.19960223063622.0089dbe4@mail.teleport.com>


At 12:47 AM 2/23/96 +0000, P.J. Ponder wrote:

>ObSecureMail: I got the beta Pronto secure mail, but haven't had tome to 
>fool with it yet, then I got a mesage about a bad key or something. 
>What's up with that?

My experience so far has not been very positive.

I have tried both of the betas on Win95.  Neither of the betas have been
able to get past the "Synchronising keys" section of the setup.  The program
just keeps accessing my public keyring for almost 30 mins before it returns
a cryptic error 111.

What I have seen of it, I am not very happy with some of the design choices.
You should be able to tell it the hex id of the key that you want to use
with the mailer.  Nope!  It tries to find what it thinks the key should be
based on your e-mail address.  Since I have two keys under that address,
there is a wee bit of a problem.  I have tried generating a new one as well,
and i still get the problems with the key sync.  (As in it not completing
and ending with an obscure error message.)  So far, my last message to the
beta address has gone unanswered on this problem.

I would like to test it further, but getting that far has not been very easy
at this stage of the development.  Not a hopeful sign.
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From cp at proust.suba.com  Fri Feb 23 22:06:53 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sat, 24 Feb 1996 14:06:53 +0800
Subject: REM_ote
In-Reply-To: <312E91CA.15FB@netscape.com>
Message-ID: <199602240441.WAA00378@proust.suba.com>


> Marianne Mueller is a Sun employee, not a Netscape employee. The
> original quote did not make that clear.

Again, I apologize to Ms. Meuller and to Netscape.

In my opinion Netscape has a great track record of addressing concerns and
problems with its software.  Other companies would do well to use
Netscape's policy of addressing and correcting proven security problems,
instead of denying and downplaying them, as a model. 






From dlv at bwalk.dm.com  Fri Feb 23 22:08:03 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 24 Feb 1996 14:08:03 +0800
Subject: Look, a chain letter :-)
Message-ID: 


I received a curious mimetic e-mail. The cypherpunks relevance is: will we
or will we not bring down the White House server? :-)

---------- Forwarded message ----------

To whoever may read this,

This is not a typical chain letter, in that by passing it on to as many
people as you can, you are taking part in what may yet become the
world's biggest practical joke. The U.S. Government has recently passed
an act which enforces censorship on the internet. A group of internet
users has now come together to kick back at this oppression, and have a
bit of fun at the same time.

The aim of this exercise is to re-establish the United States as "The
Land of the Free", not a fascist state where freedom of speech and
thought are curtailed. Communist Russia fell as a result of such limits
being placed upon the minds of the general populus.

On receiving this letter, please pass it on to as many friends or
E-mail lists as you can. We predict that if everybody copies the letter
to 5 other addresses, by February 29th 1996, this letter should have
reached in excess of 2 million people. That's when the fun
begins........

On February 29th, please send the message:

Dear Mr. President,

Do you remember this:

And afterwards enclose the pre-typed copy of the Bill of Rights. By
sending the letter on the date above, you will contribute to either one
huge petition for freedom, or else lead to a crash of the White House
server.

Send all letters to:

President at Whitehouse.gov

Remember that solidarity is the key to success



                              THE BILL OF RIGHTS





  Amendment I



   Congress shall make no law respecting an establishment of religion,
   or prohibiting the free exercise thereof; or abridging the freedom
   of speech, or of the press; or the right of the people peaceably to
   assemble, and to petition the government for a redress of
   grievances.



  Amendment II



   A well regulated militia, being necessary to the security of a free
   state, the right of the people to keep and bear arms, shall not be
   infringed.



  Amendment III



   No soldier shall, in time of peace be quartered in any house,
   without the consent of the owner, nor in time of war, but in a
   manner to be prescribed by law.



  Amendment IV



   The right of the people to be secure in their persons, houses,
   papers, and effects, against unreasonable searches and seizures,
   shall not be violated, and no warrants shall issue, but upon
   probable cause, supported by oath or affirmation, and particularly
   describing the place to be searched, and the persons or things to be
   seized.



  Amendment V



   No person shall be held to answer for a capital, or otherwise
   infamous crime, unless on a presentment or indictment of a grand
   jury, except in cases arising in the land or naval forces, or in the
   militia, when in actual service in time of war or public danger; nor
   shall any person be subject for the same offense to be twice put in
   jeopardy of life or limb; nor shall be compelled in any criminal
   case to be a witness against himself, nor be deprived of life,
   liberty, or property, without due process of law; nor shall private
   property be taken for public use, without just compensation.



  Amendment VI



   In all criminal prosecutions, the accused shall enjoy the right to a
   speedy and public trial, by an impartial jury of the state and
   district wherein the crime shall have been committed, which district
   shall have been previously ascertained by law, and to be informed of
   the nature and cause of the accusation; to be confronted with the
   witnesses against him; to have compulsory process for obtaining
   witnesses in his favor, and to have the assistance of counsel for
   his defense.



  Amendment VII



   In suits at common law, where the value in controversy shall exceed
   twenty dollars, the right of trial by jury shall be preserved, and
   no fact tried by a jury, shall be otherwise reexamined in any court
   of the United States, than according to the rules of the common law.



  Amendment VIII



   Excessive bail shall not be required, nor excessive fines imposed,
   nor cruel and unusual punishments inflicted.



  Amendment IX



   The enumeration in the Constitution, of certain rights, shall not be
   construed to deny or disparage others retained by the people.



  Amendment X



   The powers not delegated to the United States by the Constitution,
   nor prohibited by it to the states, are reserved to the states
   respectively, or to the people.




---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From yee at spyrus.com  Fri Feb 23 23:07:47 1996
From: yee at spyrus.com (Yee, Peter)
Date: Sat, 24 Feb 1996 15:07:47 +0800
Subject: [No subject]
Message-ID: <9601238250.AA825095039@spysouth.spyrus.com>



>>    Earlier, I mentioned that two and a half protocols survived the 
>> day. The remaining one is MSP. It's actually not a bad protocol. It 
>> has two features that none of the others have: the ability to label 
>> classified messages, and a cryptographically strong signed receipt.
>> Both of these functions are highly important for government users. It 
>> looks like government suppliers are going to go ahead and implement
>> it, and the government is going to use it.

>Although these benefits are present in the current MSP, I
>don't see anything inherent in MSP that makes it necessarily superior in these 
>areas.  If you were doing normal MIME-type receipts (whatever that means, since
>I think there are three different drafts under way currently), and you simply 
>added the ability to cryptographically sign a timestamp in the "proper" MIME 
>receipt type, then MSP would lose this advantage.

FIF.  I guess this could be said about any of the protocols.  With enough 
changes they all have the same feature set. :-)  MSP just has it now and it 
works.

>I think labeling could potentially be done by follow-on
>versions of other packages as well, since I think we all agree that generic 
>labeling which can be used both for standard gov't-style classification levels 
>and compartments, as well as for business-style sensitivity labeling.  In fact,
>I'd almost be inclined to say that it would likely be as easy (or easier) to 
>create a new general-purpose labeling system for use with any of the 
>competitors than it would be to modify MSP to support business-style labels in 
>addition to the gov't-style labels I'm sure it has today (maybe it already has 
>labels, but I don't think that this is that tough of a problem to solve in any 
>event).

Well, read MSP first before assuming.  And of course, see above comment.

                                                                -Peter






From tcmay at got.net  Fri Feb 23 23:30:45 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 15:30:45 +0800
Subject: "E-Money" is trademarked
Message-ID: 


At 5:54 AM 2/24/96, Jim Miller wrote:
>FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds
>the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware
>
>Corporation.  See the Web page http://www.efunds.com
>
>I guess I will have to rename my E-Money mini-FAQ.

I guess we're left with "D-marks" (D for digital...).

I can only hope that someone soon trademarks the stupid "e$" and thus
enjoins the rest of us from using it.

(On a serious note, yet another example that the American copyrighting and
patenting engine is overrevving.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From frantz at netcom.com  Fri Feb 23 23:33:33 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 15:33:33 +0800
Subject: REM_ote
Message-ID: <199602240609.WAA15885@netcom7.netcom.com>


At 10:28 PM 2/23/96 -0600, Alex Strasheim wrote:
>> Might want to be careful calling Marianne a borderline liar. She's our host
>> for Cypherpunks meetings at Sun, where's she's in the Java group. The
>> article didn't make it clear that she's with Sun and not Netscape. She's
>> also been coming to Cypherpunks meetings since the beginning, and posts
>> here occasionally.
>
>I apologize for the remark, it was out of line.  I don't know who she is,
>or what she actually said, for that matter.
>
>But the fact remains that these sorts of security problems were predicted
>well before Java was widely deployed.  They're serious, and this isn't
>going to be the last one.  An awful lot of people aren't going to patch
>their copies of Netscape any time soon, either.

I agree these problems will continue to show up from time to time.  With a
large security kernel, you will have security bugs.  However, if the fixes
come out in a week, then the hacking potental is greatly reduced.

>(A useful feature for Netscape might be a facility that checks
>periodically to see if a security patch is in order, and displays a
>warning if it is.)

A very good idea.  An advantage for web based products.

>Problems with security are a fact of life.  I've made embarassing mistakes
>that compromised security for some of my users.  When that happens you
>have to come clean, tell the truth, and fix the problem.  Don't try to
>convince people that you didn't screw up, that the problem isn't serious. 
>Don't say things that will encourage users to put off installing a
>security patch.  And don't underestimate the ability of your attackers.

This is all true.  However, from what I know, in this case you would need
to know the details of the flaw, and be able to generate a java bytecode
stream which takes advantage of the problem.  If the fixes come out
quickly, then your attackers don't have much time.  However if they
discover the flaw before you do you are in deep shit.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From tcmay at got.net  Sat Feb 24 00:13:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 16:13:31 +0800
Subject: REM_ote
Message-ID: 


At 11:32 PM 2/23/96, Alex Strasheim wrote:
>> Marianne Mueller, Java security engineer, also said the chances of such
>> hacking occurring are "remote."
>
>This is the sort of bullshit that gets companies in trouble.  Netscape has
>a good record of responding to and fixing security problems.  Why should
>they feel the need to do spin control?  This borders on lying.

Might want to be careful calling Marianne a borderline liar. She's our host
for Cypherpunks meetings at Sun, where's she's in the Java group. The
article didn't make it clear that she's with Sun and not Netscape. She's
also been coming to Cypherpunks meetings since the beginning, and posts
here occasionally.

I'm sure she can speak for herself, but she may not see this comment for a
while, hence my comment here.

As for the substance of her remarks, best to let her elaborate. Though,
knowing journalists, it's quite possible that her "remote" remark was
embedded in a much longer comment, which the reporter chose to cut.

--Tim may

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From john at loverso.southborough.ma.us  Sat Feb 24 00:17:12 1996
From: john at loverso.southborough.ma.us (John Robert LoVerso)
Date: Sat, 24 Feb 1996 16:17:12 +0800
Subject: url
In-Reply-To: <199602222059.MAA07863@netcom7.netcom.com>
Message-ID: <199602230016.TAA02237@loverso.southborough.ma.us>


> Why Perry, it's called Netscape 1.1N.  :-)

Surely you mean 1.12?

John





From raph at c2.org  Sat Feb 24 00:18:31 1996
From: raph at c2.org (Raph Levien)
Date: Sat, 24 Feb 1996 16:18:31 +0800
Subject: No Subject
Message-ID: <199602230055.QAA15846@infinity.c2.org>


   Here follow one cypherpunk's impressions of the Internet Mail
Consortium's Security Workshop
(http://www.imc.org/security-workshop.html) on Wednedsday 21 Feb 1996.
Since there will be official notes of the proceedings, I felt I had a
little more scope to convey mood and feelings rather than dry
technical facts. After all, I think the buzz will do more to determine
what gets deployed than the technical merits.
   This document is available on the Web at:
      http://www.c2.org/~raph/report.html


The setting
-----------

   Paul Hoffmann and Dave Crocker recently started the Internet Mail
Consortium (http://www.imc.org). This workshop was its first major
activity. Dave Crocker moderated the event, skillfully herding almost
70 secure email proponents and representatives from user communities
through a very tough subject.
   The title of the workshop was "Resolving email security," but there
was no real expectation that the issues would be resolved that day.
What was expected (and what happened) is that people would get a
better understanding of why secure email hasn't happened yet, what
kinds of things could be done to make it happen. More impressively,
there was "room consensus" for a few _very_ positive steps, about
which more later.
   One of the goals of the IMC is to involve users, not just
developers. I was ready to "officially" represent the "cypherpunk user
community," but fortunately, I didn't need to. In fact, the strongest
advocacy of strong crypto came from an employee of a "large service
provider in America." Overall, I felt that the user communities were
pretty well represented, and all important technical points got made.


MOSS is dead, long live MOSS
----------------------------

   There were five contenders on the field going into the day, and two
and a half at the end. MOSS was one of the casualties. A lot of us
were sorry to see it go, but eliminating candidates has got to happen
if we're going to have interoperation.
   It's hard to say exactly what went wrong. MOSS had many advantages,
and was a nice, clean, pretty standard. I think what doomed it was the
lack of a good implementation.
   Even though MOSS is no longer considered a serious contender, one
piece of it is still very much alive: the multipart/signed message
format. At the end of the day, there was strong, nearly unanimous
consensus that multipart/signed should be recommended as the signed
message format for _all_ of the email encryption protocols.


S/MIME: you can dance to it
---------------------------

   There was a lot of energy around S/MIME. People are implementing
it. Internally, it's pretty kludgely, but it does provide pretty good
cryptographic services. (as an aside, my favorite kludge anecdote is
the fact that X.509 certificates use an IA5 character set rather than
ASCII, so that the @ in email addresses has to be represented as (a)
instead).
   The main thing people didn't like about the existing S/MIME spec is
the signed message format. In the existing spec, you've got a choice
between a message unreadable to non-S/MIME-aware clients, or
duplicating the data. Neither alternative is very palatable.
   Apparently, though, a new version of the S/MIME spec _will_
incorporate the multipart/signed format of RFC 1847. This made almost
everybody happy, although I'm sure all those S/MIME developers are a
bit unhappy with the spec changing, and having to reimplement stuff.
   The biggest problem with S/MIME is that the signed and encrypted
format reveals who made the signatures. Obviously, this has severe
consequences for anonymous mail. Believe it or not, a lot of people
care. For example, the car manufacturers do not wish to broadcast the
email addresses of their employees over the net.
   One technical workaround is to do it the MOSS way - first, sign the
message, resulting in an intermediate S/MIME message, then encrypt
that into a second S/MIME message. I'd recommend that implementors
make provisions for such recursive formats; I think it's likely that
we'll see a lot of these on the Net.


PGP: troubled, but still alive
------------------------------

   The consensus was that S/MIME and PGP/MIME are the two viable email
encryption protocols. Thus, PGP is still very much alive and kicking.
   PGP's fabulous strength is that it won't let you down
cryptographically. That simply cannot be said for the other
contenders.
   That said, much about the PGP effort troubles me. Perhaps the
biggest problem is that there just aren't enough people working on it.
>From what I understand, it's pretty much just Derek and Colin, and
there's a _lot_ of work to do. I said before that I didn't think the
public PGP/MIME release will happen until this fall, and I see no
reason to change my estimate. By that time, a lot of S/MIME
implementations will already be deployed.
   One strength of PGP has traditionally been its unity. PGP means one
message format (the PGP one), one suite of crypto algorithms (the PGP
one), one key format (the PGP one), one application (PGP itself). Most
of the other proposals are modular in some way, especially with
respect to algorithms. PGP is moving in that direction.
   The most visible evidence of that is the way PGP/MIME is being
done. The prevailing philosophy of the PGP people is that the PGP
application itself should not decode MIME formats - that should be the
job of a separate application. It seems to me that this is going
against the tradition, though. In the past, if you got a PGP message,
you just ran it through PGP. Now you won't be able to do that.
   Also, the existing data formats (while pretty good) are going to
get changed. The algorithms are going to "go modular" (although I
don't think we'll be seeing a Fortezza implementation any time soon).
This is going to cause a lot of pain for the installed base. Will it
be worth it? We'll just have to see.


MSP: not as bad as you think
----------------------------

   Earlier, I mentioned that two and a half protocols survived the
day. The remaining one is MSP. It's actually not a bad protocol. It
has two features that none of the others have: the ability to label
classified messages, and a cryptographically strong signed receipt.
Both of these functions are highly important for government users. It
looks like government suppliers are going to go ahead and implement
it, and the government is going to use it.
   MSP has been around a while, but the effort to turn it into a
serious alternative for general Internet use is quite new. Two specs
got published this month: a MIME integration spec (sharing the same
problems as the old S/MIME), and a spec for plugging in the RSA
algorithm suite. With these specs in place, MSP would not be
fundamentally that different than, say, S/MIME.
   My feeling is that the main differences are cultural. MSP still has
a very ASN.1, OSI, governmental flavor. Its proponents are making the
effort to be responsive to users, but I think there's still a bit of
skepticism about that, perhaps misguided, perhaps not.
   It was announced that there will be a free reference implementation
of MSP, available to US citizens.


My kingdom for 40 bits
----------------------

   I've been thinking about the 40 bit thing a lot. It makes me very
uncomfortable. From the cypherpunk perspective, this should be nothing
new or remarkable, but keep in mind that there's a _lot_ of pressure
on companies to be able to make money in overseas markets.

   In one of the "modular algorithms" designs, it's not easy to figure
out which algorithms your recipient can understand. Guess wrong, and
your message goes out with 40-bit encryption. In my opinion, this is
worse than no encryption at all, because it gives the false sense of
security. Building such a failure mode into an email encryption
protocol strikes me as a bad idea.

   This is my subjective impression, but I sensed that there was a
collective delusion that US software developers would actually be able
to sell a 40-bit product overseas. Certainly, Netscape has proved that
it is possible, but then again, encryption is peripheral to the value
of their product. You'd still be using Netscape even if it had no
encryption at all, wouldn't you? How many https: URL's are even in
your history.db file? For a "secure email" product, it's a different
story.

   There were a few other things that led me to the conclusion of a
40-bit delusion. First, people still seemed to thing that the
cypherpunk 40-bit cracks were a concerted effort by highly expert
people, rather than the weekend hacks that could be duplicated by any
competent sysadmin or grad student. I don't think the message really
got through. If 40-bit email gets deployed, we need to make a few more
high-profile cracks just to hammer it in.
   Finally, there's an almost religious belief that making the choice
of algorithms indepenent of the encryption protocol will somehow solve
the problem. From the point of view of the user, this is just not
true. What the user selects is an encryption protocol, an algorithm
suite, and whatever other parts of the spec were left open. What the
user selects doesn't have any modularity in it at all. It's either a
good protocol or a bad one.

   Maybe customers today think that 40-bit encryption offers some
value, but I think they'll soon be disillusioned. This is something
that cypherpunks can have a role in. In the medium to long term, it
will become clear that 40-bit encryption offers no benefits, and in
fact is dangerous.
   My advice to US developers: don't even try to export a 40-bit
version of your product. Just leave crypto out of the export version.
Your product will have better performance and many fewer configuration
problems. Include 40-bit in the US product if you have to, but don't
allow it to be used silently. For example, put up a little dialog that
says, "are you _sure_ you want to use 40-bit encryption? It's not
secure, you know."
   If care about offering crypto in the non-US market, form a
partnership with overseas developers to add the crypto.

   Non-US developers, now is a fabulous opportunity. Get those
implementations underway, the sooner the better.


Coexistence
-----------

   Since there is no one single standard that everyone feels
comfortable with, we will somehow have to deal with the coexistence of
multiple conflicting protocols. Fortunately, this is something the Net
is good at.
   Most serious email vendors plan to "implement everything that's
real." That means S/MIME for sure, PGP/MIME assuming they can get
their hands on a decent implementation, and MSP if they sell a lot of
stuff to the government.
   If everyone follows this path, then we really will have
interoperable secure email. Perhaps over the long term, one of the
standards would come to dominate, perhaps not.
   I know that the deployment of secure email has been a year away for
the past decade or so, but now I think it really is poised to happen.
The implementation effort is very much real. Over the next few months,
we will see some very high profile, mass market implementations.
   Before that happens, though, the protocols must actually become
stable. It's a characteristic of _all_ of the viable protocols that
they're still in flux, still in the process of being defined. But at
least the direction is clear, largely as a result of feedback from
this workshop.


Consensus
---------

   At the end of the meeting, Dave asked the room for consensus on
several points. First, there was strong consensus that the encryption
protocols converge on multipart/security for their signed message
format. Second, it was agreed that the proponents of the surviving
schemes get together to list their differences, justify these
difference, and commonalize things that don't _need_ to be different,
also agreeing on a timetable concluding at the Montreal IETF meeting.
   I'd say that's quite a remarkable achievement for a such a
difficult area.

Raph Levien





From stewarts at ix.netcom.com  Sat Feb 24 00:43:37 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 24 Feb 1996 16:43:37 +0800
Subject: new "obscenity" law on the net
Message-ID: <199602240737.XAA14990@ix3.ix.netcom.com>


>[Ben sent this to rms at 'Sat, 3 Feb 1996 10:32:00 -0700'];
>"Ben A. Mesander"  writes:
>>Just curious - will the new law outlawing obscenity on the net in the us
>>cause you to make changes to some of the comments in the emacs source code?
>
>Some weeks ago, Lars and Richard went through the Gnus source and
>removed 'fuck' two times and 'fucking' one time (if I didn't get it
>all wrong). I wonder if that's your fault.

A number of years ago, the Political Correctness folks at AT&T cleaned up
the termcap and terminfo files that were distributed with Unix.
You really can't talk about the Hazeltine terminal without using the word
"brain-damaged", and the "2621-ba" was redescribed as "broken arrow keys" :-)


                        Bill, who spent far too much time tweaking termcaps....


#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Sat Feb 24 00:45:10 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 24 Feb 1996 16:45:10 +0800
Subject: Anonymous access to certificate revocation lists?
Message-ID: <199602240737.XAA14996@ix3.ix.netcom.com>


[Hmmm - a crypto-related technical discussion that looks like it's 
coderpunks material?]

The article on Digital Signature Legislation by Brad Biddle 
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc
had good coverage of the legal issues related to the Utah digital signature law,
but it touched on one interesting technical point - signature verification
systems that use Certificate Revocation Lists are vulnerable to traffic analysis
because you need to check the CRL at a CA every time you want to verify a
signature from a user certified by that CA.  (There's also denial-of-service
risk.)

For example,  Alice wants to check the signature on Document D, 
which is signed by Bob, whose key is certified by Carol's CA.
Alice may have Bob's public key, or may need to fetch it from somewhere
(this is only a minor traffic analysis risk; she can get it from Bob
or from some public server, or even download all keys from the server.)
If the signature on Document D is good, Alice needs to verify Bob's key.
Alice can check Carol's signature on the key (perhaps fetching Carol's),
but she also needs to know if Bob's key is still good or if it's been revoked.
In a PGP environment, Bob is the only one who can revoke a key, and he's
responsible for shipping out revocations.  In a X.509 environment,
Carol the certifier can revoke her certification of Bob, so Alice has to
check with Carol to be sure she hasn't.  This creates a transaction record.

Biddle's article is concerned about the privacy implications of
Carol knowing about everybody who wants to verify Bob's key, because
the law doesn't address who she can sell the data to.
For cypherpunks, there are more concerns - it's tough to have a 
private conversation if you've got to exchange messages with
your friendly Government Post Office Certification Authority.

Is there a need to build anonymous CRL-checking proxies so people can
check X.509 signatures (e.g. the ones used by Netscape) anonymously?
How much caching can you do?  How would you decide how much to trust it?
The failure modes look different from anonymous remailers, where
a dishonest remailer can save your address, but you can protect yourself
by chaining remailers in serial.  With anonymous CRL proxies,
a dishonest proxy can tell you that "Bob"'s key isn't on Carol's CRL when it is;
to avoid this problem, you need to ask a bunch of proxies in parallel,
which means that any dishonest proxy can reveal your queries.

There's also the denial of service problem - depending on your policies,
and their implementation in software (especially packaged software),
what happens if you don't get a reply saying either yes or no on revocation -
what if Carol or a Man In The Middle decides not to respond to Alice's requests,
or to requests for certifications on Bob's key?  Are you hosed?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Sat Feb 24 00:54:22 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 24 Feb 1996 16:54:22 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602240738.XAA15114@ix3.ix.netcom.com>


At 11:08 AM 2/22/96 -0500, SINCLAIR  DOUGLAS N  wrote:
>What they have gained is the knowledge that their random number source
>isn't broken.  If your RNG started spewing 0 bits by the thousand would
>you say "This stream is just as likely as any other stream that I can
>imagine so there is no problem", or "My RNG is broken".  Of course,
>in nice mathematical abstractions your RNG never breaks, but we live in
>a nasty world of thermal failiures and cold solder joints.

They _haven't_ gained that knowledge, only the knowledge that it isn't
_totally_ broken and spewing zeros.  For example, the output of
       while(1) printf("%8c", des(i++, key));  // Pretend syntax is correct
would probably pass the randomness tests just fine, in spite of being entirely
predictable and having only 56 bits of key plus log(i) bits of state, 
and is  vulnerable to most cryptanalysis attacks on DES systems as well.
But it's not a One Time Pad, it's just counter-mode DES.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Sat Feb 24 01:02:32 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 24 Feb 1996 17:02:32 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602240738.XAA15096@ix3.ix.netcom.com>


>At 12:19 AM 2/23/96, P.J. Ponder wrote:
>>The first paragraph here bothered me.  If a user (or an organization)
>>needs to have access to data that was encrypted by an associate ( or one
>>of its employees) wouldn't sound practice require that the key not be
>>entrusted to just one person?  I don't see the need for any fancy
>>"key-recovery" protocol with any outside entities.  We can handle this
>>internally in my shop.  Some keys I give a copy to Alice, and down the
>>hall Bob has some, too.  If I get hit by the bus, they can get my company
>>related data back.  We don't need any "service" or "licensee" or "trusted
>>third party" or any of that, thank you very much.  And we don't need any
>>one developing OTPs for us either, and we don't need government agencies
>>keeping copies of any of our keys.

Hear, hear!  A decade or so ago, when I was a tool of the Military-Industrial
Complex, we had key escrow and trusted third-party products, but they were
appropriate technology - Big Ugly Safes that were rated for classified storage.
If you had data or (physical) keys or safe combinations you wanted to protect,
you could put them in the safes in the computer room or security office.  The
main thing we used the latter for was the combination of the computer-room safe,
which we kept in a sealed envelope for emergencies.  The same technique
can work just fine for crypto keys today.  If you'd rather use electronic
storage
than sticking floppies in a safe, encrypt the password with Corporate Security's
public key, and email it to them with a Subject: line explaining what it is.
Retrieval is easy, and it's _not_ automatic; a human needs to be involved,
which is a Good Thing - this is _supposed_ to be an emergency backup.
If you don't trust it, split the key and email to two different Corporate
Security Management folks.  If you don't trust the users not to send bogus keys,
you shouldn't be trusting them with the information the keys protect.

(System V being what it was in those days, we protected the root password
to our computer by giving it to all the technically competent users so they
could reboot the VAX or exceed system limits to get their work done.  :-)



#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From dm at amsterdam.lcs.mit.edu  Sat Feb 24 01:07:14 1996
From: dm at amsterdam.lcs.mit.edu (David Mazieres)
Date: Sat, 24 Feb 1996 17:07:14 +0800
Subject: Need SSL firewall
In-Reply-To: <199602202203.RAA08526@bb.hks.net>
Message-ID: <199602240750.CAA24763@amsterdam.lcs.mit.edu>


I recommend Darren Reed's IPfilter package, which comes with OpenBSD,
and installs easily on FreeBSD and NetBSD.  It also works with SunOS
and Solaris, and I think even more operating systems.  It is highly
configurable.  Blocking all incoming TCP connections except to a few
host/port pairs should be quite simple.

You can get it at ftp://coombs.anu.edu.au:/pub/net/firewall/ip-filter

David





From EALLENSMITH at ocelot.Rutgers.EDU  Sat Feb 24 01:07:20 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Sat, 24 Feb 1996 17:07:20 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <01I1IRX0E278AKTL4K@mbcl.rutgers.edu>


From:	IN%"m5 at dev.tivoli.com" 22-FEB-1996 11:47:13.40

>Perry E. Metzger writes:
> > If you start with 100 bits of entropy, your stream will have only 100
> > bits of entropy. If you start with 1024 bits, you will have a kilobit
> > of entropy, and so forth.
> > 
> > This may seem like a lot, but it really isn't.

	I'm an almost complete novice at cryptography, and even I know that
Perry is completely correct in this. Look at it this way. You've got a computer
algorithm doing something or another. Given the two pieces of information
(the entropy) of the initial somewhat random number and the number of
iterations, it will produce _one_ and _only one_ number out the end. Now, if
you have a high-quality PRNG (that's what this is), it will be very hard to
predict what set of numbers will turn out just from knowing the algorithm, but
you're still not adding to the number of possibilities from your initial
random number.

>...and note that IPG does us the favor of ensuring the keys conform to
>this elaborate battery of statistical tests.  Thus, there are bunches
>of keys that "aren't random enough" and thus not among the set to be
>considered when trying to break one.

	Quite. It's about like my doing an experiment with randomly selected
groups and deliberately selecting only ones that match my preconcieved notions
of how it's supposed to be. You can do that for things that aren't what one is
looking at (i.e., controlling for stuff), but do it with the _result_ and
you'll be laughed out of any respectable journal in which you try to publish
it.
	-Allen





From stewarts at ix.netcom.com  Sat Feb 24 01:09:41 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sat, 24 Feb 1996 17:09:41 +0800
Subject: Hash of plaintext as key?
Message-ID: <199602240738.XAA15134@ix3.ix.netcom.com>


At 09:56 AM 2/22/96 -0800, John Pettitt  wrote:
>I have this application which encrypts software prior to distribution.  I'd
>like to pre-encrypt most of the data (individual files) and then just
>encrypt all the individual file keys with a customer specific key at run
>time.  (This is mostly a CPU cycle saving thing).

Depending on the security environment you're running in, this can be
fine or can be dangerous; think about your threat models carefully.
For some applications, it makes a lot of sense.  It does give you
a traffic analysis problem - Eavesdroppers can tell that you sent the same
document to Alice, Bob, and Eve, but not Fred, in case this matters to you.
You could strengthen it a bit by superencrypting the copy you send to
the user with a very fast Snake-Oil algorithm, but Eve has the real document
(and the version encrypted with the good algorithm), so she's got known
plaintext for cracking messages sent to Alice and Bob if she wants.
In a DES world, you might do almost-triple-DES by encrypting with two common
keys up front and use DES with separate third keys for the final stage.
With RC4 or RC5, that doesn't gain you much, since the difference between
RC4/40 and RC4/256 is all in the key-scheduling phase, not the bulk part.

>I thought I'd use the MD5 (or SHA) hash of the plaintext as the key. Plenty
>of entropy in the entire plaintext, a different key for each file and if you
>know the plaintext to calculate they key you don't need the key anyway!

It doesn't really gain you anything; generating pseudo-random key bits
isn't much work compared to encrypting the files or public-key encrypting
the file keys to send to users, and there's no benefit other than getting some
extra entropy bits (which you may want to do anyway to stir into your
entropy pool in addition to using a random number source.)

What it does risk, in case this threat matters, is that somebody who can guess
the documents you might be encrypting can calculate their MD5s and trial
decrypt.
This lets them verify whether a given document is in the encrypted database,
for instance.

One of the NSA Rainbow Books discusses secure databases - maybe Purple or Gray?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From lmccarth at cs.umass.edu  Sat Feb 24 01:10:23 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sat, 24 Feb 1996 17:10:23 +0800
Subject: "E-Money" is trademarked
In-Reply-To: <9602240556.AA26142@bilbo.suite.com>
Message-ID: <199602240747.CAA25938@opine.cs.umass.edu>


Jim_Miller at suite.com writes:
> FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds  
> the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware 
> 
> Corporation.  See the Web page http://www.efunds.com
> 
> I guess I will have to rename my E-Money mini-FAQ.

First Virtual doesn't seem to be concerned....

gilling% whois -h rs.internic.net emoney.com
First Virtual Holdings Incorporated (EMONEY-DOM)
   11975 El Camino Real  Suite 300
   San Diego, California 92130
   USA

   Domain Name: EMONEY.COM

   Administrative Contact:
      Lowery, Carlyn  (CL419)  lowery at FV.COM
      1-800-306-8127
   Technical Contact, Zone Contact:
      Kail, Mike  (MK634)  mdkail at FV.COM
      1-619-793-3359

   Record last updated on 20-Feb-96.
			  ~~~~~~~~~
[...]





From jpp at software.net  Sat Feb 24 01:21:00 1996
From: jpp at software.net (John Pettitt)
Date: Sat, 24 Feb 1996 17:21:00 +0800
Subject: SET spec available
Message-ID: <2.2.32.19960224080913.00aff338@mail.software.net>


The SET transaction spec is now available on www.visa.com (and presumably on
www.mastercard.com although I didn't check).

Highlights are:
        It cops out on the big one - how to identify card users in the first
        place to issue certificates.

        The MS/Visa 'credential' that looked like a certificate but wasn't has
        been replace by X.509

--
John Pettitt
email:         jpettitt at well.sf.ca.us (home)
               jpp at software.net       (work)    







From perry at piermont.com  Sat Feb 24 01:30:15 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Sat, 24 Feb 1996 17:30:15 +0800
Subject: No Subject
In-Reply-To: <199602220450.UAA30737@obscura.com>
Message-ID: <199602220512.AAA14343@jekyll.piermont.com>



Dear anonymous;

IPG Sales is not subscribed to the mailing list and only receives
CCs. Your perls of wisdom have escaped their notice.

Mixmaster writes:
> IPG Sales  wrote:
> >
> >We fess up - we are pig farmers from TexasL, we never have been to 
> >these high fluting things you call schools, so we do not even 
> >know what you are talking about, much less anything about Cryptography.
> 
> This explains your spelling skills, which a number of people have





From ipgsales at cyberstation.net  Sat Feb 24 03:47:31 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Sat, 24 Feb 1996 19:47:31 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211545.KAA09477@jekyll.piermont.com>
Message-ID: 


Perry:

"Stubborness and dogmatism are the surest signs of stupidity - is there 
 anything more resolute and disdainful than an ass!" Montaigne

You have an yellow streak down your back  infinitely wide - you may or 
may not be a physical coward but you are certainly an intellectual coward 
- you have the opportunity to save human lives, as you asserted and you 
just brushed that asside -

Who said that we are expanding OTP's - we are using them to drive RNG's 
please read my mail back and forth with Derek and Roy Silvernail,  I 
belive that both of then recognize that an extremely large key, 2 to 
some large number, let us say for the time being 2 to 12288 bits can be 
derived from a OTP when generated- 

If you ever learn to listen, then you might recognize that there might be 
more to this than meets the eye - you have been given the opportunity to 
save all these lives - so do so - break our system and prove what fakers 
we are - no, you are afraid of that- you want to sit on the sidelines and 
cheer, cheer on the homew team - a spectator, afraid of the truth athat 
wants to hide behind some stupid dogms that he spouts on and on - come on 
Perry, show us how easy it is to break the system - save all those lives 
that you were talking about 






From ipgsales at cyberstation.net  Sat Feb 24 03:50:37 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Sat, 24 Feb 1996 19:50:37 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211534.KAA02195@remus.ultranet.com>
Message-ID: 


Dan, 

We do not asked that all the people on the Cypherpunks mailing list sign 
anything - not even the ones that particpate in the testing - they sign 
nothing and agree to nothing other than to be intellectually honest - 
there is nothing for anyone to sign - 

We have complied with Derek's request, why are so many of you starting to 
protest - are you afraid of the truth? Obviously so - or you would not be 
so timid - some of you have snapped at the opportunity to test the system, 
the others are obviously skating backwards as fast as they can,

Appreciatively,

Ralph 


Converstaion between Ralph and Charles Metzger, paraphrase -

Charles Metzger, was a brillant Docturate of Applied Mathematics, who was 
blinded duribng his twenties  - he became a programmer, using punched 
cards at first and later braille 

Ralph: You amaze me Charles, you are the most precisioned programmer that 
       I know - I bet 20% of your programs run the first time.

Charles: Not that much, probably more like 10%, you know what 
         Panchatantra said ?

Ralph: No what? 

Charles: Knowledge is the true organ of sight, not the eyes.

Ralph: I could not agree more -


It is obvious that some Cypherpunks true vision are not nearly so astute 
as Charles was - not nearly, they are blinded by their arbitrary dogmatism








From geeman at best.com  Sat Feb 24 05:18:23 1996
From: geeman at best.com (geeman at best.com)
Date: Sat, 24 Feb 1996 21:18:23 +0800
Subject: pcmcia
Message-ID: <199602230502.VAA04115@mail1.best.com>


At 10:58 AM 2/22/96 +0000, you wrote:
>I am just assuming that the Association (PCMCIA) has a way of distributing
>specs, etc. 

You can call them in San Jose, CA @ 408 433 2273  
$475.00 for non-members, paper only.  $715, paper/CD both.

>I also assume they have a web page and all that, maybe 
>even a citizen-unit subscribed to this mailing list who probably could
>point us in the right direction.  

www.pc-card.com, I believe

>I think PCMCIA cards offer a lot of
>potential as wallets and general purpose privacy prophylaxis engines.

Absolutely, and without doubt.  They are coming.

>I don't know anything about the technology, but the device drivers, et al,
>could be publicly reviewed and recompiled on trusted machines, presumably,
>and the device itself could be tested (I assume) with a publicly 
>available routine that once again one could install from source, etc. 

There are commercially available drivers, tested rigorously.  Fortezza cards
and s/w are very solid, as well as other cards derived from that type of
technology.  Fortezza cards are self-testing.

>
>how much do the slots cost to add on to pc's that don't already have them?
>Is there a parallel interface, for instance, that can plug into a 
>printer port?

SCM Microsystems, 408 370 4888 has a "Swap Box" product.  I don't know the cost.

>--
>PJ
>------------------------------------------------------------------------
>
>On Thu, 22 Feb 1996, Adam Shostack wrote:
>
>> P.J. Ponder wrote:
>> 
>> | obligatory crypto comment: has anyone looked at the iPower card and 
>> | gotten one to play with? Where else could one get a PCMCIA card that was 
>> | programmable and had a little memory on it? How hard would it be to make 
>> | one - in other words, what could we get the cost down to for an 
>> | encrypting pcmcia card? there couldn't be much to it, really, could there?
>> 
>> 	I got one, its very badly documented; theres some source in
>> Visual basic for windoze.  I haven't had time to track down real docs
>> so I can do anything.  Anyone know who I can call to get real
>> documentation?
>> 
>> Adam
>> 
>> 
>> -- 
>> "It is seldom that liberty of any kind is lost all at once."
>> 					               -Hume
>> 
>
>






From rah at shipwright.com  Sat Feb 24 07:47:08 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 24 Feb 1996 23:47:08 +0800
Subject: The "excrable" e$
Message-ID: 


At 3:02 AM 2/24/96, Timothy C. May wrote:
>I can only hope that someone soon trademarks the stupid "e$" and thus
>enjoins the rest of us from using it.

Or, as Mr. May has said in the past, "the excrable" e$.

;-).

>(On a serious note, yet another example that the American copyrighting and
>patenting engine is overrevving.)

Say "amen", somebody.


Actually, *I* seem to be the unfortunate wretch who coined (ahem...) the
term "e$", as it refers to a dollar digitally spent on the internet. My
apologies to those spenders of yen, marks, and pounds. I hope I can take
some solice in the notion that all money's fungible. :-). In addition,
there's no reason not to use e�, or e�, if people can read your character
maps. One of the reasons I chose e$ is that I believe $ is way down deep in
the ASCII character set, and thus most machines will display it.

Ethnocentrism and potential trademark enfringements aside, a bit of
pronounciation may be useful here: when I see "e$" alone in text, I say
"e-money" (again, my apologies), and when I see "e$10.00", I say "ten
e-dollars".

Speaking of trademarks, I had hoped that by using "e$" everywhere that we
could avoid such legal mechanations, in the same vein that various
mathematical notation schemes cannot be copyrighted (I think). For the
lawyers out there, is it possible to do the equivalent of a GNU GPL
"copy-left" with a potential trademark like "e$"?  If it is, I'd like to do
that. Ubiquity is power, and all that, "excrable" symbols and all...



Anyone interested in discussing trends in, or the consequences (economic,
social or otherwise) of *financial* cryptography on public networks, is
cordially invited to subscribe to the e$ mail list. Send "subscribe e$" in
the body of a message to majordomo at thumper.vmeng.com, and, after you've
subscribed, introduce yourself! The list is unmoderated.



Cheers,
Bob Hettinga
(e$mpressario)


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From sameer at c2.org  Sat Feb 24 08:56:02 1996
From: sameer at c2.org (sameer)
Date: Sun, 25 Feb 1996 00:56:02 +0800
Subject: REM_ote
In-Reply-To: <312EC793.3CE9@netscape.com>
Message-ID: <199602241617.IAA28724@infinity.c2.org>


> about your browsing habits.  Of course we have never done this, but if we
> were "phoning home" periodically to check for new releases it might raise
> some suspicion among the more paranoid.
> 
>   I guess we could make it an option...

	I don't think you need to "phone home". Just make it happen
whenever someone hits the Netscape web site. some monstrous percentage
of Netscape users haven't changed the default home page, and even
those who have do go to the Netscape page every now and then.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From erice at internic.net  Sat Feb 24 09:32:02 1996
From: erice at internic.net (Eric Eden)
Date: Sun, 25 Feb 1996 01:32:02 +0800
Subject: InterNIC Guardian Object Draft
Message-ID: <199602241712.MAA26212@ops.internic.net>


 
We're distributing this to the Internet community for comments
and suggestions.  If you have any ideas for improving this draft
please let us know.

I apologize in advance for the length, but the authors are really  
interested in your thoughts.                

Thanks,



Eric Eden                                           erice at internic.net
InterNIC Registration Services                            703-736-0145


 [ URL ftp://rs.internic.net/policy/internic/internic-gen-1.txt ]  [ 2/96 ]
 
                                                               Jasdip Singh
                                                          Network Solutions
                                                               Mark Kosters
                                                          Network Solutions
 
 
                         The InterNIC Guardian Object
                                    DRAFT
 
 
 Table of Contents
 
 1. Introduction.......................................................   1
 2. Main Features of a Guardian........................................   1
 3. Guardian Attributes................................................   1
 4. Registering the Guardian Attributes................................   4
 4.1 Using the New Contact Template....................................   5
 4.2 Using the Modified Registration Templates.........................   5
 5. Linking Guardian Information to Existing Records...................   5
 6. Notification.......................................................   6
 7. Object Update Rules................................................   6
 7.1 Request from a Contact with Authentication Information............   7
 7.2 Request from a Contact without Authentication Information.........   7
 7.3 Request from a Sender not listed as a Contact.....................   7
 8. Object Use Rules...................................................   8
 8.1 Request from a Contact............................................   8
 8.2 Request from a Sender not listed as a Contact.....................   8
 9. Other Guardian Issues..............................................   8
 9.1 Number of Guardians per Object....................................   8
 9.2 Protecting Guardian Information...................................   9
 9.3 Displaying Guardian Information...................................   9
 10. Conclusion........................................................   9
 11. References........................................................   9
 12. Acknowledgements..................................................   9
 
 A. The Proposed Contact Template......................................  10
 B. The Proposed Link Template.........................................  12
 C. The Proposed Notify Template.......................................  14
 D. Object Update Rules................................................  15
 E. Object Use Rules...................................................  16
 F. Examples...........................................................  17
 F.1 How to Register a New Contact with Authentication Information.....  17
 F.2 How to Link Guardian Information to Existing Records..............  18
 F.3 How to Update a Guarded Record....................................  19
 F.4 WHOIS Display of Guardian Information.............................  20
 
 
 
 
 
 
 
                                                                   [Page i]
 
 1. Introduction
 
    This document proposes a model to authorize changes made to the Objects
    (Domains, Networks, Autonomous System Numbers, and Hosts) registered
    with the InterNIC.  The registration activity at the InterNIC has
    increased exponentially with the rapid growth of the Internet.  In the
    absence of a formal authorization model, the likelihood of making
    malicious changes to the registered Objects has also increased and
    could have serious consequences at the affected sites.  For example, an
    unauthorized update could lead a commercial organization to lose its
    presence on the Internet until that update is reversed.
 
 
 2. Main Features of a Guardian
 
    -  A Guardian is an Object that protects other Objects from unauthorized
       changes.  It is basically a Contact with Authentication Information.
 
    -  The different authorization schemes to authenticate a Guardian are
       MAIL-FROM, CRYPT-PW, and PGP.
 
    -  The use of a Guardian is optional.
 
    -  An Object may be guarded by multiple Guardians with each Guardian
       having an equal authority to make changes to the Object.
 
 
 3. Guardian Attributes
 
    Currently, the InterNIC allows a registered Object to be updated if
    the request came from one of its Contacts.  This model is weak due to
    potential mail spoofing.  To allow for stronger authorization schemes,
    the proposed authorization model defines a new Object called Guardian.
 
    A Guardian is basically a Contact with Authentication Information.
    It inherits the attributes of a Contact Object and has the additional
    authentication attributes.  The definition of a Guardian is derived
    from a Contact because a particular Contact (Administrative, Technical,
    or Billing) represents some form of holding of a registered Object and
    the holder of an Object is most likely to guard it also.
 
 
 
 
 
 
                                                                   [Page 1]
 
    The attributes of a Guardian are:
 
    Name               Required
    Type               Required
    Address            Required
    Phone              Required
    Fax                Optional
    Email              Required
    Notify Update      Optional
    Notify Use         Optional
    Auth Scheme        Required *
    Auth Info          Required *
    Public             Optional
 
    * The Auth Scheme and Auth Info attributes are required only for a
      Guardian Object (a Contact with Authentication Information) and not
      for a Contact Object (a Contact without Authentication Information).
 
    Name, Type, Address, Phone, Fax, Email, Notify Update, and Notify Use
    are the attributes a Guardian inherits from a Contact Object.  Auth
    Scheme, Auth Info, and Public are the additional authentication
    attributes of a Guardian.
 
    Name
 
       Name of a Guardian.
 
    Type
 
       Type of a Guardian.  It can have values I (Individual) or R (Role
       Account).
 
    Address
 
       Postal address of a Guardian.
 
    Phone
 
       Phone number of a Guardian.
 
    Fax
 
       Fax number of a Guardian.
 
    Email
 
       Email address of a Guardian.
 
 
 
 
                                                                   [Page 2]
 
    Notify Update
 
       This attribute determines if and when a Guardian should be notified
       about the update of an Object the Guardian is responsible for.  It
       can have values BEFORE-UPDATE, AFTER-UPDATE, and NOT-CARE.
 
       BEFORE-UPDATE   The Guardian will be notified before updating the
                       Object.
 
       AFTER-UPDATE    The Guardian will be notified after updating the
                       Object.  AFTER-UPDATE is the default value.
 
       NOT-CARE        The Guardian will not be notified about the Object
                       update because it does not want to be notified.
 
       Currently, a Guardian's Notify Update attribute will be the same
       for all the Objects the Guardian is responsible for.  In future,
       it will be defined on a per Object basis for each of the Objects
       a Guardian is guarding.  
 
    Notify Use
 
       This attribute determines if and when a Guardian should be notified
       about the use of an Object the Guardian is responsible for.  For
       example, a Guardian of a Host may be notified when someone else
       lists it as a DNS server for a Domain.  It can have values
       BEFORE-USE, AFTER-USE, and NOT-CARE.
 
       BEFORE-USE      The Guardian will be notified before using the
                       Object.   
 
       AFTER-USE       The Guardian will be notified after using the
                       Object.  AFTER-USE is the default value.
 
       NOT-CARE        The Guardian will not be notified about the Object
                       use because it does not want to be notified.
 
       Currently, a Guardian's Notify Use attribute will be the same for
       all the Objects the Guardian is responsible for.  In future, it
       will be defined on a per Object basis for each of the Objects a
       Guardian is guarding.  
 
    Auth Scheme
 
       Authorization scheme used to authenticate a Guardian before updating
       the Object it is guarding.  The proposed schemes in an increasing
       order of strength are MAIL-FROM, CRYPT-PW, and PGP [1].
 
       MAIL-FROM    MAIL-FROM will parse the FROM: field in the mail header
                    of an update message and match it with the email address
                    of the Guardian guarding the Object to be updated.
                    MAIL-FROM is the default Auth Scheme.
 
 
                                                                   [Page 3]
 
       CRYPT-PW     CRYPT-PW will encrypt the cleartext password supplied
                    in an update message and match it with the encrypted
                    password of the Guardian guarding the Object to be
                    updated.  Initially when a new Guardian is being
                    registered or the authentication information is being
                    added to an existing Contact, the encrypted password
                    MUST be supplied.  The Unix crypt(3) routine SHOULD be
                    used to encrypt a cleartext password.
 
       PGP          PGP stands for Pretty Good Privacy [2].  The sender will
                    sign the update message with a Guardian's secret PGP
                    key.  The InterNIC will verify the received update
                    message with the Guardian's public PGP key.  How to
                    register a Guardian's public PGP key with the InterNIC
                    will be explained in another document.
 
    Auth Info
 
       Information for the selected authorization scheme.  The
       authentication information stored in the database for a Guardian
       registered with the InterNIC is:
 
       MAIL-FROM    Email address of a Guardian.
 
       CRYPT-PW     Encrypted password of a Guardian.
 
       PGP          Key ID of the public PGP key of a Guardian.
 
    Public
 
       Boolean indicating whether the authentication information for a
       Guardian will be public or not.  Public means visible in WHOIS.
       It can have values Y (Yes) or N (No).  The default value is Y.
 
    Note that the terms "Guardian" and "Contact with Authentication
    Information" are used interchangeably in the remaining document.
 
 
 4. Registering the Guardian Attributes
 
    There will be two alternatives available to register or update
    the Guardian attributes:
 
    -  Using the new Contact Template, or
 
    -  Using the registration templates for Domains, Networks, Autonomous
       System Numbers (ASNs), and Hosts modified to include the
       authentication information for the Contacts.
 
    Note that registering a PGP-authenticated Guardian will be a two-step
    process because the Guardian will first have to register its public
    PGP key with the InterNIC and then report the key ID as Auth Info
    using one of the above methods.
 
                                                                   [Page 4]
 
 4.1 Using the New Contact Template
 
    A new Contact Template is proposed to independently register or update
    a Contact with Authentication Information.  Appendix A describes the
    new Contact Template and its use.
 
 4.2 Using the Modified Registration Templates
 
    The registration templates for Domains, Networks, ASNs, and Hosts will
    be modified to include:
 
    a) The Authentication Information for the Contacts.
 
    b) The Authorization Section in the beginning of the template to
       authenticate the Guardian updating the Object.  It SHOULD be
       filled only when the Object is being modified or deleted, and
       if the Object is being guarded.  It has the following items:
 
       Auth Scheme
 
          Authorization scheme used to authenticate the Guardian updating
          the Object.  It can have values MAIL-FROM, CRYPT-PW, or PGP.
 
       Auth Info
 
          Information for the selected authorization scheme.  The different
          Auth Scheme and Auth Info combinations are:
 
          Auth Scheme   Auth Info
 
          MAIL-FROM     Ignored.  The FROM: field in the mail header of
                        an update message will be parsed to verify the
                        Guardian.
 
          CRYPT-PW      Cleartext password.
 
          PGP           Ignored.  The sender SHOULD sign the entire update
                        message with the secret PGP key of the Guardian
                        updating the Object and send it in cleartext to
                        the InterNIC.
    
 
 5. Linking Guardian Information to Existing Records
 
    There are two ways to link Guardian information to existing records:
 
    a) Once the authentication information is added to an existing
       Contact, all the database records the Contact is responsible for
       will be automatically guarded by that Contact and any subsequent
       update request from that Contact for one of those records will be
       first authenticated.  This approach should be used carefully because
       here a Contact guards either all or none of its Objects.
 
 
                                                                   [Page 5]
 
    b) A new Link Template is proposed to do a wholesale linkage of
       Contacts with Authentication Information (Guardian Objects) to
       database records (Guarded Objects) in a single transaction.  This
       approach is more flexible because the records that need to be
       guarded by a particular set of Guardians are listed explicitly in
       the Link Template.  Appendix B describes the new Link Template and
       its use.
 
 
 6. Notification
 
    The rules to update or use an Object will depend on when its Contacts
    are notified.
 
    There are two types of notification:
 
    Active Notification
 
       If the Notify Update attribute for a Contact of an Object is set to
       BEFORE-UPDATE, the Contact will be notified before updating the
       Object and the request will only be processed if an ACK
       (Acknowledgement) is received.
 
       If the Notify Use attribute for a Contact of an Object is set to
       BEFORE-USE, the Contact will be notified before using the Object
       and the request will only be processed if an ACK is received.
 
    Passive Notification
 
       If the Notify Update attribute for a Contact of an Object is set to
       AFTER-UPDATE, the Contact will be notified after the Object has been
       updated and the processed request will be revoked if a NAK (Negative
       Acknowledgement) is received.
 
       If the Notify Use attribute for a Contact of an Object is set to
       AFTER-USE, the Contact will be notified after the Object has been
       used and the processed request will be revoked if a NAK is received.
 
    An ACK or a NAK MUST be received within a certain time interval to
    be effective.  Clearly, active notification is safer than passive
    notification.  Appendix C describes the new Notify Template and
    its use.
 
 
 7. Object Update Rules
 
    A request to update an Object could possibly come from a Contact
    with Authentication Information, a Contact without Authentication
    Information or a sender not listed as a Contact for the Object. 
 
 
 
                                                                   [Page 6]
 
    The Object Update Rules for such requests are:
 
 7.1 Request from a Contact with Authentication Information
 
    The request will be processed immediately with notification to all
    the Contacts with Notify Update attribute set to BEFORE-UPDATE or
    AFTER-UPDATE.
 
 7.2 Request from a Contact without Authentication Information
 
 7.2.1 Object has at least one Contact with Authentication Information
 
    All the Contacts with Authentication Information will be notified before
    processing the request.  If the InterNIC receives an ACK first before
    the waiting time indicated on the Notify Template expires, the request
    will be processed.  Otherwise, the request will NOT be processed.
 
 7.2.2 Object has no Contacts with Authentication Information
 
 7.2.2.1 Object has at least one of the other Contacts with Notify Update
         Attribute set to BEFORE-UPDATE
 
    All the other Contacts with Notify Update attribute set to BEFORE-UPDATE
    will be notified before processing the request.  If the InterNIC
    receives an ACK first before the waiting time indicated on the Notify
    Template expires, the request will be processed.  Otherwise, the request
    will NOT be processed.
 
 7.2.2.2 Object has none of the other Contacts with Notify Update Attribute
         set to BEFORE-UPDATE
 
    The request will be processed immediately with notification to all
    the Contacts with Notify Update attribute set to AFTER-UPDATE.  The
    Contacts with Notify Update attribute set to NOT-CARE will not be
    notified.
 
 7.3 Request from a Sender not listed as a Contact
 
    All the Contacts will be notified before processing the request.  If
    the InterNIC receives an ACK first before the waiting time indicated
    on the Notify Template expires, the request will be processed.
    Otherwise, the request will NOT be processed.
 
    If the request from a sender not listed as a Contact is rejected, the
    sender MUST present an evidence that the organization using the Object
    has approved it to update the Object.  Another request from the same
    sender must be faxed to the InterNIC on the corporate letterhead and
    must contain the tracking number of the initial request.  The sender
    could also present its contract with the organization using the Object.
 
    Appendix D gives a summary of the Object Update Rules.
 
 
                                                                   [Page 7]
 
 8. Object Use Rules
 
    One of the more common registration problems is a Domain holder using
    without permission someone else's DNS servers or someone else's IP
    addresses to number its DNS servers.  The Object Use Rules will help
    prevent such illegal use of Objects, particularly Hosts and Networks.
 
    A request to use an Object could possibly come from one of its Contacts
    or a sender not listed as a Contact for the Object.
 
    The Object Use Rules for such requests are:
 
 8.1 Request from a Contact
 
    The request will be processed immediately with notification to all the
    Contacts with Notify Use attribute set to BEFORE-USE or AFTER-USE.
 
 8.2 Request from a Sender not listed as a Contact
 
 8.2.1 Object to be used has at least one Contact with Notify Use Attribute
       set to BEFORE-USE
 
    All the Contacts with Notify Use attribute set to BEFORE-USE will be
    notified before processing the request.  If the InterNIC receives an
    ACK first before the waiting time indicated on the Notify Template
    expires, the request will be processed.  Otherwise, the request will
    NOT be processed.
 
 8.2.2 Object to be used has no Contact with Notify Use Attribute set to
       BEFORE-USE
 
    The request will be processed immediately with notification to all the
    Contacts with Notify Use attribute set to AFTER-USE.  The Contacts with
    Notify Use attribute set to NOT-CARE will not be notified.
 
    Appendix E gives a summary of the Object Use Rules.
 
 
 9. Other Guardian Issues
 
 9.1 Number of Guardians per Object
 
    The number of Guardians for an Object will be equal to the number of
    its Contacts with Authentication Information.  Each Guardian will have
    an equal authority to make changes to the Object.  In future, multiple
    Contacts of the same type (for example, Technical) will be allowed for
    an Object.
 
    If an Object has no Contacts with Authentication Information, it will
    not be guarded at all.  
 
 
                                                                   [Page 8]
 
 9.2 Protecting Guardian Information
 
    By default, a Guardian will guard itself (that is, only the Guardian
    will have the authority to make changes to its information).  However,
    a Guardian can be guarded by another Guardian.
 
    If a Guardian is guarding itself and needs to update its authentication
    information or scheme, the update message MUST contain the Guardian's
    old authentication information.  Otherwise, the Guardian can not be
    authenticated before the update.  For example, if a Guardian's Auth
    Scheme is MAIL-FROM, and it needs to either update its email address
    or change its Auth Scheme, the update message must come from its old
    email address.
 
 9.3 Displaying Guardian Information
 
    The authentication information for a Guardian will be visible in WHOIS
    unless the Guardian chooses to keep it private.  This information will
    be public by default because a Guarded Object should be protected by
    the inherent strength of the selected authorization scheme rather than
    by hiding the authorization information for its Guardian.
 
    The WHOIS display for a Guarded Object will be extended to indicate
    that the Object is being guarded.  
 
 
 10. Conclusion
 
    The increased market value of the Objects registered with the InterNIC,
    particularly Domains and Networks, has necessitated the need for more
    secure database transactions.  This Guardian proposal will help solve
    most of the current, unauthorized Object update and use problems at
    the InterNIC.  It balances operational expediency with stronger
    authorization by allowing the Contacts of an Object to select the
    appropriate level of security (MAIL-FROM, CRYPT-PW, or PGP) for the
    Object.
 
 
 11. References
 
    [1] Karrenberg, D., Terpstra, M., "Authorisation and Notification of
        Changes in the RIPE Database", ripe-120, RIPE NCC, RIPE NCC.
 
    [2] Garfinkel, S., "PGP Pretty Good Privacy", O'Reilly & Associates,
        Inc.
 
 
 12. Acknowledgements
 
    The authors thank the InterNIC staff for some very useful suggestions,
    especially Eric Eden, Tom Newell, Kim Hubbard, Duane Stone, and Carley
    Johnson.
 
 
                                                                   [Page 9]
 
 Appendix A
 
 The Proposed Contact Template
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............:
    0b. Auth Info...............:
 
    1.  (N)ew (M)odify (D)elete.:
 
    Contact Information
    2a. NIC Handle..............:
    2b. Name....................:
    2c. (I)ndividual (R)ole.....:
    2d. Street Address..........:
    2e. City....................:
    2f. State...................:
    2g. Postal Code.............:
    2h. Country Code............:
    2i. Phone Number............:
    2j. Fax Number..............:
    2k. E-Mailbox...............:
 
    Notify Information
    3a. Notify Update...........:
    3b. Notify Use..............:
 
    Authentication Information
    4a. Auth Scheme.............:
    4b. Auth Info...............:
    4c. Public (Y/N)............:
 
    The Contact Template will be used to independently register or update a
    Contact (with or without Authentication Information).
 
 
 
 
 
 
 
                                                                  [Page 10]
 
    Items 0a-0b SHOULD be filled only when a Contact is being modified or
    deleted, and if the Contact is being guarded.  These items contain
    the information to authenticate the Guardian updating the Contact.
    Item 0a is the authorization scheme for that Guardian.  It can have
    values MAIL-FROM, CRYPT-PW, or PGP.  Item 0b is the information for
    the selected authorization scheme.  The different items 0a and 0b
    combinations are:
 
    Item 0a      Item 0b
 
    MAIL-FROM    Ignored.  The FROM: field in the mail header of an update
                 message will be parsed to verify the Guardian.
 
    CRYPT-PW     Cleartext password.
 
    PGP          Ignored.  The sender SHOULD sign the entire update message
                 with the secret PGP key of the Guardian updating the
                 Contact and send it in cleartext to the InterNIC.
 
    Item 1 is the registration action type.  It can have values N, M, or D.
    N registers a new Contact.  M modifies the information for an existing
    Contact.  D deletes an existing Contact if it is no longer linked to
    any Object.
 
    Items 2a-2k contain the basic information for a Contact.  Item 2a is
    the NIC handle assigned to a Contact.  Items 2b, 2c, 2d-2h, 2i, 2j,
    and 2k are respectively the Name, Type, Address, Phone, Fax, and Email
    attributes of a Contact.
 
    Items 3a-3b contain the notification information for a Contact.
    Items 3a and 3b are respectively the Notify Update and Notify Use
    attributes of a Contact.
 
    Items 4a-4c contain the authentication information for a Contact.
    These items are optional, and are required only if either the
    authentication information is being added to an existing Contact or
    a new Contact with Authentication Information is being registered.
    Items 4a, 4b, and 4c are respectively the Auth Scheme, Auth Info,
    and Public attributes of a Guardian.
 
 
 
 
 
 
 
                                                                  [Page 11]
 
 Appendix B
 
 The Proposed Link Template
 
    [ URL ftp://rs.internic.net/templates/link-template.txt ]      [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Link Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0.  (N)ew (M)odify (D)elete.:
 
    Object
    1a. Identifier..............:
    1b. Type....................:
    1c. Function................:
 
    Linked Object
    2a. Identifier..............:
    2b. Type....................:
 
    The Link Template will be used to do wholesale database changes in a 
    single transaction.  Some of the more commonly requested database
    changes are:
 
    a) Link or unlink Contacts (with or without Authentication Information)
       to or from existing Domains, Networks, ASNs, and Hosts.
 
    b) Link or unlink DNS servers to or from existing Domains and Networks.
 
    Item 0 is the registration action type.  It can have values N, M, or D.
    N links the Objects (Contacts or DNS servers) in the Object Sections to
    the Objects (Domains, Networks, ASNs, and Hosts) in the Linked Object
    Sections.  M modifies the linkage.  D unlinks the Objects in the Object
    Sections from the Objects in the Linked Object Sections.
 
    Items 1a-1c contain information for an Object (Contact or DNS server)
    in the Object Section.  Item 1a is the Identifier of the Object.
    Item 1b is the Type of the Object.  Item 1c is optional and is required
    only if the Object is a Contact.  It is the Function Type of a Contact.
    It can have values AC (Administrative Contact), TC (Technical Contact),
    or BC (Billing Contact).  The Object Section SHOULD be copied for each
    Object (Contact or DNS server).
 
    Items 2a-2b contain information for an Object (Domain, Network, ASN, or
    Host) in the Linked Object Section.  Item 2a is the Identifier of the
    Object.  Item 2b is the Type of the Object.  The Linked Object Section
    SHOULD be copied for each Object (Domain, Network, ASN, or Host).
 
 
 
 
                                                                  [Page 12]
 
    The different Identifiers and Types of the Objects are:
 
    Object     Identifier                 Type
 
    Domain     NIC Handle/Domain Name      D
    Network    NIC Handle/Network Name     N
    ASN        NIC Handle/AS Name          A
    Host       NIC Handle/Host Name        H
    Contact    NIC Handle                  I/R
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 13]
 
 
 Appendix C
 
 The Proposed Notify Template
 
    [ URL ftp://rs.internic.net/templates/notify-template.txt ]    [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Notify Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0a. (A)ck (N)ak.....:
    0b. Comments........:
 
    Object
    1a. Identifier......:
    1b. Type............:
    1c. Tracking Number.:
 
    The Notify Template will be used to notify a Contact of an Object
    before or after updating or using the Object, and get its approval.
    The InterNIC will fill in the information for the requested Object
    update or use in the template (Items 1a-1c) and send it to a Contact
    of the Object for approval.  The Contact will, in turn, fill in the
    ACK/NAK response in the template (Items 0a-0b) and send it back to
    the InterNIC.  If no ACK or NAK is received within 4 days for an
    Object update request or 2 days for an Object use request, the
    InterNIC may assume an implicit ACK or NAK depending on the type of
    request.
 
    Items 0a-0b contain the response from a Contact.  Item 0a is the
    ACK/NAK response.  It can have values A (Ack) or N (Nak).  Item 0b
    contains the comments from the Contact on the approval or disapproval
    of the request.
 
    Items 1a-1c contain information for the requested Object update or use.
    Item 1a is the Identifier of the Object.  Item 1b is the Type of the
    Object. Item 1c is the Tracking Number of the request.
 
    The different Identifiers and Types of the Objects are:
 
    Object     Identifier                 Type
 
    Domain     NIC Handle/Domain Name      D
    Network    NIC Handle/Network Name     N
    ASN        NIC Handle/AS Name          A
    Host       NIC Handle/Host Name        H
    Contact    NIC Handle                  I/R
 
 
 
 
 
                                                                  [Page 14]
 
 
 Appendix D
 
 Object Update Rules
 
    IF Request from a Contact with Authentication Information
      Passive Notification to all the Contacts with Notify Update attribute
      set to BEFORE-UPDATE or AFTER-UPDATE after updating the Object
    ELSE IF Request from a Contact without Authentication Information
      IF Object has at least one Contact with Authentication Information
        Active Notification to these Contacts before updating the Object
      ELSE
        IF Object has at least one of the other Contacts with Notify Update
           attribute set to BEFORE-UPDATE
          Active Notification to these Contacts before updating the Object
        ELSE
          Passive Notification to all the Contacts with Notify Update
          attribute set to AFTER-UPDATE after updating the Object
        ENDIF
      ENDIF
    ELSE IF Request from a Sender not listed as a Contact
      Notification to all the Contacts before updating the Object
      IF the InterNIC receives an ACK
        Object updated
      ELSE IF the Sender faxes a copy of its contract with the Object Holder
        Object updated
      ELSE IF the Object Holder faxes the request on corporate letterhead 
        Object updated
      ELSE
        Object not updated
      ENDIF
    ENDIF
 
    Active Notification:
 
    IF the InterNIC receives an ACK first within 4 days
      Object updated
    ELSE
      Object not updated
    ENDIF
 
    Passive Notification:
 
    IF the InterNIC receives a NAK first within 4 days
      Object update revoked
    ELSE
      OK
    ENDIF
 
 
 
 
 
 
 
                                                                  [Page 15]
 
 
 Appendix E
 
 Object Use Rules
 
    IF Request from a Contact
      Passive Notification to all the Contacts with Notify Use attribute
      set to BEFORE-USE or AFTER-USE after using the Object
    ELSE IF Request from a Sender not listed as a Contact
      IF Object has at least one Contact with Notify Use attribute
         set to BEFORE-USE
        Active Notification to these Contacts before using the Object
      ELSE
        Passive Notification to all the Contacts with Notify Update
        attribute set to AFTER-USE after using the Object
      ENDIF
    ENDIF
 
    Active Notification:
 
    IF the InterNIC receives an ACK first within 2 days
      Object used
    ELSE
      Object not used
    ENDIF
 
    Passive Notification:
 
    IF the InterNIC receives a NAK first within 2 days
      Object use revoked
    ELSE
      OK
    ENDIF
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 16]
 
 
 Appendix F
 
 Examples
 
 F.1 How to Register a New Contact with Authentication Information
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............:
    0b. Auth Info...............:
 
    1.  (N)ew (M)odify (D)elete.: N
 
    Contact Information
    2a. NIC Handle..............:
    2b. Name....................: Xary Y. Zmith
    2c. (I)ndividual (R)ole.....: I
    2d. Street Address..........: Fictitious Street
    2e. City....................: Imaginary
    2f. State...................: VA
    2g. Postal Code.............: 22079
    2h. Country Code............: US
    2i. Phone Number............: 1-703-999-8484
    2j. Fax Number..............: 1-703-999-8485
    2k. E-Mailbox...............: xyz at internic.net
 
    Notify Information
    3a. Notify Update...........: BEFORE-UPDATE
    3b. Notify Use..............: AFTER-USE
 
    Authentication Information
    4a. Auth Scheme.............: CRYPT-PW
    4b. Auth Info...............: %.d!Hr3 at rm.Gh
    4c. Public (Y/N)............: Y
 
    Here, a new Contact Xary Y. Zmith is registered with CRYPT-PW as its
    Auth Scheme.  The Contact will be notified before updating or after
    using an Object it is responsible for.  The authentication information
    for the Contact will be visible in WHOIS.
 
 
 
 
 
 
 
 
                                                                  [Page 17]
 
 
 F.2 How to Link Guardian Information to Existing Records
 
    [ URL ftp://rs.internic.net/templates/link-template.txt ]      [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Link Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0.  (N)ew (M)odify (D)elete.: N
 
    Object
    1a. Identifier..............: XYZ10000
    1b. Type....................: I
    1c. Function................: TC
 
    Linked Object
    2a. Identifier..............: HOST.EXAMPLE.COM
    2b. Type....................: H
 
    In Example F.1, the new Contact is registered with NIC handle XYZ10000.
    Here, the Contact XYZ10000 is linked as Technical Contact to the Host
    HOST.EXAMPLE.COM.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 18]
 
 
 F.3 How to Update a Guarded Record
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............: CRYPT-PW
    0b. Auth Info...............: Cleartext Password
 
    1.  (N)ew (M)odify (D)elete.: M
 
    Contact Information
    2a. NIC Handle..............: XYZ10000
    2b. Name....................:
    2c. (I)ndividual (R)ole.....:
    2d. Street Address..........:
    2e. City....................:
    2f. State...................:
    2g. Postal Code.............:
    2h. Country Code............:
    2i. Phone Number............: 1-703-999-8486
    2j. Fax Number..............:
    2k. E-Mailbox...............:
 
    Notify Information
    3a. Notify Update...........:
    3b. Notify Use..............:
 
    Authentication Information
    4a. Auth Scheme.............:
    4b. Auth Info...............: 
    4c. Public (Y/N)............:
 
    Here, the authorization information in items 0a-0b is first verified
    and then the record for the Contact XYZ10000 is updated. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 19]
 
 
 F.4 WHOIS Display of Guardian Information
 
    Whois: XYZ10000
 
    Zmith, Xary Y. (XYZ10000)                xyz at INTERNIC.NET
       Fictitious Street
       Imaginary, VA 22079
       (703) 999-8486
       (703) 999-8485
 
       Auth Scheme: CRYPT-PW %.d!Hr3 at rm.Gh
 
       Record last updated on 18-Jan-96.
 
    Here, the WHOIS display of the Guardian XYZ10000 contains its
    authentication information because its Public attribute is set to Y.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 20]
 
 






From stend at grendel.texas.net  Sat Feb 24 10:32:26 1996
From: stend at grendel.texas.net (Sten Drescher)
Date: Sun, 25 Feb 1996 02:32:26 +0800
Subject: The "excrable" e$
In-Reply-To: 
Message-ID: <199602241757.LAA02466@grendel.texas.net>


On Sat, 24 Feb 1996 10:25:37 -0500, rah at shipwright.com (Robert Hettinga) said:

RH> Speaking of trademarks, I had hoped that by using "e$" everywhere
RH> that we could avoid such legal mechanations, in the same vein that
RH> various mathematical notation schemes cannot be copyrighted (I
RH> think). For the lawyers out there, is it possible to do the
RH> equivalent of a GNU GPL "copy-left" with a potential trademark
RH> like "e$"?  If it is, I'd like to do that. Ubiquity is power, and
RH> all that, "excrable" symbols and all...

	Well, since a copyleft is just a copyright (legally) under a
different name, I don't see any reason that you couldn't 'sharemark'
"e$" under the trademark conditions.  Only 'problem' is that if you
don't defend a trademark, it can become public domain, but then,
that's what we want, right?

-- 
#include                                /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.





From sethf at MIT.EDU  Sat Feb 24 10:34:12 1996
From: sethf at MIT.EDU (sethf at MIT.EDU)
Date: Sun, 25 Feb 1996 02:34:12 +0800
Subject: Internet shutdown Feb 29?
Message-ID: <9602241807.AA24746@frumious-bandersnatch.MIT.EDU>


> This looks completely, totally, and insanely bogus, but I

	Yes. It would have made a good April Fool's joke. No reality to
it whatsoever.

> Anybody from MIT ever heard of "Kim Dereksen"?

	No such person listed as being employed at MIT. You can check
how to use the MIT on-line directory by    finger help at mit.edu 

	There's also no "Interconnected Network Maintenance staff" at
MIT, that I know about.

>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

	This makes it a chain letter. NO!

================
Seth Finkelstein
sethf at mit.edu





From wohler at uluru.worldtalk.com  Sat Feb 24 11:24:42 1996
From: wohler at uluru.worldtalk.com (Bill Wohler)
Date: Sun, 25 Feb 1996 03:24:42 +0800
Subject: IA5 String...
In-Reply-To: <199602230055.QAA15846@infinity.c2.org>
Message-ID: <199602232310.AA100577031@worldtlk.worldtalk.com>


  Shoot, I should have caught that in the meeting.  It isn't "@"
  that's missing from IA5, it's "$".

Bill Wohler    ph: +1-415-854-1857  fax: +1-415-854-3195
Say it with MIME.  Maintainer of comp.mail.mh and news.software.nn FAQs.
If you're passed on the right, you're in the wrong lane.





From allyn at allyn.com  Sat Feb 24 11:26:23 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sun, 25 Feb 1996 03:26:23 +0800
Subject: Internet Protest!
In-Reply-To: <9602231413.AA17645@alpha>
Message-ID: <199602240131.RAA04410@mark.allyn.com>


But if the sysadmin at the white house gets so busy and has to charge
overtime, then it comes to the boss's attention and then the boss 
would know what is up. The boss would not see the individual email
messages, but he would get the gist.

I happen to be a sysadmin for a zillion servers and groups
of machines on a big huge corporate 
network. I have had to deal with full email buffers. When I spend
overtime fixing them, Gordon, my manager demands to know why. I will
honestly tell him what is happening. If it was because of a protest, 
I would tell him. Knowing him, he would probably want to look at
a sample of the emails.

Mark





From alex at verisign.com  Sat Feb 24 11:26:28 1996
From: alex at verisign.com (Alex Deacon)
Date: Sun, 25 Feb 1996 03:26:28 +0800
Subject: IA5 String...
In-Reply-To: <199602230055.QAA15846@infinity.c2.org>
Message-ID: <312E44ED.5EAF@verisign.com>


>    There was a lot of energy around S/MIME. People are implementing
> it. Internally, it's pretty kludgely, but it does provide pretty good
> cryptographic services. (as an aside, my favorite kludge anecdote is
> the fact that X.509 certificates use an IA5 character set rather than
> ASCII, so that the @ in email addresses has to be represented as (a)
> instead).

Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
>From what I understand IA5 basically means US ASCII.  

Alex





From 72124.3234 at compuserve.com  Sat Feb 24 11:26:33 1996
From: 72124.3234 at compuserve.com (Kent Briggs)
Date: Sun, 25 Feb 1996 03:26:33 +0800
Subject: Puffer 2.0 Released
Message-ID: <199602240101.UAA29346@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

>>>>>
Is PC1 a stream cipher implemented in a "clean room", by reference to an
abstract specification of the algorithm implied by the Alleged-RC4 source
code, that interoperates with RC4-40 ?
<<<<<

Yes, I wrote it in Pascal (Delphi) using only the English pseudo-code 
provided by Bruce Schneier in the 2nd edition of Applied Cryptography.  
I call my implementation PC1 to avoid any possible trademark hassles.  
The sample RC4 vector that the State Dept. sent me for my Commodity 
Jurisdiction request showed that my implementation is correct.  And
of course, there are no patents to worry about and I'm not under any
non-disclosure agreements.

RSADSI's government-sponsored monopoly on 40-bit exportable encryption
is over. 

I generate a key by combining a 40-bit pseudo-random salt with 40-bits
of secret key material.  The secret key material is the lower 40-bits of
a salted pass-phrase after running through a SHA-1 hash.

All the specs and file formats are included with the documentation.

Kent

Puffer is available at http://execpc.com/~kbriggs


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS5jYCoZzwIn1bdtAQF6dwF/XrD1BgPpNbvh1ZDq5bYg52q3PpYpBchj
3BbJgjS0FudNzkysl65vo4klEDEyHYb9
=9frt
-----END PGP SIGNATURE-----





From moroni at scranton.com  Sat Feb 24 11:26:39 1996
From: moroni at scranton.com (Moroni)
Date: Sun, 25 Feb 1996 03:26:39 +0800
Subject: Expect A Wave of Killings of Journalists....
In-Reply-To: 
Message-ID: 


   The CIA has allways  had journalists in their employ and big time. It 
will not matter an iota if the government allows it or not ,it will be 
done.They are not the only government to use reporters or actors or even 
world reknown chefs. 
                           moroni









On Thu, 22 Feb 1996, Timothy C. May wrote:

> At 11:36 PM 2/22/96, John Young wrote:
> >   2-22-96. TWP:
> >
> >   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
> >   for Covert Work."
> >
> >      A controversial loophole permitting the CIA to recruit
> >      American journalists as agents also allows the agency to
> >      waive a similar 19-year-old ban on employing clerics or
> >      missionaries. An official also disclosed that CIA
> >      regulations prohibit recruiting employees of members of
> >      Congress or congressional committees "without the
> >      approval of the member" for whom they work.
> 
> I watched CIA Director John Deutch (or is it Deutsch?) explain today just
> how the rules are being relaxed on having journalists as CIA operatives,
> and I could practically hear a collective "Oh, Shit!" echo from the
> journalistic capitals of the Second and Third Worlds.
> 
> Even when journalists were reporting to the intelligence agencies, they
> like the convenient fiction that such practices were forbidden. Even so, a
> couple of journalists were tagged by the governments they were spying on
> and disposed of.
> 
> Expect this to increase. Except now it will likely be Russian Mafiosos
> garrotting the "Washington Post" economics reporter in the back alleys off
> the Arbat.
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 





From ipgsales at cyberstation.net  Sat Feb 24 11:27:33 1996
From: ipgsales at cyberstation.net (IPG Sales)
Date: Sun, 25 Feb 1996 03:27:33 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602230622.BAA11095@UNiX.asb.com>
Message-ID: 



Thank you very much for your suggestion. I do not know if you have 
noticed or not,  but we have already done that, with the exception of 
private mail to a very few unspecified individuals, and this letter alone 
among all of the dozens of C'punk and other letters, we have suspended 
replying to the attacks. Please also note, that other than to four 
selected cypher lists, generic, we have made no postings to usenet, or 
listserve groups. We are eager for your cooperation, but there are problems
with complying to some of your requests. Give us a chance to explain that to a 
few of your people, and we will get back with you. Also, please read my 
revised response below,

I believe that the first priority is establish the strength, or lack 
thereof, of the algorithms, Everything else is irrelevant unless that 
can be established one way or the other. Accordingly, I am taking 
the necessary to initiate that effort. Please be patient, for a few days.


Appreciatively yours,


Ralph,   

That applies to even you Perry - the appreciative part that is

On Fri, 23 Feb 1996, Deranged Mutant wrote:

> IPG Sales  wrote:
> 
> Suggestion: wait a week until the flames on the c'punks list die 
> down. Have the techie folks there read all of them, think about them, 
> and come up with a coherent and well written reply that addresses all 
> of those issues. Much easier to deal with than attacks from several 
> dozen directions all of the time.
> 

The following has been revised:





> > Your point is well 
> > taken and greatly appreciated; I made a hasty reply to Derek - in 
> > making that hasty reply, I made a serious error; however, in fact, 
> > what I said has nothing to do with the facts. Derek's reply 
> > concerned me, I was afraid that I had gone too far.
> > At the time that  I composed that, I was trying to be vague 
> > in a deliberate act of obscrurantism; because Derek, alone among you 
> > seem to understand what was going on, and was very, very close to home - 
> > I acted rashly and made a stupid bluder -  I can do 
> > nothing about that except to apologize, admit it freely and take my
> > medicine from Perry and the others - 
> > 
> > I can assure you that the quoted three 
> > lines are not a part of the algorithms, and have never been. I 
> > hope that you will forgive me for such a stupid blunder. I hope that 
> > such stupidity on my part does not close your mind to even looking at 
> > the actual algorithms - the question is to do justice for 
> > you and for me. I was only trying to decide what to do about 
> > releasing the algorithms, and how I could go about douing that as a 
> > result of some highly unusual problems in doing that. 
> > vague,  and trying to decide to what to do about releasing the algorithms - 
> > and some extremely difficult problems related to that -
>  
>
> 
> ---
> Send a blank message with the subject "send pgp-key" (not in
> quotes) to  for a copy of my PGP key.
> 





From jf_avon at citenet.net  Sat Feb 24 11:34:29 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 25 Feb 1996 03:34:29 +0800
Subject: Alternative to e$
Message-ID: <9602241906.AA10012@cti02.citenet.net>


Why not use the name Electronic Cash Unit, abreviated ECU?

:-)

JFA
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From adam at lighthouse.homeport.org  Sat Feb 24 11:48:04 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sun, 25 Feb 1996 03:48:04 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
In-Reply-To: 
Message-ID: <199602241929.OAA19522@homeport.org>


	Faking crypto chips for public algorithims is theoretically
more difficult, because its simple to create a DES_verify routine to make
sure your DES chip is working right.  Its more difficult to
near-impossible if the chip picks the key, as it must to avoid easy
rouge implementations.

	If the rouge implementation can choose a key, then it can
pre-calculate the appropriate checksum, and then simply tell the other
unit "We're going to use this key."  Thus, keys need to be chosen by
the chip, making it tough to see if the chip is functioning properly.
I suspect the NSA knew this.

	For more on rouges, see Matt Blaze's paper, on
ftp.research.att.com/dist/mab/keyescrow or somesuch.

jim bell wrote:

| I noted long ago that one disadvantage with having a single, standardized 
| encryption chip (like Clipper, even with the key-escrow un-enabled) is that 
| the NSA has plenty of money in its budget to build a fake chip that can be 
| installed during a black-bag job.  True, if they could fake one chip they 
| could fake 10, but it's harder to do and the demand for any single kind of 
| chip might drop to one per year.   Unfortunately, a sufficiently-complex 
| FPLD would probably sub for anything if it were in the right package...
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From adam at lighthouse.homeport.org  Sat Feb 24 12:04:46 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sun, 25 Feb 1996 04:04:46 +0800
Subject: REM_ote
In-Reply-To: <199602240441.WAA00378@proust.suba.com>
Message-ID: <199602241942.OAA19580@homeport.org>


	I'm going to disagree.  Netscape needs to add configurability
if they are going to sell proprietary standards that people employ in
offering information.  I recently wrote a proposal for 2 "Netscape
stations," machines which would not be networked, but be available for
use with Netscape 2.  Sort of a shame to use dialup modems in place of
the high speed internet connection, but security concerns stemming
from an inability to guarantee Java & Javascript are not running cause
me to feel that this would be the best solution.

	Until there's security oriented configurability, I can't say
Netscape has anything better than an acceptable record.  They do a
decent job of fixing the bugs, but only if you can enfore deployment
of a new version, and ensure that old, bad features are not used.

Adam


| > Marianne Mueller is a Sun employee, not a Netscape employee. The
| > original quote did not make that clear.
| 
| Again, I apologize to Ms. Meuller and to Netscape.
| 
| In my opinion Netscape has a great track record of addressing concerns and
| problems with its software.  Other companies would do well to use
| Netscape's policy of addressing and correcting proven security problems,
| instead of denying and downplaying them, as a model. 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From tcmay at got.net  Sat Feb 24 12:33:28 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 25 Feb 1996 04:33:28 +0800
Subject: "Internet Security: Your Worst Nightmare"
Message-ID: 


At 5:56 AM 2/24/96, an44880 at anon.penet.fi wrote:
>Those were the words beaming on the cover of this week's _Information
>Week_. The totally worthless article on internet security contained
>this little gem:
....
>Complete with a picture of Freeman standing in front of an American
>flag.

I haven't seen this article, but I wouldn't hold the cover photo of Freeman
draped in the flag against him....I seem to recall a few Cypherpunks
similarly draped in the flag in a magazine article!

The photos used for stories are even more a matter of artistic choice than
the editing of the text is. Magazines are competing for rack space with the
likes of the several hundred other magazines, and covers are getting more
and more garish and more freakish. (I've ranted about this on other
occasions, so I won't here.)

It's all about sensationalism. I take a jaundiced view of yellow journalism.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From stewarts at ix.netcom.com  Sat Feb 24 12:34:15 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Sun, 25 Feb 1996 04:34:15 +0800
Subject: Conference report - resolving security workshop
Message-ID: <199602240738.XAA15151@ix3.ix.netcom.com>


At 04:55 PM 2/22/96 -0800, Raph Levien  wrote:

>   The biggest problem with S/MIME is that the signed and encrypted
>format reveals who made the signatures. Obviously, this has severe
>consequences for anonymous mail. Believe it or not, a lot of people
>care. For example, the car manufacturers do not wish to broadcast the
>email addresses of their employees over the net.
>   One technical workaround is to do it the MOSS way - first, sign the
>message, resulting in an intermediate S/MIME message, then encrypt
>that into a second S/MIME message. I'd recommend that implementors
>make provisions for such recursive formats; I think it's likely that
>we'll see a lot of these on the Net.

Recursive-capable formats are clearly the way to go; the difficult problem is
deciding how many layers of recursion to do while decoding (e.g. all the way
down,
or one layer at a time asking the user for each round), which is largely
a user-interface issue rather than a platform issue, though it also lets you
build limited-purpose tools instead of an all-singing, all-dancing camel
of a platform.

Unfortunately, the formats being considered give you too much known plaintext
to make triple-encryption a useful way around the 40-bit-key silliness.
*/MIME has MIME headers, PGP has the (expendable but present) ------BEGIN.
A new MIME header like
        X: parameters
where parameters are ignored would limit you to three bytes of known plaintext,
which is at least a start.

>The prevailing philosophy of the PGP people is that the PGP
>application itself should not decode MIME formats - that should be the
>job of a separate application. It seems to me that this is going
>against the tradition, though. In the past, if you got a PGP message,
>you just ran it through PGP. Now you won't be able to do that.

The prevailing philosophy is also that we need to build an API toolkit
so PGP components can be easily included into programs.  This means that
PGP will inherently no longer be able to decode all the PGP-based messages,
which may have different layers of other material wrapped around them.
PGP/MIME is probably one of the better excuses for doing so, as are
improved keyring-handling applications.


>   Earlier, I mentioned that two and a half protocols survived the
>day. The remaining one is MSP. It's actually not a bad protocol.

Where can we find the new specs for MSP?  

>   It was announced that there will be a free reference implementation
>of MSP, available to US citizens.
Will it be GAK-enabled?


#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From cp at proust.suba.com  Sat Feb 24 13:10:06 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sun, 25 Feb 1996 05:10:06 +0800
Subject: REM_ote
In-Reply-To: <199602241942.OAA19580@homeport.org>
Message-ID: <199602242031.OAA01806@proust.suba.com>


> 	Until there's security oriented configurability, I can't say
> Netscape has anything better than an acceptable record.  They do a
> decent job of fixing the bugs, but only if you can enfore deployment
> of a new version, and ensure that old, bad features are not used.

I guess that I have confidence in Netscape because they have a history of 
responding to concerns posted here and elsewhere.  Security oriented 
configurability will be a good test -- I would be surprised if it doesn't 
come out soon.

What are we talking about specifically when we talk about security
oriented configurability?  Rather than just turning java(script) on and
off, wouldn't it be useful to piggyback off of the X.509 system that's
already in place?

For every CA's or server's cert, they'd just have to add two checkboxes:  
whether or not to run java applets or javascript code from servers 
vouched for by those certs.  Is that what people mean when they talk 
about configurability, or just the ability to shut down java*script) all 
together?






From unicorn at schloss.li  Sat Feb 24 13:15:10 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 25 Feb 1996 05:15:10 +0800
Subject: [Off topic] Re: Easy Nuclear Detonator
In-Reply-To: 
Message-ID: 



This will be my last reply on the subject.

On Fri, 23 Feb 1996, jim bell wrote:

> At 08:05 PM 2/22/96 -0500, Black Unicorn wrote:

> >Your intermediary chamber, if surrounding the blasting cap, is likely to 
> >detonate to one side first, at a right angle to the axis of the chamber 
> >to the explosive assembly. 
> 
> What I anticipated, to tell you the truth, was a long intermediary thin tube 
> (again, 1 mm diameter for concreteness, just as an example) BETWEEN a 
> chamber surrounding the cap, and the secondary chamber.  (the secondary 
> chamber would be carefully designed to spread the shock front evenly)   I 
> fully intended to avoid all of the possible consequences of weird explosive 
> modes in common blasting caps.

Then you still have the problem of the connection of the exceedingly thin 
tube to your starfish/wagon wheel where the individual tubes branch off 
to the compressive explosive assembly.  This puts you right back to 
square one, the need to mill these connections with exceedingly close 
tolerances.
 
> What really mystifies me is that you would think somebody who was 
> intelligent enough to be capable of building a bomb could possibly be 
> unaware of the strange behavior of common blasting caps?  Do you think we're 
> all stupid out here?!?

Considering that you never discussed the specifics of blasting caps or 
the manner in which they might influence your design, I think the safe 
assumption is that you never thought of it.  Your paragraph above is poor 
spin control in that regard.

> Last time I talked to Dr. Edgerton in his lab (You _do_ know about Dr. 
> Edgerton, don't you?!?  EG+G?), in about 1978 or so, he showed me some 
> interesting pictures he had taken of blasting caps exploding, and the weird 
> patterns they made.  Believe me, from that moment onwards I had no illusions 
> about the predictability of the common blasting cap.  

This is name dropping.  The reader will notice the need to bolster 
credibility by association with a "big" name.  The conclusions are obvious.

> BTW, the reason Edgerton paid a bit of attention to ME, as opposed to 
> every other lowly undergrad at MIT, was the fact that I did something he had 
> tried many times and failed to do:  For my strobe laboratory project, 
I decided 
> that I was going to photograph a popcorn kernel opening up at 10,000 frames 
> per second.  He called it "impossible": I called it a challenge.  That is 
> why I did the  project.  I showed him 11 frames taken a few weeks later.
>
> Dr. Edgerton was suitably impressed.

The reader will notice now how the author has gone from associating with 
the "big" name to being superior to the "big" name.  The intent is to 
bolster holed credibility even further.  This tactic will be recognized 
by the astute political observer as "link and exceed."  (Most often used 
with our favorate "big" name, JFK.
 
> >> >1>  Interference from the milling shape and accuracy o
> f the openings to 
> >> >the tubes containing the liquid explosive.
> >> 
> >> Quantify, quantify.  How much of a problem?
> >
> >Clever question given that I am without any information as to the exact 
> >shape of your tubes, if they are bowled down towards the explosive 
> >assembly, or what their exact width (excepting your vague 1mm figure) 
> >might be.  You make some guesses as to material, but these two are fairly 
> >flimsy even by your own admission.
> 
> I don't expect you to be able to "use ESP" and anticipate all the exact 
> mistakes somebody could make.  Rather, you should be willing to accept the 
> principle, and explain how much inaccuracy is "too much," and try to give an 
> example of an error that would produce an inaccuracy of this magnitude.  So 
> far you've done none of this.  I have to conclude you were simply trolling, 
> or intentionally spreading FUD (Fear, Uncertainty, and Doubt) without 
> genuinely trying to get involved in an interesting hypthetical idea.

Without more on your shape and size of the core, its essentially 
impossible to say what timing difference will be debilitating.  I did 
infact give an example related to fractions of the branch tube lengths.  
Without more from you, the supposed originator of the idea, no one can 
tell you how much timing error is enough.  The answer in general form 
is:  Enough to cause the center shape to displace enough of it's mass 
away from the direct brunt of force from the opposed charge.  Most 
excessively, some of the branch tubes might fail to initiate all 
together.  The quantity of all this depends so specifically on the type of 
explosive used for the compression, the exact density of your core, the 
number of facets you use in your compressive assembly and the location of 
initiation on the facets so as to be entirely useless without precise 
details.  What I can tell you is that it's enough of a problem to make 
high speed precise switches necessary.  Be real, if the timing problem 
was enough to make even normal resistance matching a problem, how the 
hell are you going to solve it with a much more volitle and violent 
initiation method?

> BTW, while I do indeed consider this as purely hypothetical, on the 
> offchance you're a FUDmeister from the government, you should be aware that 
> _I'm_ fully aware that while the main form of radioactive emanation from 
> Pu-239 is alphas which can be stopped by a piece of paper or a few inches of 
> air, I am also fully aware that the decay produces a substantial quantity of 
> gamma radiation (whose exact wavelengths and energies I can easily look up 
> in my trusty CRC Handbook).   So don't bother flying an airplane equipped 
> with a gamma ray detector over my house;

[additional paranoid rantings intended to bolster the authors image by 
substitute knowledge deleted]

> >All you need to realize to appreciate the problem is that if you do not 
> >have a precisely milled end, with a precise depth into the compressing high 
> >explosive outer face, you have differences in how and when the various 
> >faces of the explosive assembly are going to initiate.  If you make your 
> >tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
> >you widen the tubes, it exagerates the distortive effect of 
> >irregularities in the tube ends.
> 
> But you should be able to estimate the magnitude of the errors.  Given a 
> certain detonation velocity, for example, and assuming some sort of 
> localized slowdown/speedup to to this velocity, you should be able to 
> estimate (even if only accurate to a factor of 2-3) the amount of error 
> present at that particular junction.

I did that with the example related to tube length. (Which you quite 
cleverly deleted)  I'm hardly going to sit down and do models of shaped 
explosive dynamics and hydraluic shock analysis simply to tell you 
you're way off.  If your so interested, examine the problem yourself.

  Again, the fact that you have never 
> done even this rudimentary analysis is quite telling.  You've revealed 
> nothing that I wasn't aware of, and that was apparently quite intentional.

What you were and are aware of is a matter for significant speculation, 
complicated by your characterization of shape charge analysis (especially 
with liquid explosive) as "rudimentary analysis."

> >I'm not in the business of designing nuclear initiators.  I expose poorly 
> >thought out explosive engineering as a hobby.  Your best solution is to 
> >mill each tube exactly alike, right down the the degree of bend and slope 
> >of arc as well as shape of either end.  But you could have figured that 
> >out without me spelling it our for you.
> 
> More likely, I would have velocity-tested sample configurations down to 10 
> nsec accuracy, which would have revealed any unexpected error sources from 
> temperature and/or pressure variation, as well as mechanical considerations 
> such as bent tubing, etc... 

But since you haven't tested it, and don't plan to, we can't know can 
we?  Moreover, since your design was only marginally if ever interested 
in these problems, one has to assume you're way off the ball.  Your 10ns 
accuracy figure is pulled right out of the air and in no way represents a 
figure you know you can obtain.  I don't believe such accuracy can be 
obtained with this kind of physical inititation.  I'm not telling you to 
stop trying, you can do what you like.  I will, however, expose your 
oversights in order to facilitate reputation capital distribution by the 
list.  (To which I now apologize for the massive spam).

> [stuff deleted]
> 
> >But they don't.  The timing problem is quite significant.  Why do you 
> >think high speed and superaccurate switches are so well guarded?  There 
> >isn't an easy grassroots substitute, if there were, the switches would be 
> >fairly useless.
> 
> Maybe that's the secret.  I already anticipated this.

[You keep saying that, (I already anticipated this.) I'm not quite sure you 
know how much you sound like an apologist]

  If it's the 
> government's motivation to keep "terrorists" from trying to build a bomb, 
> then their first line of defense might be to make it appear more difficult 
> than it really is.  They also know that secrets which are actually turned 
> into running, installed hardware eventually leak to the public, meaning that 
> it might actually be better to keep THEIR bombs complicated, and to not use 
> simplifying hardware. 

Oh, whatever.  Get a grip.  These paranoid rantings intended to deflect 
and distract from the main failings in your design are more than obvious.

> >> >Remember, kryonic switiches are necessary even when dealing with the 
> >> >speeds of electric conductivity.  The velocities of even hydrazine based 
> >> >explosives are signigicantly lower.  The margin for error is similarly 
> lower.
> >> 
> >> How low?  Be specific.
> >
> >Again, I don't know what your dimentions are.  Hydrazine explosives tend 
> >to detonate around 8500-10000 m/s.  The speed of transmission of electric 
> >impulses through a given conductive medium is certainly much higher.
> 
> Why do you keep mentioning "hydrazine explosives" when I didn't?  Are you 
> some sort of "one-trick pony"?

No, they are just the simpliest liquid explosives to obtain and make, and 
happen to have the highest detonation velocities.  I assumed you would be 
using them.  Perhaps I overestimated the depth of your thought on this 
matter.

> >You are correct this time.  My fault.  Uranium should have been in there.  
> >Typo on my part. 
> 
> Finally!  He's able to admit a MISTAKE!  

When I make them, I admit them.
 
> >Hey, be my guest.  If you had a critical mass worth of plutonium you're 
> >playing around with the wrong list, and, I might add, wasting your time 
> >with anything but the black market for the material.
> 
> If I had some, or for that matter if I even wanted some, would I be 
> advertising the fact on an "NSA-required-reading" list BEFORE I'd done 
> all this work?

As I said before, the degree of your expertise and wisdom is the primary 
issue in debate.

---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From adam at lighthouse.homeport.org  Sat Feb 24 13:23:05 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sun, 25 Feb 1996 05:23:05 +0800
Subject: Digital Watermark
In-Reply-To: <199602240347.EAA05595@utopia.hacktic.nl>
Message-ID: <199602242040.PAA19841@homeport.org>


	Creating watermarks that can't be removed without degrading
image quality is not especially difficult.  The two tricky bits are
durability and collusion protection.

	Durability involves ensuring enough of a watermark remains
after the image is converted to a JPEG.  Colusion protection is making
sure that users can't compare images and remove the watermark without
a large number of users being involved.

Adam


| Financial Times, 22 Feb 96

| Attempts to remove the watermark would be virtually
| impossible without degrading the image quality. Moreover,
| counterfeiting would be almost impossible, says NEC. the
| Japanese electronics company.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From adam at lighthouse.homeport.org  Sat Feb 24 13:29:58 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Sun, 25 Feb 1996 05:29:58 +0800
Subject: Cluelessness V.S. Lack of Knowledge
In-Reply-To: <2.2.32.19960223212901.00899578@mail.teleport.com>
Message-ID: <199602242053.PAA19914@homeport.org>


	If someone shows up, having read the sci.crypt FAQ and/or
Applied Cryptography, I think that their questions will be answered
without flames.  But if people fail to read whats out there, and want
to be spoon fed, well, thats another matter.

Adam


Alan Olsen wrote:

| I know of one developer who is trying to implement a strong
| cryptosystem in his app.  He is unwilling to post his
| questions/concerns here because he is afraid of getting his ass
| shot off on the first query.  Judging by some of the responses
| I have seen, I do not blame him!  I can understand intolerance
| of the sales droids who push crap.  I do not have much
| tolerance for them either.  It bothers me when I see people who
| are not experts in the field AND ARE TRYING TO LEARN getting
| "blowed up real good" because they are not experts.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From Alan.Pugh at internetMCI.COM  Sat Feb 24 13:39:26 1996
From: Alan.Pugh at internetMCI.COM (amp)
Date: Sun, 25 Feb 1996 05:39:26 +0800
Subject: consent
Message-ID: <01I1LI3IGF4I9KMG5A@MAIL-CLUSTER.PCY.MCI.NET>


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

I'm not completely sure of the attribution here, as cypherpunks
appears to be sending batches of messages to me with grunged From
lines.

VN> .  How exactly is consent extractedH^H^H^H^H^H^ requested?

"Government is not reason, it is not eloquence, it is force; like
fire, a troublesome servant and a fearful master. Never for a moment
should it be left to irresponsible action." G. Washington.

Consent is extracted by force of arms.


VN> .  When exactly is consent identified?

I believe that the rulers of this country consider the lack of
politicians hanging from town squares to indicate implied consent.

VN> .  How exactly is government applied to the consentees?
VN>    (caning, jailing, fines, etc.)

And death.

VN> .  How exactly do consentors change methodologies when they
VN> suddenly realize that they, too, can be subject to their own device?

I'm not sure what you mean by this. If you are asking how the rulers
react when they find themselves subject to their own evil devices, I
would say that they generally attempt to change the rules. An example
of this is that it is almost impossible to sue a federal officials
because of the broad immunity to prosecution afforded by current
federal law.

VN> .  Why should non-consenting citizens live with governing methods
VN> which in fact conflict with the pursuit of those three human
VN> virtues:  life, liberty, happiness?

Fear of the goverment monopoly of force?

VN> Supposedly, government is devised for ruling the "unruly";  a matter
VN> for definition and (dis)agreement which can provide endless hours
VN> of amusement for authoritarians, especially in court.

And those courts can be used to further browbeat the citizens through
inconsistant rulings on vaguely written laws. I believe vague laws
are one of america's great evils because of the uncertainty they
bring.

VN> I hear tell that many who are no longer amused are now learning the
VN> many uses of encryption.  Thus the list. 

And arming themselves with more lethal munitions as well.

Interesting questions. I believe that there is a larger groundswell
of resentment here and elsewhere than governments believe.

Consider, when breaking federal law is this easy...

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0


** Reply to note from Perry E. Metzger  02/13/96  1:29pm -0500

  [snip] 
= The thing that makes Cypherpunks worthwhile is that its a place where
= you could, once, get news updates about GAK, information on the latest
= research into cryptography, organize mass key crackings, discuss APIs,
= talk a bit about the politics of cryptography, etc.
= 
    sounds like we're having the sme problems as "democracy" --it soon becomes  
irrelevant!  example:

	I was out of town for 6 days: I returned to find 1056 messages in the sorted 
    mailbox!  yes: 1056 messages which it took close to an hour to delete almost 800 
    of them as irrelevant. some you can discard automatically depending on the 
    author, some by content, etc. but I agree: it is clutter.

= Now, we get anonymous posters putting up bits on corruption in the
= DEA, sections of Tsutomu Shimomura's sex life, and other garbage. I
= don't give a damn if you think "Perry's a whining asshole; no one
= appointed him God", the stuff I'm mentioning is almost totally
= irrelevant to the topic at hand. (I *still* see no relevance to the
= late great Kevin Mitnick discussion, and frankly, I don't give a damn
= if he's in jail.) I also really am not impressed enough with the
= justification for why Jim Bell's "ideas" need to be discussed here.
= 
    well, it's probably worthwhile to announce the events, but not to comment ad  
infinitum on the gossip, the inferences, etc. --as you put it: the sex life of TS,  
particularly at the expense of one long term member.

    jim bell had the chance to publish his ideas --I read them  --once. I may be an  
"idealistic anarchist," but they are anarchy after the fact of submission to a  
government.  OK, they have been stated, but further discussion needs to move to  
another forum.  auto-trash filter....

    another major part of what I auto-trashed were two 50+ threads on some senseless  
topics which I have already forgotten. I suspect the poor snake was beaten to death  
by the BC Fat Lady....

= For some people without jobs (I won't name names) there is no problem
= with this. However, some of us have trouble keeping up, and
= unfortunately Cypherpunks has content that is key to our work and
= interests. 
= 
    THIS IS THE PROBLEM! Even if you do not have a fixed schedule, are not most of  
not data miners? It cost me over an hour to trim the message list from 1000+ to 200+.
WE NEED SOME SELF-RESTRAINT. 

= Sadly, there isn't another place with the momentum where people are a
= bit more polite and talk about the same information.
=
    unfortunately, the more publicity we receive, the more extraneous nonsense will  
be copied or target to us as a group.
 
= Yet.
= 
    well, I justify coderpunks since it breaks the ongoing technical discussions away  
from the mainstream cypherpunks. most of the information appears in cypherpunks  
itself, but if I must restrict my time, coderpunks comes first

= Perry

	as you say, Perry: 

	    'I don't give a damn if you think "Perry's a whining asshole; no one 
	    appointed him God"'

	I agree:
	
	    'I don't give a damn if they think "Attila's a whining asshole; no one 
	    appointed him God"'

	after all, as far as I know, I'm still "nobody" in the overall scheme, even  
    with a Piled higher and Deeper!  who _really_ cares what I think?

		-attila

"Fools fear adversity, but the wise man listens only to his conscience; or in other words,
"You've got exactly thirty seconds to get off my property before I start shooting, hippie."
        --Ching Chow


cc: cypherpunks at toad.com






From jimbell at pacifier.com  Sat Feb 24 14:56:21 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 25 Feb 1996 06:56:21 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 


At 12:02 AM 2/23/96 -0800, Bill Frantz wrote:
>At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
>>And we should all remember, again, that basic observation: even if "key
>>escrow" is needed to recover *stored* files, it sure ain't needed for
>>*communications*!!
>
>If a key is being generated for two way communications, then it should be
>generated via a protocol like Diffie-Hellman which leaves no recoverable
>knowlege of the key outside the participants, and discarded when the
>session is over of frequently, whichever occurs more often.  This procedure
>will reduce the incentive for rubber hose attacks to recover these keys.

I noted long ago that one disadvantage with having a single, standardized 
encryption chip (like Clipper, even with the key-escrow un-enabled) is that 
the NSA has plenty of money in its budget to build a fake chip that can be 
installed during a black-bag job.  True, if they could fake one chip they 
could fake 10, but it's harder to do and the demand for any single kind of 
chip might drop to one per year.   Unfortunately, a sufficiently-complex 
FPLD would probably sub for anything if it were in the right package...






From jim at bilbo.suite.com  Sat Feb 24 15:34:36 1996
From: jim at bilbo.suite.com (Jim Miller)
Date: Sun, 25 Feb 1996 07:34:36 +0800
Subject: "E-Money" is trademarked
Message-ID: <9602240556.AA26142@bilbo.suite.com>




FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds  
the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware 

Corporation.  See the Web page http://www.efunds.com

I guess I will have to rename my E-Money mini-FAQ.

Jim_Miller at suite.com





From allyn at allyn.com  Sat Feb 24 15:34:44 1996
From: allyn at allyn.com (Mark Allyn 860-9454 (206))
Date: Sun, 25 Feb 1996 07:34:44 +0800
Subject: Digital Watermark
In-Reply-To: <199602240347.EAA05595@utopia.hacktic.nl>
Message-ID: <199602240510.VAA05276@mark.allyn.com>


Does anyone know if the source code for this is
available?

I have a bunch of photos of myself modeling clear plastic
raincoats that I want to put on the net, but I would like
to try to tag them before I do.

Mark





From jf_avon at citenet.net  Sat Feb 24 15:35:23 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 25 Feb 1996 07:35:23 +0800
Subject: REM_ote
Message-ID: <9602240604.AA21589@cti02.citenet.net>


Alex Strasheim  wrote:
>> Marianne Mueller, Java security engineer, also said the chances of such
>> hacking occurring are "remote."
>
>This is the sort of bullshit that gets companies in trouble.

Reminds me of this old saying:

When you put your head in the sand, do realize what part of your anatomy is
most visible to the rest of the world... :)

JFA
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From karlton at netscape.com  Sat Feb 24 15:35:58 1996
From: karlton at netscape.com (Phil Karlton)
Date: Sun, 25 Feb 1996 07:35:58 +0800
Subject: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <312E91CA.15FB@netscape.com>


Alex Strasheim wrote:
> 
> > Marianne Mueller, Java security engineer, also said the chances of such
> > hacking occurring are "remote."
> 
> This is the sort of bullshit that gets companies in trouble.  Netscape has
> a good record of responding to and fixing security problems.  Why should
> they feel the need to do spin control?

Marianne Mueller is a Sun employee, not a Netscape employee. The
original quote did not make that clear.

PK
--
Philip L. Karlton		karlton at netscape.com
Principal Curmudgeon		http://www.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin





From an44880 at anon.penet.fi  Sat Feb 24 15:36:21 1996
From: an44880 at anon.penet.fi (an44880 at anon.penet.fi)
Date: Sun, 25 Feb 1996 07:36:21 +0800
Subject: "Internet Security: Your Worst Nightmare"
Message-ID: <9602240556.AA06696@anon.penet.fi>



Those were the words beaming on the cover of this week's _Information
Week_. The totally worthless article on internet security contained
this little gem:

Federal Law enforcement agencies, alarmed by the growing threat of
Net-related security breaches and crimes, are stepping up their
investigations of online intrusions. "We're aware that this is a
serious problem for any industry using the Internet," says Jim
Freeman, special agent in charge of the FBI's San Francisco office.
"The ultimate solution will be through better technology such as
encryption, but we will investigate any crimes in which a computer is
used as an instrument of intrusion or fraud.


Complete with a picture of Freeman standing in front of an American
flag.
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From cp at proust.suba.com  Sat Feb 24 15:36:30 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Sun, 25 Feb 1996 07:36:30 +0800
Subject: REM_ote
In-Reply-To: 
Message-ID: <199602240428.WAA00352@proust.suba.com>


> Might want to be careful calling Marianne a borderline liar. She's our host
> for Cypherpunks meetings at Sun, where's she's in the Java group. The
> article didn't make it clear that she's with Sun and not Netscape. She's
> also been coming to Cypherpunks meetings since the beginning, and posts
> here occasionally.

I apologize for the remark, it was out of line.  I don't know who she is,
or what she actually said, for that matter.

But the fact remains that these sorts of security problems were predicted
well before Java was widely deployed.  They're serious, and this isn't
going to be the last one.  An awful lot of people aren't going to patch
their copies of Netscape any time soon, either.

(A useful feature for Netscape might be a facility that checks
periodically to see if a security patch is in order, and displays a
warning if it is.)

Problems with security are a fact of life.  I've made embarassing mistakes
that compromised security for some of my users.  When that happens you
have to come clean, tell the truth, and fix the problem.  Don't try to
convince people that you didn't screw up, that the problem isn't serious. 
Don't say things that will encourage users to put off installing a
security patch.  And don't underestimate the ability of your attackers.







From jamesd at echeque.com  Sat Feb 24 15:36:36 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Sun, 25 Feb 1996 07:36:36 +0800
Subject: Remember, RC4 is now PC1
Message-ID: <199602241823.KAA18950@mail1.best.com>


At 01:46 PM 2/24/96 GMT, aba at atlas.ex.ac.uk wrote:
>I don't see any stigma attached with IPG admitting they have a PRNG
>seeded with a key, and XORing the PRNG stream with the data - this is
>exactly what RC4 does.

>From now, instead of saying "RC4" let us say 
"PC1, (formerly known as RC4)"

That will teach them to trademark names.  We will forget their names.

The net views intellectual property rights as damage and routes 
around them.

Every time you say RC4 without saying "Trademark of some bunch of 
lawyer scum" you theoretically break the lawyer made law.  So let us 
stop doing it.   Serve them right.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From jimbell at pacifier.com  Sat Feb 24 15:36:52 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 25 Feb 1996 07:36:52 +0800
Subject: [Off topic] Re: Easy Nuclear Detonator
Message-ID: 




At 08:05 PM 2/22/96 -0500, Black Unicorn wrote:

>Actually, your design still is vulnerable to my objection, as my 
>objection was specifically to your intermediary chamber concept.
>
>Your intermediary chamber, if surrounding the blasting cap, is likely to 
>detonate to one side first, at a right angle to the axis of the chamber 
>to the explosive assembly. 

What I anticipated, to tell you the truth, was a long intermediary thin tube 
(again, 1 mm diameter for concreteness, just as an example) BETWEEN a 
chamber surrounding the cap, and the secondary chamber.  (the secondary 
chamber would be carefully designed to spread the shock front evenly)   I 
fully intended to avoid all of the possible consequences of weird explosive 
modes in common blasting caps.

What really mystifies me is that you would think somebody who was 
intelligent enough to be capable of building a bomb could possibly be 
unaware of the strange behavior of common blasting caps?  Do you think we're 
all stupid out here?!?

Last time I talked to Dr. Edgerton in his lab (You _do_ know about Dr. 
Edgerton, don't you?!?  EG+G?), in about 1978 or so, he showed me some 
interesting pictures he had taken of blasting caps exploding, and the weird 
patterns they made.  Believe me, from that moment onwards I had no illusions 
about the predictability of the common blasting cap.  

BTW, the reason Edgerton paid a bit of attention to ME, as opposed to 
every other lowly undergrad at MIT, was the fact that I did something he had 
tried many times and failed to do:  For my strobe laboratory project, I decided 
that I was going to photograph a popcorn kernel opening up at 10,000 frames 
per second.  He called it "impossible": I called it a challenge.  That is 
why I did the  project.  I showed him 11 frames taken a few weeks later.

Dr. Edgerton was suitably impressed.

>> >1>  Interference from the milling shape and accuracy o
f the openings to 
>> >the tubes containing the liquid explosive.
>> 
>> Quantify, quantify.  How much of a problem?
>
>Clever question given that I am without any information as to the exact 
>shape of your tubes, if they are bowled down towards the explosive 
>assembly, or what their exact width (excepting your vague 1mm figure) 
>might be.  You make some guesses as to material, but these two are fairly 
>flimsy even by your own admission.

I don't expect you to be able to "use ESP" and anticipate all the exact 
mistakes somebody could make.  Rather, you should be willing to accept the 
principle, and explain how much inaccuracy is "too much," and try to give an 
example of an error that would produce an inaccuracy of this magnitude.  So 
far you've done none of this.  I have to conclude you were simply trolling, 
or intentionally spreading FUD (Fear, Uncertainty, and Doubt) without 
genuinely trying to get involved in an interesting hypthetical idea.

BTW, while I do indeed consider this as purely hypothetical, on the 
offchance you're a FUDmeister from the government, you should be aware that 
_I'm_ fully aware that while the main form of radioactive emanation from 
Pu-239 is alphas which can be stopped by a piece of paper or a few inches of 
air, I am also fully aware that the decay produces a substantial quantity of 
gamma radiation (whose exact wavelengths and energies I can easily look up 
in my trusty CRC Handbook).   So don't bother flying an airplane equipped 
with a gamma ray detector over my house; while I haven't the inclination to 
do the calculations, were it important to do so I'd calculate the minimum 
thickness of lead required to reduce the gamma intensity to below-background 
levels (using gamma-ray cross section tables and the appropriate equations), 
double or triple it, _and_ ensure that anything I did manage to acquire would 
be invisible to even a secretly-placed nearby detector at all times.

And I'm also fully aware of ground-penetrating SAR (and the possibility of 
mobile variants) and JSTARS and terahertz radar, etc, so don't bother scanning.

>All you need to realize to appreciate the problem is that if you do not 
>have a precisely milled end, with a precise depth into the compressing high 
>explosive outer face, you have differences in how and when the various 
>faces of the explosive assembly are going to initiate.  If you make your 
>tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
>you widen the tubes, it exagerates the distortive effect of 
>irregularities in the tube ends.

But you should be able to estimate the magnitude of the errors.  Given a 
certain detonation velocity, for example, and assuming some sort of 
localized slowdown/speedup to to this velocity, you should be able to 
estimate (even if only accurate to a factor of 2-3) the amount of error 
present at that particular junction.  Again, the fact that you have never 
done even this rudimentary analysis is quite telling.  You've revealed 
nothing that I wasn't aware of, and that was apparently quite intentional.

>I'm not in the business of designing nuclear initiators.  I expose poorly 
>thought out explosive engineering as a hobby.  Your best solution is to 
>mill each tube exactly alike, right down the the degree of bend and slope 
>of arc as well as shape of either end.  But you could have figured that 
>out without me spelling it our for you.

More likely, I would have velocity-tested sample configurations down to 10 
nsec accuracy, which would have revealed any unexpected error sources from 
temperature and/or pressure variation, as well as mechanical considerations 
such as bent tubing, etc... 

[stuff deleted]

>But they don't.  The timing problem is quite significant.  Why do you 
>think high speed and superaccurate switches are so well guarded?  There 
>isn't an easy grassroots substitute, if there were, the switches would be 
>fairly useless.

Maybe that's the secret.  I already anticipated this.  If it's the 
government's motivation to keep "terrorists" from trying to build a bomb, 
then their first line of defense might be to make it appear more difficult 
than it really is.  They also know that secrets which are actually turned 
into running, installed hardware eventually leak to the public, meaning that 
it might actually be better to keep THEIR bombs complicated, and to not use 
simplifying hardware. 


>> >Remember, kryonic switiches are necessary even when dealing with the 
>> >speeds of electric conductivity.  The velocities of even hydrazine based 
>> >explosives are signigicantly lower.  The margin for error is similarly 
lower.
>> 
>> How low?  Be specific.
>
>Again, I don't know what your dimentions are.  Hydrazine explosives tend 
>to detonate around 8500-10000 m/s.  The speed of transmission of electric 
>impulses through a given conductive medium is certainly much higher.

Why do you keep mentioning "hydrazine explosives" when I didn't?  Are you 
some sort of "one-trick pony"?

>
>> >Plutonium gun is still the easiest method for the home grown nuclear 
>> >device, even if it requires more fissile material.
>> 
>> The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
>> WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion 
method.  
>> "Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far 
too 
>> rapidly to use the "gun" method.   The 
>> scientists knew that in 1945.  You seem to be at least 50 years behind the 
>> times.
>
>You are correct this time.  My fault.  Uranium should have been in there.  
>Typo on my part. 

Finally!  He's able to admit a MISTAKE!  


>Hey, be my guest.  If you had a critical mass worth of plutonium you're 
>playing around with the wrong list, and, I might add, wasting your time 
>with anything but the black market for the material.

If I had some, or for that matter if I even wanted some, would I be 
advertising the fact on an "NSA-required-reading" list BEFORE I'd done 
all this work?






From jya at pipeline.com  Sat Feb 24 15:36:52 1996
From: jya at pipeline.com (John Young)
Date: Sun, 25 Feb 1996 07:36:52 +0800
Subject: Not So REM_ote
Message-ID: <199602240455.XAA06821@pipe4.nyc.pipeline.com>



Responding to msg by karlton at netscape.com (Phil Karlton) on 
Fri, 23 Feb  8:19 PM


>Marianne Mueller is a Sun employee, not a Netscape 
>employee. The  original quote did not make that clear.


Here's the full article. My snipping fed Alex's take, still, he 
got the right stink of Netscape's and Sun's deodorizing the 
loss of pucker, which might be sniffed of Phil Karlton's 
distancing from Marianne Mueller, eh, even though Jeff Truehaft 
is the true fart-waver.


----------


   Wall Street Journal, February 23, 1996, p. B3.


   Netscape Will Issue Fix for Flaw Found In Browser System


   Mountain View, Calif. - Netscape Communications Corp.
   confirmed that Princeton University researchers found a
   potential security flaw in Netscape's popular Internet
   browser technology, but said the flaw was minor and that
   the company will issue a software fix for it next week.

   Edward Felten, an assistant professor of computer science
   at Princeton, posted a report on the Internet earlier this
   week describing the flaw in Netscape's Navigator 2.0, a
   product that enables the use of programs created with Java,
   Sun Microsystems Inc.'s hot programming language for the
   Internet. Java can be used to create "applets," small
   applications such as spreadsheets, that can be downloaded
   from the Internet's World Wide Web.

   Both Netscape's Navigator and Sun's Java have defenses
   designed to prevent Java applets from connecting with any
   computers except the ones they are summoned to by users and
   the ones they came from. But the Princeton team found a way
   to defeat those defenses, meaning that applets could
   theoretically be manuevered into other computers on a
   network. Applets aren't viruses, but in theory, they could
   be used to peruse confidential documents or other
   information.

   In trading on the Nasdaq Stock Market, Netscape fell $1.875
   to $62, while Sun Microsystems jumped 7.8% to $51.875, up
   $3.75.

   Netscape product manager Jeff Treuhaft said exploiting the
   flaw would require extremely skilled hacking and many other
   unlikely advantages, such as intimate familiarity with the
   network being hacked.

   Marianne Mueller, a top Java security engineer, also said
   the chances of such hacking occurring are "remote," but
   said Sun also soon will issue a software fix that will plug
   the possible security leak.

   [End]










From jya at pipeline.com  Sat Feb 24 15:37:19 1996
From: jya at pipeline.com (John Young)
Date: Sun, 25 Feb 1996 07:37:19 +0800
Subject: SGI Nabs Crayfish
Message-ID: <199602241914.OAA27723@pipe4.nyc.pipeline.com>


2-24-96. NYT:


John Markoff reports that SGI will buy Cray Research.


It notes Cray's last gasping, grasping at SGI's grab hand 
nabbing crawfish.


An SGI/Cray super-gabfeast Monday.





From rah at shipwright.com  Sat Feb 24 16:27:12 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 25 Feb 1996 08:27:12 +0800
Subject: fwd: Federal Internet Enforcement Policy
Message-ID: 



--- begin forwarded text

X-Sender: oldbear at pop.tiac.net
Mime-Version: 1.0
Date: Sat, 24 Feb 1996 17:56:31 -0500
To: rah at shipwright.com
From: The Old Bear 
Subject: fwd: Federal Internet Enforcement Policy

--- Forwarded message follows ---

The "Federal Internet Indecency Crawler" has determined your Newsgroup
or Web Site posting to be in violation of the "Exxxon Communications
Indecency Act of 1996".

In an effort to comply with the "Federal Paperwork Reduction Act" you
are hereby directed to complete the proper arrest warrant paperwork
and submit same to the Federal Court in your district, then obtain a
valid copy of the approved arrest warrant and serve said warrant upon
yourself.

To properly initiate this procedure, you are required to submit Form
A-16844787033 -83259 (rev.02) in triplicate, which may be obtained from
the US Government printing office.  After completion, send the original
to the Federal Courthouse by certified mail with one copy mailed to your
local FBI office.  Please make certain to include all pertinent
information, including the specific word, words or phrases that
constituted the violation, together with your name, address, telephone
number, social security number, and the policy number of any health
insurance contracts in which you are currently enrolled.

Also, please be reminded that as a citizen of the United States and a
lawfully appointed officer of the Federal Court "for the purpose of
serving the above arrest warrant only", you are exempted from any
prohibitions regarding carrying of handguns, rifles, shotguns or any
other type of guns or assault weapons while in the act of serving said
warrant.  However, please be advised that this provision does not apply
to you as the recipient of Federal arrest warrants, and as such your
constitutionally protected right to bear arms is hereby waived in this
instance.

It is important that you obtain your signature, thus showing the warrant
was properly executed. Kindly note any undue resistance encountered in
the appropriate space provided.

Because of the large amount of court resources which must be diverted
from other judicial efforts in order to accommodate the new "Exxxon
Communications Indecency Act", the Democratic and Republican National
Parties have made the following kind offer to assist us in enforcement
of these new policies.

As an alternative to the above process, you may at your option, send a
contribution of not less than $100 to the Clinton Presidential Campaign
Committee or to the Republican Presidential Nomination Committee.  If
you should choose one of these alternatives, it will not be necessary to
obtain and complete the paperwork outlined above, nor will it be
necessary to contact the Federal Court or your local FBI office.  Simply
copy the Newsgroup post in question or the URL and header information
from your web page, and mail to either party committee, with your
cashier's check or money order for $100 or more in US funds.

In addition to relieving you of the responsibility of filing legal
paperwork with the court and undergoing a traumatic arrest procedure,
you will have the comfort of knowing that you have contributed in a
meaningful way to the political process of your country.

In addition, we are authorized (by Senator Exxxon himself) to inform
you that after receiving your contribution of $100 or more, we will send
you a special alpha- numerical code which, when placed in your header
information, will prevent the "Federal Internet Indecency Crawler"
from recording your indecency violations until after the November
election.

Remember, because of the "Exxxon Communications Indecency Act"
constitutionally protected free speech is now in limited quantity.  So,
don't pass up this golden opportunity to avail yourself of unlimited
free expression for the next eight months.

This may be your last opportunity to do so!


127-A/4
rev.

--- end forwarded text


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From volley at lls.se  Sat Feb 24 17:28:58 1996
From: volley at lls.se (Pelle Claesson)
Date: Sun, 25 Feb 1996 09:28:58 +0800
Subject: S/MIME outside the US?
Message-ID: 


(I'm doing some research on different security standards, as I'm
about to write an email/news program. Have been reading this list
for quite a while, and it's time to delurk.)


This is a quote from the S/MIME FAQ, as found on RSA's WWW server:

"S/MIME recommends three symmetric encryption algorithms: DES,
Triple-DES, and RC2.  The adjustable keysize of the RC2 algorithm
makes it especially useful for applications intended for export
outside the U.S.  RSA is the required public-key algorithm."

If I got things right, DES is "exportable" as long as the keysize
is kept under a certain size, which is too small to be really secure?
If that's the case, I guess RC2 is the last resort? Is it good enough,
or do I have to leave out S/MIME support, and just communicate with
people outside the U.S or something?


IMHO, these export restrictions on cryptography are completely insane.
Is there *any* way to bypass them (except for breaking the law)?


--
volley at lls.se





From aba at atlas.ex.ac.uk  Sat Feb 24 18:09:03 1996
From: aba at atlas.ex.ac.uk (aba at atlas.ex.ac.uk)
Date: Sun, 25 Feb 1996 10:09:03 +0800
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <8320.9602241346@dart.dcs.exeter.ac.uk>



Perry Metzger  writes:
> Dan Bailey writes:
> > My suggestion
> > is to post the OTP-expansion algorithm to sci.crypt.
> 
> Call it what it is -- a pseudo-random number generator, at best. As

I think this is the crux of the problem - they are simply misnaming
their proprietry algorithm.

I don't see any stigma attached with IPG admitting they have a PRNG
seeded with a key, and XORing the PRNG stream with the data - this is
exactly what RC4 does.  But of course RC4 (now) has the advantage of
open review, and before that it had the advantage of Ron Rivests
reputation associated with it.  Simply change all the literature to
replace "OTP" with "PRNG", or "seed" in appropriate places.

So, submitting your PRNG for open peer review would be a good start.
But I don't think the fact that IPG generates the keys for their
clients is good.  I don't see this as a viable key distribution
mechanism.

But you *really* must stop equating your system with a one time pad,
it absolutely is NOT a OTP.

> you likely know (but the IPG folks don't seem to care) you can't
> "expand" a one time pad. One time means ONE TIME. Look at how the NSA
> broke the Venona intercepts of of even two-time use of keying material.

exactly.

I do hope IPG will take the trouble to consider comments such as this,
and Perrys comments above, if they are at all serious about their
system every gaining any reputation.

Adam






From jf_avon at citenet.net  Sat Feb 24 18:29:12 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Sun, 25 Feb 1996 10:29:12 +0800
Subject: French regulations on crypto
Message-ID: <9602231951.AA09523@cti02.citenet.net>


Does anybody have a list of crypto software/algorithms
 that are forbidden for use without GKE in france?   

More specifically, I would like to know about the 
algorithms used in :
 - PGP (IDEA, RSA, etc.)
 - blowfish
 - 3DES

What I am really after is *precise* information, 
with references to official govt documents if possible,
about the restrictions on thoses algorithms and/or
key size limits (if applicable).


Thanks.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon 
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From lmccarth at cs.umass.edu  Sat Feb 24 20:18:22 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 25 Feb 1996 12:18:22 +0800
Subject: S/MIME outside the US?
In-Reply-To: 
Message-ID: <199602250349.WAA27926@opine.cs.umass.edu>


volley at lls.se writes:
> If I got things right, DES is "exportable" as long as the keysize
> is kept under a certain size, which is too small to be really secure?

All things are exportable as long as the keysize is kept under a certain size,
which is too small to be really secure.  (Unless they're used for banking, or
only for authentication, or you're only taking it with you for personal use on
a trip, or....) 

> If that's the case, I guess RC2 is the last resort? Is it good enough,

The (alleged) source code has only been public for several weeks. No-one has
announced any major weakness in RC2, AFAIK, but then again the non-RSADSI
research community hasn't had much of a crack at it yet.

> or do I have to leave out S/MIME support, and just communicate with
> people outside the U.S or something?

A couple of points:

0) You can import whatever crypto code you like _into_ the U.S., subject to
any export restrictions that might be in effect in Sweden or wherever else
you might be.

1) People in the U.S. can legally use whatever algorithms and keysizes they 
wish in communicating with people outside the U.S.  We are forbidden to
export the crypto software, not messages processed by the software.

2) In view of 0) and 1), it is desirable to have people outside the U.S.
(you, for instance :) develop strong commercial crypto software with a 
fabulous UI and spread it far and wide. [The desirability of this trend is in
the eye of the beholder....]

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From vhd at indy.net  Sat Feb 24 21:42:06 1996
From: vhd at indy.net (Computer Virus Help Desk)
Date: Sun, 25 Feb 1996 13:42:06 +0800
Subject: New WWW Page
Message-ID: <2.2.32.19960225051516.0067c630@indy.net>


 I'm pleased to announce the opening of a new Anti-Virus oriented Web Page.

                          http://www.a1.com/cvhd

  This page allows the download of the latest versions of ALL the popular
 DOS, WINDOWS and WIN95 Anti-Virus Software as well as links to EVERY major
  Anti-Virus software developer or distributor in the world. On Line Virus
 Encylopedia, Anti-Virus Tutorials and other utilities are available as well.

   The page also contains VERY extensive links to Encryption, Privacy,
    Military, Intelligence, Government and Law Enforcement Web Pages.

 Look for the addition of a new "On Line" real-time Anonymous Pre-mailer with
   remailer chaining capabilities to be added in the very near future.

                   Allen Taylor, Moderator, VIRUS_INFO
       SysOp, CVRC BBS, (317) 887-9568, Indianapolis, Indiana, USA
                          http://www.a1.com/cvhd






From casper at optima.mme.wsu.edu  Sat Feb 24 22:14:19 1996
From: casper at optima.mme.wsu.edu (Chris Grantham)
Date: Sun, 25 Feb 1996 14:14:19 +0800
Subject: Testing
Message-ID: <01BB0301.79139E00@xtsd0203.it.wsu.edu>


Hi, my name is Chris!
casper at optima.mme.wsu.edu
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----
 






From jsw at netscape.com  Sat Feb 24 22:58:06 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Sun, 25 Feb 1996 14:58:06 +0800
Subject: REM_ote
In-Reply-To: 
Message-ID: <312EC793.3CE9@netscape.com>


Alex Strasheim wrote:
> (A useful feature for Netscape might be a facility that checks
> periodically to see if a security patch is in order, and displays a
> warning if it is.)

  Yes, we have thought of adding such a facility, not just for security
patches, but for general release updates as well.  However some folks may
remember some discussion (I think it was mostly in other forums) about
the possibility that Netscape was "phoning home" to deliver to us information
about your browsing habits.  Of course we have never done this, but if we
were "phoning home" periodically to check for new releases it might raise
some suspicion among the more paranoid.

  I guess we could make it an option...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From jsw at netscape.com  Sat Feb 24 23:03:03 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Sun, 25 Feb 1996 15:03:03 +0800
Subject: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <312EC5E6.540E@netscape.com>


Alex Strasheim wrote:
> 
> > Marianne Mueller, Java security engineer, also said the chances of such
> > hacking occurring are "remote."
> 
> This is the sort of bullshit that gets companies in trouble.  Netscape has
> a good record of responding to and fixing security problems.  Why should
> they feel the need to do spin control?  This borders on lying.

  I won't comment on this other than to point out that Marianne is a "Java
security engineer" at Sun Microsystems, not at Netscape.  John's excerpt
didn't make that clear.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From lmccarth at cs.umass.edu  Sun Feb 25 02:19:55 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 25 Feb 1996 18:19:55 +0800
Subject: Web Browsers and Anonymous Mail
In-Reply-To: <312C161C.7E73@netscape.com>
Message-ID: <199602250959.EAA29402@opine.cs.umass.edu>


I wrote:
# I would prefer not to reimplement SMTP using the Socket class in my own
# applets. Ideally I'd like to have an applet that presents a form with some
# entry boxes and check boxes, quantizes and encrypts the input according to
# the check box settings, and spews the resulting byte streams to the MTA.

Jeff Weinstein writes:
>   We do not curently allow Java to get access to our mail subsystem.

Hmmm.  Can I write an applet that reads form input, processes it, dumps the 
output to an applet window, and tells the user to cut & paste it into a
Netscape mail sending window ?  That would be a messier solution than I'd 
like, but still decent.

Thanks
-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)





From bs208 at newton.cam.ac.uk  Sun Feb 25 04:11:56 1996
From: bs208 at newton.cam.ac.uk (B. Schneier)
Date: Sun, 25 Feb 1996 20:11:56 +0800
Subject: Report from Fast Software Encryption Conference
Message-ID: <199602251153.GAA05973@gibbs.newton.cam.ac.uk>


*************************************************************************
This is a temporary e-mail address; I am in Cambridge until 12 March.
Continue to send mail to schneier at counterpane.com; it forwards by itself.
*************************************************************************

	Report on the Third International Workshop on FAST
	SOFTWARE ENCRYPTION, Cambridge University, UK, Feb 96


The conference was held at the Isaac Newton Institute for
Mathemtical Science, and was attended by about 45 people.  What
follows is a short description of some, but not all, of the talks.

There were two papers analyzing safer: "Truncated Differentials
of SAFER" by Knudsen and Berson, and "The PHT of SAFER" by Murphy.
Unfortunately, only the first paper appears in the proceedings.
The attacks work on SAFER with 5 rounds or less, and not on SAFER
with the new key schedule suggested at Crypto '95.

Vaudenay presented his attack on Blowfish, which expoloits weak
keys that result in two S-box entries being identical.  In a weak
Blowfish variant where the S-boxes are known, his attack can break
8-round Blowfish efficiently but does not work against the full
16-round version.  If the S-boxes are secret, as they are in
Blowfish, his attack can detect these weak keys in the 8-round
variant but not in the 16-round variant.

Blaze presented a really clever protocol for encrypting with a
low-bandwidth smartcard.  The idea is that the host computer is
trusted with the plaintext but not the key, and the secure smartcard
is too slow to do bulk encryption.  He presents a protocol where the
host does all the work but does not learn the key.

Dobbertin presented a beautiful paper where he cryptanalyzed MD4,
extending the work he did cryptanalyzing RIPE-MD.  Attendees took 
bets on when MD5 will fall to this sort of attack.

There were several new algorithms presented.  RIPEMD-160 is a
strengthened version of RIPE-MD, designed by Dobbertin, Bosselaers,
and Preneel.  ISAAC is a steam cipher by Bob Jenkins.  Tiger is a
one-way hash function by Anderson and Biham designed to work efficently
on 64-bit computers.  Shark is a block cipher, similar in design to
SAFER, by Rijmen, Daemen, Preneel, Bosselaers, and De Win.  And there
were two Luby-Rackoff-like constructions that make block ciphers of
arbitrary block size out of stream ciphers and one-way hash functions
by Anderson and Biham, called Bear and Lion.  Another paper by Lucks
showed how to spead up Luby-Rackoff's block cipher.  Matsui presented
some work on block cipher designs provably secure against differential
and linear cryptanalysis, but not the specific construction that is the
MISTY algorithm.

Kelsey and Schneier presented a paper on unbalanced Feistel networks.
Called UFNs, these are Feistel networks where the two sides are of
unequal size.  Examples of this construction includes MD4, RC2, 
MacGuffin, S1, and REDOC III.  We gave some general analysis of 
different constructions.

There were two papers on correlation attacks on stream ciphers, and one
paper by Golic on nonlinear filter generators.
	
The proceedings have been published by Springer-Verlag in their
Lecture Notes in Computer Science series, #1039.  The editor
of the volume is Dieter Gollmann, and the ISBN is 3-540-60865-6.





From esub at mojones.mojones.com  Sun Feb 25 04:22:09 1996
From: esub at mojones.mojones.com (Mother Jones Electronic Subscription)
Date: Sun, 25 Feb 1996 20:22:09 +0800
Subject: Thank you, MoJo Wire beta-testers
Message-ID: <199602250053.QAA07841@mojones.mojones.com>


Thanks for being a MoJo Wire beta-tester.  We appreciate all your comments and suggestions for our site.  

We've created a new mailing list to keep people up-to-date on the happenings at the MoJo Wire:

http://www.motherjones.com/

Look for updates on:

*Our Election 96 Area:

        Regular RealAudio and text field reports from our "smarty-pants political writers."

*Mother Jones Magazine:

        We put every issue of Mother Jones magazine on-line. And we aren't just dumping in the text files either. Each issue is optimized for online viewing, with searchable databases, clickable imagemaps and more.

*Special MoJo Wire Investigative features:

        Here's where we bring you what no print magazine can. We combine the flexibilty of the Internet with in-depth reporting to give you a whole new form of investigative journalism.



 To unsubscribe from our newsletter, please send an e-mail to majordomo at motherjones.com. In the body of the message (not the subject header) type:

	unsubscribe motherjones-list  [your e-mail address]

for example:

	unsubscribe motherjones-list umansky at motherjones.com


Again, thanks for your help and we hope to see and chat with you on our web site and Live Wire (the interactive chat area of The MoJo Wire). 

Questions, comments? E-mail mailinglist at motherjones.com






From lmccarth at cs.umass.edu  Sun Feb 25 05:56:54 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Sun, 25 Feb 1996 21:56:54 +0800
Subject: InterNIC Guardian Object Draft
In-Reply-To: <199602241712.MAA26212@ops.internic.net>
Message-ID: <199602251334.IAA29519@opine.cs.umass.edu>


-----BEGIN PGP SIGNED MESSAGE-----

ftp://rs.internic.net/policy/internic/internic-gen-1.txt says:
> Jasdip Singh
> Network Solutions
> Mark Kosters
> Network Solutions
> 
> The InterNIC Guardian Object
> DRAFT

Thanks to Eric Eden for forwarding a copy to cypherpunks. I'd like to 
comment on the proposed set of authentication options (authorization schemes).

[...]
> Auth Scheme
> 
> Authorization scheme used to authenticate a Guardian before updating
> the Object it is guarding. The proposed schemes in an increasing
> order of strength are MAIL-FROM, CRYPT-PW, and PGP [1].
> 
> MAIL-FROM MAIL-FROM will parse the FROM: field in the mail header
> of an update message and match it with the email address
> of the Guardian guarding the Object to be updated.
> MAIL-FROM is the default Auth Scheme.

I realize this is meant to be the simplest/least-secure option. Nevertheless,
it seems to me that checking the "From " header instead of the "From:" header
would increase the security of this option at essentially no computational
cost. (I think "From " is commonly called "From_" in the literature these
days.) From_ is harder to forge than "From:", although that's not saying a
great deal.

Might I assume that the current InterNIC practice is to check "From:" ?
If so, you might consider switching to From_ in the interim, before the
Guardian Object stuff gets implemented.

> CRYPT-PW CRYPT-PW will encrypt the cleartext password supplied
> in an update message and match it with the encrypted
> password of the Guardian guarding the Object to be
> updated. Initially when a new Guardian is being
> registered or the authentication information is being
> added to an existing Contact, the encrypted password
> MUST be supplied. The Unix crypt(3) routine SHOULD be
> used to encrypt a cleartext password.

I think that Unix's md5(1) would be a better transformation choice. It is 
available to a similar extent as crypt(3), and is more inversion-resistant.
I'm not sure how the speeds compare. What sort of volume of update messages 
does InterNIC anticipate handling ?  

Also, if you use a hash function such as MD5, you don't need to fool around
with doing something like E_pass(pass). 

In Section 9.3, it says:
> The authentication information for a Guardian will be visible in WHOIS
> unless the Guardian chooses to keep it private. This information will
> be public by default because a Guarded Object should be protected by
> the inherent strength of the selected authorization scheme rather than
> by hiding the authorization information for its Guardian. 

I certainly appreciate the sentiment expressed here that "security through
obscurity" is a wash. However, in this particular situation I don't think
that's the right issue. Keeping the details of a security algorithm or
protocol is rather dubious in many cases. But it's entirely reasonable and
good for a security protocol to specify that some sensitive application data 
handled by the protocol will be hidden. Encryption is, after all, a way to
hide information....

Let me wax concrete now. :} If a Guardian uses CRYPT-PW and the authentication
information appears in the public WHOIS database, then an attacker can learn
crypt(3)_KEY(pass) just by looking up the WHOIS entry. Assuming the Guardian 
isn't hassling with managing a distinct key to encrypt the password, then the
attacker knows crypt(3)_pass(pass). Now she is all set to do an offline
password guessing attack. So exposing the ciphertext of the encrypted password
introduces a weakness.

More importantly, the CRYPT-PW protocol is subject to a replay attack. A 
passive attacker just needs to eavesdrop on an update message to learn the 
plaintext password. Then she can forge additional update messages using the 
purloined password, causing annoyance to Guardians using AFTER-UPDATE
notification and disruption to those using NOT-CARE update notification 
(i.e. none). 

> PGP PGP stands for Pretty Good Privacy [2]. The sender will
> sign the update message with a Guardian's secret PGP
> key. The InterNIC will verify the received update
> message with the Guardian's public PGP key. 

As far as I can see from the draft, the contact update templates do not
include date or time information. This makes the protocol vulnerable to 
a simple replay attack. An attacker can record update messages and replay
them to InterNIC later. 

Depending upon a Guardian's notification status, this could allow the 
attacker to confuse things by restoring an old contact information record. 
Even if a Guardian is using BEFORE-UPDATE, she might not notice that a
subtle change has been undone. An update notification message arriving on 
the heels of a similar one might get approved by a Guardian, who chalks it
up to a mail transport glitch.

Requiring some sort of timestamp field in the signed portion of the contact
templates would be good.

> How to
> register a Guardian's public PGP key with the InterNIC
> will be explained in another document.

Any hints on what this will be like ?

Hope this helps. Feel free to ask questions.

(cc:ed to cypherpunks at toad.com, jasdips at internic.net and markk at netsol.com)

Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTBlC2f7YYibNzjpAQEJrgQAvhQHFbLPpL+n3jjFwO0LW4F72d3/lUcJ
yXhlxS0ko7+0SvXfmndAJ41S/queMjhcLwjJZRWtbQbtdc45lXQxJkykXafQz6Je
y+7T7ZwTMAIDAbd8hcpncv1C5NJrCTqEZNHnFxevmSyWtIgxzM+ndugwWyfVULCQ
JfkAa2ssxIA=
=2Q31
-----END PGP SIGNATURE-----





From jya at pipeline.com  Sun Feb 25 08:01:56 1996
From: jya at pipeline.com (John Young)
Date: Mon, 26 Feb 1996 00:01:56 +0800
Subject: TED_hal
Message-ID: <199602251539.KAA17780@pipe1.nyc.pipeline.com>


   2-25-96.

   The Wash Post has a Page One lead about "atomic bomb spy"
   Theodore Alvin Hall, who, as a young physicist at Los
   Alamos provided the Soviets with Manhattan Project secrets.
   Hall's role was revealed by gradual code-cracking of cables
   under the Venona program.

   Though discovered, for unknown reasons Hall was never
   charged and went on to a distinguished career at Cavendish
   Laboratory, Cambridge, England, where he now lives in
   retirement. Interviewed for the article he neither confirms
   nor denies he was the spy code-named "Mlad." He suggests it
   may be worth investigating why the US has kept silent about
   the case.

   The detailed story correlates Hall's role with the well-
   known atomic bomb spies; gives amazed responses of security
   officers then at Los Alamos; and lays out the long-term,
   never-give-up, FBI tracking and NSA cracking.

   For Unicorn and Bell: Hall was assigned to the Los Alamos
   "Gadgets" division and specialized in implosion devices.

   (With Hall, it's worth wondering if this ancient revelation
   and the recent 20-year-old NSA-spy have anything to do
   with the future of IC budgets -- teasing release of "if you
   knew what we know.")

   TED_hal











From bdolan at use.usit.net  Sun Feb 25 08:41:25 1996
From: bdolan at use.usit.net (Brad Dolan)
Date: Mon, 26 Feb 1996 00:41:25 +0800
Subject: TED_hal
In-Reply-To: <199602251539.KAA17780@pipe1.nyc.pipeline.com>
Message-ID: 




On Sun, 25 Feb 1996, John Young wrote:

>    2-25-96.
> 
>    (With Hall, it's worth wondering if this ancient revelation
>    and the recent 20-year-old NSA-spy have anything to do
>    with the future of IC budgets -- teasing release of "if you
>    knew what we know.")
> 

Lipke's neighbors indicate his income didn't match his lifestyle.

FINCEN at work?

bd






From PADGETT at hobbes.orl.mmc.com  Sun Feb 25 09:10:12 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Mon, 26 Feb 1996 01:10:12 +0800
Subject: Encryption Chips
Message-ID: <960225114724.20210a61@hobbes.orl.mmc.com>


>	Faking crypto chips for public algorithims is theoretically
>more difficult, because its simple to create a DES_verify routine to make
>sure your DES chip is working right.

a) chips do not need makeup
b) t'were me, I would just fix the chip so that instead of 2^56 (DES) keys
   or whatever, the PRNG was "fixed" so that the total keyspace was only 2^32
   for instance. Enough to be nearly impossible to check but small enough
   for a brute force engine to zip through in seconds *if you knew the 
   algorithm*.

The nice thing about am implimentation in software is that the code can be 
examined for just this sort of thing *on a randomly selected operating unit*.
- hard to do with a chip.
						Warmly,
							Padgett





From jya at pipeline.com  Sun Feb 25 09:33:48 1996
From: jya at pipeline.com (John Young)
Date: Mon, 26 Feb 1996 01:33:48 +0800
Subject: WYZ_qak
Message-ID: <199602251706.MAA17180@pipe2.nyc.pipeline.com>


   2-25-96. TWP:

   "Scrambling for a Policy on Encryption Exports. As
   Technology Advances, U.S. and Industry Seek Compromise That
   Balances Public, Private Fears."

   A knowledgeable brief by Elizabeth Corcoran, with quotes by
   wisecracking Crypto-Wise-Quackers.

   WYZ_qak








From jya at pipeline.com  Sun Feb 25 09:53:37 1996
From: jya at pipeline.com (John Young)
Date: Mon, 26 Feb 1996 01:53:37 +0800
Subject: Extra
Message-ID: <199602251720.MAA18096@pipe2.nyc.pipeline.com>


The recent study by Blaze, Diffie, Shimomura, et al, of stunted 
cryptography is featured in the TWP story on crypto exports 
offered with WYZ_qak.





From nobody at REPLAY.COM  Sun Feb 25 10:04:16 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Mon, 26 Feb 1996 02:04:16 +0800
Subject: White House Not Decent
Message-ID: <199602251743.SAA25966@utopia.hacktic.nl>



(Reprinted without permission from the Seattle Times
Personal Technology section)


                 White House Site Blocked

Add the White House to the Internet's extensive list of dens of
sin.

Surfwatch, a widely used software program that prevents access
to, and downloading of, sexually explicit material on the
Internet, accidently blocked access to the White House home page
recently - all because a "White House for Kids" Web site address
contained the word "couples."

That's a dirty word in the Surfwatch universe because many
sexually explicit online sites use it as part of their come-on.

In this case, "couples" merely referred to the Executive Branch
tandems of President and Hillary Rodham Clinton and Al and Tipper
Gore.

Surfwatch fixed the problem within hours, although some might
still find the site offensive.

For political reasons, that is.







From alanh at infi.net  Sun Feb 25 10:33:15 1996
From: alanh at infi.net (Alan Horowitz)
Date: Mon, 26 Feb 1996 02:33:15 +0800
Subject: "E-Money" is trademarked
In-Reply-To: <9602240556.AA26142@bilbo.suite.com>
Message-ID: 


All you have to do, is show you were uising the term beofre they 
registered their trademark. Then sell them your right to use the term.
It should be worth a few grand.





From tcmay at got.net  Sun Feb 25 10:38:53 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 02:38:53 +0800
Subject: TED_hal
Message-ID: 


At 4:17 PM 2/25/96, Brad Dolan wrote:

>Lipke's neighbors indicate his income didn't match his lifestyle.
>
>FINCEN at work?

I'm skeptical.

How would Lipka's neighbors know what his "income" is, unless he told them?
(My neighbors don't have any idea what my income is, for example.) Sounds
like typical bullshit by neigbors, saying they knew something was
"suspicious" (always after the fact, it seems).

Also, all indications so far revealed are that Lipka was only paid by the
Sovs in the mid-to-late 60s. And then only, according to released
information, something like $500 to $1000 per dead drop, about once a
month. Hardly a huge sum, even back then. Even if he invested this, which
is unlikely, how would his neighbors know if this was part of his "income"
or not?

Sounds more like, "Yeah, we knew there was something strange about him,"
which about half of all neigbors say about arrested fugitives in their
midst. (The other half saying, "But he was a really nice guy.")

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Feb 25 10:58:05 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 02:58:05 +0800
Subject: Encryption Chips
Message-ID: 


At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"

>The nice thing about am implimentation in software is that the code can be
>examined for just this sort of thing *on a randomly selected operating unit*.
>- hard to do with a chip.

But of course one's compiler may have been subverted, as Ken Thompson
showed some years back. Software implementations are sensitive to different
sorts of attacks than hardware implementations are.

Me. I don't have any hardware crypto chips at all, and think it unlikely I
will in the next several years. So I use only software crypto
implementations. And I admit to not having verified that my copy of MacPGP
is the same one now at the various sites...I figure that if the NSA has
pulled a blag bag job on me and replaced my MacPGP with a special version
that I've got other problems to worry about!

Your mileage may vary. If I were responsible for crypto for large financial
transactions, I'd have a different set of worries.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From casper at optima.mme.wsu.edu  Sun Feb 25 11:01:08 1996
From: casper at optima.mme.wsu.edu (Chris Grantham)
Date: Mon, 26 Feb 1996 03:01:08 +0800
Subject: White House Not Decent
Message-ID: <01BB036D.31983D80@xtsd0318.it.wsu.edu>


Gee, Someone should forward this thing to Bill, Hmm I think I will...

Chris

----------
From: 	Anonymous[SMTP:nobody at REPLAY.COM]
Sent: 	Sunday, February 25, 1996 9:43 AM
To: 	cypherpunks at toad.com
Subject: 	White House Not Decent


(Reprinted without permission from the Seattle Times
Personal Technology section)


                 White House Site Blocked

Add the White House to the Internet's extensive list of dens of
sin.

Surfwatch, a widely used software program that prevents access
to, and downloading of, sexually explicit material on the
Internet, accidently blocked access to the White House home page
recently - all because a "White House for Kids" Web site address
contained the word "couples."

That's a dirty word in the Surfwatch universe because many
sexually explicit online sites use it as part of their come-on.

In this case, "couples" merely referred to the Executive Branch
tandems of President and Hillary Rodham Clinton and Al and Tipper
Gore.

Surfwatch fixed the problem within hours, although some might
still find the site offensive.

For political reasons, that is.










From rishab at best.com  Sun Feb 25 11:07:56 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Mon, 26 Feb 1996 03:07:56 +0800
Subject: Hack attempt? "12 days" from anon.com
In-Reply-To: 
Message-ID: <199602251845.KAA09031@shellx.best.com>



Regarding the mysterious mail from mailer-daemon at anon.com
that many people have received:
1. The mail was apparently sent by a daemon bouncing
   an undeliverable mail. anon.com is a "virtual domain"
   hosted at io.com, so it's unlikely that the daemon would
   have an anon.com address. 
2. Headers show it was routed through 38.10.221.81 and
   smtp1.interramp.com. That IP address showed up as
   ip81.la.ca.interramp.com the first time I tried a 
   traceroute. The second time it showed up as 
   ip81.syracuse.ny.interramp.com. In any case, traceroute
   went recursive between los-angeles.ca.isdn.psi.net
   (38.145.221.110) and lan.losangeles.ca.psi.net
   (38.145.221.1). This indicates the target could not be
   reached - perhaps it's a PPP address, or disconnected.
3. There is an X-Sender: (Unverified) header entry. So the
   mail was SMTP faked without the HELO protocol.
4. The error purpoting to originate from mailer-daemon at anon.com
   says the mail was addressed to PeppermintPty at loacst.org. loacst.org
   is not a registered domain.
5. PeppermintPty is obviously Peppermint Patty; the "original message"
   is signed Marcie. Peanut fans will recognise these characters.

So - what was it all about? An elaborate prank? A convoluted NSA
plot? I would lean towards the first, but perhaps we'll know
on March 1st, the date to "gain access to target".

Rishab
ps. the copy I received follows:

>From mailer-daemon at anon.com  Fri Feb 23 20:08:00 1996
Received: from m-net148.arbornet.org (m-net.arbornet.org [148.59.250.2]) by shellx.best.com (8.6.12/8.6.5) with SMTP id UAA20969 for ; Fri, 23 Feb 1996 20:07:44 -0800
Received: from smtp1.interramp.com by m-net148.arbornet.org with smtp
        (Smail3.1.29.1 #4) id m0tqBGv-0009SHC; Fri, 23 Feb 96 23:07 WET
Received: from [38.10.221.81] by smtp1.interramp.com (8.6.12/SMI-4.1.3-PSI-irsmtp)
        id XAA24970; Fri, 23 Feb 1996 23:06:42 -0500
X-Sender:  (Unverified)
Message-Id: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 23 Feb 1996 08:11:33 -0800
To: (Recipient list suppressed)
From: mailer-daemon at anon.com (System Mail Manager)
Subject: Twelve Days of Christmas
Status: RO


--  --
UNDELIVERABLE MAIL: Unknown Host("PeppermintPty at loacst.org")
UNDELIVERABLE MAIL: Bad Key

--  --

*** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
*** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***

DAY 10: DR. BLACK located a promising entry point at the target site. DR.
BLACK recovered four of the six password tokens before his position was
compromised. DR. BLACK will be replaced by DR. ORANGE.

Estimated time to recover the remaining two password tokens and gain access
to target: EIGHT DAYS (03.01.96)

Confidence is HIGH.

My team has been working around the clock for a month now. Please tell your
people to be more tolerant. Yelling doesn't help anything.

Marcie










From bdolan at use.usit.net  Sun Feb 25 12:31:02 1996
From: bdolan at use.usit.net (Brad Dolan)
Date: Mon, 26 Feb 1996 04:31:02 +0800
Subject: TED_hal
In-Reply-To: 
Message-ID: 




On Sun, 25 Feb 1996, Timothy C. May wrote:

> At 4:17 PM 2/25/96, Brad Dolan wrote:
> 
> >Lipke's neighbors indicate his income didn't match his lifestyle.
> >
> >FINCEN at work?
> 
> I'm skeptical.
> 
> How would Lipka's neighbors know what his "income" is, unless he told them?
> (My neighbors don't have any idea what my income is, for example.) Sounds
> like typical bullshit by neigbors, saying they knew something was
> "suspicious" (always after the fact, it seems).

Could be.  That's what they said, anyway.  See below.

But if I had the FINCEN databases, I would spend my idle hours looking 
for statistical anomalies.  Like guys whose outgo exceeds reported income.

bd

(Associated Press, 2/23/96)
 
Lipka's Neighbors Had Wonders

   MILLERSVILLE, Pa. (AP) -- To his neighbors, Robert Stephan Lipka was a coin
collector, chess player and off-track betting enthusiast who lived on
disability payments.  [...]

[...]

On Friday, federal agents converged on his one-story brick colonial house in
this rural central Pennsylvania town and arrested Lipka. He was charged with
selling secrets to the Soviets for nearly 10 years. 
   
Authorities said he passed documents to the Soviets during the Vietnam War
when he was an Army clerk at the Pentagon's National Security Agency at Fort
Meade, Md., sometimes getting up to $1,000 for each delivery of information. 
[...]

Bewildered neighbors watched as federal agents walked in and out of the
house Friday morning. A garbage crew stopped to pick up the family trash, only
to open the lid of an empty can, the contents apparently taken already by
authorities. 

Neighbor James Quinn said there had been some speculation in the
neighborhood how about the Lipkas could afford the $168,000 house they bought a
year ago. Lipka sold his former house only two months ago, for $76,000. 

[...]







> 
> Also, all indications so far revealed are that Lipka was only paid by the
> Sovs in the mid-to-late 60s. And then only, according to released
> information, something like $500 to $1000 per dead drop, about once a
> month. Hardly a huge sum, even back then. Even if he invested this, which
> is unlikely, how would his neighbors know if this was part of his "income"
> or not?
> 
> Sounds more like, "Yeah, we knew there was something strange about him,"
> which about half of all neigbors say about arrested fugitives in their
> midst. (The other half saying, "But he was a really nice guy.")
> 
> --Tim
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 





From jgrasty at gate.net  Sun Feb 25 12:48:10 1996
From: jgrasty at gate.net (Joey Grasty)
Date: Mon, 26 Feb 1996 04:48:10 +0800
Subject: WinSock Remailer
Message-ID: <199602252025.PAA13300@osceola.gate.net>


C-punks:

You can now check out the features of the WinSock 
Remailer at:

  http://www.c2.org/~winsock/

The remailer is now scheduled to be operational 
about March 21, 1996.  After a one month alpha test, the
executable will be available for download for beta
testing by anyone who wants to run a remailer.

Regards,

--
Joey Grasty
jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty at pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7





From unicorn at schloss.li  Sun Feb 25 13:00:08 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Mon, 26 Feb 1996 05:00:08 +0800
Subject: mismaster
Message-ID: 



Where is the latest version of mixmaster available?

I can't seem to get hold of obscura for lance's homepage and 
     * http://nately.ucsd.edu/~loki/
     * ftp://nately.ucsd.edu/pub/remail/
seem to be down.

Any ideas?



---
My prefered and soon to be permanent e-mail address: unicorn at schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From Chris.Claborne at SanDiegoCA.ATTGIS.com  Sun Feb 25 13:14:25 1996
From: Chris.Claborne at SanDiegoCA.ATTGIS.com (Chris Claborne)
Date: Mon, 26 Feb 1996 05:14:25 +0800
Subject: Cypherpunks vs. Coderpunks
Message-ID: <2.2.32.19960225174116.005d16a8@opus.SanDiegoCA.ATTGIS.com>


At 09:49 PM 2/24/96 GMT, attila wrote:
>** Reply to note from Perry E. Metzger  02/13/96
1:29pm -0500
>
>  [snip] 
>= The thing that makes Cypherpunks worthwhile is that its a place where
>= you could, once, get news updates about GAK, information on the latest
>= research into cryptography, organize mass key crackings, discuss APIs,
>= talk a bit about the politics of cryptography, etc.
>= 
>    sounds like we're having the sme problems as "democracy" --it soon
becomes  
>irrelevant!  example:
>
>	I was out of town for 6 days: I returned to find 1056 messages in the sorted 
>    mailbox!  yes: 1056 messages which it took close to an hour to delete
almost 800 
>    of them as irrelevant. some you can discard automatically depending on the 
>    author, some by content, etc. but I agree: it is clutter.

   I spend most of my time here as a lurker but I must chime in now. :)

  I filter to an unread area and then try to read once per week.  I know
that I trim off good articles while trying to trim the fat off.  If you
can't exercise restraint, how about putting "junk" as the first word in your
subject.  

                                        ...  __o
                                       ..   -\<,
Chris.Claborne at SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.
PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.






From mrm at netcom.com  Sun Feb 25 13:35:37 1996
From: mrm at netcom.com (Marianne Mueller)
Date: Mon, 26 Feb 1996 05:35:37 +0800
Subject: DNS-related problem, and, motherhood 'n apple pie, etc
Message-ID: <199602252053.MAA25480@netcom20.netcom.com>


I hope people evaluate Java (and all software) based on technical issues, 
and not based on whether or not you think I'm clueless, brain damanged or 
a liar. 

We take the DNS-related problem very seriously; we do understand how DNS
works (I did say "apologies for the oversimplifiation"); we never have put
our heads in the sand.  I do think it's a bit unfair to the Java team to
say we put our heads in the sand, since we are deliberately trying to be
as open and honest and forthcoming as we can.  I mean, we are publishing
full source code, which I'm not sure is the case for lots of software that
people place a lot of trust in, implicitly or explicitly. 

As I've said every time I've said anything, every time security awareness
on the net is raised, I think it's good for the net.  I personally don't
regard the internet as secure, and any information I care about I have
encrypted on disk.  Any information I really, really care about I don't
even have on the internet.  I do regular backups.  I'm not saying this is
what everyone has to do.  But it's not that hard or time-consuming, and it
wouldn't hurt.  But people who are in charge of corporate security for
their company, or people who have very sensitive or very valuable
information on their disks, should consider the many ways that the internt
is insecure, not just how some applet could be exploited. 

Having said that, does that imply that I think it's OK for a Java
application to have security holes?  Of course not!  I hope we can use
Java-the-language to build more secure systems than we've gotten used to
surviving in the past.  Does that mean I'm downplaying the importance or
seriousness of any applet-related hole?  Of course not!  I think it's
possible simultaneously to understand the seriousness of a security hole,
AND still to say it's a good idea for people to practice safe internet. 

Marianne Mueller
I work for Sun, on the Java team. 
mrm at netcom.com
mrm at eng.sun.com
http://java.sun.com/people/mrm/










From adam at lighthouse.homeport.org  Sun Feb 25 13:36:38 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 26 Feb 1996 05:36:38 +0800
Subject: mismaster
In-Reply-To: 
Message-ID: <199602252056.PAA23310@homeport.org>


Black Unicorn wrote:
| 
| Where is the latest version of mixmaster available?

utopia.hacktic.nl/pub/replay/pub/remailer/Mix.2.0.3.tar.gz

Also, check out my mixmaster install script. Mail me a message with
'get mix-installer' in the subject.  Guaranteed to work, or double
your money back. :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From perobich at ingr.com  Mon Feb 26 05:49:03 1996
From: perobich at ingr.com (Robichaux, Paul E)
Date: Mon, 26 Feb 96 05:49:03 PST
Subject: REM_ote
Message-ID: 


Alex Strasheim said:
>(A useful feature for Netscape might be a facility that checks
>periodically to see if a security patch is in order, and displays a
>warning if it is.)

The Simple Internet Version Control (SIVC, pronounced "civic") protocol does 
just this. See http://wwwhost.ots.utexas.edu/sivc/spec.html for details. 
SIVC is popular on the Mac, but I don't know if it's been put up as an RFC.

-Paul







From jis at mit.edu  Sun Feb 25 13:52:22 1996
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Mon, 26 Feb 1996 05:52:22 +0800
Subject: Internet shutdown Feb 29?
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

>This looks completely, totally, and insanely bogus, but I
>need some kind of verification for this bizarre little
>piece of mail that somehow ended up in my mailbox.
>
>Anybody from MIT ever heard of "Kim Dereksen"?

Yeah, from several of ISP's and others (including one un-named government
organization that wanted to FAX us the message, for security reasons,
didn't want to send it over the network).

Of course the message is Bogus... it wasn't even e-mailed from MIT (nor did
the author try to make it look so).

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTDOksUtR20Nv5BtAQEoUwP/QYtgsYDnzjv/usaBax+pXX3glYLpewMO
Fi/cQN5840YigQpA/3klyptyEtA9sj2Vd3CYvGfj0KYqZfRG1mSKecURRBHE7kzq
hB2o4fter8Pjp+3bW3APb6DsrCvlkmYcnR+QYBN8oikKkv1+cGYvHl7w6x3LJiiU
U5BLXiPc2s0=
=98q4
-----END PGP SIGNATURE-----







From pierre at dragon.achilles.net  Sun Feb 25 14:00:48 1996
From: pierre at dragon.achilles.net (Pierre Bourque)
Date: Mon, 26 Feb 1996 06:00:48 +0800
Subject: Hack attempt? "12 days" from anon.com
In-Reply-To: <199602251845.KAA09031@shellx.best.com>
Message-ID: 


Are they trying to access Snoopy's doghouse ?

Pierre Bourque
Mercenary Scribbler
SurfBoard: here
And on the Left Coast: pierre at well.com



On Sun, 25 Feb 1996, Rishab Aiyer Ghosh wrote:

> 
> Regarding the mysterious mail from mailer-daemon at anon.com
> that many people have received:
> 1. The mail was apparently sent by a daemon bouncing
>    an undeliverable mail. anon.com is a "virtual domain"
>    hosted at io.com, so it's unlikely that the daemon would
>    have an anon.com address. 
> 2. Headers show it was routed through 38.10.221.81 and
>    smtp1.interramp.com. That IP address showed up as
>    ip81.la.ca.interramp.com the first time I tried a 
>    traceroute. The second time it showed up as 
>    ip81.syracuse.ny.interramp.com. In any case, traceroute
>    went recursive between los-angeles.ca.isdn.psi.net
>    (38.145.221.110) and lan.losangeles.ca.psi.net
>    (38.145.221.1). This indicates the target could not be
>    reached - perhaps it's a PPP address, or disconnected.
> 3. There is an X-Sender: (Unverified) header entry. So the
>    mail was SMTP faked without the HELO protocol.
> 4. The error purpoting to originate from mailer-daemon at anon.com
>    says the mail was addressed to PeppermintPty at loacst.org. loacst.org
>    is not a registered domain.
> 5. PeppermintPty is obviously Peppermint Patty; the "original message"
>    is signed Marcie. Peanut fans will recognise these characters.
> 
> So - what was it all about? An elaborate prank? A convoluted NSA
> plot? I would lean towards the first, but perhaps we'll know
> on March 1st, the date to "gain access to target".
> 
> Rishab
> ps. the copy I received follows:
> 
> >From mailer-daemon at anon.com  Fri Feb 23 20:08:00 1996
> Received: from m-net148.arbornet.org (m-net.arbornet.org [148.59.250.2]) by shellx.best.com (8.6.12/8.6.5) with SMTP id UAA20969 for ; Fri, 23 Feb 1996 20:07:44 -0800
> Received: from smtp1.interramp.com by m-net148.arbornet.org with smtp
>         (Smail3.1.29.1 #4) id m0tqBGv-0009SHC; Fri, 23 Feb 96 23:07 WET
> Received: from [38.10.221.81] by smtp1.interramp.com (8.6.12/SMI-4.1.3-PSI-irsmtp)
>         id XAA24970; Fri, 23 Feb 1996 23:06:42 -0500
> X-Sender:  (Unverified)
> Message-Id: 
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Fri, 23 Feb 1996 08:11:33 -0800
> To: (Recipient list suppressed)
> From: mailer-daemon at anon.com (System Mail Manager)
> Subject: Twelve Days of Christmas
> Status: RO
> 
> 
> --  --
> UNDELIVERABLE MAIL: Unknown Host("PeppermintPty at loacst.org")
> UNDELIVERABLE MAIL: Bad Key
> 
> --  --
> 
> *** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
> *** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***
> 
> DAY 10: DR. BLACK located a promising entry point at the target site. DR.
> BLACK recovered four of the six password tokens before his position was
> compromised. DR. BLACK will be replaced by DR. ORANGE.
> 
> Estimated time to recover the remaining two password tokens and gain access
> to target: EIGHT DAYS (03.01.96)
> 
> Confidence is HIGH.
> 
> My team has been working around the clock for a month now. Please tell your
> people to be more tolerant. Yelling doesn't help anything.
> 
> Marcie
> 
> 
> 
> 
> 
> 





From stewarts at ix.netcom.com  Sun Feb 25 14:02:23 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Mon, 26 Feb 1996 06:02:23 +0800
Subject: Internet Protest!
Message-ID: <199602252130.NAA16836@ix3.ix.netcom.com>


At 08:13 AM 2/23/96 -0600, m5 at dev.tivoli.com (Mike McNally) wrote:
>  Is anybody so seriously delusional
>that they imagine poor Bill Clinton having to work his way through all
>the mail with elm?

It's really not that tough -
        g/Bill Of Rights/d

They're already about half done .....

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From casper at optima.mme.wsu.edu  Sun Feb 25 14:21:38 1996
From: casper at optima.mme.wsu.edu (Chris Grantham)
Date: Mon, 26 Feb 1996 06:21:38 +0800
Subject: PGP
Message-ID: <01BB0387.E234CCC0@xtsd0108.it.wsu.edu>


R U aware of a PGP mailing list?

Chris

P.S. How do I attach a sig to a Microsoft Exchange message?

FOR BEST SECURITY -STEAM ALL PGP MESSAGES!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----






From markm at voicenet.com  Sun Feb 25 14:37:33 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 26 Feb 1996 06:37:33 +0800
Subject: mismaster
In-Reply-To: 
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 25 Feb 1996, Black Unicorn wrote:

> Where is the latest version of mixmaster available?
> 
> I can't seem to get hold of obscura for lance's homepage and 
>      * http://nately.ucsd.edu/~loki/
>      * ftp://nately.ucsd.edu/pub/remail/
> seem to be down.
> 
> Any ideas?

The new URL is http://www.obscura.com/~loki/ .  You can also get mixmaster
from ftp.hacktic.nl.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMTDcQLZc+sv5siulAQGYEAP/XdAwLotOq4QfeCehBxlM86cNqz4uwLaO
JKajKMaOiHY/isbA5QkKK+n67YxsgS+tuVw/Hpfx4CE8lJa+HIgMc8DvRsyRKjWR
U45/qseGR1yzZpP+rZJRWvGYi8qxU2wgWqDwgC9KbbwVRBN29RJnfkTXFyFiMsmC
MJ2snd1Shpg=
=8Nzx
-----END PGP SIGNATURE-----





From markm at voicenet.com  Sun Feb 25 14:52:02 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 26 Feb 1996 06:52:02 +0800
Subject: Cypherpunks vs. Coderpunks
In-Reply-To: <2.2.32.19960225174116.005d16a8@opus.SanDiegoCA.ATTGIS.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 25 Feb 1996, Chris Claborne wrote:

>   I filter to an unread area and then try to read once per week.  I know
> that I trim off good articles while trying to trim the fat off.  If you
> can't exercise restraint, how about putting "junk" as the first word in your
> subject.  

Many people put "[NOISE]" in the beginning of the "Subject:" header to filter
out non-crypto related posts.  However, this does not work too well, as many
posts labelled as noise are really quite interesting, and many off-topic posts
are not labelled as such.  This kind of labelling also gets annoying because
it screws up subject threading.

If you really want to kill-file all noise postings, just remember to also
kill replies (lines beginning with "Re: [NOISE]").

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMTDd27Zc+sv5siulAQHMCAQAlWDh3Z6Z+p/EpV7W1KcOnB8BtrtJNayE
RGB9JAI3o+2HOFo92ilzIh39DdOt3BUmhklQT2WvqZtbSWQwozJObtV33ux8R00k
GKjUfpBKjL9d7e+6+pmeFaznQ4wz2MsxNIRJx/2atsD6+S3nJdXCs9zRtLxO3cdZ
qqUF0KUo9cE=
=Ss/j
-----END PGP SIGNATURE-----





From perry at vishnu.alias.net  Sun Feb 25 14:57:50 1996
From: perry at vishnu.alias.net (John Perry)
Date: Mon, 26 Feb 1996 06:57:50 +0800
Subject: mismaster
In-Reply-To: 
Message-ID: <199602252225.QAA07120@localhost.jpunix.com>


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Black" == Black Unicorn  writes:


    Black> Where is the latest version of mixmaster available?

    Black> I can't seem to get hold of obscura for lance's homepage
    Black> and * http://nately.ucsd.edu/~loki/ *
    Black> ftp://nately.ucsd.edu/pub/remail/ seem to be down.

    Black> Any ideas?

You can obtain Mixmaster via FTP or WWW by connecting to
vishnu.alias.net and following the instructions.

 John Perry - KG5RG - perry at vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry at vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTDhwKghiWHnUu4JAQFavAf/Yatwc0we2Km4Ks66Of9/OdKpeYDaqvKw
fnv6y7u7ZFCrSRsJDkXw5VGGtCldpSx5NwZnc7woCmAm5U+U4sXwKgrBcaWzoEhK
FODcu/i1hVWK1ILDRcQA2aGv5s+BNTN7j33gKh0GBeZ07czr7Tv5KUHpbaGDNJZk
zKEMGxilqVbBmYyeRkAzOgCq/2hed0BMYvW/dplfHR/thvX8LiEb0AnRqWZINRf2
vqCdZhoMyXXI49rurc3kBjJkeR9Vg7kPGTrdsTnBTydR/XdQAZWLFD992sA4KZXe
I+pqLqouux3J9W8KcXOdxSNzWxrv6/rrN42wWzBTv7A0NWVBjkIajg==
=3+5U
-----END PGP SIGNATURE-----





From tcmay at got.net  Sun Feb 25 15:16:04 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 07:16:04 +0800
Subject: Cypherpunks vs. Coderpunks
Message-ID: 


At 5:41 PM 2/25/96, Chris Claborne wrote:

>  I filter to an unread area and then try to read once per week.  I know
>that I trim off good articles while trying to trim the fat off.  If you
>can't exercise restraint, how about putting "junk" as the first word in your
>subject.

Ah, but where was the "junk" as the first word of your post?

You see, therein lies the reason these labelling schemes almost never work.
Few people think there own stuff is "junk," else presumably they wouldn't
post it. You can bet your bottom e-dollar that Jim Bell won't label his
posts about assassination politics or nuclear bomb high explosive triggers
as "junk." Nor that I will label my own stuff as "junk."

About like asking people to label themselves as "turkeys" just so we can
deal with crowds better.

Frankly, I think we waste more time arguing about how to improve the
"signal to noise ratio," ephemeral a concept at this is, than it takes to
simply delete posts each of us various dislikes.

The notion that we can "nudge" other people into only posting the kinds of
articles we all want to see is flawed: there is no single type of good
article, and one man's "junk" is another man's "gold."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jya at pipeline.com  Sun Feb 25 16:06:03 1996
From: jya at pipeline.com (John Young)
Date: Mon, 26 Feb 1996 08:06:03 +0800
Subject: Crypto Export Legislation?
Message-ID: <199602252338.SAA25184@pipe1.nyc.pipeline.com>


The excerpt below is from the Wash Post article today. Does 
anyone know the status of the Leahy/Goodlatte bills?


BTW, it's been suggested that this article is sufficiently on 
topic to post to the list in its entirety. Anyone else whose 
seen it agree?


----------


   The Washington Post, February 25, 1996, pp. H1, H4.


   Scrambling for a Policy on Encryption Exports

   [Long snip]


   Industry also is fanning Congress's interest in taking a
   bigger role in the encryption debate. "Without
   congressional interest, the administration has no reason to
   liberalize exports at all," said Becca Gould, director of
   policy at the Business Software Alliance. "This issue is in
   Congress's front yard because it affects the economy" as
   well as U.S. citizens' privacy rights.

   Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
   (R-Va.) agree. They plan to introduce bills in the Senate
   and House aimed at loosening the restrictions on
   encryption. "The federal government is taking an attitude
   that's based more in the 1970s than in present time," said
   Leahy in a telephone interview.

   "This is a matter that should be decided by legislation,"
   he added. "We're talking about billions of dollars in
   revenues and thousands of jobs if we're handicapped in our
   global market, especiaUy if what we're told to do is to
   build an export encryption program that is so outdated that
   our 12-year-old computer experts wouJd laugh at it."

   The bills would do away with export licenses for any
   encryption technology considered to be "generally
   available," or "in the public domain." Leahy said that
   although he, too, worries about national security and
   terrorism, trying to bottle up technology won't solve the
   problem.

   Law enforcement has "got to figure out how to keep ahead
   ... and surprise, surprise, there will be some times when
   we won't be able to eavesdrop," Leahy said. Even now,
   criminals can make calls at pay telephones or avoid
   detection in other ways. The government shouldn't cripple
   the computer industry every time a new technology springs
   up that challenges law enforcement, he said.

   "What I'm suggesting is that if [the administration] works
   with the Congress, we'll find a solution," Leahy said.

   ...








From casper at optima.mme.wsu.edu  Sun Feb 25 16:28:32 1996
From: casper at optima.mme.wsu.edu (Chris Grantham)
Date: Mon, 26 Feb 1996 08:28:32 +0800
Subject: PGP
Message-ID: <01BB0399.29EB80C0@xtsd0108.it.wsu.edu>


Sorry, that wasn't suppose to be sent there too.
Chris

----------
From: 	Chris Grantham[SMTP:casper at optima.mme.wsu.edu]
Sent: 	Sunday, February 25, 1996 1:38 PM
To: 	'Thaddeus J. Beier'
Cc: 	'Cypherpunks'
Subject: 	PGP

R U aware of a PGP mailing list?

Chris

P.S. How do I attach a sig to a Microsoft Exchange message?

FOR BEST SECURITY -STEAM ALL PGP MESSAGES!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----









From frantz at netcom.com  Sun Feb 25 16:31:10 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 26 Feb 1996 08:31:10 +0800
Subject: REM_ote
Message-ID: <199602260003.QAA01640@netcom7.netcom.com>


At  8:17 AM 2/24/96 -0800, sameer wrote:
>> about your browsing habits.  Of course we have never done this, but if we
>> were "phoning home" periodically to check for new releases it might raise
>> some suspicion among the more paranoid.
>> 
>>   I guess we could make it an option...
>
>        I don't think you need to "phone home". Just make it happen
>whenever someone hits the Netscape web site. some monstrous percentage
>of Netscape users haven't changed the default home page, and even
>those who have do go to the Netscape page every now and then.

I will point out that we are already trusting our copy of the Netscape
browser not to abuse its knowledge of our browsing habits.  The best we can
do to assure that our trust is not misplaced is monitor its communications,
and if it is encrypting, we can't even do that.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From Greg_Rose at sydney.sterling.com  Sun Feb 25 16:31:53 1996
From: Greg_Rose at sydney.sterling.com (Greg Rose)
Date: Mon, 26 Feb 1996 08:31:53 +0800
Subject: Ascom Tech License for IDEA
In-Reply-To: 
Message-ID: 



Mark Aldrich  wrote:
  "In the US, ViaCrypt pays the royalties to Ascom for every copy of 
  ViaCrypt PGP shipped.  Users of ViaCrypt PGP have nothing to worry 
  about.  Personal users of MIT PGP in the US also have nothing to worry 
  about because Ascom's published position deals with 'commercial use'. The 
  only people who need to do anything are people overseas using PGP 2.6i or 
  2.6ui in their businesses.  They need to license IDEA from Ascom."

As another data point, I (sitting in Australia)
attempted to buy a licence through the Web page
and encrypted emailed credit card, and in return
received a phone call from Zurich. I was informed
that IDEA was not patented in Australia, and my
attempt to pay was appreciated but declined.

Europe generally has patent coverage I believe.

Greg.

Greg Rose               INTERNET: greg_rose at sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.





From ses at tipper.oit.unc.edu  Sun Feb 25 17:07:49 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 26 Feb 1996 09:07:49 +0800
Subject: Internet shutdown Feb 29?
In-Reply-To: 
Message-ID: 


On Sun, 25 Feb 1996, Jeffrey I. Schiller wrote:

> 
> Yeah, from several of ISP's and others (including one un-named government
> organization that wanted to FAX us the message, for security reasons,
> didn't want to send it over the network).
> 

As a matter of interest, I wonder how much of the internet could be 
shut down by concerted effort; obviously individual services can be 
trivially disabled by jamming listen queues (not really stoppable by 
anything short of IPSEC w/photuris). The BGP backbone could probably be 
disabled from within by a traitor planted in one of big companies, and a 
confused backhoe around the MAEs could probably do a lot more damage than 
people would like to admit. It seems that the internet is getting pretty 
brittle- I wonder if it would be worthwhile having some sort of infranet 
with a bunch of backups links using dial-up lines or spare transponders 
(with a filter to block port 80 :-)

It's probably not possible with  todays routing technology 
(slow, flappy links with nightmarish convergence times), plus it's not 
sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should 
be working on- something to keep the essential services flowing in the 
early stages of an info-war, or an info truck-bomb




---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From adam at lighthouse.homeport.org  Sun Feb 25 18:32:52 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 26 Feb 1996 10:32:52 +0800
Subject: Encryption Chips
In-Reply-To: <960225114724.20210a61@hobbes.orl.mmc.com>
Message-ID: <199602260205.VAA24540@homeport.org>


a. huh?
b. I was assuming something similar to the Sun /dev/des, which is
basically invoked as 
int cbc_crypt(key, data, datalen, mode, ivec)
              ^^^

If your chip is doing key generation for you, then testing is tougher.

Adam


A. Padgett Peterson P.E. Information Security wrote:

| >	Faking crypto chips for public algorithims is theoretically
| >more difficult, because its simple to create a DES_verify routine to make
| >sure your DES chip is working right.
| 
| a) chips do not need makeup
| b) t'were me, I would just fix the chip so that instead of 2^56 (DES) keys
|    or whatever, the PRNG was "fixed" so that the total keyspace was only 2^32
|    for instance. Enough to be nearly impossible to check but small enough


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From warlord at MIT.EDU  Sun Feb 25 18:37:51 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 26 Feb 1996 10:37:51 +0800
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602210524.AAA10716@bb.hks.net>
Message-ID: <199602260201.VAA32358@in-touch.mit.edu>


> ViaCrypt's page talks about a beta version of PGP 4.0 available
> at some sites. Hmmm.
> 
> The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.

PGP3, which I've been working on with Colin Plumb for some time, is
based upon a specified API.  Although the API is still under
development, the plan is to have libraries available for UNIX, Mac,
and Windows (DLL).

At this time the API Spec and Programmer's Guide documents are not
publically available.  Hopefully this will change in the next few
weeks.

-derek






From adam at lighthouse.homeport.org  Sun Feb 25 19:01:06 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Mon, 26 Feb 1996 11:01:06 +0800
Subject: Java configurability
Message-ID: <199602260229.VAA24656@homeport.org>


Alex Strasheim wrote:

| What are we talking about specifically when we talk about security
| oriented configurability?  Rather than just turning java(script) on and
| off, wouldn't it be useful to piggyback off of the X.509 system that's
| already in place?

| For every CA's or server's cert, they'd just have to add two checkboxes:  
| whether or not to run java applets or javascript code from servers 
| vouched for by those certs.  Is that what people mean when they talk 
| about configurability, or just the ability to shut down java*script) all 
| together?

	I mean the ability to shut down Java or JavaScript (hereafter
called J-code), but not only from a user point of view.  Its
ludicrously easy to convince users to do things that they shouldn't be
doing, so not only do we need a Java off and JavaScript off button
within Netscape, but we also need a means to enforce it at a company
wide level.

	Think about it from the point of view of a business.  There's
this Java software.  You keep reading about how its not really secure
in the press.  Do you trust your users to do the right thing?  You
know how they'll do things like arbitrarily change their IP address
on you.

	So, what do we want as a business?  We want the ability to
define trust.  We want to be able to say what our users can do with
the machines & software we put on their desktop.  We want to be able
to provide them with applets to run.

	This generates a set of needs.  First, we need to be able to
tell Netscape about our corporate policy.  The logical place to do
that is at the HTTP proxy on our firewall.  (Or possibly at a
different port on the machine.)

	Once we have the ability to provide "MUST obey" directives, we
need to ask what those directives should be.  Obviously, we might want
the ability to turn J-code off when passing through this
gateway.

	Next, we would want the ability to allow SELECTED or approved
J-code through.  How do we select it?  It comes from an approved
source.  That source verifies that it created/vetted the code with a
digital signature.  (With an expiration date on it, please.  Code
should need to be re-certified in the light of new bugs in J.)

	The certificate would need to sign a block with at least:

	{
	
	
	}

	Policies?  Thats right.  Java has the potential to do some
really nifty stuff at the corporate level.  Purchasing agents, travel
& reimbursement, etc are the obvious ones.  But those might well need
to be allowed access to disk or network resources.  The fact that I
allow a bit of code signed by the NSA to run doesn't mean I want it to
be as privledged as code written locally.

	Now, the fact that Vericode thinks this code should get disk
access doesn't mean your company does.  So the policy there is a
MAXIMUM level of access that the J-code should get.  I might set it at
less, say, only allowed access to accounting_gw, on port 3456, between
9AM and 5PM.  (I think time controls are a loss, but lots of people
seem to like them.)

	So what would go into a config file?  Things should start
based on a global prohibition.  'That which is not explicitly allowed
is forbidden.'  With the permission of the company, it should be
possible to swap this towards todays setup 'That which is not
forbidden is allowed.'  However, I doubt many companies will go for
that.  None with smart security people will.

	So, having prohibited everything, we now consider if we should 
allowing any of these J-code things to run.  And how do we
discriminate?  Signatures.  So we need to put keys (and fingerprints)
into the config file.

	Once we have keys in the file, we start assigning them
privledges.  "Can examine this file."  "Can examine this list of
files."  "Can write in /tmp, assuming that its less than 80% full."
"Can edit the file /etc/passwd."

	So, is it more clear what I'm looking for?

	(Incidentally, X.509 is a bear.  Read Carl Ellison's comments
last November, and also Ross Anderson's 'Robustness Principles' paper.)

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From ab411 at detroit.freenet.org  Sun Feb 25 20:06:21 1996
From: ab411 at detroit.freenet.org (David R. Conrad)
Date: Mon, 26 Feb 1996 12:06:21 +0800
Subject: Percy the Python loves IPG
Message-ID: <199602260341.WAA26557@detroit.freenet.org>




I think the IPG system is great!  Percy, my pet python, has never been
slicker or better lubricated!

IPG Sales  wrote:
>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

What you have, as far as I can tell, with your "random-number-rotor-large-
random-prime-number-rotor-wheels", is a proprietary encryption algorithm
that uses a 5600-bit random number as a key.

There are two points on which you are to be commended.  5600 bits is
plenty large as a key (excessive, even), and you claim to generate the
key with a true hardware RNG.

Unfortunately, you are undone by two points which go against your scheme.

First, your algorithm is proprietary, and as such is probably not worth
a hill of beans.

Second, the keys to your system are known to three parties: the sender of
a message, the recipient of that message, and your company!  This means
that your company can intercept and decrypt any message that uses your
system.  All that is required is to keep a record of all keys generated
and who they were distributed to, and to know the identities of the
people communicating.

You've already indicated, when you claimed "790 gigabytes" of data
generated for testing with "multiple backups", that your company has
the capability to store and access multiple terabytes of information.

I'm sure you will protest your honesty; you may even *be* honest, but the
security of your system will rely not only on the security of the algorithms
and their correct implementation, but also on the honesty of your company
and every employee who ever works for it.

I don't need to trust R, S, and A whenever I use RSA, so long as the
algorithm is secure, and correctly implemented.

> Just becuase we
>convert over from a full OTP to a prime number wheel system configured
>from the OTP doers not mnean that the result is not an OTP

Of course it does.  Which part of "One" don't you understand?


--
David R. Conrad, conrad at detroit.freenet.org   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce





From jya at pipeline.com  Sun Feb 25 20:27:11 1996
From: jya at pipeline.com (John Young)
Date: Mon, 26 Feb 1996 12:27:11 +0800
Subject: TWP on Crypto Export Policy
Message-ID: <199602260353.WAA13754@pipe1.nyc.pipeline.com>


   The Washington Post, February 25, 1996, pp. H1, H4.


   Scrambling for a Policy on Encryption Exports

      As Technology Advances, U.S. and Industry Seek
      Compromise That Balances Public, Private Fears

   By Elizabeth Corcoran


   Keeping information about technology out of other people's
   hands gets tougher all the time. And in the realm of the
   Internet, where information ignores boundaries and some
   cybersurfers flaunt rules, it may become impossible.

   A big test of that statement is emerging in cryptography,
   the business of scrambling information so that it looks
   like gibberish to anyone lacking the keys for unlocking the
   code.

   Once considered an arcane subspecialty of mathematicians
   and espionage, cryptography is rapidly becoming big
   business as more and more of the world's information is
   exchanged on electronic networks and as more and more
   people want to protect their data from prying eyes.

   But in these times of international terrorism, drug
   trafficking and sometimes peculiar financial transactions,
   law enforcement agencies want to be able to legally
   eavesdrop. As technology has grown dramatically more
   powerful, the ability to peek at encrypted information is
   slipping from the hands of government.

   That balance -- how much access can government demand vs.
   how much privacy others want -- has long been a theological
   debate between civil liberties advocates and worried law
   enforcement officials.

   Now, giddy with the growth of the Internet, technology
   companies have joined the debate. Both the software
   industry and civil liberties advocates believe powerful
   encryption will spur the growth of electronic
   communications and the Internet. And they don't want
   encryption restrictions to curb that growth.

   There are no limits on what kinds of encryption people can
   use within the United States. But the government has used
   export restrictions to try to shape what encryption
   technology is used internationally, and by extension, what
   is available in the United States. Those export laws
   prohibit U.S. companies from selling their best technology
   overseas.

   The restrictions, companies contend slow the development of
   the Internet and harm a potentially lucrative market for
   U.S. manufacturing. Making two flavors of an encryption
   product, U.S. companies contend, is expensive. Yet even
   more worrisome is that foreign competitors are likely to
   move in and offer better technology. That could spell the
   loss not just of sales of encryption technology, but of
   many other products that rely on strong digital protection
   as well.

   So companies are looking hard for ways to wriggle around
   the rules -- and beginning to find them.

   "Trying to suppress this technobgy is like Prohibition,"
   said Whitfield Diffie, a cryptographer at Sun Microsystems
   Inc. and an outspoken advocate of widespread use of
   encryption technology. Companies will use anything at hand
   -- technology, business strategies and even the promise of
   congressional action -- to begin to get their home-brews
   out.

   Building and breaking encryption is hard. All information
   stored in computers -- whether pictures or sounds or
   documents -- is represented by ones or zeros or bits, the
   genetic code of the digital world. Encryption techniques
   amount to applying clever mathematical formulas to a
   collection of bits to make it look like gibberish to the
   uninitiated.

   Unlocking encrypted data requires a "key," a mathematical
   formula that can make sense of the tricks used to scramble
   the data. One common way to measure the sophisticaticn of
   an encryption scheme is by the number of bits in the key.
   The more bits, the harder it is to decode the information.

   A 30-bit key, for instance, could take as many as a billion
   random calculations to crack the code. A 60-bit key could
   take a billion-times-a-billion calculations.

   In past decades, governments were largely the only
   organizations with the money and need to tackle such
   expensive problems. But as the power of computers has
   soared -- and the cost of running millions of calculations
   has fallen -- companies and individuals have begun to
   clamor for sophisticated encryption.

   "We believe that encryption is a critical technology" to
   support many areas of electronic commerce, said Craig
   Mundie, a senior vice president at Microsoft Corp.

   Under current rules, U.S. companies can export encryption
   technologies that use up to 40-bit keys. A few years ago,
   such a lock might have stopped all but the most determined
   digital interlopers.

   No more. Within the past year graduate students at the
   Ecole Polytechnique in Paris and others at the
   Massachusetts Institute of Technology have shown they can
   break the 40-bit encryption used by Netscape Communications
   Corp. A few weeks ago, Diffie and six other well-know
   cryptographers began circulating a report in which they
   argue that to "adequately" protect information for the next
   20 years, keys should be as long as 90 bits.

   Even encryption wizards at the National Security Agency
   would have trouble unlocking 90-bit encrypted information,
   experts say.

   So the government has tried to craft a compromise. Last
   summer, the government suggested that it would likely let
   companies use up to 64-bit encryption -- provided they set
   up a way for law enforcement agents, with a court order, to
   unlock encrypted information.

   Under this proposal, a "trusted third party," such as a
   bank or an encryption company that typically handles
   sensitive information, would safeguard the key. The plan
   has since bogged down over such details as precisely who
   might qualify as a trusted third party.

   Last fall, Trusted Information Systems (TIS) in Glenwood,
   Md., in what it calls a test case, applied for a license to
   export a sophisticated (and still unexportable) 56-bit
   encryption system called DES. Steve Walker, who heads TIS,
   has invested months in outlining the sort of spare-key
   program that he believes both the government and his
   customers can stomach. In late January, he got approval to
   ship his product to Britain.

   "It's not perfect; it's not where we want to be," Walker
   insisted. He purposely submitted a case, he said, that was
   virtually certain to meet the government's still evolving
   criteria. "But it's a first, giant baby step," he said.

   Trusting a Third Party?

   Others are uneasy with putting the means to unlock files in
   the hands of a "trusted third party."

   "Ask anyone who owns a business: Are they willing to give
   copies of a spare key that leads to everything sensitive in
   their company to a third party," said Jim Bidzos, chief
   executive of RSA Data Security Inc., a leading encryption
   firm.

   But government officials get nervous if the only keys to
   the scrambled material are held by its owners. Ed Roback,
   an encryption policy specialist at the National Institute
   of Standards and Technology, puts it this way: "I know of
   few front doors that can't be broken down. It's a little
   different with encryption," when it literally might take
   10,000 years to break the code without the key.

   Roback and law enforcement officials say they'd be
   delighted to see Americans make more use of encryption,
   particularly if spare keys were held by a third party.
   "This nation, more than any other, relies on computers ...
   [so] there's a lot of vulnerability and encryption can help
   that," Roback said. "So it's a good thing -- but it can
   present a problem for national law enforcement."

   But momentum in the United States could swing toward
   widespread use of sophisticated encryption -- without spare
   keys -- if such technology was widely available. That's
   just what a recent announcement from Microsoft could help
   spur.

   In January, Microsoft told developers it had created a
   module in its operating system software that will let
   applications such as word processing programs or
   spreadsheets "plug in" to encryption technology.

   An application developer who built a software program for
   filing expense accounts would not have to add encryption to
   his product. Instead, the developer would need only to
   write a small program that taps the encryption technology
   available through the operating system.

   The strength of the encryption program could vary.
   Microsoft plans to include a 40-bit code with the version
   of Windows used principaUy by companies (called Windows
   NT). That encryption technology would be easy to export.
   But Microsoft also is encouraging other encryption firms,
   including RSA and TSI, to build more sophisticated
   encryption modules that could be used in the United States.

   Commercial products that take advantage of the new function
   are not likely to appear until the end of the year. But
   Microsoft is hoping it will spur more widespread use of
   encryption. "The single most pressing problem for
   electronic commerce is to create a secure payment
   structure," Mundie said -- and Microsoft is hoping to
   accelerate that work.

   RSA's Bidzos is among those in industry who would love to
   see the government give up on trying to control encryption
   technology. He worries that other countries are gearing up
   to snatch a big role in selling encryption while his
   company and other U.S. businesses remain entangled in U.S.
   policies.

   So he's testing the rules. Early this month, RSA announced
   that it had created subsidiaries in the People's Republic
   of China and in Japan. In China, RSA partners include the
   Chinese government. Bidzos plans to do joint research on
   encryption software with scientists there.

   Although Bidzos says he is planning to export only the
   approved, 40-bit encryption technology to his Chinese
   colleagues, "one genuine concern is that they might try to
   strengthen it themselves," he said. "It would be hard to do
   -- but not impossible. I've never had a conversation with
   [the Chinese] about it," Bidzos added.

   In addition, the Chinese have some interesting ideas of
   their own about new areas of cryptography, Bidzos said.
   "They're pretty advanced." And if the group developed more
   powerful techniques than even RSA has in the United States?
   Bidzos shrugged. RSA would likely take any promising ideas
   and develop them into products in the United States. As for
   Chinese export restrictions, "I haven't thought about it,"
   he said.

   Going Up to the Hill

   Industry also is fanning Congress's interest in taking a
   bigger role in the encryption debate. "Without
   congressional interest, the administration has no reason to
   liberalize exports at all," said Becca Gould, director of
   policy at the Business Software Alliance. "This issue is in
   Congress's front yard because it affects the economy" as
   well as U.S. citizens' privacy rights.

   Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
   (R-Va.) agree. They plan to introduce bills in the Senate
   and House aimed at loosening the restrictions on
   encryption. "The federal government is taking an attitude
   that's based more in the 1970s than in present time," said
   Leahy in a telephone interview.

   "This is a matter that should be decided by legislation,"
   he added. "We're talking about billions of dollars in
   revenues and thousands of jobs if we're handicapped in our
   global market, especially if what we're told to do is to
   build an export encryption program that is so outdated that
   our 12-year-old computer experts would laugh at it."

   The bills would do away with export licenses for any
   encryption technology considered to be "generally
   available," or "in the public domain." Leahy said that
   although he, too, worries about national security and
   terrorism, trying to bottle up technology won't solve the
   problem.

   Law enforcement has "got to figure out how to keep ahead
   ... and surprise, surprise, there will be some times when
   we won't be able to eavesdrop," Leahy said. Even now,
   criminals can make calls at pay telephones or avoid
   detection in other ways. The government shouldn't cripple
   the computer industry every time a new technology springs
   up that challenges law enforcement, he said.

   "What I'm suggesting is that if [the administration] works
   with the Congress, we'll find a solution," Leahy said.

   "We say over and over that we recognize that this is a very
   difficult issue," Roback said. But, he added, "the
   government has thought about [encryption policies] for a
   long time as well as industry," he said. To reach some
   resolution, he added, "compromise is going to be necessary
   on all fronts."

   [Photo] Jim Bidzos, chief executive of RSA Data Security
   Inc., a leading encryption firm, hopes the government wlll
   let go of encryption technology controls.

   _________________________________________________________

   Code Breakers

   Recent advances in technology have allowed much faster and
   cheaper invasion of encrypted information. The deciphering
   time, however, varies widely with the computer power of the
   attacker.

   Here are estimates of cracking times by one group of
   experts.

   Type of         Budget for      Time to       Time to
   attacker        computing       recover       recover
                   engine          40-bit key    56-bit key
   _________________________________________________________

   Pedestrian
   hacker          $400            5 hours       38 years

   Small
   business        $10,000         12 minutes    556 days

   Corporate
   department      $300,000        24 seconds    3 hours

   Big company     $10 million     7 seconds     13 hours

   Intelligence
   agency          $300 million    0.0002 sec.   12 seconds
   _________________________________________________________

   Source: Report by an ad hoc group of cryptographers and
   computer scientists Matt Blaze, Whitfield Diffie, Ronald L.
   Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson,
   Michael Wiener.
   _________________________________________________________

   [End]













From ab411 at detroit.freenet.org  Sun Feb 25 20:28:01 1996
From: ab411 at detroit.freenet.org (David R. Conrad)
Date: Mon, 26 Feb 1996 12:28:01 +0800
Subject: Ass. Politics
Message-ID: <199602260351.WAA28868@detroit.freenet.org>




Salman Rushdie, in a speech I heard several years ago, said that it was
widely doubted that Iran would or could actually come up with the three
million dollar bounty on his head.

This may play a large part in why he is still around.

Also, while speaking at the National Press Club recently, flogging his
new book, he said (from memory), "Iran now wants us to believe that they
don't want to kill anyone, and in fact never did.  I wish they'd told us
sooner, it would have saved a lot of trouble."  This was greeted with
laughter.  He added, "But when the European Union tries to get them to
put it in writing, they are unwilling to do so."

If Iran is sending mixed messages about whether they even *intend* to
pay off, coupled with widespread doubts of their ability to, it isn't
surprising that no one has offed him.

I think all the analyses of the economic costs of protecting one person
vs. protecting many people are rather beside the point, in light of this.


--
David R. Conrad, conrad at detroit.freenet.org   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce





From jasdips at genie.internic.net  Sun Feb 25 20:50:49 1996
From: jasdips at genie.internic.net (Jasdip Singh)
Date: Mon, 26 Feb 1996 12:50:49 +0800
Subject: InterNIC Guardian Object Draft
In-Reply-To: <199602251334.IAA29519@opine.cs.umass.edu>
Message-ID: <199602260439.XAA24020@genie.internic.net>


Hello.

> > PGP stands for Pretty Good Privacy [2]. The sender will
> > sign the update message with a Guardian's secret PGP
> > key. The InterNIC will verify the received update
> > message with the Guardian's public PGP key. 
> 
> As far as I can see from the draft, the contact update templates do not
> include date or time information. This makes the protocol vulnerable to 
> a simple replay attack. An attacker can record update messages and replay
> them to InterNIC later. 
> 
> Depending upon a Guardian's notification status, this could allow the 
> attacker to confuse things by restoring an old contact information record. 
> Even if a Guardian is using BEFORE-UPDATE, she might not notice that a
> subtle change has been undone. An update notification message arriving on 
> the heels of a similar one might get approved by a Guardian, who chalks it
> up to a mail transport glitch.
> 
> Requiring some sort of timestamp field in the signed portion of the contact
> templates would be good.

I think replay attack is not possible in PGP (unless someone has sender's
private key).

On the receiving end, PGP will decrypt the digital signature using the
sender's public key to get the original hash code (MD5) of the sent
message and compare it with the hash code of the received message
to authenticate the sender.  Once the sender is authenticated, it
 *further* needs to be verified as a guardian for the object to be
updated.  Otherwise, a malicious registrant in InterNIC's public key
ring can update an object it is not supposed to.

Only possiblity is someone capturing a signed PGP message, decrypting
the original hash code using the sender's public key, and then trying
to alter the update message such that it generates the same hash code.
This is highly unlikely since PGP uses MD5 that produces 128-bit hash
code.

-Jasdip





From frantz at netcom.com  Sun Feb 25 21:25:50 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 26 Feb 1996 13:25:50 +0800
Subject: Encryption Chips
Message-ID: <199602260231.SAA00902@netcom7.netcom.com>


At 11:52 AM 2/25/96 -0800, Timothy C. May wrote:
>At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"
>
>>The nice thing about am implimentation in software is that the code can be
>>examined for just this sort of thing *on a randomly selected operating unit*.
>>- hard to do with a chip.
>
>But of course one's compiler may have been subverted, as Ken Thompson
>showed some years back. Software implementations are sensitive to different
>sorts of attacks than hardware implementations are.

These things do not need to be verified at the source level.  One could
verify the output of the compiler and then publish a secure hash of it. 
(What an tedious job.)  There is infinite regress in these things, but I
would tend to trust a program which verified the secure hash of the crypto
system if that program was written after I received the release of the
compiler I am compiling it with.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From cp at proust.suba.com  Sun Feb 25 21:28:37 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Mon, 26 Feb 1996 13:28:37 +0800
Subject: X.509 certs that don't guarantee identity
Message-ID: <199602260448.WAA01201@proust.suba.com>


On the 23rd, Jeff Weinstein said this concerning the natural 
semi-anonymity of the net:

> Given that verisign and others will soon begin issuing large numbers of
> certificates that do not guarantee the identity of the key holder, it seems
> that this tradition will continue even with the wide deployment of X509 
> certs.

This has been bugging me since I read it.  I'm not sure I understand the 
plan;  it only makes sense to me if "anonymous" X.509 certs are issued 
for user authentication only, not for server authentication.  Is that 
what this is about?

(If anonymous certs are issued for servers, why should such a cert be 
treated any differently than one I generate on my own, which causes 
warning screens about an unknown CA to pop up?)






From lmccarth at cs.umass.edu  Sun Feb 25 23:39:03 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Mon, 26 Feb 1996 15:39:03 +0800
Subject: InterNIC Guardian Object Draft
In-Reply-To: <199602260439.XAA24020@genie.internic.net>
Message-ID: <199602260715.CAA31576@opine.cs.umass.edu>


Jasdip Singh writes:
[re: my comments on the InterNIC Guardian Object draft]
> I think replay attack is not possible in PGP (unless someone has sender's
> private key).
[...]

I've responded in detail to Jasdip's message, cc:ed to coderpunks. 
In case anyone else wants to follow along, my mail should make it to the
coderpunks archives at http://www.hks.net/cpunks/index.html within the next 
few hours.

-Lewis





From ses at tipper.oit.unc.edu  Sun Feb 25 23:42:54 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 26 Feb 1996 15:42:54 +0800
Subject: Java configurability
In-Reply-To: <199602260229.VAA24656@homeport.org>
Message-ID: 


Are you subscribed to coderpunks - this sounds very much like the 
SolidOak project on we're working on; this uses embedded singatures to 
authenticate bodies which vouch for the integrity of a class and it's 
referenced sub-classes. The current spec doesn't have dates for expiry in 
there, and doesn't really have versions for referenced classes (needs 
exact hashes), but does support signatures being added by multiple 
authorites at different times. It uses the Dns from the signatures as 
extra keys into the ACL.

I have to demo the currently speced system next week; after that I'll be 
trying to merge the spec with another simiar scheme to give a common 
standard for signed java classes; I'll try and post the spec as it 
currently stands tommorow when I'm at my dragon and can correct a few bits 
that got changed during implementation. 

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO







From Dave.Birch at eworld.com  Sun Feb 25 23:57:24 1996
From: Dave.Birch at eworld.com (Dave.Birch at eworld.com)
Date: Mon, 26 Feb 1996 15:57:24 +0800
Subject: How to digitally watermark
Message-ID: <960225233138_25973087@hp1.online.apple.com>


>Adam Shostack  wrote..
>Creating watermarks that can't be removed without degrading
>image quality is not especially difficult.  The two tricky bits are
>durability and collusion protection.

I don't know how the scheme in question works, but the general way in 
which these kind of watermarks work is the use of spread spectrum coding. 
So long as you choose a long enough spreading code, you can survive most 
of the information being destroyed in a transform and still recover the 
information.

If a particular transformation (e.g. JPEG coding) stops you from doing 
this, then you pick multiple orthogonal codes (interested readers who 
want to hit the text books could try the key words "Gold Codes") and 
encode after each transform. So, you encode your original TIFF then 
covert it to a JPEG and encode again with an orthogonal code from the 
same family. Since the two codes don't interfere with each other, you can 
recover the watermark however you are viewing the picture.

One particular transformation that a long enough code can withstand is 
scanning a magazine picture. So, you could watermark your picture of the 
Eiffel Tower before selling it to a magazine. Then, when it pops up on 
the Net because someone's scanned it in you can prove that it was your 
picture. What use this is I don't know, since I can't see how you can 
prove who scanned it!

Incidentally, spread spectrum means that you can put several signals into 
the same bandwidth and recover each of them (if you have all of the 
codes). Short codes are used to protect against interference (the NCR 
wireless LAN range uses an 11 bit code, for example) while very long 
codes are used to recover data in situations where the signal falls below 
the noise level (I think I remember reading that the Voyager spacecraft 
used 252,000 bit codes).

I hope someone, somewhere finds this interesting...


-----------------------------------------------------------------
David G.W. Birch                          8 Frederick Sanger Road
Director, Hyperion                           Surrey Research Park
Tel: +44 (0)1483 301793                                 Guildford
Fax: +44 (0)1483 561657                        Surrey GU2 5YD, UK

Where people, networks and money intersect.......Consult Hyperion
http://www.hyperion.co.uk                    daveb at hyperion.co.uk







From jsw at netscape.com  Mon Feb 26 03:01:52 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Mon, 26 Feb 1996 19:01:52 +0800
Subject: Web Browsers and Anonymous Mail
In-Reply-To: <312C161C.7E73@netscape.com>
Message-ID: <31318AC7.7B4B@netscape.com>


lmccarth at cs.umass.edu wrote:
> 
> I wrote:
> # I would prefer not to reimplement SMTP using the Socket class in my own
> # applets. Ideally I'd like to have an applet that presents a form with some
> # entry boxes and check boxes, quantizes and encrypts the input according to
> # the check box settings, and spews the resulting byte streams to the MTA.
> 
> Jeff Weinstein writes:
> >   We do not curently allow Java to get access to our mail subsystem.
> 
> Hmmm.  Can I write an applet that reads form input, processes it, dumps the
> output to an applet window, and tells the user to cut & paste it into a
> Netscape mail sending window ?  That would be a messier solution than I'd
> like, but still decent.

  Forms and HTML pages are not exposed to Java either.  For that you need
JavaScript.  In a future release when JavaScript and Java can talk to
each other you will be able to do what you suggest.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From an44880 at anon.penet.fi  Mon Feb 26 03:53:21 1996
From: an44880 at anon.penet.fi (an44880 at anon.penet.fi)
Date: Mon, 26 Feb 1996 19:53:21 +0800
Subject: "Internet Security: Your Worst Nightmare"
Message-ID: <9602261133.AA11281@anon.penet.fi>



  tcmay at got.net writes:
   >> Complete with a picture of Freeman standing in front of an American
   >> flag.
   >
   > I haven't seen this article, but I wouldn't hold the cover photo
   > of Freeman draped in the flag against him....I seem to recall a
   > few Cypherpunks similarly draped in the flag in a magazine
   > article!

Yes, but isn't there a fundamental difference here? Cypherpunks are
pushing for the spread of encryption to enhance our personal
freedom. But when the FBI says that "the real solution is through
better technologies such as encryption," they fail to mention that
they wish to restrict personal freedom through such things as
GAK. This is why it is so ironic that he is draped in the flag. "It's
the FBI: crusaders in defense of the first amendment!"
 

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse at anon.penet.fi
For information (incl. non-anon reply) write to    help at anon.penet.fi
If you have any problems, address them to          admin at anon.penet.fi





From raph at CS.Berkeley.EDU  Mon Feb 26 07:47:14 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 26 Feb 1996 23:47:14 +0800
Subject: List of reliable remailers
Message-ID: <199602261450.GAA03172@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = " cpunk pgp special";
$remailer{"portal"} = " cpunk pgp hash";
$remailer{"alumni"} = " cpunk pgp hash";
$remailer{"bsu-cs"} = " cpunk hash ksub";
$remailer{"c2"} = " eric pgp hash reord";
$remailer{"penet"} = " penet post";
$remailer{"hacktic"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = " cpunk pgp hash filter";
$remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = " cpunk pgp hash ksub ek";
$remailer{"vishnu"} = " cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = " cpunk hash mix";
$remailer{"replay"} = " cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = " mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = " cpunk mix";
$remailer{"wmono"} = " cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = " cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = " cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = " cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = " cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = " cpunk pgp hash latent cut ?";
$remailer{'alpha'} = ' alpha pgp';
$remailer{'gondonym'} = ' alpha pgp';
$remailer{'nymrod'} = ' alpha pgp';
$remailer{"lead"} = " cpunk pgp hash latent cut ek";
$remailer{"treehole"} = " cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = " cpunk pgp hash latent cut";
$remailer{"exon"} = " cpunk pgp hash latent cut ek";
$remailer{"vegas"} = " cpunk pgp hash latent cut";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 26 Feb 96 6:47:14 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
nemesis  remailer at meaning.com                  *-*-*+*    24:07  99.98%
nymrod   nymrod at nym.alias.net             +--+*--**+-*    24:58  99.98%
vegas    remailer at vegas.gateway.com            #***#+#     4:32  99.97%
portal   hfinney at shell.portal.com         # ####*###*+     4:09  99.94%
lead     mix at zifi.genetics.utah.edu       ++++++++++++    37:05  99.93%
treehole remailer at mockingbird.alias.net   --+++--+-+-*  2:32:56  99.93%
ecafe    cpunk at remail.ecafe.org           *###**######      :29  99.87%
alpha    alias at alpha.c2.org               * +++++*-+*     43:19  99.78%
hacktic  remailer at utopia.hacktic.nl       ************     7:48  99.77%
gondonym alias at nym.gondolin.org           -----------   3:45:02  99.73%
c2       remail at c2.org                    ***++*- +-*-    21:30  99.64%
vishnu   mixmaster at vishnu.alias.net       ----+-- -+-*  1:08:53  99.63%
replay   remailer at replay.com              +***********     5:18  99.63%
mix      mixmaster at remail.obscura.com     -+---.-..--   7:01:31  99.57%
shinobi  remailer at shinobi.alias.net       -++****+****    41:52  99.35%
flame    remailer at flame.alias.net         +++++------   1:55:03  99.28%
gondolin mix at remail.gondolin.org          ----- -----   3:53:23  98.96%
extropia remail at extropia.wimsey.com       -----------   7:55:33  98.87%
exon     remailer at remailer.nl.com              *+*+* -  1:27:17  97.83%
penet    anon at anon.penet.fi               -------.-.-  19:20:55  97.21%
tjava    remailer at tjava.com               # -**###*-##    13:27  96.16%
rahul    homer at rahul.net                  +### +#++#*#     2:52  99.87%
alumni   hal at alumni.caltech.edu           *#*#+**          2:58  47.27%
pamphlet pamphlet at idiom.com                               42:17   0.25%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From an534772 at anon.penet.fi  Mon Feb 26 07:51:00 1996
From: an534772 at anon.penet.fi (an534772 at anon.penet.fi)
Date: Mon, 26 Feb 1996 23:51:00 +0800
Subject: mailing list
Message-ID: <31313C53.758B@anon.penet.fi>


mailing list





From jya at pipeline.com  Mon Feb 26 09:01:25 1996
From: jya at pipeline.com (John Young)
Date: Tue, 27 Feb 1996 01:01:25 +0800
Subject: WSJ on Crypto Bills
Message-ID: <199602261536.KAA20140@pipe1.nyc.pipeline.com>


   Wall Street Journal, February 26, 1996, p. B4.


   New Proposals On Encryption Get Tepid Response

   By Jared Sandberg


   Two bills are expected to be introduced in Congress that
   try to resolve the deadlock between the administration and
   the Internet industry on software encryption, but industry
   executives are lukewarm to the new proposals.

   The two proposals, sponsored by Democratic Sen. Patrick J.
   Leahy of Vermont and GOP Rep. Robert W. Goodlatte of
   Virginia, seek to loosen government restrictions on
   encryption -- mathematical formulas that are used to
   scramble data beyond recognition of eavesdroppers. The
   government prevents the export of strong encryption because
   it hampers its efforts to monitor the actions of terrorists
   and foreign governments. The Clinton administration wants
   to set up government-approved repositories that keep copies
   of mathematical keys for decoding encrypted information, so
   law enforcement officials can decode private communications
   if granted a court order.

   Those policies have met with uniform distaste on the part
   of the industry executives, who say that widespread use of
   strong encryption is essential to the success of electronic
   commerce over the Internet. They argue that the
   administration's export restrictions on strong
   cryptography, determined by the length of the key needed to
   unlock the code, are hurting business abroad where
   competitors can freely offer stronger encryption software.

   Producing a separate weaker version of encryption software
   for foreign markets not only raises costs but is becoming
   pointless because hackers can now access computers powerful
   enough to break the weaker code.

   "The federal government's ideas on encryption are based on
   a situation which may have existed 10 or 20 years ago with
   very little realization of the realities of today," said
   Sen. Leahy. "We're not going to sell our computer programs
   if we have outdated computer technology, especialiy if
   people can buy it in Europe or Asia."

   The two new bills would allow for the export of much
   stronger encryption provided that level of security was
   "generally available." Sen. Leahy's proposal states that
   the key-escrow scheme will be voluntary, and establishes
   rules by which companies rather than government agencies
   would hold the keys for decoding data. These companies
   would be liable for abuse of keys and subject to strict
   procedures for releasing the keys to law enforcement.    

   Though industry executives welcome the bills, they say the
   measures don't go far enough to unshackle high-tech
   companies. Thomas Parenty, product manager at the database
   firm Sybase Inc., said that both bills represent "a good
   start." But by allowing U.S. companies to export encryption
   only as strong as that which is available overseas, Mr.
   Parenty said, the bills won't allow them to innovate and
   produce superior products.

   And putting keys in the hands of third-party companies,
   they say, is still likely to meet industry opposition.

   People familiar with the bills said one motivation is to
   build support for a private version of the key-escrow
   concept, which could be an opportunity for several
   companies who are selling products based on the idea. "It
   would establish the legal framework for their
   implementation to go forward," said James Bidzos, chief
   executive officer of RSA Data Security Inc., an
   encryption-software company in Redwood City, Calif.

   -- Don Clark contributed to this article.

   [End]






From mark at evol.resnet.jmu.edu  Mon Feb 26 09:16:04 1996
From: mark at evol.resnet.jmu.edu (Mark Cornick)
Date: Tue, 27 Feb 1996 01:16:04 +0800
Subject: Crypto Export Legislation?
In-Reply-To: <199602252338.SAA25184@pipe1.nyc.pipeline.com>
Message-ID: <199602261540.KAA23078@evol.resnet.jmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----


    jya> From: John Young  Subject: Crypto Export
    jya> Legislation?

    jya> The excerpt below is from the Wash Post article today. Does
    jya> anyone know the status of the Leahy/Goodlatte bills?

    jya>    Industry also is fanning Congress's interest in taking a
    jya> bigger role in the encryption debate. "Without congressional
    jya> interest, the administration has no reason to liberalize
    jya> exports at all," said Becca Gould, director of policy at the
    jya> Business Software Alliance. "This issue is in Congress's
    jya> front yard because it affects the economy" as well as
    jya> U.S. citizens' privacy rights.

    jya>    Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
    jya> (R-Va.) agree. They plan to introduce bills in the Senate and
    jya> House aimed at loosening the restrictions on encryption. "The
    jya> federal government is taking an attitude that's based more in
    jya> the 1970s than in present time," said Leahy in a telephone
    jya> interview.

I haven't seen Goodlatte's legislation, but I can safely say he
doesn't have our privacy rights at heart. Bob Goodlatte (my local
representative) was the CC toadie partially responsible for putting
"indecent" back in the CDA. I don't trust him any further than I can
spit on him.

I'll keep an eye on this. I'm very suspicious of his intentions.

- --mark

==> mark at evol.resnet.jmu.edu * http://evol.resnet.jmu.edu/~mark/ <==
**WARNING** : The preceding message may have been indecent under the
Telecommunications Act of 1996. Young children, the easily offended,
and members of the Christian Coalition should not have viewed it. :)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMTHUSgJ9CGSE+MitAQEwzgP+PEC7EskS+lSTrultrNgPZkp3cTseLC0Q
pttGP2h+e90NhLVhOrcoLqpPP5BMkYR093FkfnkrhFiLyXe/HgzSeGH4i55yfxvy
TvxvmMZg4P+DQ3JpTxu8Vznt/AeJBudGuGDXzH2IXUOhzvihVJ0CKGXtbn4z/5ra
kjosg/mjAbI=
=68jw
-----END PGP SIGNATURE-----





From Jueneman at gte.com  Mon Feb 26 10:37:11 1996
From: Jueneman at gte.com (Jueneman at gte.com)
Date: Tue, 27 Feb 1996 02:37:11 +0800
Subject: IA5 String...
Message-ID: <3131DBED-00000001@wotan.gte.com>


>>    There was a lot of energy around S/MIME. People are implementing
>> it. Internally, it's pretty kludgely, but it does provide pretty good
>> cryptographic services. (as an aside, my favorite kludge anecdote is
>> the fact that X.509 certificates use an IA5 character set rather than
>> ASCII, so that the @ in email addresses has to be represented as (a)
>> instead).
>
>Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
>T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
>>From what I understand IA5 basically means US ASCII.  
>
>Alex
>

If people are going to criticize X.509, they ought to at least get their facts 
straight, beginning with the difference between Printable String (standardized 
around the time of the IBM 1403 printer with its 48 character print chain) and 
some of the more extended alphabets. In particular, X.500 has been amended to 
include BMPString within DirectoryString, and BMPString is essentially Unicode. 
Now, there may be some who would argue that a 16 bit character isn't sufficient 
to represent every language in the galaxy (Old High Martian may have some 
additional requirements), but as a first approximation it should certainly good 
enough. 

And one of the virtues of ASN.1 is that a compliant implemtnation shouldn't 
have to be concerned with such details as the alphabet that is used.


Bob

Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Jueneman at gte.com
1-617/466-2820

"The opinions expressed are my own, and may not 
reflect the official position of GTE, if any, on this subject."






From brad at azathoth.ops.aol.com  Mon Feb 26 10:48:33 1996
From: brad at azathoth.ops.aol.com (Brad Knowles)
Date: Tue, 27 Feb 1996 02:48:33 +0800
Subject: IA5 String...
In-Reply-To: <3131DBED-00000001@wotan.gte.com>
Message-ID: <9602261219.ZM2468@azathoth.ops.aol.com>


On Feb 26, 11:12am, Jueneman at gte.com wrote:

> >Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
> >T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
> >>From what I understand IA5 basically means US ASCII.  

    [ ... deletia ... ]

> If people are going to criticize X.509, they ought to at least get
> their facts straight, beginning with the difference between Printable
> String (standardized around the time of the IBM 1403 printer with its
> 48 character print chain) and some of the more extended alphabets.  In
> particular, X.500 has been amended to include BMPString within
> DirectoryString, and BMPString is essentially Unicode.  Now, there may
> be some who would argue that a 16 bit character isn't sufficient to
> represent every language in the galaxy (Old High Martian may have some
> additional requirements), but as a first approximation it should
> certainly good enough.

    I don't recall who made the comment that X.509 used IA5, but I was
the one who noted (wrongly?) that IA5 had no representation of the at
sign ("@"), and instead used a lower-case letter "a" inside of
parentheses.

    I remembered it then in context with all the work I'd done on the
X.400 projects tying together the DISA cc:Mail and the OSD MS-Mail
backbones, and I'm still quite convinced that at least in the context
of the systems we were using, this is exactly what IA5 meant.  There
was much wailing and gnashing of teeth over this one, because it made
our directory sync and directory query stuff all that much more of a
pain.  It could even have contributed to the stillbirth of those
projects, the omnipresent and oppressive spectre of DMS not
withstanding.


    Now, perhaps the definition of IA5 has changed, and if so, then
that's great.  Or maybe DISA and the X.400 we had (not too unrelated
to the formless but very chilling DMS) were badly broken and this is
what they made us live with.


    In any event, if X.509 certificates don't have this problem, then
that is wonderful.  It's another reason why we might want to support
X.509v3 certificates as an absolute minimum acceptable standard.

> And one of the virtues of ASN.1 is that a compliant implemtnation
> shouldn't have to be concerned with such details as the alphabet that
> is used.

    I await the wisdom of Steve Crocker to be visted upon us regarding
the use of ASN.1.  I do know that, from general principle, the mere
concept of being forced to go out and buy something like an ASN.1
compiler just so that I can implement a parser for a format seems
abhorrent in the extreme.  Not to mention the additional complexity,
unwieldiness, and sluggishness it lends to the final product.

-- 
Brad Knowles                           MIME/PGP: BKnowles at aol.net
    Mail Systems Administrator          
    for America Online, Inc.                   Ph: (703) 453-4148





From stewarts at ix.netcom.com  Mon Feb 26 10:58:03 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 27 Feb 1996 02:58:03 +0800
Subject: Cluelessness V.S. Lack of Knowledge
Message-ID: <199602261748.JAA20062@ix6.ix.netcom.com>


At 03:53 PM 2/24/96 -0500, Adam Shostack  wrote:
>	If someone shows up, having read the sci.crypt FAQ and/or
>Applied Cryptography, I think that their questions will be answered
>without flames.  But if people fail to read whats out there, and want
>to be spoon fed, well, thats another matter.

Even if they want to be spoon fed, they'll get a fair bit of tolerance
here, though they'll get pointed at the FAQs and books.  sci.crypt is
another good place.  Everybody's a newbie once; lack of knowledge
is just an opportunity.

It's folks who show up saying "I've got an unbreakable cryptosystem,
nyahh, nyahh, and it doesn't even use any algorithms, and it's so proprietary
you can't see it" that get flamed, and who try to sell snake oil while
claiming it's the hottest thing since pseudo-random number generators.

        [ SERIOUS OFF, NOISE ON ]

Meanwhile, I've got the franchise for Dogbert's Value-Priced One Time Pads,
and if you're Success-Oriented enough to understand Network Marketing, 
I can help you build your downline and Make E-Money Fast.  Just send
three KB of random bits to every email address on the list,
add your own name and the name of your co-conspirator to the bottom,
and send copies to all your security-conscious friends.  Within a few weeks,
you'll have a lifetime supply of one-time pads for all your paranoia needs!

                        random at sales.dnrc.gov
                        padmaster at dockmaster.ncsc.mil
                        cypherwonks at l.d.com
                        procurement at potp.com
                        richelieu at surete.gov.fr
                        stewarts at ix.netcom.com
                        
                                                

                        

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Mon Feb 26 11:08:10 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Tue, 27 Feb 1996 03:08:10 +0800
Subject: Remember, RC4 is now PC1
Message-ID: <199602261748.JAA20058@ix6.ix.netcom.com>


At 10:19 AM 2/24/96 -0800, jamesd at echeque.com wrote:
>>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
..
>Every time you say RC4 without saying "Trademark of some bunch of 
>lawyer scum" you theoretically break the lawyer made law.  So let us 
>stop doing it.   Serve them right.

You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From cme at cybercash.com  Mon Feb 26 11:19:49 1996
From: cme at cybercash.com (Carl Ellison)
Date: Tue, 27 Feb 1996 03:19:49 +0800
Subject: proposed certificate format
Message-ID: 


In another forum, at 10:37 2/25/96, Bill Sommerfeld wrote:
>Subject: Re: encodings: do we need binary at all?

>I think the whole discussion of encoding is premature at
>this stage; let's decide on *what* we want to encode, and only *then*
>decide *how* to encode it.

To that end, I've written up in detail the kind of certificate
content I would like us to consider.  It is represented as ASCII encoding
[tag: value], but that is just for convenience in this discussion.

The detail description is in

        http://www.clark.net/pub/cme/html/cert.html

and I can e-mail it to anyone without web access.

Specifically, I believe there are shortcomings in X.509 and even worse
ones in PGP signed keys and I'm proposing a certificate structure
to overcome those shortcomings.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From abarrett at fractured.fairytales.com  Mon Feb 26 11:22:59 1996
From: abarrett at fractured.fairytales.com (Bullwinkle J. Moose)
Date: Tue, 27 Feb 1996 03:22:59 +0800
Subject: Proposed Legislation Regualting Expert Testimony
Message-ID: 



The following is an excerpt from a bill proposed to become law in the
State of New Mexico. (It did not succeed.) I wonder if the same sort
of thing should be enacted to apply to the testimony of economists?

"A BILL REGULATING EXPERT TESTIMONY IN COURTS. BILL____.

AN ACT RELATING TO EXPERT TESTIMONY IN COURTS; REGULATING THE
TESTIMONY OF CRYPTOLOGISTS AND COMPUTER EXPERTS IN THE
HEARINGS OF CRIMINAL DEFENDANTS IN COURTS; BE IT ENACTED BY THE
LEGISLATURE OF THE STATE OF NEW MEXICO;

When a cryptologist or computer expert testifies during a criminal
defendant's penalty hearing, the cryptologist or computer expert
shall wear a cone-shaped hat no less than two feet in height for the
duration of the hearing. The surface of the hat shall be imprinted
with stars, moons and lightning bolts.

Additionally, the cryptologist or computer expert shall be required to
wear a white beard no less than eighteen inches in length for the
duration of the hearing. The cryptologist or computer expert shall
punctuate crucial elements of his testimony by stabbing at the air
with a wand no less than one foot in length.

Whenever a cryptologist or computer expert provides expert testimony
regarding the defendant's methods, the bailiff of the court shall
dim the lights of the court room and shall administer two strikes to
a Chinese gong."


__________________________________________________________________
Out the buffer,         | PGP encrypted e-mail welcome!
Through the com port,   | Finger for Public Key.
Over the POTS line,     | Also available on a key server near you.
Into the NT Box,        |
Up the fractional T1,   | Key ID: 0x457AA6BD
Onto the backbone,      | Keyprint: 99 C7 17 3B 32 08 3F 17
Nothin' but  Net.       |           F4 A9 42 A9 2F BC 39 B1
------------------------------------------------------------------







From jonl at well.com  Mon Feb 26 11:50:35 1996
From: jonl at well.com (Jon Lebkowsky)
Date: Tue, 27 Feb 1996 03:50:35 +0800
Subject: R.U. Sirius @ St. Jude at Club Wired
Message-ID: <199602261924.LAA01373@well.com>



                    R.U. SIRIUS AND ST. JUDE AT CLUB WIRED
                                       
Electronic Frontiers Forum

   Thursday, Feb 29, 1996, 7PM PST (10PM EST)
   http://www.hotwired.com/club
   or
   telnet://chat.wired.com:2428
   
   
   
   R.U. Sirius and St. Jude were at the cutting edge of cyberactivism
   while editing Mondo 2000, among the first publications to acknowledge
   issues of privacy, cryptography, access, and censorship online. More
   recently they've created The Mutate Project, a spinoff from their
   "anti-novel" How to Mutate and Take Over the World, a semifictional
   work passing revolutionary memes and supporting opposition to whatever
   oppressive forces might serve to clamp down on the Temporary
   Autonomous Zone of the Internet. They'd prefer a full-bore Permanent
   Autonomous Zone.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky                       http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays 






From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 26 13:27:40 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 27 Feb 1996 05:27:40 +0800
Subject: How to digitally watermark
Message-ID: <01I1O9T9OH3CAKTN7G@mbcl.rutgers.edu>


>Adam Shostack  wrote..
>>Creating watermarks that can't be removed without degrading
>>image quality is not especially difficult.  The two tricky bits are
>>durability and collusion protection.

	The difficulty I can see is with the "without degrading image quality"
part. Given ever-improving image enhancement and processing techniques, someone
probably could - or at least will be able to in the near future - take any
image in which the watermark didn't degrade the image by itself and remove
the watermark without _perceptible_ alterations in image quality. 

>I hope someone, somewhere finds this interesting...

	Yes, actually; I was just at a seminar on computer image interpretation
for the biomedical field.
	-Allen





From EALLENSMITH at ocelot.Rutgers.EDU  Mon Feb 26 13:30:32 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Tue, 27 Feb 1996 05:30:32 +0800
Subject: Edited Edupage, 25 Dec 1996
Message-ID: <01I1O9GN8B1CAKTN7G@mbcl.rutgers.edu>


From:	IN%"educom at elanor.oit.unc.edu" 25-FEB-1996 20:33:13.72

>*****************************************************************
>Edupage, 25 February 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

One wonders if they're trying this for all internet providers (unenforcable),
or just the ones setting up in that province (they'll leave).

>TAX MAN TARGETS CYBERSPACE
>The Nova Scotia government announced the province's 11% sales tax will be
>applied to Internet services, including flat monthly charges, time charges
>and registration, effective March 1. (Toronto Globe & Mail 23 Feb 96 B3)

Anyone know anything more about this?

>CASHLESS SOCIETY TO COST GOVERNMENTS
>A report prepared for the Bank of Canada says that the advent of the
>cashless society could cost the federal government hundreds of millions of
>dollars annually through a drop in the use of coins and bank notes that
>generate monopoly royalties for the central bank.  (Toronto Financial Post
>21 Feb 96 p1)

>Edupage is written by John Gehl (gehl at educom.edu) & Suzanne Douglas
>(douglas at educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc at educom.unc.edu and in the body of the message type:
>subscribe edupage Jean-Luc Godard (assuming that your name is Jean-Luc
>Godard;  if it's not, substitute your own name).  ...  To cancel, send a
>message to: listproc at educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom at educom.unc.edu.)





From alano at teleport.com  Mon Feb 26 14:01:11 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 27 Feb 1996 06:01:11 +0800
Subject: JavaScript to grab e-mail  (fwd)
Message-ID: <2.2.32.19960226212817.008a4e2c@mail.teleport.com>


This is something that i had not seen posted here as of yet.  (Sorry if it
has.  My mail feed has been suffering from altzheimers as of late and
getting progressivly worse...)

Crypto Relevance:  None
Privacy Relevance: Lots

This was forwarded to me by the "CGI Guy" at Teleport.  I had heard this was
possible.  I was quite surprised to find just how *easy* this is!  I can see
a number of creative (and scary) uses for this little hack.  (This makes
JavaScript seem more like a coffee enema.)

--------- Forwarded message ---------------

>Well, here it is...  I've been yelling about Netscape's use of the 
>action="maito:user at place.com" for a long time.  By clicking on a submit 
>button (with any name) you can grab the user's email address, sig file 
>and other prefs.  
>
>JavaScript in Netscape 2.0 removes the necessary "click."  I'm sending 
>visitors to my site a notification of this problem.
>
>Robert Muhlestein
>Teleport Creative Services
>CGI Guy
>cgi at teleport.com
>
>---------- Forwarded message ----------
>Date: Mon, 26 Feb 1996 16:52:30 +0100
>From: Lincoln Stein 
>To: www-managers at lists.stanford.edu, www-security at ns2.rutgers.edu
>Cc: lstein at pico.crbm.cnrs-mop.fr
>Subject: Re: JavaScript to grab e-mail 
>
>I just had a look at the e-mail scamming script (URL
>http://www.popco.com/grabtest.html).  It's quite simple.  Here's the
>complete text:
>
>
>
>
>
>
>
      action="mailto:reply at simenon.popco.com?subject=scammed address">
>
>
Viewing this page automatically submits email to an 
>address which then sends you back email to prove it grabbed the message.

>
>
>

>
>
>
>
>Basically what the script does is to make the browser submit e-mail to
>the indicated mailto: URL.  When the mail is sent, the user's reply
>address is included as a matter of course.
>
>The good news is that this does _not_ represent a general security
>hole in JavaScript itself.  I was concerned that someone had
>discovered a way to make JavaScript divulge such browser secrets as
>the contents of the disk cache, history list, or newsgroup
>subscriptions.  
>
>The bad news is that this technique can be used as a general Internet
>e-mail forgery system.  Anybody accessing a particular page will
>unwittingly mail out an e-mail message, whose recipient, subject and
>message body are all under the control of the JavaScript author.  If
>the message is traced back, it will be found to have originated from
>the user's machine.
>
>Lincoln
>
>
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From jpp at software.net  Mon Feb 26 16:29:28 1996
From: jpp at software.net (John Pettitt)
Date: Tue, 27 Feb 1996 08:29:28 +0800
Subject: Wanted: Win95/NT C++/Crypto Contractor
Message-ID: <2.2.32.19960226224213.0144bf70@mail.software.net>



Must have: 

        Good C++ skills
        Have shipped real code to real users
        Ability to work unsupervised
        Understanding of networking (TCP/IP) and World Wide Web (HTTP)
        Crypto experience (probably RSA BSAFE - we are still choosing).

Must be able to cite references for the above!

Rate and location negotiable - SF Bay / Silicon Valley preferred.

Contact:
        John Pettitt
        VP Engineering
        CyberSource Corporation
        1050 Chestnut St #201
        Menlo Park
        CA 94025
        Fax 415 473 3066
        jpp at software.net 

please send resumes as ASCII, MS Word, HTML/URL or PostScript only!

P.S. Please don't bug me on the phone!






From ses at tipper.oit.unc.edu  Mon Feb 26 16:49:58 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 27 Feb 1996 08:49:58 +0800
Subject: Remember, RC4 is now PC1
In-Reply-To: <199602261748.JAA20058@ix6.ix.netcom.com>
Message-ID: 


On Mon, 26 Feb 1996, Bill Stewart wrote:

> At 10:19 AM 2/24/96 -0800, jamesd at echeque.com wrote:
> >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> ..
> >Every time you say RC4 without saying "Trademark of some bunch of 
> >lawyer scum" you theoretically break the lawyer made law.  So let us 
> >stop doing it.   Serve them right.
> 
> You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

Call it  "Prince"

Simon
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From rmartin at aw.sgi.com  Mon Feb 26 17:00:38 1996
From: rmartin at aw.sgi.com (Richard Martin)
Date: Tue, 27 Feb 1996 09:00:38 +0800
Subject: Canucks using weird money to pay odd taxes.
In-Reply-To: <01I1O9GN8B1CAKTN7G@mbcl.rutgers.edu>
Message-ID: <9602261759.ZM21160@glacius.alias.com>



On Feb 26,  3:16pm, E. ALLEN SMITH wrote:
> One wonders if they're trying this for all internet providers (unenforcable),
> or just the ones setting up in that province (they'll leave).
>
> >TAX MAN TARGETS CYBERSPACE
> >The Nova Scotia government announced the province's 11% sales tax will be
> >applied to Internet services, including flat monthly charges, time charges
> >and registration, effective March 1. (Toronto Globe & Mail 23 Feb 96 B3)

I *think* that the Federal GST already applies to internet services: 7% on
all goods and services, and internet service provider as a term seems to
leave you wide open. The suggestion that this would drive out ISPs trying
to set up in NS is odd; the tax will make internet access more expensive in
NS, but with distances what they are in Atlantic Canada, there aren't many
options for going elsewhere. If it does anything, it'll drive the customers
of ISPs away, probably to New Brunswick. (Frank McKenna's government in NB
has made wiring the province a crusade, to the point where it is probably
the best-wired province in Canada, and much of it would rank against Toronto,
Montreal or Ottawa for sheer connectivity. At a CATA conference a year or so
ago, someone talking about the SchoolNet initiative remarked that, "in New
Brunswick, the washrooms had wire.")


> >CASHLESS SOCIETY TO COST GOVERNMENTS

This topic probably mainly comes up since the government of Canada is
currently making a tidy amount on the doubloonie, our new $2CDN piece.
[Rather pretty, two-tone, unfortunately, the copperish centre tends to
 come out with a little pressure, leading to the term, "pieces of two".]
Um. I rather doubt that the Bank of Canada is most worried about losing
money because people aren't using its cash any more; their greater worry
I would expect to be that they'll lose what precious control they have
of the Canadian economy.

This tenuous grip (though driven from the south) is fairly precious, and
becomes more so when faced with the prospect of Quebec trying to run its
economy without a central bank or currency.

richard =)

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin at aw.sgi.com/g4frodo at cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992





From jim at acm.org  Mon Feb 26 17:09:36 1996
From: jim at acm.org (Jim Gillogly)
Date: Tue, 27 Feb 1996 09:09:36 +0800
Subject: Encrypted Communications Privacy Act
Message-ID: <199602270007.QAA08147@mycroft.rand.org>



Looks like good news for a change... Senator Leahy is expected to introduce
a bill tomorrow with some of the following language; no S-number as yet.

--------------------------------------------------------------------------

      "It is the purpose of the Act:

      (1) to ensure that Americans are able to choose the most appropriate
  encryption method to protect the security, confidentiality, and privacy of
  their lawful wire or electronic communications; and

      (2) to establish privacy standards for key holders who are voluntarily
  entrusted with the means to decrypt such communications, and procedures by
  which investigative or law enforcement officers may obtain assistance in
  decrypting such communications."

  AND:

      "Nothing in this Act or the ammendments made by this Act shall be
  construed to:

      (1) require the use by any person of any form of encryption;

      (2) limit or affect the ability of any person to use encryption without
  a key escrow function; or

      (3) limit or affect the ability of any person who choses to use
  encryption with a key escrow function not to use a key holder."

--------------------------------------------------------------------------

	Jim Gillogly
	Hevensday, 7 Rethe S.R. 1996, 00:06





From drake at servidor.dgsca.unam.mx  Mon Feb 26 17:11:05 1996
From: drake at servidor.dgsca.unam.mx (Ludwig von Drakenberg III)
Date: Tue, 27 Feb 1996 09:11:05 +0800
Subject: CDA Strikes.
Message-ID: <31317B14.8E1@servidor.unam.mx>


Read this in http://www.zippo.com/editor.htm.

>                                    So what's the plan....man ?
>
>          So the CDA has come to pass and we need to move on. People will test the
>           constitutionality of bits and pieces of the Telecom Law, a conservative
>           supreme court will find the law valid, or refuse to review it. Things will never
>           be the same. For those who think they will be, or the for the" Don't worry,
>           President Clinton won't enforce the law" crowd, Friday marked the first arrest
>           under the new law. They picked an unsympathetic figure, twice before
>           convicted child pornographer, and got him for illegal data transmission over
>           the Internet. 

>           Next time it won't be such an unsympathetic figure. It will be some ISP,
>           minding their own business, not knowing they have a user that didn't read the
>           rules. They'll spend a year in federal court, defending their postion based on
>           not knowing they comitted a crime. In the end, they will win, but they'll be
>           broke, and out of the business. Won't happen to large providers, too political,
>           and they have the resources to do all of the CDA compliance window decorating.


-- 
Ludwig von Drakenberg III          God *is* the dice of the universe.
drake at servidor.unam.mx             My goddess gave birth to your god.
Facultad de Ciencias, UNAM                  Fuck the CDA

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzExbCgAAAEEAONJqT5AeaOg29oT2WXzpgkMQ/BxZXCiduJsOAWRRIPlkOQc
7RN2ooQKJmvHamhoaXktoIbmpK3fkPoEt4OONDtncmOKQKKKl9BgifUW9lO1msRp
W0WIGZ9wTlX/1j6RTcdAEEWqWlBi4xz8A7a3MJdoIANPOV1Zs6HEQwyN9No5AAUR
tCpFZHVhcmRvIEVzY2FsYW50ZSA8ZHJha2VAc2Vydmlkb3IudW5hbS5teD4=
=nmxM
-----END PGP PUBLIC KEY BLOCK-----






From anonymous-remailer at shell.portal.com  Mon Feb 26 17:29:27 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Tue, 27 Feb 1996 09:29:27 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602270041.QAA16809@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

On 22 Feb 96, John Young wrote and quoted Steve Walker:

> To supplement TIS's Web site information on CKE, here's a
> mailing from Steve Walker earlier this month:
> 
> 
> TRUSTED INFORMATION SYSTEMS, INC.
> 
> February 2, 1996
> 
> 
> There has been amazing progress on TIS's Commercial Key
> Escrow (CKE) initiative since my last status report.



> By adding CKE technology to our firewalls, the Gauntlet
> system with DES and CKE now meets the U.S. government
> requirements for export to most parts of the world.

Oh, goody!

> While this temporary export license has limitations (there
> must be a Data Recovey Center in the U.S....

It's GAK (GAK!). Instead of one arm of the government
supposedly holding keys safe from unauthorized access by
another arm of the government, it will be a duly approved,
registered, regulated repository holding keys safe from 
unauthorized access by an arm of the government. Just like 
banks protect customers' funds and privacy... Gee! It sure 
sounds like utopia to me... utopia for government. Does 
anyone know of ANY regulated industry that exists at the 
pleasure of the government that also strenuously defends its 
customers' rights against government efforts? I think not.

> ...it represents the first export approval of a DES-based key
> escrow encryption system, a small step...

...backward.

> ...the private sector's need for encryption protection and
> governments' needs to be able to decrypt the communications
> of criminals, terrorists, and other adversaries...

There is no difference between the justification for this and 
what was offered to justify Clipper.  

"Other adversaries," like those who want to keep their affairs 
private, or wish to live free in an increasingly unfree world? 
I think I'm gonna puke.

> Other meetings will follow, but it appears that most major
> governments endorse the U.S. government's user-controlled
> key escrow initiative as the only practical way through the
> cryptography maze.

I AM gonna puke. Of COURSE most governments will go for this! 
The practical effect is essentially the same as if all paper 
mail were to be machine-copied and archived, only accessible 
with a "proper court order." Even though the government can 
go after your mail now, lawfully or UNlawfully, if they don't, 
it's gone -- it has no persistence in any system not under the 
control of sender or receiver, and as a practical matter ALL 
paper mail cannot be copied and archived by any third party. 
However, e-mail is rapidly replacing paper mail and some 
supposed advocates of crypto are helping the government ensure 
that MAIL of the future will have the potential to be a 
persistent "e-trail," something that paper mail could never be.

> In mid-January, Microsoft announced its long-awaited
> Cryptographic Application Programming Interface (CAPI). This
> development promises to finally provide a well-defined
> separation between applications calling on cryptography and
> the actual performance of the cryptography. Now users will be
> able to request cryptographic functions in hundreds of
> applications and select precisely which cryptography to use
> at the time of program execution rather than program
> purchase.

Yeah, I guess all the programmers in the world who DON'T work 
for Microsloth are just too darned stupid to have conceived of 
any such separation. Thank goodness MS made this possible! 
Now we can dispense with all those foolish delusions we once 
harbored and admit that all the DOS offline mail readers in the 
world that supported a configurable editor only *appeared* to 
interface to third-party crypto modules via editor interface 
layers... Now we can admit that we were mistaken in believing 
that Pegasus Mail was trivially equipped with a generic crypto 
interface and that an interface layer to PGP was released by 
another party within weeks...

> Cryptographic Service Providers (CSPs) can now
> evolve independent of applications, and users can choose
> whatever cryptography is available wherever they are in the
> world. TIS is working closely with CSP vendors to ensure that
> CSPs with good cryptography are available in domestic and
> exportable versions as soon as possible based on the U.S.
> government's key escrow initiative.

What self-serving bullshit.

> We would now have widespread use of encryption, both
> domestically and worldwide; we would be in a state of
> "Utopia," with widespread availability of cryptography with
> unlimited key lengths. But, once in this state, we will face
> situations where we need a file that had been encrypted by an
> associate who is unavailable (illness, traffic jam, or change
> of jobs). 

Yeah, this is a really good reason to flush privacy in 
communications down the toilet of subservience to limitless 
government. Really.

> +  Then in 1995, the U.S. government announced its key
>    escrow initiative: allow the export of up to 64-bit
>    cryptography (a remarkable concession) when accompanied
>    by an acceptable form of user-controlled key escrow
>    (critical component to this policy being that "an
>    acceptable escrow system" must have sufficient integrity
>    to give the government confidence that, with a warrant,
>    the keys will be available.)...

Of course. A remarkable arrogation of power rather than a 
concession: Laying the foundation for ALL communications to 
be available with a warrant, something the government has 
NEVER in its history enjoyed.

> Some in the computer industry labeled this just another
> form of Clipper and vowed to continue the fight against
> U.S. government regulation of encryption in any form -- 
> presumably forever. 

They were right and you are wrong in asserting that it would 
be "forever." These things solve themselves in time as
long as there is a plurality of political systems and national
interests on the planet. No government on earth can long
stand against irresistible forces.

> On the other hand, once the new escrowed encryption policy
> was announced, U.S. government agencies -- the FBI, NSA,
> White House, DoD, DoJ, NIST, and NSC -- closed ranks behind
> it and have shown little interest in discussing any other
> approaches. 

Sure. So throw in the towel, eh? If you can't fight 'em, JOIN 
'em. Right? 

> In addition, neither political party has shown
> any interest in taking up the argument in the Congress,
> probably because it is a complex issue and there is no
> obvious "winning" position. 

That may be a compelling argument in favor of finding ways to 
send wakeup calls to the political machinery -- the kinds of 
calls that cause severe loss of sleep and the eruption of 
multitudinous beads of sweat -- but it is HARDLY an argument 
in favor of signing on, as it were, to GAK.

> But, depending upon how the definition of user-controlled key
> escrow is resolved, the new escrow policy could just be the
> long-sought compromise between government and industry that
> gets us through this morass.

What you mean, "Us," kimosabe? This whole piece you've written
is a superficial rationalization for shitcanning principle when
it is placed in opposition to corporate survival by presumed
higher authority. If this is the "long-sought compromise"
that "gets us through this morass," it is a textbook example
of the "turd in the punchbowl" dilemma. How small a turd
will you compromise on before you will consider the punch fit
to drink? Rather a large one, evidently. Then again, this
could be because you see yourself more as a purveyor of punch
than an imbiber. History repeats itself. Endlessly.

> +  If we can ensure that organizations can control the
>    security of backup access to their encrypted information
>    through well-designed commercial key recovery systems --
>    yet also ensure that governments have access when
>    justified via normal legal procedures -- we may have
>    truly found the "Ultimate Utopia" solution to a dilemma
>    that has existed all of our professional lives and
>    threatens to continue through the next generation...

What on earth gives you the idea that anyone outside
government wants to "ensure that governments have access when
justified?" Most individuals would prefer to have and use the
means to ensure that *no one* has access to their private
communications, "justified" or not. More death, torture,
mulilation, incarceration and confiscation have been
perpetrated by governments "justified" by laws valid in their
time and place than all the harm ever done by all the private
individuals in history. What is today's "justification" could 
well become tomorrow's crime against humanity.

>    Thus, in my thought experiment I have come to the
>    conclusion that we (industry and government) are all
>    heading towards the same objective...

If you're right, then maybe the whole thing needs to be 
dismantled and built again from the ground up. Really.

> ...but on a different path from what some of us originally
> wanted. 

Yes -- the path of totalitarianism, apparently.

> Yet, to my way of thinking, that path has to accomodate us
> all if we are ever to arrive at any mutually agreeable
> destination. 

False. Suppose you and your spouse wish to remain inviolate 
but the guy in the ski mask wants to sodomize you both? To 
your way of thinking, "that path has to accomodate us all if we 
are ever to arrive at any mutually agreeable destination."  
Good fucking luck.

> When one group of participants raises insurmountable barriers
> for another group, it simply blocks everyone from progressing
> down any path, and the net result is that U.S. industry is
> not able to export any good crypto-based security.

Although it's possible this may never have occurred to you,
maybe those who want to see strong crypto freely available
would prefer that as long as the U.S. insists on maintaining
self-destructive crypto policies they impact U.S. industry and
provide incentive for foreign crypto development rather than
see U.S. industry crawl supine and subservient to lick the
shoes of bureaucrats who are, after all, our employees and
(supposedly) our SERVANTS.  

What you are doing is going into agreement with the government 
and helping to take the pressure off the government, when what 
is really called for is a firm stand that keeps the 
responsibility for the consequences squarely where it belongs: 
on government hands. Caving while pretending to adhere to 
principle fosters that to which one caves. Standing firm is 
much more likely to force a change.  

You've CHOSEN to be in a business whose market reach is at the 
pleasure of the government. Not satisfied with the reach 
allowed you, you jump through quite a few logical hoops to 
rationalize why it's ok to tailor principle to the necessities 
attendant to navigating the obstacles to which you voluntarily 
made yourself subject in the first place. Perhaps you can see 
why I wouldn't trust you with the keys to my car, much less my
communications?

> We at TIS are dedicated to finding a solution acceptable to
> all sides. We ask your help in this struggle. If you want
> exportable cryptography routinely available in your lifetime
> and believe that user-controlled key recovery is an
> important, if not vital, capability...

The two have no natural connection. The unnatural connection
is created by government policy. As with the unnatural
connection established by a kidnapper between failure to meet
the demands and damage to the victim, you grant it legitimacy 
to the extent that you cave to it.

As far as exportable crypto in [our] lifetime... that will
take care of itself without your help. What you are doing
will DELAY it by appearing to address important issues while
in reality severely damaging the principle of maintaining
freedom of encryption by helping to establish a system in
which that freedom will not exist. 

> If you want to integrate exportable CKE into your product
> line, we are ready to help. 

Thanks, but no thanks.

> If you want to buy internationally deployable good
> cryptography with your favorite applications, tell your
> application vendor you want escrow-enabled applications.

No way, Jose! Most people who want it have access to PGP now, 
and already are using it with their favorite applications. 
The future can offer only more and better, regardless of 
present government policies.

Pegasus Mail showed that integration is not a big deal if
the software originates outside the U.S., so the direction is
established and obvious: As the many millions of programmers
around the world develop more and more advanced applications,
those apps increasingly will tend to have crypto interfaces. 
Those interested in crypto will buy foreign products. In the 
ABSENCE of efforts such as yours, the pressure on the U.S. 
government would rapidly become irresistible.

> We all have an opportunity to make a major difference here.

Yes indeed, and I have not the slightest desire to help you 
help the government institutionalize a bad policy.

>    Sincerely,
>    Stephen T. Walker

Stephen, you've gotten carried away with yourself. "Ultimate
Utopia" indeed! I'm reminded of the validity of the communist
quip that capitalists will sell them the rope with which to 
hang the capitalists. Seems there is some truth to that. 

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMTIbaEjw99YhtpnhAQFJ3gH/U532RzeENe1SbI2B4LCxXZCJYwksYipC
fSFsAX4hCudT9BBYc/wuGGle/TvejQuIChR8qoxw7sjIip4IWHakdw==
=x1iC
-----END PGP SIGNATURE-----









From gebis at ecn.purdue.edu  Mon Feb 26 18:42:35 1996
From: gebis at ecn.purdue.edu (Michael J Gebis)
Date: Tue, 27 Feb 1996 10:42:35 +0800
Subject: Remember, RC4 is now PC1 (fwd)
Message-ID: <199602270208.VAA20323@purcell.ecn.purdue.edu>


> > >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> > >Every time you say RC4 without saying "Trademark of some bunch of 
> > >lawyer scum" you theoretically break the lawyer made law.  So let us 
> > >stop doing it.   Serve them right.
> > 
> > You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.
> 
> Call it  "Prince"

The latest version of ssh has something named "arcfour, which is a
cipher based on a usenet posting in Spring-1995.  It is widely
believed and has been tested to be equivalent with RC4.  (RC4 is a
trademark of RSA Data Security."

This cipher was added when the RC4 support was removed.

Wink, wink.

-- 
Mike Gebis  gebis at ecn.purdue.edu 





From casper at optima.mme.wsu.edu  Mon Feb 26 18:48:15 1996
From: casper at optima.mme.wsu.edu (Chris Grantham)
Date: Tue, 27 Feb 1996 10:48:15 +0800
Subject: CDA Strikes.
Message-ID: <01BB0475.B5574220@xtsd0311.it.wsu.edu>


So true, so true. 

Where on earth does the Government get the idea that they have the obligation or for that matter, the right to play parent. *sigh*

Chris

----------
From: 	Ludwig von Drakenberg III[SMTP:drake at servidor.dgsca.unam.mx]
Sent: 	Monday, February 26, 1996 1:19 AM
To: 	cypherpunks at toad.com
Subject: 	CDA Strikes.

Read this in http://www.zippo.com/editor.htm.

>                                    So what's the plan....man ?
>
>          So the CDA has come to pass and we need to move on. People will test the
>           constitutionality of bits and pieces of the Telecom Law, a conservative
>           supreme court will find the law valid, or refuse to review it. Things will never
>           be the same. For those who think they will be, or the for the" Don't worry,
>           President Clinton won't enforce the law" crowd, Friday marked the first arrest
>           under the new law. They picked an unsympathetic figure, twice before
>           convicted child pornographer, and got him for illegal data transmission over
>           the Internet. 

>           Next time it won't be such an unsympathetic figure. It will be some ISP,
>           minding their own business, not knowing they have a user that didn't read the
>           rules. They'll spend a year in federal court, defending their postion based on
>           not knowing they comitted a crime. In the end, they will win, but they'll be
>           broke, and out of the business. Won't happen to large providers, too political,
>           and they have the resources to do all of the CDA compliance window decorating.


-- 
Ludwig von Drakenberg III          God *is* the dice of the universe.
drake at servidor.unam.mx             My goddess gave birth to your god.
Facultad de Ciencias, UNAM                  Fuck the CDA

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzExbCgAAAEEAONJqT5AeaOg29oT2WXzpgkMQ/BxZXCiduJsOAWRRIPlkOQc
7RN2ooQKJmvHamhoaXktoIbmpK3fkPoEt4OONDtncmOKQKKKl9BgifUW9lO1msRp
W0WIGZ9wTlX/1j6RTcdAEEWqWlBi4xz8A7a3MJdoIANPOV1Zs6HEQwyN9No5AAUR
tCpFZHVhcmRvIEVzY2FsYW50ZSA8ZHJha2VAc2Vydmlkb3IudW5hbS5teD4=
=nmxM
-----END PGP PUBLIC KEY BLOCK-----









From jimbell at pacifier.com  Mon Feb 26 19:43:31 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 27 Feb 1996 11:43:31 +0800
Subject: Ass. Politics
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 10:51 PM 2/25/96 -0500, David R. Conrad wrote:
>
>Salman Rushdie, in a speech I heard several years ago, said that it was
>widely doubted that Iran would or could actually come up with the three
>million dollar bounty on his head.
>This may play a large part in why he is still around.

A few people who basically seem to oppose my idea ("Assassination Politics") 
try to use the Rushdie example as being some sort of "evidence" why it 
wouldn't work.  ("If Rushdie is alive years later, with a few million on his 
head, that proves assassination doesn't work...")   

I, on the contrary, believe that it actually SUPPORTS my theory:  Clearly, 
nobody has trusted Iran's leadership enough to genuinely believe he would be 
able to collect the reward, and thus the apparently size of the reward is 
discounted in people's minds.

When I respond to these objectors, I point out that if Iran was REALLY 
serious about expecting to see Rushdie dead, they would have long ago set up 
some sort of system, analogous to AsPol, that would allow an anonymous 
assassin to kill Rushdie and collect the reward, guaranteed, without risk of 
exposure.  Clearly, that hasn't happened.  (I think we would have heard 
about it if it had.)   This doesn't make the Iranians any more "civilized," 
obviously, it just means that they are either less competent or trustworthy 
about achieving their goals (or are seen to be so), or that they really don't 
want to/can't pay anybody the money for Rushdie's death.

I don't recall every seeing anyone even attempt to contradict this 
counter-argument; they always agree that nobody really believes anyone can 
safely and reliably collect the Rushdie reward.  Needless to say, this 
raises serious doubts  about the competence of many objectors to critically 
analyze the issues in AsPol.  


It would be interesting to get Rushdie's opinion about AsPol.  
It's understandable if he had an initial feeling of revulsion about 
such a system, on the other hand he should recognize that this system would 
also allow opponents of the Iranian government to eliminate those who called 
for his death in the first place.  It is reasonable to suppose that had this 
system been functioning years ago, Iran's government would have been taken 
down long ago.

>I think all the analyses of the economic costs of protecting one person
>vs. protecting many people are rather beside the point, in light of this.

I agree.  AsPol will work even if a few people can be protected, and 
protecting many people is simply not an option.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTJ0NPqHVDBboB2dAQGLmAP/dAPz0FrZNT12NjEvkXuXm5JHVbdJPwDq
JhwDBTAReTOirpNJ8mcgn8KN4hsL5rK5Qwyp+7YO3xRPMh39HPH2uBpq63/RZn2p
uu7eXmrR4HQMKhuK5XReYJtARdPdTgL/F3cmMr1TNUW7M+aJikGo4b1OEycIYNdo
Aa1o/peUXlw=
=059O
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Mon Feb 26 19:43:41 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 27 Feb 1996 11:43:41 +0800
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 04:41 PM 2/26/96 -0800, anonymous-remailer at shell.portal.com wrote:
>On 22 Feb 96, John Young wrote and quoted Steve Walker:
>> To supplement TIS's Web site information on CKE, here's a
>> mailing from Steve Walker earlier this month:

>> TRUSTED INFORMATION SYSTEMS, INC.
> February 2, 1996
>> There has been amazing progress on TIS's Commercial Key
>> Escrow (CKE) initiative since my last status report.
>

[Much quite-valid disgust with CKE (GAK!) deleted]

>> ...it represents the first export approval of a DES-based key
>> escrow encryption system, a small step...
>
>...backward.
>
>> ...the private sector's need for encryption protection and
>> governments' needs to be able to decrypt the communications
>> of criminals, terrorists, and other adversaries...
>
>There is no difference between the justification for this and 
>what was offered to justify Clipper.  
>
>"Other adversaries," like those who want to keep their affairs 
>private, or wish to live free in an increasingly unfree world? 
>I think I'm gonna puke.


Instead of "and other adversaries," why didn't they just come out and say, 
"and Jim Bell"?  I feel left out!  Ignored!   Now I know how "the 
Professor and Mary Ann" felt.

This is a social slight I can't possibly tolerate!

Jim Bell, Adversary.

jimbell at pacifier.com

Klaatu Burada Nikto

Something is going to happen...   Something...Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTJzNPqHVDBboB2dAQFROAQAge2OrsqHHnQ6fBPw2UWoWdiJcagwWspA
s8Zed6Rfeo/X3Hhuy6KT8AaRq2TwaHaiykaEaDMEzdRUhgKQi32pOP3/Pr/ISUqH
PXh8QEDdmaYPmVTnw++2TZTJtWosPvn0g/zgpAqPVy5ibVJ03dzdToAj2+2vjdxF
j9zauQHsvxQ=
=xLqm
-----END PGP SIGNATURE-----






From PADGETT at hobbes.orl.mmc.com  Mon Feb 26 20:35:27 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Tue, 27 Feb 1996 12:35:27 +0800
Subject: RC
Message-ID: <960226225732.2022bf08@hobbes.orl.mmc.com>


And might I point out that "RC" has been the registered trademark of
the Royal Crown Bottling Company since long before Mr. R...

							P.fla





From djw at vplus.com  Mon Feb 26 20:47:58 1996
From: djw at vplus.com (Dan Weinstein)
Date: Tue, 27 Feb 1996 12:47:58 +0800
Subject: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31328ba3.29715249@mail.vplus.com>


On Sun, 25 Feb 1996 22:48:51 -0600 (CST), you wrote:

>On the 23rd, Jeff Weinstein said this concerning the natural 
>semi-anonymity of the net:
>
>> Given that verisign and others will soon begin issuing large numbers of
>> certificates that do not guarantee the identity of the key holder, it seems
>> that this tradition will continue even with the wide deployment of X509 
>> certs.
>
>This has been bugging me since I read it.  I'm not sure I understand the 
>plan;  it only makes sense to me if "anonymous" X.509 certs are issued 
>for user authentication only, not for server authentication.  Is that 
>what this is about?
>
>(If anonymous certs are issued for servers, why should such a cert be 
>treated any differently than one I generate on my own, which causes 
>warning screens about an unknown CA to pop up?)

Verisign will offer a number of levels of certificates.  The
certificate that Jeff refered to requires only a unique email address
and is available for free.  For obvious reasons you should not trust
theses keys for credit card information or anything else that you feel
is confidential.  This is why Navigator allows you configure what keys
you accept as well as what certifications you will accept.


Dan Weinstein
djw at vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche







From llurch at networking.stanford.edu  Mon Feb 26 21:18:19 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Tue, 27 Feb 1996 13:18:19 +0800
Subject: [South SF Bay Area] PLAY ANNOUNCEMENT: "Breaking the Code" (fwd)
Message-ID: 


FYI. Might be amusing. I'll probably go, if I can find a free moment.

-rich
 The Dream Team

---------- Forwarded message ----------
Date: 25 Feb 1996 20:55:33 -0500
From: Michael Deleon 
Newgroups: ba.announce, ba.motss, rec.arts.theatre.plays
Subject: PLAY ANNOUNCEMENT: "Breaking the Code"

Menlo Players Guild Presents

BREAKING THE CODE
by Hugh Whitemore
Based on the Book: Alan Turing: The Enigma by Andrew Hodges

The private life of an extraordinary and brilliant man becomes the means of
his destruction in this dramatic story, which won acclaim on Broadway. At its
center is Alan Turing, the mathematician and British war hero who broke the
famous German Enigma Code, giving the Allies the key to winning World War II,
and yet was persecuted by his government for his sexual orientation. This
portrait of a complex, visionary man torn by society's conflicting rules is
chillingly powerful.

February 23 - March 16
Thurs-Sat, 8pm
Sunday March 10 at 2:30
Burgess Theatre, 601 Laurel Street, Menlo Park

Tickets and info call
(415) 322-3261

Visit our web page at http://www.best.com/~carjack





From alano at teleport.com  Mon Feb 26 21:55:26 1996
From: alano at teleport.com (Alan Olsen)
Date: Tue, 27 Feb 1996 13:55:26 +0800
Subject: Remember, RC4 is now PC1 (fwd)
Message-ID: <2.2.32.19960227054213.008b030c@mail.teleport.com>


At 09:08 PM 2/26/96 -0500, you wrote:

>The latest version of ssh has something named "arcfour, which is a
>cipher based on a usenet posting in Spring-1995.  It is widely
>believed and has been tested to be equivalent with RC4.  (RC4 is a
>trademark of RSA Data Security."

Then they will get sued by SeaWare saying it conflicts with their trademark
for .arc format compression.

Maybe someone should go into the business of "Trademark Collision
Insurance(tm)".  It seems that no matter what you do, everything(tm) is
trademarked nowadays.  

(TCMAY(tm) and "Cypherpunks(tm)" are a trademark of "Tentacles R Us(tm)", a
division of "Evil Incarnate International(tm)".)

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From tbyfield at panix.com  Tue Feb 27 00:24:43 1996
From: tbyfield at panix.com (t byfield)
Date: Tue, 27 Feb 1996 16:24:43 +0800
Subject: Ass. Politics
Message-ID: 


At 7:02 PM 2/26/96, jim bell wrote:

>>Salman Rushdie, in a speech I heard several years ago, said that it was
 <...>
>A few people who basically seem to oppose my idea ("Assassination Politics")
>try to use the Rushdie example as being some sort of "evidence" why it


   Has anyone considered using jim bell as a source of randomness?







From erc at dal1820.computek.net  Tue Feb 27 02:33:57 1996
From: erc at dal1820.computek.net (Ed Carp)
Date: Tue, 27 Feb 1996 18:33:57 +0800
Subject: SSH for Windows update?
Message-ID: <199602271011.FAA16034@dal1820.computek.net>


The SSH Windows client stopped working on Feb. 9.  Anyone either have
another version that works now or another SSH client for Windows?  Anyone
know if Tatu's client is ready yet?  Thanks in advance. :)
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From anon-remailer at utopia.hacktic.nl  Tue Feb 27 06:28:03 1996
From: anon-remailer at utopia.hacktic.nl (Anonymous)
Date: Tue, 27 Feb 1996 22:28:03 +0800
Subject: Perl T-shirt makes the big time
Message-ID: <199602271359.OAA20773@utopia.hacktic.nl>


Spotted in an NSA contractor's office: a column from InfoWeek or some such rag about the RSA-Perl T-shirt. Said column hijacked May's idea that shirting was trivial and turned it on ear-- ITAR is routinely being violated and no one cares.

NSA-heads said they got article by fax from the Death Star in Ft. Meade. Wonder how many black-clad Perl-toters there are on the reservation.






From jya at pipeline.com  Tue Feb 27 06:46:58 1996
From: jya at pipeline.com (John Young)
Date: Tue, 27 Feb 1996 22:46:58 +0800
Subject: PHO_ton
Message-ID: <199602271408.JAA10507@pipe2.nyc.pipeline.com>


   New Scientist, 24 February 1996:

   "Trick of the light fools forgers."

      Researchers at U-Conn Storrs are developing security
      systems that use a new kind of invisible code -- the
      phase of light. A transparent phase mask over a photo on
      a credit card would make it very difficult to forge. The
      authenticity of the card is checked by a reader composed
      of a laser light source and a device called an optical
      correlator. Bahram Javidi, leading Storrs researcher,
      will publish the latest findings in SPIE proceedings,
      called "Optical Security and Counterfeit Deterrent
      Techniques" (v 2659).

   "Good connections, quantum style."

      For quantum computers of the future, any "noise" in the
      connection between sender and receiver could prove
      disastrous. The problem is that the data in such
      computers will be held in the form of individual photons
      and, since quantum theory states that they cannot be
      checked because the mere act of measuring them will
      transform them, every error that creeps in will go
      uncorrected. Now IBM researchers have come up with a way
      to make the connection crystal clear (PRL, v 76, p 722).
      [Cf. recent thread "IBM's Breakthrough."]
 

   PHO_ton













From jamesd at echeque.com  Tue Feb 27 08:28:48 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Wed, 28 Feb 1996 00:28:48 +0800
Subject: Numbers don't lie...
Message-ID: <199602271527.HAA15152@dns1.noc.best.net>


At 11:18 AM 2/18/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>The second point is that their scalability seems to be based on costs per
>chip alone, cost for which the engineering cost has been recovered and for
>which the yeild is significant, hardly givens when you are talking pushing
>the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
>(well, maybe U$25.00).


Doubtless that is why they assume chips that are very far from state of the art:

Since interprocess communication is trivial for key cracking, 
you are better off using large numbers of cheap chips, than 
smaller numbers of good chips.

>Finally, no cost is allocated to the sustem required to program/evaluate
>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>a massively parallel computer (which is what they are talking about in their
>brute force machine, it is the boundary communications that kill you.

Again:  Interprocess communication is trivial.  A brute force key cracking
machine is *not* a general purpose massively parallel computer.

Suppose you have a million chips.  Each chip tries keys.  A few bytes 
of the plaintext, headers and stuff are known.  Assume eight bytes known.  
Then we could handle the interprocess communication with a single desktop 
computer.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From declan+ at CMU.EDU  Tue Feb 27 11:29:17 1996
From: declan+ at CMU.EDU (Declan B. McCullagh)
Date: Wed, 28 Feb 1996 03:29:17 +0800
Subject: CDA Strikes.
In-Reply-To: <31317B14.8E1@servidor.unam.mx>
Message-ID: 


This article is incorrect in at least two ways.

First, last week the U.S. Government signed a legally binding contract
saying they won't prosecute anyone under the CDA until the hearings are
over. This relates to both the indeceny or "patently offensive"
provisions -- *and* the DoJ has said they won't even *initiate*
investigations.

Second, *if* the law is upheld, the DoJ's first, and second, and third,
choices of plaintiffs will be unpopular figures that will play well on
the evening news. The U.S. understands the value of divide-and-conquer.
At the same time, a court challenge will be easier if someone is
actually prosecuted...

-Declan




Excerpts from internet.cypherpunks: 26-Feb-96 CDA Strikes. by Ludwig von
D. III at servid 
> >           President Clinton won't enforce the law" crowd, Friday
marked the 
> first arrest
> >           under the new law. They picked an unsympathetic figure,
twice befo
> re
> >           convicted child pornographer, and got him for illegal data
transmi
> ssion over
> >           the Internet. 
>  
> >           Next time it won't be such an unsympathetic figure. It
will be som
> e ISP,
> >           minding their own business, not knowing they have a user
that didn
> 't read the
> >           rules. They'll spend a year in federal court, defending
their post
> ion based on







From lmccarth at cs.umass.edu  Tue Feb 27 11:32:05 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 28 Feb 1996 03:32:05 +0800
Subject: Conference report - resolving security workshop
In-Reply-To: <199602240738.XAA15151@ix3.ix.netcom.com>
Message-ID: <199602271616.LAA27821@thor.cs.umass.edu>


Raph Levien writes:
# Earlier, I mentioned that two and a half protocols survived the
# day. The remaining one is MSP. It's actually not a bad protocol.

It appears to have been designed by the NSA, so that's not surprising in some
senses. The question is, I think, how much baggage does it bring that's
not really relevant for civilian/commerical use ?

Debate about the use of sensitivity labels has recently resurfaced on the
IPSEC list, although opinion seems to be running quite heavily in favor of
implementing them (at the network layer) so far. 

Bill Stewart writes:
> Where can we find the new specs for MSP?  

With some help from Howard Weiss of Sparta Secure Systems Eng. (in MD), I
finally found an online version. It's in 5 parts, accessible from 
http://bbs.itsi.disa.mil:5580/T3563 (look for MIL-STD-2045-18500). The
web site is set up so as to make it a major pain to cut-and-paste or easily
remember the precise URLs. They're zipped WordPerfect files, so I can't
read them. If someone constructs a copy in ASCII or PostScript or HTML or
something, let me know. 

According to http://www.itsi.disa.mil/dodiis/sec2-62.html, you can read
about MSP in one of the Secure Data Network System (SDNS) Key Management 
Documents (NISTIR 90-4262). MSP is apparently (supposed to be) used in the DMS
(Defense Message System). I think you can order hardcopy of such things from
NIST.

I found an archive of old traffic from the pem-dev list about a
"Preliminary" MSP at:

http://www.eff.org/pub/Privacy/Security/Crypto_misc/dod_pmsp_sdns.standards

-Lewis					"Shit !" -Pres. Richard M. Nixon, 1973





From frissell at panix.com  Wed Feb 28 03:50:03 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 28 Feb 96 03:50:03 PST
Subject: "Physical Reality"
Message-ID: <2.2.32.19960228114906.00b9f928@panix.com>


At 08:41 AM 2/28/96 +1100, Mark wrote:

>I dislike having to follow up something so unrelated, but the bad boys are the
>criminals, the song is about what will you do when the cops come for you.
>The cops are not the "bad boys" in the song. Trust me.
>
>Mark
>

Actually, the song is deliberately ambiguous.  Because the phrase "Bad Boys"
is repeated at both ends of the verse, you can't tell whether it refers to
the cops or perps or both.  I don't know the origin of the song but I recall
in life or in fiction a special (Las Vegas?) police unit that called itself
the Bad Boys.  Certainly the Bad=Good reversal is well established in
popular culture.

DCF






From abostick at netcom.com  Tue Feb 27 11:59:19 1996
From: abostick at netcom.com (Alan Bostick)
Date: Wed, 28 Feb 1996 03:59:19 +0800
Subject: [NOISE]  Re: Perl T-shirt makes the big time
In-Reply-To: <199602271359.OAA20773@utopia.hacktic.nl>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602271359.OAA20773 at utopia.hacktic.nl>,
anon-remailer at utopia.hacktic.nl (Anonymous) wrote:

> Spotted in an NSA contractor's office: a column from InfoWeek or some
> such rag about the RSA-Perl T-shirt. Said column hijacked May's idea
> that shirting was trivial and turned it on ear-- ITAR is routinely being
> violated and no one cares.
> 
> NSA-heads said they got article by fax from the Death Star in Ft. Meade.
> Wonder how many black-clad Perl-toters there are on the reservation.
> 

Maybe someone should ask the t-shirt makers just how many of them have been 
shipped to the Beltway area. . . . 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick at netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTM9TuVevBgtmhnpAQEeRAL/anWIiUDhxLpkeO8Dj2Ly4fLMkQVvUxpc
X1/IamR0tA3bbwEO266suW8D5vQU7Xq789Q0StF3uyBIpUc+WhXnmJsZSz+9u5Ki
wGg+Cp+Kzlx1LioWe1mfH92Rby6QRPKO
=GhXM
-----END PGP SIGNATURE-----





From jya at pipeline.com  Tue Feb 27 12:01:13 1996
From: jya at pipeline.com (John Young)
Date: Wed, 28 Feb 1996 04:01:13 +0800
Subject: VAN_goh
Message-ID: <199602271809.NAA25003@pipe1.nyc.pipeline.com>


   2-26-96. FT:

   "Net's rivals feel the squeeze. A quiet revolution is
   transforming global electronic trade."

      Value added networks (Vans) such as GEIS and Advantis
      are already at risk from the Internet, according to
      Price Waterhouse's *Technology Forecast*, a panoramic
      sweep through today's electronics, from chip designs to
      video compression software. Electronic commerce, the
      forecast says, has become a worldwide phenomenon,
      reshaping marketplaces, trading relationships and
      international trading boundaries.

   2-27-96. NYT:

   "AT&T Makes Belated Move On Internet." John Markoff.

      AT&T is to introduce a service Tuesday that it hopes to
      use to link millions of its long-distance telephone
      customers to the global computer network. Analysts said
      the entry by AT&T was certain to alter the competitive
      landscape for ISPs. It will offer relatively inexpensive
      dial-up access to the Internet and the Web to personal
      computer users at home. Company officials said pricing
      will "be aggressive enough to make the industry sit up
      and take notice." "You're about to see a new AT&T," said
      an analyst. The service will use Netscape for browsing
      and a search tool designed by Verity Inc.

   VAN_goh







From frissell at panix.com  Tue Feb 27 12:02:02 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 28 Feb 1996 04:02:02 +0800
Subject: "Physical Reality"
Message-ID: <2.2.32.19960227181316.0070e158@panix.com>


At 12:23 PM 2/21/96 -0800, L. Detweiler wrote:

>Barlow brings up this topic in his recent "cyberspace declaration of
>independence" (which can clearly be criticized as out of touch with 
>physical reality but is nevertheless compelling). 

Various critics of cryptoanarchy from D. Denning to L. Detweiler to A.
Grove, to J. Kellstrom to the 1991 instance of P. Metzger have argued that
the continued existence of the physical attack medium renders this new form
of social disorganization DOA.

Boiled down to its essentials, this argument can be expressed by the lyrics
of the song "Bad Boys" as used as the theme song of the reality TV show
"Cops."  For those who no longer participate in the previous culture, they are:

Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

I would suggest instead that the critics of cryptoanarchy are out of touch
with "physical reality."

For the "Bad Boys" to come for you, a whole series of requirements must be
in place:

1)  There must be Bad Boys
2)  They must be able to travel
3)  There must be a reason for them to come "for you".  They need motivation
4)  There must be a you
5)  The Bad Boys must know where you are
6)  The Bad Boys must be able to travel to where you are
7)  The answer to the question "Whatcha gonna do?" must be "nothing" (This
would seem to be implied by the song.)
8)  They must have something to do to you when they "come for you" otherwise
the journey is a waste of time.

Let's examine each of these requirements to see how technological change has
affected them.

1)  There must be Bad Boys

There are fewer Bad Boys these days.  Not that Human Nature has improved all
that much but law enforcement employment (relative to population) is down.
The collapse of the SU and the Eastern European police states has
dramatically reduced the world population of government agents.  When 1/4 of
your population was in the enforcement business full- or part-time (as in
the DDR), the end of that system reduces the supply of "muscle."  Note that
during this Century of Blood, governments were murdering someone every 20
seconds or so (160 million in the last 100 years).  Reports indicate that
the death rate is lower these days.  Occasional minutes go by without any
murders by government.  

Additionally, even in places like the US where there would seem to be more
enforcement personnel employed than ever before, bureaucratic management has
worked to reduce worker productivity.  Since law enforcement is still
organized along Stalinist lines (state ownership and management,
hierarchical organization, pay unrelated to performance), not much actual
enforcement is undertaken.  A New York Times article on INS agents whose job
it is to find and arrest illegals within the US said that they were allowed
to grab about one perp a month.  The rest of the time was spent on
paperwork.  At the rate of 12 deportations a year per agent, it will be
quite a while before the backlog is cleared.  And, indeed, all the evidence
we have from studies of the "clearance" rates of crimes to the street price
of illegal pharmacuticals, to the "average time served per crime" suggest
that effective enforcement is down.

This is what we would expect since the law enforcement system has retained a
very traditional organizational model while the rest of society has become
much more efficient.  A massive increase in what we might call "regulatory
targets" combined with a decrease in the number and efficiency of the
regulators, means less regulation and effectively fewer Bad Boys.

2)  They must be able to travel

If the Bad Boys are to come for you, they have to be able to travel.  The
internationalization of the modern business and communications environment
has made this more difficult.  There are very few enforcement agencies that
have unlimited budgets of the sort that allowed Lt. Gerard to chase Dr.
Richard Kimball around the country for years on end.  Enforcement is largely
a matter of chance.  The Bad Boys come for some small part of the criminal
population and leave the rest alone until chance brings them within reach.

A multinational investigation and enforcement program costs the earth.  It
will only be undertaken in very significant cases.  Nation states are still
the basic unit of enforcement and so jurisdictional conflicts cause many
costs and delays.  Since it is part of human nature to be more concerned
with one's own "stuff" than with other's "stuff," foreign enforcement
agencies won't pursue cases with as much energy as domestic agencies might
be willing to.  

One way that people are more powerful than governments is that people (or
their corporations) can be citizens/residents of several nations much more
easily than a single nation can rule the citizens/residents of other nations.

Even within the United States, jurisdictional differences among the states
can be exploited by natural or artificial persons.  As regional trading
blocks like NAFTA and the European Free Trade Area spread, people will be
able to move around much more easily than government agencies.  Since there
are no sovereignty issues raised when people do business in multiple
jurisdictions, these distance and jurisdictional barriers will fall much
faster for private parties than for the government Bad Boys who want to come
after them.



DCF






From rah at shipwright.com  Tue Feb 27 13:20:18 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 28 Feb 1996 05:20:18 +0800
Subject: Proposed Legislation Regualting Expert Testimony
Message-ID: 


A nameless associate, who lives in Albuquerque, seems to have a local
perspective on this...


>Date: Mon, 26 Feb 1996 17:11:54 -0500
>To: rah at shipwright.com
>Subject: Re: Proposed Legislation Regualting Expert Testimony
>
>Bob,
>
>It is clear from the following why the bill did not pass:
>
>>When a cryptologist or computer expert testifies during a criminal
>>defendant's penalty hearing, the cryptologist or computer expert
>>shall wear a cone-shaped hat no less than two feet in height for the
>>duration of the hearing. The surface of the hat shall be imprinted
>>with stars, moons and lightning bolts.
>>
>>Additionally, the cryptologist or computer expert shall be required to
>>wear a white beard no less than eighteen inches in length for the
>>duration of the hearing. The cryptologist or computer expert shall
>>punctuate crucial elements of his testimony by stabbing at the air
>>with a wand no less than one foot in length.
>>
>>Whenever a cryptologist or computer expert provides expert testimony
>>regarding the defendant's methods, the bailiff of the court shall
>>dim the lights of the court room and shall administer two strikes to
>>a Chinese gong."
>
>You see, the conical hat, the beard, and the wand are the costume of Manny
>Aragon,
>the President pro tem of the Senate, and the striking of the gong is the
>conditioned response of Ray Sanchez, the Speaker of the House, to anything
>Manny says.

Of course, *black* hats and goatees on cryptographers are somewhat de
regeur, cf. Sameer, Eric, Derek, etc. By the way, do *you* have a black
hat, Tim?

Cheers,
Bob Hettinga

PS: I'll stop now.

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From mark at ausnetinfo.com.au  Tue Feb 27 14:45:50 1996
From: mark at ausnetinfo.com.au (Mark)
Date: Wed, 28 Feb 1996 06:45:50 +0800
Subject: "Physical Reality"
In-Reply-To: <2.2.32.19960227181316.0070e158@panix.com>
Message-ID: <199602272141.IAA06008@ausnetinfo.com.au>


>Boiled down to its essentials, this argument can be expressed by the lyrics
>of the song "Bad Boys" as used as the theme song of the reality TV show
>"Cops."  For those who no longer participate in the previous culture, they are:
>
>Bad Boys, Bad Boys
>Whatcha gonna do? 
>Whatcha gonna do when they come for you? 
>Bad Boys, Bad Boys
>
>repeat endlessly.
>
>I would suggest instead that the critics of cryptoanarchy are out of touch
>with "physical reality."
>
>For the "Bad Boys" to come for you, a whole series of requirements must be
>in place:
>
>1)  There must be Bad Boys
>2)  They must be able to travel
>3)  There must be a reason for them to come "for you".  They need motivation
>4)  There must be a you
>5)  The Bad Boys must know where you are
>6)  The Bad Boys must be able to travel to where you are
>7)  The answer to the question "Whatcha gonna do?" must be "nothing" (This
>would seem to be implied by the song.)
>8)  They must have something to do to you when they "come for you" otherwise
>the journey is a waste of time.

I dislike having to follow up something so unrelated, but the bad boys are the
criminals, the song is about what will you do when the cops come for you.
The cops are not the "bad boys" in the song. Trust me.

Mark





From rishab at best.com  Tue Feb 27 16:56:59 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Wed, 28 Feb 1996 08:56:59 +0800
Subject: In favour of privacy legislation
In-Reply-To: 
Message-ID: <199602272202.OAA18522@shellx.best.com>



> The problem is the WILDLY broad/excessive scope of the legislation AS WRITTEN.

I agree that the legislation, as written, one of the shortest I've seen, 
is overbroad. However, it's not _that_ far off the mark. Most of your
objections (such as the one relating to unauthorised biographies, which 
are more likely to be challenged using existing libel laws than privacy 
legislation that doesn't specify penalties) can be answered with a simple
change: replace "personal information concerning an individual" with
"personal information concerning an individual directly gleaned from that
individual's statements or actions." Or something. So if you build
a database tracking my purchases at your store, or what I fill in
your subscription forms, you can't resell it. OTOH if you buy my
dossier from someone _else_, you're not liable, though your source
probably is. So you could publish biographies or political exposes
and only the primary source would be liable. That source is often 
liable in any case, due to existing laws concerning theft, trade secrets,
breach of contract etc; it's just that primary sources in these situations
are almost never identified.

> AS WRITTEN, it would prohibit --
> * making available for a fee, information about pedophiles, rapists, etc.,

Ah yes, this would include the 98.32% of Internet users who are paedophiles.
You don't believe that paedophiles and rapists deserve the same legal
and constitutional treatment as anyone else? "First they came for the Jews..."

> * maintaining a public-access database for profit, offering consumer
> information about landlords' abuses of security deposits -- or renters'
> abuses of property,
> * making available for profit, almost all information about individuals in
> public civil and criminal court records,

These, along with databases on (proven) rapists, depend on policy for
the use of "public" - government-held - information on individuals.
In most countries, this is governed by widely distributed regulations,
not any single privacy law. For example, the European restriction on
publicising names of minors charged for serious offences _during_ trial.
If the simple change on direct sources is made, these do not impact
privacy legislation.

> I have no problem with *carefully* constructed privacy protection.  But (1)
> that turns out to be VERY hard to construct, and (2) this bill ain't it.

Legislation governing free speech in the US is huge. The body of law
that strengthens free speech (interpreting "Congress shall make"
as "any level of government shall make") and restricts it (taking
"no law" to mean "no law except to prevent obscenity, libel, etc")
goes far beyond the deceptively simple First Amendment, but this 
complexity and bulk is not a common argument against free speech 
legislation. The California bill, with some changes, may not
be a carefully constructed body of law but could be a decent start.

My personal opinion, living as I do between one country - India - that is 
still (fortunately?) fond of habitual civil disobedience, and another - 
the Internet - where civil disobedience is a technologically assisted
state of mind, laws are an irritation. But if they are to exist to
protect _some_ rights, they should, for aesthetic balance if nothing
else, exist for _all_.

Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA






From galvin at eit.com  Tue Feb 27 17:48:14 1996
From: galvin at eit.com (James M. Galvin)
Date: Wed, 28 Feb 1996 09:48:14 +0800
Subject: 
Message-ID: 


At 8:55 PM 2/22/96, Raph Levien wrote:
>MOSS is dead, long live MOSS
>----------------------------
>
>   There were five contenders on the field going into the day, and two
>and a half at the end. MOSS was one of the casualties. A lot of us
>were sorry to see it go, but eliminating candidates has got to happen
>if we're going to have interoperation.
>   It's hard to say exactly what went wrong. MOSS had many advantages,
>and was a nice, clean, pretty standard. I think what doomed it was the
>lack of a good implementation.
>   Even though MOSS is no longer considered a serious contender, one
>piece of it is still very much alive: the multipart/signed message
>format. At the end of the day, there was strong, nearly unanimous
>consensus that multipart/signed should be recommended as the signed
>message format for _all_ of the email encryption protocols.

I debated about responding since you are entitled to your opinion.  After
thinking about it for a while I decided I need to say a little something.

It's my impression that MOSS suffered from lack of representation at this
workshop.  I got that view from at least 6 different people, so I believe
it to be true.  That said, I think it's unfair to declare its demise.

Further there is a good implementation of MOSS.  It was even announced at
the workshop.  Did you miss it?  TIS has done an implementation that is
available for anonymous FTP, albeit only within the US.  It's integrated
with MH, not the most favored mail user agent, but the current version has
shell scripts that perform minimal MIME functions to facilitate integration
with other agents.

Finally, multipart/signed and multipart/encrypted are not MOSS.  They are a
framework independent of any particular secure email technology.  True,
MOSS depends on them, but I regard that as a feature not a bug.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin at eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882







From Blaker at msn.com  Tue Feb 27 20:00:35 1996
From: Blaker at msn.com (Blake Ramsdell)
Date: Wed, 28 Feb 1996 12:00:35 +0800
Subject: 
Message-ID: 


> Further there is a good implementation of MOSS.  It was even announced at
> the workshop.  Did you miss it?  TIS has done an implementation that is
> available for anonymous FTP, albeit only within the US.  It's integrated
> with MH, not the most favored mail user agent, but the current version has
> shell scripts that perform minimal MIME functions to facilitate integration
> with other agents.

Is there a version that can be used in commercial applications?  There is for 
PGP, S/MIME, and (I think) for MSP.  From a developer's point of view, this 
will influence my decision between specifications.

Blake





From Blaker at msn.com  Tue Feb 27 20:05:21 1996
From: Blaker at msn.com (Blake Ramsdell)
Date: Wed, 28 Feb 1996 12:05:21 +0800
Subject: 
Message-ID: 


> James M. Galvin said:
> It's my impression that MOSS suffered from lack of representation at this
> workshop.  I got that view from at least 6 different people, so I believe
> it to be true.  That said, I think it's unfair to declare its demise.

I agree with this impression -- I think that MOSS was not represented in any 
meaningful way.  The question that begs to be asked is:  why?

I also agree with the assessment that MOSS was a casualty due to a certain 
extent to the lack of representation.

To recap the purpose of this conference, it was for the interested parties 
involved with security specifications to review their differences, determine 
the requirements, and possibly even to come out with a preferred solution.  If 
the interested parties don't show up, it seems that they are not going to have 
their arguments heard.  In fact, I believe that MOSS is the *only* 
specification that didn't have a significant group of proponents present 
during the entire proceedings.

I knew darn well that we as a group would be gunning down one or more of these 
specifications to simplify the process, and if I wanted anything to say about 
it, then I'd better go.

Before the conference, while this list was forming, I asked Dave Crocker what 
the agenda was, and who specifically was speaking about each specification -- 
the reason I did this is to find out if the *absolute best* representative for 
each specification was speaking, so that we would not end up in a situation 
where the audience was uninformed about a specification, and I could feel that 
the meeting would be productive.  Ultimately, for PGP and S/MIME, it was the 
authors or editors themselves that provided insight into their respective 
specification, and for MSP it was at least one key implementor.

For MOSS, it seemed that the whole contingency (people who were either in 
charge of the specification, who had plans to implement the specification, or 
who were significant customers interested in the specification) was you (an 
author of the specification), and you had to split.  This is not a good sign.  
If the people who cared about MOSS participated in the public forums provided 
for discussing it (mailing lists such as pem-dev), then they would have been 
made aware of this meeting just like the other specification proponents, and 
would have shown up.  You showed up, showed a chart that didn't demonstrate 
MOSS as a clear winner, and didn't stick around to discuss the chart (which I 
thought was a good start to finding The Answer).

This also reminds me of a time when a call went out for the MOSS implementors 
to raise their hands (on the pem-dev list) -- and only Ned Freed answered.  
This could very well be because MOSS implementors don't hang out on the 
mailing list, which is somewhat strange since the timeframe in which this 
question was posed was very close to the release date of the specification 
(10/95).  In fact, Dave Crocker recently said that "Clear, corporate 
commitments from product vendors ought to confirm or dispel the rumor of the 
MOSS demise", and we have not had *any* vendors step up since that statement.

Don't get me wrong -- I don't consider myself to be prejudiced away from MOSS. 
 Near the end of the meeting, I specifically pointed out that:  First we had 
PEM, and it died.  Now we have MOSS, which is 47 pages long, and less than 
*four months* old, and we are calling it dead also.

The answer to that was that it made a great "over beer" question -- a question 
to be discussed over a beer.

Care for a beer?

Blake





From Mark at adspp.com  Tue Feb 27 20:29:19 1996
From: Mark at adspp.com (Mark Bainter)
Date: Wed, 28 Feb 1996 12:29:19 +0800
Subject: Remember, RC4 is now PC1
In-Reply-To: 
Message-ID: <31332C27.4D0@adspp.com>


Simon Spero wrote:
> 
> On Mon, 26 Feb 1996, Bill Stewart wrote:
> 
> > At 10:19 AM 2/24/96 -0800, jamesd at echeque.com wrote:
> > >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> > ..
> > >Every time you say RC4 without saying "Trademark of some bunch of
> > >lawyer scum" you theoretically break the lawyer made law.  So let us
> > >stop doing it.   Serve them right.
> >
> > You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.
> 
> Call it  "Prince"
> 

Call it "the cipher formerly known as 'RC4'"



---
"Man did not enter into society to become 
 worse than he was before, nor to have 
 fewer rights than he had before, but
 to have those rights better secured." 
             --- Thomas Paine 1791





From ylo at ssh.fi  Tue Feb 27 20:33:55 1996
From: ylo at ssh.fi (Tatu Ylonen)
Date: Wed, 28 Feb 1996 12:33:55 +0800
Subject: Windows ssh -- this mail was written with it
Message-ID: <199602280347.FAA05139@pilari.ssh.fi>


Secveral people have been asking recently about
the status of my windows SSH client.

Well, this mail is being written with it.  I have
finally had time to work on it almost full time
for the last week, and it is finally starting to
work.  The basic protocol is now in farirluy good
condition.  Terminal emulation has been written
(it is VT102, tested to work with vttest)), but
the emulator hasn't been merged to Windows yet
(that should be a couple of days work, max)).

Channel forwarding code is not yet ready, but
probably will in a couple of weeks.  

I will probably make a pre-alpha test distribution
in very near future so that people can get some
hands-on experience with it.  (Eithher stiill durring
this week, or alternatively soon after IETF which
will be next week.  BTW, I wiill give a presentation
on SSH at the IETF.=)

Anyway, this was just to give quick update �:-)

(Sorry for the typos in this message, since
emulation is not yet iintegrated it is hard to
edit, and also key mappings won't work properly
until I get the emulatoor in - hopelfully really
really soon.)

    Tatu





From gnu at toad.com  Tue Feb 27 21:57:53 1996
From: gnu at toad.com (John Gilmore)
Date: Wed, 28 Feb 1996 13:57:53 +0800
Subject: PGP source code book sold out!
Message-ID: <9602272119.AA08088@toad.com>


Date: Tue, 27 Feb 96 15:22:21 EST
From: ehling at mitpress.mit.edu (Teresa A. Ehling)
Message-Id: <9602272022.AA06562 at mitpress.mit.edu>
To: gnu at toad.com

Dear John --

The PGP Source Code book is now out of print.  We assumed there
would only be limited interest in the source code, so we printed
only 1500 copies.  When we sold out of this run (just last month), 
we decided not to reprint, given that the 3.0 release is due this spring.

Terry Ehling
The MIT Press





From Blaker at msn.com  Tue Feb 27 23:31:47 1996
From: Blaker at msn.com (Blake Ramsdell)
Date: Wed, 28 Feb 1996 15:31:47 +0800
Subject: [ Death of MOSS? ]
Message-ID: 


Brad Knowles said:
>     Obviously a few additional enhancements would be necessary, such
> as cryptographic signatures on return receipts and classification
> labels (as two examples, there may be more), but MOSS is my current
> best yardstick for measuring just how well a secure email standard
> really is integrated into MIME, with the absolute minimal amount of
> disturbance to the existing MIME standard (and thus, making it the
> most "native" MIME implementation of a secure email standard).

Both the PGP and S/MIME specifications propose the use of security multiparts 
-- how come these don't rank as highly as MOSS in your view of how well they 
are integrated with MIME?

Blake





From ses at tipper.oit.unc.edu  Tue Feb 27 23:48:31 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Wed, 28 Feb 1996 15:48:31 +0800
Subject: fun with the web and security
In-Reply-To: <9602280238.AA15724@espresso.CS.Berkeley.EDU.mammoth>
Message-ID: 



This has been discussed a lot in the URI working groups since around 92. 
I think it's actually documented in the RFC

Simon

> Here's a fun way to exploit security holes via the web:
> 	http://www.cs.berkeley.edu/~daw/js1.html
> A rough representation of its contents follow.
> 
> 
> 
> Whee! The web is awfully convenient for exploiting security bugs.... 
> 
> The following URL contacts your sendmail SMTP server and attempts to exploit
> an old, well-known security hole, trying to gain root access. Click _here_
> to try it. 
> 
> As it stands, clicking on the URL above does not do anything harmful to your
> machine-- but it could! (This is a test of the emergency broadcast system.
> This is only a test.) 
> ______________
> 
> We can get you to send arbitrary text, to an arbitrary port on an arbitrary
> host, from your machine.  (If you are inside a firewall, we can thereby send
> arbitrary text to any internal machine by getting you to click on the link
> above.) The technique is simple: we list the host and port in a gopher URL,
> and encode the text to be sent in the path. 
> 
> For instance, a successful exploit of the hole could leave a backdoor root
> shell, and inform us via a pseudonym at an anonymous remailer. 
> 
> The exploit could be hidden by use of the JavaScript "width=1,height=1"
> techniques pioneered at John LoVerso's _JavaScript security hole page_; then
> you wouldn't even know when you'd been attacked. 
> 
> The exploit could be forced on you via many standard tricks: the Redirect:
> or META-EQUIV Refresh: or JavaScript mechanisms work fine, for instance. 
> 
> This is most dangerous when you are behind a firewall. Typically, there will
> be many machines inside a firewall which run insecure software. Normally,
> that would be safe, since the firewall prevents an outsider from connecting
> to the unsafe sendmail servers inside-- yet the example URL above allows
> outsiders like us to exploit security holes on the inside of your firewall.
> Nothing stops us from putting the IP address of a vulnerable machine inside
> your firewall in the URL above, and waiting for you to click on it: the
> firewall doesn't prevent connections from you to the internal vulnerable
> machine, and thus can't stop this attack. Using JavaScript, we don't even
> have to wait for you to click on anything. Furthermore, a JavaScript program
> could systematically and invisibly try all the machines inside your firewall. 
> 
> We could have used many other well-known security holes: there's nothing
> special about this particular sendmail bug (except that it was convenient
> for us to implement). 
> ______________
> 
> Be afraid. Be very afraid. 
> -- Ian Goldberg and David Wagner. 
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From tcmay at got.net  Wed Feb 28 16:52:16 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 28 Feb 96 16:52:16 PST
Subject: Anyone else getting these?
Message-ID: 


Is anyone else getting these strange "Message body suppressed" messages?
Below is an example:


At 7:31 AM 2/26/96, spook at eworld.com wrote:

>   ----- Message body suppressed -----
>
>--NAA18253.825456631/dns1.noc.nsa.net--
>
>
>
>** NOTICE **: A mailer error at NSA caused this
>** message to get messed up.  If the body of the message
>contains only '----- Message body suppressed -----',
>then we were unable to recover the entire message and you
>will have to email the person sending you this message
>asking him or her to resend it.  NSA apologizes for
>the inconvenience.


Every day that passes convinces me we are entering a period of chaos. Large
mailing lists are a likely casualty.


--Tim



(Yes, I changed "Best" to "NSA," for the fun of it.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jya at pipeline.com  Wed Feb 28 01:02:37 1996
From: jya at pipeline.com (John Young)
Date: Wed, 28 Feb 1996 17:02:37 +0800
Subject: Intelligence ANFO
Message-ID: <199602280358.WAA05719@pipe3.nyc.pipeline.com>


FAS offers the January 19, 1996 testimony before the 
President's Commission on the Future of Intelligence by Bobby 
Inman, Frank Carlucci and others including Richard Haass, 
principal author of the recent CoFR report (which is now also 
at the IRP site).


     URL: http://www.fas.org/pub/gen/fas/irp/offdocs.html#aspin


The Commission's report to the President is due this Friday.


For admiration of the deeply set spook-hooks in the US economy, 
take a look at the IRP humongous list of firms that happily 
fabricate products for $28 billion per year. Firms that 
generously pasture the ex-TLAs like Inman, Carlucci, Haass, et 
al, for their, uh, wisdom and expert testimony to insure a 
bountiful demand for fertilizer and fuel oil.








From WlkngOwl at UNiX.asb.com  Wed Feb 28 01:05:14 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Wed, 28 Feb 1996 17:05:14 +0800
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602280417.XAA11930@UNiX.asb.com>


Derek Atkins wrote:

> PGP3, which I've been working on with Colin Plumb for some time, is
> based upon a specified API.  Although the API is still under
> development, the plan is to have libraries available for UNIX, Mac,
> and Windows (DLL).
> 
> At this time the API Spec and Programmer's Guide documents are not
> publically available.  Hopefully this will change in the next few
> weeks.

Odd. I remember a prototype API spec being posted to c'punks last 
year.  (Or was that something else?)

And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
compatible or is it something entirely different?

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From dlv at bwalk.dm.com  Wed Feb 28 01:05:19 1996
From: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 28 Feb 1996 17:05:19 +0800
Subject: E$? Whatever
Message-ID: <2koZJD4w165w@bwalk.dm.com>


A GLIMPSE INTO THE FUTURE OF MONEY, AS CITI SEES IT
Known inside Citicorp as the Electronic Money System, the bank's
version of electronic currency for cyberspace is the result of
four years of mostly top-secret toil by technical wizards who
report to Colin Crook, the New York money-center's top technology
officer. Still in a prototype stage and probably years away from
full-scale operation, the Electronic Money System is described as
fully equivalent to cash, but hardware and software reside on
secure processing environment.
     At a recent demonstration, one of six laptops was programmed
to contain the functions of two banks, with icons representing
tellers, security, and other features. The other terminals were
set up to display "electronic wallets" that individuals can use
to withdraw money from the virtual bank, exchange money with each
other, and perform a variety of sophisticated transactions. For
example, a customer on one laptop can transfer $100 and 50
British pounds from his bank account to his electronic wallet.
The cash then exists in digital form on the individual's computer
hardware. "Our system does not depend on any network mechanism
for security," said project manager Sholom Rosen. "The security
is between the two devices. They have their own cryptography and
security." Bank officials said they intend to apply the
technology first in wholesale functions, with retail use still
far in the future.
                         -- American Banker, 2/23/96

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From frantz at netcom.com  Wed Feb 28 01:06:58 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 28 Feb 1996 17:06:58 +0800
Subject: Cyberspace Hashishim Declare Jihad [NOISY]
Message-ID: <199602280001.QAA03617@netcom7.netcom.com>


http://www.onworld.com/MUT/elecGur.html has a declaration which includes
many of the crypto-anarchy concepts.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From rishab at best.com  Wed Feb 28 01:09:43 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Wed, 28 Feb 1996 17:09:43 +0800
Subject: In favour of privacy legislation
In-Reply-To: <199602272250.OAA21228@infinity.c2.org>
Message-ID: <199602272307.PAA08655@shellx.best.com>


sameer at c2.org:
> 	Your point about alpha is exactly my point. You give merchant
> your alpha address, and they can't do anything valuable with it. No
> law necessary.

Laws protecting privacy are as (un)necessary as those protecting
free speech, with or without cpunk technologies such as alpha.

Speaking of which, are you still interested in writing that 
paper on remailers?

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From rem3614 at tam2000.tamu.edu  Wed Feb 28 01:09:47 1996
From: rem3614 at tam2000.tamu.edu (Ray McKinney)
Date: Wed, 28 Feb 1996 17:09:47 +0800
Subject: PGP source code book sold out!
In-Reply-To: <9602272119.AA08088@toad.com>
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 27 Feb 1996, John Gilmore wrote:

> Dear John --
> 
> The PGP Source Code book is now out of print.  We assumed there
> would only be limited interest in the source code, so we printed
> only 1500 copies.  When we sold out of this run (just last month), 
> we decided not to reprint, given that the 3.0 release is due this spring.

If you are just wanting to reference the source code book, try your
library, if it is large enough.  The Evans Library here at Texas A&M
University has a copy on its shelf.

Ray

Finger for PGP public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: This message has been digitally signed. Altering it may lead to prosecution.

iQCVAwUBMTOY3MmUJGcZVs4ZAQEFHgQAvC7Q0KBsXYIukDk4WHDwSBgBOeiyX4an
efQMJYE3auykDUbnI91w9V1SwpHPSx+3xOjNN6rnmFOlE82rCGcR8XpcUyOQZmgp
5VUrRiKFLgfA4e4E8sQxLHgimFOR2M9NnIafLVs9cmSkzwZRoKmbDtvT40g+YJ4E
eGhN3c243CE=
=gLBJ
-----END PGP SIGNATURE-----





From rishab at best.com  Wed Feb 28 01:10:02 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Wed, 28 Feb 1996 17:10:02 +0800
Subject: In favour of privacy legislation
In-Reply-To: <199602272230.OAA25250@atropos.c2.org>
Message-ID: <199602272249.OAA25257@shellx.best.com>



> 	Why shouldn't I be able to sell it. Information is free. If
> it's illegal to sell it in the US, I'm sure Marketing Info, Inc.,
> operating out of Costa Rica, would be happy to sell the information
> about your buying habits.

If we're talking about a US-based, on-shore operation, the reason
why you should not be able to sell my buying habits, ethical
and legal, would be that I gave them to you in the first place,
for a specific purpose. If we're talking about Costa Rica, which
has achieved mythical status as a data haven in some future
cupherpunked world, thenwe're not in the US any more. We're
in the world of the Internet, of the technology-is-law life
that appeals to so many of us (including me), and you wouldn't
be able to track my buying habits anyway.

I'd be using the alpha.c2.org remailer, which would have conveniently
located itself in - where else - Costa Rica.

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA






From pcw at access.digex.net  Wed Feb 28 01:11:43 1996
From: pcw at access.digex.net (Peter Wayner)
Date: Wed, 28 Feb 1996 17:11:43 +0800
Subject: What's this "Digital Cash" stuff...
Message-ID: 



Of course, I'm guilty of confusing the topic because I talked
about credit and debit cards in a book with the title "Digital
Cash." Sorry about that.

But I think the whole debate is really pretty confusing. Real
"cash", i.e. Federal Reserve Notes, are pretty traceable.
They've got serial numbers on them. If it was practical to
require everyone to keep a log book of serial numbers, someone
could really track the flow of currency throughout the economy.
Note that serial numbers aren't that important for paper
currency because the physical difficulty of finding a good
printing press is supposed to prevent counterfeitting. Digital
"cash" requires the serial numbers to prevent copying. (Everyone
should read today's NYT article on the counterfeits.) So I would
argue that Fed. Reserve notes aren't "cash" either. It's only a
matter of time before FinCen starts requiring everyone to report
every serial number.

But while I think Tim's point is well taken and essentially
correct, we should remember that "cash" is term that also often
means immediately negotiable. For instance, many people who need
to trade large amounts will trade T-bills. These pieces of paper
pay interest! In other circumstances, bringing a cashier's check
is what people mean when they talk about "paying in cash." A
real estate buyer who actually showed up at a closing with
$300,000 in $100 bills would be pretty unpopular, even if he
said he was going to pay in "cash".

So, I guess it's all just a question of semantics. But that's
life on the Information Super highway where it may just be
illegal to run the "finger" protocol.

-Peter







From rishab at best.com  Wed Feb 28 01:13:05 1996
From: rishab at best.com (Rishab Aiyer Ghosh)
Date: Wed, 28 Feb 1996 17:13:05 +0800
Subject: Privacy legislation in CA
Message-ID: <199602272208.OAA23091@shellx.best.com>



I just forwarded my last post to some other list  favouring
- sort of - proposed privacy legislation in California. As
it may not have appeared here, and is very short, and I don't
have the URL, and I believe my response was relevant to
cpunks, I've reproduced the bill.

-Rishab

SB 1659 Personal rights: privacy.
BILL NUMBER: SB 1659                                      INTRODUCED
02/21/96
                               BILL TEXT



INTRODUCED BY  Senator Peace

                        FEBRUARY 21, 1996

   An act to add Section 43.2 to the Civil Code, relating to privacy.


                      LEGISLATIVE COUNSEL'S DIGEST


   SB 1659, as introduced, Peace.  Personal rights: privacy.
   Existing law, the California Constitution, provides that all
people have certain inalienable rights, including the right to
privacy.
   This bill would prohibit a person or corporation from using
or distributing for profit information concerning an individual,
including his or her credit history, finances, or medical
history, without his or her written consent. The bill would
include a statement of legislative findings concerning the right
to privacy.
   Vote:  majority.  Appropriation:  no.  Fiscal committee:  no.
State-mandated local program:  no.


  SECTION 1.  The Legislature hereby finds and declares the
following:
   (a) All people have an inalienable right to privacy as
declared in Section 1 of Article I of the California
Constitution.
   (b) Advances in technology have made it easier to create,
acquire, and analyze detailed personal information about an
individual.
   (c) Personal information, including information about a
person's financial history, shopping habits, medical history,
and travel patterns, is continuously being created.
   (d) The unauthorized use of personal information concerning
an individual is an infringement upon that individual's right to
privacy.
  SEC. 2.  Section 43.2 is added to the Civil Code, to read:
   43.2.  No person or corporation may use or distribute for
profit any personal information concerning a person without that
person's written consent.  Such information includes, but is
not limited to, an individual's credit history, finances,
medical history, purchases, and travel patterns.


----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab at dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab at arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From daw at orodruin.CS.Berkeley.EDU  Wed Feb 28 01:28:04 1996
From: daw at orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 28 Feb 1996 17:28:04 +0800
Subject: fun with the web and security
In-Reply-To: 
Message-ID: <9602280905.AA16242@espresso.CS.Berkeley.EDU.mammoth>


> This has been discussed a lot in the URI working groups since around 92. 
> I think it's actually documented in the RFC

Really?  Could you give me any pointers to read up on?

I searched extensively at www.w3.org, and I did find the following
excerpt in RFC1738 under Security Considerations:

   A URL-related security threat is that it is sometimes possible to
   construct a URL such that an attempt to perform a harmless idempotent
   operation such as the retrieval of the object will in fact cause a
   possibly damaging remote operation to occur.  The unsafe URL is
   typically constructed by specifying a port number other than that
   reserved for the network protocol in question.  The client
   unwittingly contacts a server which is in fact running a different
   protocol.  The content of the URL contains instructions which when
   interpreted according to this other protocol cause an unexpected
   operation. An example has been the use of gopher URLs to cause a rude
   message to be sent via a SMTP server.  Caution should be used when
   using any URL which specifies a port number other than the default
   for the protocol, especially when it is a number within the reserved
   space.

I don't think this addresses exactly the same thing I was talking
about-- I'm talking about a way to exploit arbitrary security holes,
even against machines (normally) protected inside a firewall.

It is interesting to see the caution above, though-- I was unaware of
its existence.  I also found the following in the same RFC:

   Care should be taken when URLs contain embedded encoded delimiters
   for a given protocol (for example, CR and LF characters for telnet
   protocols) that these are not unencoded before transmission.  This
   would violate the protocol but could be used to simulate an extra
   operation or parameter, again causing an unexpected and possible
   harmful remote operation to be performed.

which Netscape violates in the gopher: protocol.  However, I also note
that the same RFC specifically addresses the gopher protocol in
Section 3.4.9, and concludes that the client needs to decode embedded
%-escaped newlines and send them as true newlines to the gopher server;
thus, the RFC appears to be self-contradictory, as far as I can tell.
Netscape follows Section 3.4.9.  Furthermore, I should point out that
even if clients were changed so that they didn't unencode %-escaped
newlines in URLs for the gopher: protocol, I believe sendmail bugs
could still be exploited-- Ian has discovered a way to send arbitrary
email messages with arbitrary headers to arbitrary hosts by abusing
the mailto: URL, which should be sufficient to exploit several sendmail
bugs behind a firewall.

So was that what you were talking about, or was there more discussion?





From lmccarth at cs.umass.edu  Wed Feb 28 02:28:05 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 28 Feb 1996 18:28:05 +0800
Subject: PGP to PC mail integration
In-Reply-To: <199602280818.AAA00108@cryptical.adnetsol.com>
Message-ID: <199602281009.FAA01583@thor.cs.umass.edu>


Mike Ingle writes:
> Instead of messing with user interfaces, you set the POP and SMTP
> addresses of your mail program to "localhost". You run locally a Visual
> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
> connections. The VB program is configured with the addresses of your
> real SMTP and POP servers, and acts as a proxy.
> 
> When your mail program retrieves POP mail, it goes through the VB
> program, and the VB program decrypts any PGP mail it sees. When it
> sends mail, the VB program encrypts any mail it has a PGP key for the
> recipient of.

Would you be stuck if you wanted to send something unsigned and/or 
unencrypted ?

-Lewis					"Shit !" -Pres. Richard M. Nixon, 1973





From wlkngowl at unix.asb.com  Wed Feb 28 03:31:03 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Wed, 28 Feb 1996 19:31:03 +0800
Subject: PGP source code book sold out!
Message-ID: <199602280447.XAA21568@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Ray McKinney wrote:
> On Tue, 27 Feb 1996, John Gilmore wrote:[..]
> > The PGP Source Code book is now out of print.  We assumed there
> > would only be limited interest in the source code, so we printed
> > only 1500 copies.  When we sold out of this run (just last month),
> 
> If you are just wanting to reference the source code book, try your
> library, if it is large enough.  The Evans Library here at Texas A&M
> University has a copy on its shelf.

You could also use Inter-Library Loan... though it's on permanent reserve
at a library here.

I took a look at it, it's mainly source code. Not much text giving 
anything new that I saw.  Having the files with the source code is fine 
enough.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPeayoZzwIn1bdtAQGa7AGA2+yomb6WOzh7Wx+n65m2uo3FvPAeqmvb
U/nsvR011Xy21A1YgCodwniqpiCMCs/6
=U+85
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Wed Feb 28 03:32:28 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Wed, 28 Feb 1996 19:32:28 +0800
Subject: Remember, RC4 is now PC1
Message-ID: <199602280431.XAA21477@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart wrote:
> >Every time you say RC4 without saying "Trademark of some bunch of
> >lawyer scum" you theoretically break the lawyer made law.  So let us
> >stop doing it.   Serve them right.
> 
> You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

Bah. I don't think there's much RSA can do, esp. if you use a homegrown
implementation.

If someone says "A stream cipher compatible with RSA's RC4 (tm)" then
what is RSA going to do?

It'd be funny if the next time somebody hacks a proprietary code, if they
make some changes, redo the key schedule, perhaps in mind of 
strengthening the algorithm, and then post it to sci.crypt as "hey, I got
this idea for a new crypto algorithm... what do you think?".  If the 
algorithm is different enough from the proprietary code version, with
no clear connection between them, and the author can give full design 
rationale as if s/he wrote it from scratch, then what's a company to do?

(If the practice of secret/proprietary algorithms continues for the long 
term future then it's quite possible a genuine coincidence like this will 
occur... RC4 [officially secret] and RC5 [not officially secret] are some 
very simply constructed algorithms... what's to say another skilled 
cryptographer could not have reinvented the wheel?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPauioZzwIn1bdtAQGR9QGAkRVkH2PZFk2LShKcBqGoWJTDkLX87sBL
Uc4bo2ksl47YEXQ2slL238auZVLBFCC8
=D1/4
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Wed Feb 28 03:34:23 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Wed, 28 Feb 1996 19:34:23 +0800
Subject: Internet shutdown Feb 29?
Message-ID: <199602280455.XAA21627@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Interesting. My ISP was shut down for a day this week because of a 
"problem with a router upstream from us". 

It would be nice to see ISPs maintain multiple paths or at least have
a set of backup connections to keep outages like this from happening.


Simon Spero wrote:
> 
> As a matter of interest, I wonder how much of the internet could be
> shut down by concerted effort; obviously individual services can be
> trivially disabled by jamming listen queues (not really stoppable by
> anything short of IPSEC w/photuris). The BGP backbone could probably be
> disabled from within by a traitor planted in one of big companies, and a
> confused backhoe around the MAEs could probably do a lot more damage than
> people would like to admit. It seems that the internet is getting pretty
> brittle- I wonder if it would be worthwhile having some sort of infranet
> with a bunch of backups links using dial-up lines or spare transponders
> (with a filter to block port 80 :-)
> 
> It's probably not possible with  todays routing technology
> (slow, flappy links with nightmarish convergence times), plus it's not
> sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should
> be working on- something to keep the essential services flowing in the
> early stages of an info-war, or an info truck-bomb
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPgOyoZzwIn1bdtAQHhzwF+IpnE8dOwNVq0SXSshqc6oEpMo99knyBC
8VnvSn7qvaHn6AJqTIrIKII2InR9cLR9
=N5QY
-----END PGP SIGNATURE-----





From wlkngowl at unix.asb.com  Wed Feb 28 03:34:42 1996
From: wlkngowl at unix.asb.com (Mutant Rob)
Date: Wed, 28 Feb 1996 19:34:42 +0800
Subject: Privacy legislation in CA
Message-ID: <199602280442.XAA21538@bb.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

>   SECTION 1.  The Legislature hereby finds and declares the
> following:
>    (a) All people have an inalienable right to privacy as
> declared in Section 1 of Article I of the California
> Constitution.

Does the bill define "privacy" explicitly? Or is it defined clearly 
anywhere else in California law? That can be a real problem... (the US 
Supreme Court seems to limit 'privacy' to what goes on in bed between a 
married heterosexual couple, for instance.)

>    (b) Advances in technology have made it easier to create,
> acquire, and analyze detailed personal information about an
> individual.
>    (c) Personal information, including information about a
> person's financial history, shopping habits, medical history,
> and travel patterns, is continuously being created.
>    (d) The unauthorized use of personal information concerning
> an individual is an infringement upon that individual's right to
> privacy.

What is unauthorized use?  Is it still acceptable to collect information 
on someone?  Is a person given the right to know who is tracking them, 
and what someone else or a corporation has about them?


>   SEC. 2.  Section 43.2 is added to the Civil Code, to read:
>    43.2.  No person or corporation may use or distribute for
> profit any personal information concerning a person without that
> person's written consent.  Such information includes, but is
> not limited to, an individual's credit history, finances,
> medical history, purchases, and travel patterns.

What counts as written consent? Checking a "Yes, you may send my name to 
interested advertisers so I can receive lots of junk mail to burn in my 
stove to keep warm in the winter" box?  And once a person has checked off 
on it, is it ok for a corporation to redistribute that info without 
asking permission (since it's already been signed off), of must that 
third party again ask permission?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPdKCoZzwIn1bdtAQEnvAF/dslZaaBn0j8ZyEHH3t97LyzjBHCai04A
ng/kuJ5nkkneIVAl2OJKZAnq8JSaIzqp
=0Tmm
-----END PGP SIGNATURE-----





From brad at azathoth.ops.aol.com  Wed Feb 28 03:36:27 1996
From: brad at azathoth.ops.aol.com (Brad Knowles)
Date: Wed, 28 Feb 1996 19:36:27 +0800
Subject: [ Death of MOSS? ]
In-Reply-To: 
Message-ID: <9602272344.ZM4410@azathoth.ops.aol.com>


On Feb 28, 12:16am, Blake Ramsdell wrote:

> > James M. Galvin said:
> > It's my impression that MOSS suffered from lack of representation at this
> > workshop.  I got that view from at least 6 different people, so I believe
> > it to be true.  That said, I think it's unfair to declare its demise.
> 
> I agree with this impression -- I think that MOSS was not represented in any 
> meaningful way.  The question that begs to be asked is:  why?

    May I restate a point I've been saying for a while?

    From what I recall of Terry Gray's presentation, MOSS seemed to be
a highly thought of integration of MIME and security, although perhaps
none of us thought much of the particular TIS freely available
implementation.

    I know that, from my personal perspective, MOSS appears to be the
best example of integrating security into MIME, at least from a
framework perspective.  The only reason PGP/MIME also rates a "+" in
my book is because it is based on the current PGP standard (the de
facto standard for our primary user base) as well as being reasonably
well integrated into MIME.


    I would vehemently oppose any statement that MOSS *as a framework*
is dead.  I don't think the particular TIS freely available
implementation has much of a future, but I'm a very strong supporter
for taking the existing MOSS standard and removing any remaining
algorithm specifics and then using it as a framework for implementing
a secure email standard with the PGP, S/MIME, or MSP trust models,
certificates, encryption algorithms, etc....

    Obviously a few additional enhancements would be necessary, such
as cryptographic signatures on return receipts and classification
labels (as two examples, there may be more), but MOSS is my current
best yardstick for measuring just how well a secure email standard
really is integrated into MIME, with the absolute minimal amount of
disturbance to the existing MIME standard (and thus, making it the
most "native" MIME implementation of a secure email standard).


    And if you look at what I've said previously, it is my firm belief
that if we are to succeed in giving users a truly interoperable secure
email standard, then said standard must be fully and completely
integrated into MIME and do everything it does in the proper MIME way,
as opposed to just being security grafted on.

    This is why I advocate finding out what the current (proposed)
MIME way is of handling return receipts and then finding how we can
add the dimension of security to those receipts, instead of just
defining our own secure receipts that are distinct from regular
receipts.


    MOSS the implementation may well be dead, but MOSS the framework I
feel is very much alive, and will likely continue to live well beyond
the other standards that were championed by presenters who remained at
the workshop into the afternoon, if only because I think MOSS as a
framework will likely define the framework that the other standards
(and any future standards) will have to find a way to fit into.

-- 
Brad Knowles                           MIME/PGP: BKnowles at aol.net
    Mail Systems Administrator          
    for America Online, Inc.                   Ph: (703) 453-4148





From anonymous at nowhere.toad.com  Wed Feb 28 04:25:17 1996
From: anonymous at nowhere.toad.com (Senator Exon)
Date: Wed, 28 Feb 1996 20:25:17 +0800
Subject: No Subject
Message-ID: <199602261424.PAA10844@ddh.bart.nl>


Greetings All
             Does anyone reading this know any details of the crypto
scheme proposed for TETRA (The Euro standard digital radio system).
 Actual concrete details of the system seem to be impossible to find !!

 Thanks in advance

 LP






From johan at eniac.campus.luth.se  Wed Feb 28 04:25:58 1996
From: johan at eniac.campus.luth.se (Johan Sandberg)
Date: Wed, 28 Feb 1996 20:25:58 +0800
Subject: Cypherpunk remailer
Message-ID: <427.6632T768T557@eniac.campus.luth.se>


How do I send Email through a cypherpunk remailer?

I know that I encrypt with PGP, but where should I write to who the email is
for???

I have list of remailers and I have their public keys, but it would be nice
if someone could add some remailers to my list!
Public keys to them aswell is appreciated!

There might be some FAQs about this, but never seen one.

 -- Please refer to where I can get the FAQ if there is one! --






From jimbell at pacifier.com  Wed Feb 28 04:32:06 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 28 Feb 1996 20:32:06 +0800
Subject: E$? Whatever
Message-ID: 


At 10:23 PM 2/27/96 EST, Dr. Dimitri Vulis wrote:
>A GLIMPSE INTO THE FUTURE OF MONEY, AS CITI SEES IT
>Known inside Citicorp as the Electronic Money System, the bank's
>version of electronic currency for cyberspace is the result of
>four years of mostly top-secret toil by technical wizards who
>report to Colin Crook, the New York money-center's top technology
>officer.

You know, if I were a bank, I'd think twice before I hired a person named
"Crook" as the "top technology officer."

Jim Bell
jimbell at pacifier.com






From stewarts at ix.netcom.com  Wed Feb 28 04:36:40 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Wed, 28 Feb 1996 20:36:40 +0800
Subject: Numbers don't lie...
Message-ID: <199602280652.WAA09136@ix2.ix.netcom.com>


At 07:23 AM 2/27/96 -0800, jamesd at echeque.com wrote:
>At 11:18 AM 2/18/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>>Finally, no cost is allocated to the sustem required to program/evaluate
>>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>>a massively parallel computer (which is what they are talking about in their
>>brute force machine, it is the boundary communications that kill you.
>
>Again:  Interprocess communication is trivial.  A brute force key cracking
>machine is *not* a general purpose massively parallel computer.

Yeah - the interprocess communications includes handing out keyspace
(pretty simple, especially if each chip has a way to find out its name),
broadcasting the cyphertext and known plaintext, letting the winner forward
the successful key, and broadcasting the "you can stop now" message.

Back when the AT&T DSP-32 was new and hundred-CPU machines were exciting,
AT&T made a box that had 128 DSPs in a binary tree; each one had a couple
flavors of RAM and some communications glue.  It would work just fine for this
sort of applications (except that the DSP32 was a floating-point DSP
and what you really need here is big integers.)

And the Inmos Transputer, with its 4 communications channels, would do
just fine as well - you could either build the things into large grids
or build a large ternary tree, or get fancy and build cubes of 6 chips
that you make hypercubes out of, or whatever.  A modern version of the same
chip, built out of FPGAs or ASICs with enough memory and program on chip,
would blaze just fine.


#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From dimitrt at dcs.rhbnc.ac.uk  Wed Feb 28 04:52:22 1996
From: dimitrt at dcs.rhbnc.ac.uk (Dimitris Tsapakidis)
Date: Wed, 28 Feb 1996 20:52:22 +0800
Subject: Diffie-Hellman for Matchmaking?
Message-ID: <313395CB.4343@dcs.rhbnc.ac.uk>


sci.crypters and cypherpunks:

This is a followup to my "Dating Problem" question I posted on
sci.crypt, some months ago. I am trying to find or design some
matchmaking protocols (and implement one of them, eventually)
that have all the nice properties, like privacy and fairness.

I came up with two or three candidate protocols, but they all
rely on the Diffie-Hellman "common key" for mutual authentication.
I haven't seen it used for such purposes in the literature, and I
am suspicious.

The setup is the same as in Diffie-Hellman key exchange.
Assume global: prime n and primitive element g mod n. All the
participants have a pair of (secret, public) keys, where
public=g^secret mod n. By common key I mean
g^(secret_a*secret_b)mod n.

Person A is interested to match person B, so he computes
g^(AB)mod n. B is interested in X, where X may or may not
be A, and calculates g^(BX)mod n. Now, they compare these
two "common keys" either using some Zero Knowledge scheme
that ensures fairness (at no point one party has significantly
more information than the other) or through a Trusted Third Party.
If they are the same, then this means X=A, so A and B
have a match (e.g. a date). The common keys must remain
secret (hence the ZK above): if g^(BX)mod n "escaped"
to the public, then the real X would find out that
B is interested in him.

Is anything wrong with this, specificaly with the use
of the "common key"?

  Dimitris

-- 
Dimitris Tsapakidis               PGP keyID: 735590D5
dimitrt at dcs.rhbnc.ac.uk           MSc in Information Security,
This space reserved               Royal Holloway, University of London
for future use.                   Origin: Thessaloniki, Macedonia, Hellas





From brad at his.com  Wed Feb 28 04:54:35 1996
From: brad at his.com (Brad Knowles)
Date: Wed, 28 Feb 1996 20:54:35 +0800
Subject: 
Message-ID: 


At 7:16 PM 2/27/96, Blake Ramsdell wrote:

> This also reminds me of a time when a call went out for the MOSS implementors
> to raise their hands (on the pem-dev list) -- and only Ned Freed answered.
> This could very well be because MOSS implementors don't hang out on the
> mailing list, which is somewhat strange since the timeframe in which this
> question was posed was very close to the release date of the specification
> (10/95).  In fact, Dave Crocker recently said that "Clear, corporate
> commitments from product vendors ought to confirm or dispel the rumor of the
> MOSS demise", and we have not had *any* vendors step up since that statement.

    Interestingly, I talked to the folks developing the Simeon
IMAP-based MUA (the only cross-platform IMAP MUA that I know of; if
anyone else knows of one, please tell me), and they told me that they
knew of the conference and instead decided to focus on getting the
next version of their client out the door.  And they're claiming to
be implementing MOSS, S/MIME, and PGP (PGP/MIME, I hope?).  Pretty
surprising answer, coming from a company that I think will be so
radically affected by the outcome of that workshop and the continuing
work done by the same community of folks.  I don't even know if
they've got someone subscribed to this mailing list (it sounds like
they don't).


    I have no idea if the rest of the PEM/MOSS commercial community
is like this, but I'm not sure it bodes well for them in particular.
I mean, if it really is a matter of them being small enough that one
key guy can't afford to take a few days out (like both Qualcomm and
Z-Code did), then maybe they're too small to survive the shakeout.
And if it's a matter of them not caring, well....

> Don't get me wrong -- I don't consider myself to be prejudiced away
>from MOSS.
>  Near the end of the meeting, I specifically pointed out that:  First we had
> PEM, and it died.  Now we have MOSS, which is 47 pages long, and less than
> *four months* old, and we are calling it dead also.

    Somebody else made this observation about the age of MOSS at the
workshop, and as I recall Dave's response was something to the effect
of "Uh, it's actually a heck of a lot older than that, the difference
is that the RFC has only been on the streets for four months."

--
Brad Knowles,                                  MIME/PGP: brad at his.com
    comp.mail.sendmail FAQ Maintainer     
        finger brad at his.com for my PGP Public Key and Geek Code
The comp.mail.sendmail FAQ is at 







From matts at pi.se  Wed Feb 28 05:49:37 1996
From: matts at pi.se (Matts Kallioniemi)
Date: Wed, 28 Feb 1996 21:49:37 +0800
Subject: PGP to PC mail integration
Message-ID: <2.2.32.19960228133623.0033ccfc@mail.pi.se>


At 05:09 1996-02-28 -0500, lmccarth at cs.umass.edu wrote:
>Mike Ingle writes:
>> Instead of messing with user interfaces, you set the POP and SMTP
>> addresses of your mail program to "localhost". You run locally a Visual
>> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>> connections. The VB program is configured with the addresses of your
>> real SMTP and POP servers, and acts as a proxy.
>> 
>> When your mail program retrieves POP mail, it goes through the VB
>> program, and the VB program decrypts any PGP mail it sees. When it
>> sends mail, the VB program encrypts any mail it has a PGP key for the
>> recipient of.
>
>Would you be stuck if you wanted to send something unsigned and/or 
>unencrypted ?

Nope. The VB program should give a popup window where you can enter your
passphrase to sign/decrypt the message. Such a popup can have a  button
if you don't want it to do its thing.

But how often do you receive an encrypted letter for which you have the
secret key, and don't want the letter decrypted?

Actually, I was already working on such a program when these posts came by,
so any suggestions to functionality are welcome!

Matts






From lmccarth at cs.umass.edu  Wed Feb 28 06:16:51 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 28 Feb 1996 22:16:51 +0800
Subject: Diffie-Hellman for Matchmaking?
In-Reply-To: <313395CB.4343@dcs.rhbnc.ac.uk>
Message-ID: <199602281351.IAA08954@opine.cs.umass.edu>


Dimitris Tsapakidis writes:
> Person A is interested to match person B, so he computes
> g^(AB)mod n. B is interested in X, where X may or may not
> be A, and calculates g^(BX)mod n. Now, they compare these
> two "common keys" either using some Zero Knowledge scheme
> that ensures fairness (at no point one party has significantly
> more information than the other) or through a Trusted Third Party.
> If they are the same, then this means X=A, so A and B
> have a match (e.g. a date). The common keys must remain
> secret (hence the ZK above): if g^(BX)mod n "escaped"
> to the public, then the real X would find out that
> B is interested in him.

Could you give us some background on the problem ?  I'm not clear on what
the protocol is trying to achieve in practical terms.

-Lewis





From lmccarth at cs.umass.edu  Wed Feb 28 06:20:28 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Wed, 28 Feb 1996 22:20:28 +0800
Subject: PGP to PC mail integration
In-Reply-To: <2.2.32.19960228133623.0033ccfc@mail.pi.se>
Message-ID: <199602281354.IAA09203@opine.cs.umass.edu>


Mike Ingle writes:
> Instead of messing with user interfaces, 

I wrote:
# Would you be stuck if you wanted to send something unsigned and/or 
# unencrypted ?

Matts writes:
% Nope. The VB program should give a popup window where you can enter your
% passphrase to sign/decrypt the message. Such a popup can have a  button
% if you don't want it to do its thing.

Sure sounds like a user interface to me. 

-Lewis





From frantz at netcom.com  Wed Feb 28 06:30:49 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 28 Feb 1996 22:30:49 +0800
Subject: PGP source code book sold out!
Message-ID: <199602280833.AAA23425@netcom7.netcom.com>


On Tue, 27 Feb 1996, John Gilmore wrote:[..]
> The PGP Source Code book is now out of print.  We assumed there
> would only be limited interest in the source code, so we printed
> only 1500 copies.  When we sold out of this run (just last month),

There are still copies on the shelf at Computer Literacy Bookshops
(408)435-1118 (they mailorder too).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From jamesd at echeque.com  Wed Feb 28 06:31:22 1996
From: jamesd at echeque.com (jamesd at echeque.com)
Date: Wed, 28 Feb 1996 22:31:22 +0800
Subject: "Physical Reality"
Message-ID: <199602280801.AAA08840@mail1.best.com>



> > Boiled down to its essentials, this argument can be expressed by the lyrics
> > of the song "Bad Boys" as used as the theme song of the reality TV show
> > "Cops."  For those who no longer participate in the previous culture, they 
> > are:
> >
> > Bad Boys, Bad Boys
> > Whatcha gonna do? 
> > Whatcha gonna do when they come for you? 
> > Bad Boys, Bad Boys

At 08:41 AM 2/28/96 +1100, Mark wrote:
> the bad boys are the
> criminals, the song is about what will you do when the cops come for you.
> The cops are not the "bad boys" in the song. Trust me.

Clearly, one of the purposes of the show "Cops" is to intimidate.  Even
though the police have total editorial control they often show thuggish
and perhaps illegal behavior.  (though they also sometimes show cops 
displaying hard to believe forbearance)

Since the show is, in part, intimidatory, it seems reasonable to suppose
that the cops are the bad boys who are going to come for you.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd at echeque.com






From inglem at adnetsol.com  Wed Feb 28 06:32:45 1996
From: inglem at adnetsol.com (Mike Ingle)
Date: Wed, 28 Feb 1996 22:32:45 +0800
Subject: PGP to PC mail integration
Message-ID: <199602280818.AAA00108@cryptical.adnetsol.com>


Mail user interface integration remains the biggest barrier to
widespread PGP use. As long as it's inconvenient each time you want to
send a mail message, people won't use it. Existing efforts to fix this
are usually mail-program specific (elm-pgp port, some Pegasus and
Eudora hacks) and/or not terribly convenient (ViaCrypt and similar
win-pgp front ends). It seems to me that people are attacking this
problem from the wrong end of the pipe.

Almost all internet mail programs (Eudora, Pegasus, Netscape, Exchange
client with Internet mail, you name it) talk to a POP server and an
SMTP server. They allow you to specify the hostnames of each.

Instead of messing with user interfaces, you set the POP and SMTP
addresses of your mail program to "localhost". You run locally a Visual
Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
connections. The VB program is configured with the addresses of your
real SMTP and POP servers, and acts as a proxy.

When your mail program retrieves POP mail, it goes through the VB
program, and the VB program decrypts any PGP mail it sees. When it
sends mail, the VB program encrypts any mail it has a PGP key for the
recipient of.

Once this is set up, the user burden is near zero, and it works with
any winsock-based mail program. What do you think of the idea?

						Mike






From stewarts at ix.netcom.com  Wed Feb 28 06:33:27 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Wed, 28 Feb 1996 22:33:27 +0800
Subject: Simpler solutions (was Re: Stealth PGP work)
Message-ID: <199602280910.BAA29788@ix10.ix.netcom.com>


At 12:45 AM 2/28/96 +0000, "Deranged Mutant"  wrote:
>Adam Back  wrote:
>
>[lots of stuff about stealth PGP snipped]
>
>This seems to be quite a lot of effort that complicates things. It 
>would be simpler for two stealth communicators to use other means of 
>hiding the fact that a message is PGP'd... (1) stego, in various 
>forms, if done properly would make most attackers not suspect a PGP 
>message is inside something, 

One point of stealth-pgp is to make an encrypted message you _can_
safely hide with stego.  Since the Bad Guys can take your stegofied picture,
destego it, and see the string ------ BEGIN PGP CONTRABAND DATA,
you can't get away with saying "no, that's just a picture of my cat,
blurred a bit because he was moving", which you can if you use a true
stealth version of PGP or other crypto program.

Another major point is to make PGP messages that you can post in public,
which the recipient can decode, but which _don't_ say
"From 007 To 86 and 99" in the headers.  That's easier, but still a bit of work.

>(2) use another encryption program, with 
>a known key shared by two users, that turns the PGP message into pure 
>unmarked 'randomness', 
>[.... (3) a pad-based variant ...]

You're down to key exchange; the big reason for public-key systems is to
avoid it.


#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From Kevin.L.Prigge-2 at tc.umn.edu  Wed Feb 28 06:35:17 1996
From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge)
Date: Wed, 28 Feb 1996 22:35:17 +0800
Subject: Internet shutdown Feb 29?
In-Reply-To: <199602280455.XAA21627@bb.hks.net>
Message-ID: <3134629847e9002@noc.cis.umn.edu>


A few months back, some winos took most of Minnesota off the net
for a couple days. Upset with being kicked out from under a bridge,
they started a fire that took out the main fiber cable from 
downtown to MRNet + the U of M. Backup? Due to a mistake at a CO,
the backup link was routed thru the same area, and was also burned.
Interesting scrambling as nameservers puked and died.  

Mutant Rob said:
> 
> Interesting. My ISP was shut down for a day this week because of a
> "problem with a router upstream from us". 
> 
> It would be nice to see ISPs maintain multiple paths or at least have
> a set of backup connections to keep outages like this from happening.
> 
> 
> Simon Spero wrote:
> >
> > As a matter of interest, I wonder how much of the internet could be
> > shut down by concerted effort; obviously individual services can be
> > trivially disabled by jamming listen queues (not really stoppable by
> > anything short of IPSEC w/photuris). The BGP backbone could probably be
> > disabled from within by a traitor planted in one of big companies, and a
> > confused backhoe around the MAEs could probably do a lot more damage than
> > people would like to admit. It seems that the internet is getting pretty
> > brittle- I wonder if it would be worthwhile having some sort of infranet
> > with a bunch of backups links using dial-up lines or spare transponders
> > (with a filter to block port 80 :-)
> >
> > It's probably not possible with  todays routing technology
> > (slow, flappy links with nightmarish convergence times), plus it's not
> > sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should
> > be working on- something to keep the essential services flowing in the
> > early stages of an info-war, or an info truck-bomb
> ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]


-- 
Kevin L. Prigge         | "You can always spot a well informed man -
University of Minnesota |  his views are the same as yours."  
email: klp at tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  






From galvin at eit.com  Wed Feb 28 09:15:47 1996
From: galvin at eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:15:47 +0800
Subject: 
Message-ID: 


At 8:19 PM 2/27/96, Blake Ramsdell wrote:
>> Further there is a good implementation of MOSS.
>
>Is there a version that can be used in commercial applications?  There is for
>PGP, S/MIME, and (I think) for MSP.

Beauty is in the eyes of the beholder I'm told.

TIS will happily license their source code to you.  In this case you get
the advantage of seeing and actually trying what you will get in advance
with no hassle whatsoever.  As to whether that is a better choice than
writing the code yourself, well, you get the idea.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin at eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882







From galvin at eit.com  Wed Feb 28 09:22:45 1996
From: galvin at eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:22:45 +0800
Subject: [ Death of MOSS? ]
Message-ID: 


At 12:44 AM 2/28/96, Brad Knowles wrote:
>    And if you look at what I've said previously, it is my firm belief
>that if we are to succeed in giving users a truly interoperable secure
>email standard, then said standard must be fully and completely
>integrated into MIME and do everything it does in the proper MIME way,
>as opposed to just being security grafted on.

Allow me to make a contentious statement:

        MOSS is the only secure email protocol integrated with MIME.

You see, integrated to me means that the base is security aware.  MIME is
only security aware when the security multiparts are used.  In all other
cases, MIME is not security aware.

The use of the application content-type with experimentally defined
subtypes gives the appearance of MIME being security aware, but it provides
nothing more than a mechanism for carrying a protected object.  In
addition, the fact that the security service itself must do a callback in
order to support recursive services, unlike MOSS which uses the security
multiparts framework and thus lets MIME do all the work it was designed to
do, further supports my position.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin at eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882







From galvin at eit.com  Wed Feb 28 09:43:34 1996
From: galvin at eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:43:34 +0800
Subject: 
Message-ID: 


At 8:16 PM 2/27/96, Blake Ramsdell wrote:
>> James M. Galvin said:
>> It's my impression that MOSS suffered from lack of representation at this
>> workshop.  I got that view from at least 6 different people, so I believe
>> it to be true.  That said, I think it's unfair to declare its demise.
>
>I agree with this impression -- I think that MOSS was not represented in any
>meaningful way.  The question that begs to be asked is:  why?

Your comment seems to suggest that the only way to meaningfully contribute
to a discussion of technologies is via face to face meetings.  While I
agree there is a certain expediency to face to face meetings, insofar as
we're talking about email shouldn't we be able to use the technology for
our deliberations?  I'm reminded of my participation in X.400 implementor
meetings where I derived great pleasure from the fact that you couldn't
communicate with most of the members via email at all, let alone X.400.

In response to your question, I don't think there is any one answer any
more than I think there is any one reason why PEM failed.  However, I don't
think the question is moot, since no decision has been made yet and at
least I haven't given up yet, although I know it's uphill from here.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin at eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882







From sameer at c2.org  Wed Feb 28 10:01:54 1996
From: sameer at c2.org (sameer)
Date: Thu, 29 Feb 1996 02:01:54 +0800
Subject: In favour of privacy legislation
In-Reply-To: <199602272249.OAA25257@shellx.best.com>
Message-ID: <199602272250.OAA21228@infinity.c2.org>


(Costa Rica was just an example. I don't claim that Costa Rica will be
the data haven of choice.)

	Your point about alpha is exactly my point. You give merchant
your alpha address, and they can't do anything valuable with it. No
law necessary.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer at c2.org





From dmandl at panix.com  Wed Feb 28 10:03:33 1996
From: dmandl at panix.com (David Mandl)
Date: Thu, 29 Feb 1996 02:03:33 +0800
Subject: "wisecrackers" by Levy in March Wired
Message-ID: 


At 6:16 PM 2/27/96, Vladimir Z. Nuri wrote:
>I sent this to  but the address bounced.
                            ^^^

Hmmm...When did Echo move to York New City?

--
Dave Mandl
dmandl at panix.com
http://www.wfmu.org/~davem







From warlord at MIT.EDU  Wed Feb 28 10:13:23 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 29 Feb 1996 02:13:23 +0800
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602280417.XAA11930@UNiX.asb.com>
Message-ID: <199602281532.KAA10186@toxicwaste.media.mit.edu>


> Odd. I remember a prototype API spec being posted to c'punks last 
> year.  (Or was that something else?)

What you saw was a prior incarnation of PGP3.  What we have does look
farily similar to that old spec.  But I think that the new spec is a
lot easier to understand and use.  Hopefully the spec will get to a
state where it can be released for public consumption really soon.

> And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
> compatible or is it something entirely different?

I dont know.  I dont work for ViaCrypt, and they have been fairly
secretive in their work.  For all I know, they've made ViaCrypt PGP
4.0 completely incompatible with PGP 2.6.2 and PGP3.

-derek





From gimonca at skypoint.com  Wed Feb 28 10:20:38 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Thu, 29 Feb 1996 02:20:38 +0800
Subject: Internet shutdown Feb 29? (fwd)
Message-ID: 



Brief article on last summer's Minnesota outage is available
at http://www.info-nation.com/burnin.html . There's a link
in there (I think it still works) to a local IRC log of
U of M people trading info during the blackout.


 ***********************************************************************
        --The Interview--             | gimonca at skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

---------- Forwarded message ----------
Date: Wed, 28 Feb 1996 08:11:36 -0600 (CST)
From: Kevin L Prigge 

A few months back, some winos took most of Minnesota off the net
for a couple days. Upset with being kicked out from under a bridge,
they started a fire that took out the main fiber cable from 
downtown to MRNet + the U of M. Backup? Due to a mistake at a CO,
the backup link was routed thru the same area, and was also burned.
Interesting scrambling as nameservers puked and died.  








From PADGETT at hobbes.orl.mmc.com  Wed Feb 28 10:22:48 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Thu, 29 Feb 1996 02:22:48 +0800
Subject: But liars sure can...
Message-ID: <960228104510.2022bd44@hobbes.orl.mmc.com>


I rote:
>>Finally, no cost is allocated to the sustem required to program/evaluate
>>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>>a massively parallel computer (which is what they are talking about in their
>>brute force machine, it is the boundary communications that kill you.

Bill wreplied:
>And the Inmos Transputer, with its 4 communications channels, would do
>just fine as well - you could either build the things into large grids
>or build a large ternary tree, or get fancy and build cubes of 6 chips
>that you make hypercubes out of, or whatever.  A modern version of the same
>chip, built out of FPGAs or ASICs with enough memory and program on chip,
>would blaze just fine.

Oh I agree it *can* be done (thouse who follow RISKS and SCI.CRYPT will note
that I was talking about cascadable single bit boolean processors and DSPs
for brute force engines several years ago. We seem to be miscommunicating
a bit though. I agree that such an engine is easier to design than something 
like a MASPAR or Alliance since each set of kerchunkers can operate 
independantly once started and all that is necessary is to be able to
signal success and pass the found code.

Still, the logistics of initializing each processor set (and ones I have
dealt with have primarily been matricies of single bit devices), providing
communications, power, and control is a non-trivial task: once you have
a general purpose ASIC, you are only half way there, particularly if it is
to be usable for more than one fixed algorithm/key length.

Will further stipulate that a single PC (8088 even) would probably be 
sufficient to load/start/retrieve data from such a beast but design of the
I/O would still need to be accomplished. Not difficult, just necessary.

My point was not that it couldn't be done, but that the costs mentioned
were probably off by a factor of at least two and that for a 40 bit code,
setup for each run would probably take longer than the cracking ( assuming
a court order from Podunk could even get in the queue for a U$300 million
device in an even more expensive facility - students in a University will
*always* be able to do things faster/cheaper than a corporation/government).

Doing something *once* is a lot different from putting it into production.

						Warmly,
							Padgett





From jpb at miamisci.org  Wed Feb 28 10:35:48 1996
From: jpb at miamisci.org (Joe Block)
Date: Thu, 29 Feb 1996 02:35:48 +0800
Subject: PGP to PC mail integration
Message-ID: 


At 12:18 AM 2/28/96, you wrote:

>Instead of messing with user interfaces, you set the POP and SMTP
>addresses of your mail program to "localhost". You run locally a Visual
>Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>connections. The VB program is configured with the addresses of your
>real SMTP and POP servers, and acts as a proxy.
>
>When your mail program retrieves POP mail, it goes through the VB
>program, and the VB program decrypts any PGP mail it sees. When it
>sends mail, the VB program encrypts any mail it has a PGP key for the
>recipient of.
>
>Once this is set up, the user burden is near zero, and it works with
>any winsock-based mail program. What do you think of the idea?

Brilliant.

You could even set it up so that it also proxies your smtp out going, and
compares each destination to a list of people you want to automatically
encrypt to.  I suggest a list because while you may have some people's keys
in your keyring, for a variety of reasons they may not want to receive
trivial pgp mail.

Joseph Block 

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.







From PADGETT at hobbes.orl.mmc.com  Wed Feb 28 11:49:56 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Thu, 29 Feb 1996 03:49:56 +0800
Subject: PGP 3.0/4.0
Message-ID: <960228142224.2022b01c@hobbes.orl.mmc.com>


Subj:	Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail) 

For those who have joined us recently, PGP v 2.6x is essentially free for
individual use under MIT's (and the gov's) exemption/permission for the
use of patents helt at the moment by PKP/Cylink/RSA (not even going to
get into that mess).

For commercial use a license to use the RSA and IDEA components is
necessary through fate or some such ViaCrypt obtained such a license
before PGP became a Big Thing and with Phil's blessing formed a commercial
unit to distribute what is called ViaCrypt PGP.

Because of what I do, I spent the money to purchse the first product,
ViaCrypt PGP v2.4 (PGP 2.3 analogue). In due course, when PGP v2.5 and
2.6x came out, Viacrypt followed suit with v2.7 and then 2.71 for Windows
and I upgraded.

Because the next "public" release is scheduled to be 3.0, the next ViaCrypt
which will include the corporate featured (with escrow capability) Business
Edition will be known as 4.0 with versions for PC, Mac, Unix, and VMS.

Both 2.7 and what I have seen of 4.0 (not released yet) have a switch that
allows backwards compatability if desired (know back to 2.3, not sure about
earlier ones).

The most compelling features of 4.0 are the floating toolbar or "Enclyptor"
which allows use inside any Windoze program that supports cut & paste (have
used it inside a Telnet session with a remote host and inside ccMail) and
the "group" feature.

Have no connection with Viacrypt other than knowing some of the people and
"putting my money where my mouse is".

						Warmly,
							Padgett





From iang at cs.berkeley.edu  Wed Feb 28 13:39:39 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Thu, 29 Feb 1996 05:39:39 +0800
Subject: DES hooks in Linux kernel
Message-ID: <3134C356.4771A55A@cs.berkeley.edu>


(aeb at cwi.nl is included, as he seems to be the last person to have
touched loop.c before it was put into the standard Linux kernel sources,
but I may be wrong.)

The file loop.c, included in recent Linux kernel sources, includes calls
to DES routines, such as:

#ifdef DES_AVAILABLE
static int transfer_des(struct loop_device *lo, int cmd, char *raw_buf,
                  char *loop_buf, int size)
{

                        des_ecb_encrypt((des_cblock *) tmp,(des_cblock*)
                            loop_buf,lo->lo_des_key,DES_ENCRYPT);

}
#endif

AFAIK, the presence of these hooks (even if surrounded by the ifdef's)
makes this file illegal to export from the United States.  Its presence
on ftp sites in the US could get someone in trouble.

   - Ian "this ITAR thing is really silly..."





From perry at piermont.com  Wed Feb 28 14:14:25 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 29 Feb 1996 06:14:25 +0800
Subject: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <3134C779.7C84@adspp.com>
Message-ID: <199602282127.QAA16379@jekyll.piermont.com>



Mark Bainter writes:
> I was recently speaking with a newly-made aquaintence, and we were 
> discussing the merits of various encryption systems.  Now, I had heard
> about all the people who claimed the reason versions later than 2.3 
> wouldn't work with 2.3 was because of a backdoor for the government.  I 
> personally thought they were being paranoid.  However, this guy tells me 
> that he met Phil at defcon and phil told him that he co-operated with 
> the government and gave them information that would enable them to crack 
> key's for versions later than 2.3.   I don't know whether to believe him 
> or not, as I said earlier he is not a long-time friend or anything, so he 
> could just be lying to me.  If anyone has any information on this I would 
> appreciate it.

Your informant is taking extremely good drugs. You should find out who
his connection is should you want to get any.

Perry





From umwalber at cc.UManitoba.CA  Wed Feb 28 14:37:26 1996
From: umwalber at cc.UManitoba.CA (Sean A. Walberg)
Date: Thu, 29 Feb 1996 06:37:26 +0800
Subject: Using PGP for pseudo random numbers?
Message-ID: <199602282140.PAA13970@electra.cc.umanitoba.ca>


How does one use the RNG in PGP?  I thought that

pgp +makerandom=5000 would spit out a bunch of data, but I seem to be 
mistaken.

Sean
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber at cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============





From frissell at panix.com  Wed Feb 28 14:52:35 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 29 Feb 1996 06:52:35 +0800
Subject: "Physical Reality II"
Message-ID: <2.2.32.19960228213546.00682c64@panix.com>



Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

We did 1) & 2) yesterday.  Here are some more points.

3)  There must be a reason for them to come "for you".  They need motivation.

As people go through their ordinary day-to-day lives, they do a lot of
things that weaken government control mechanisms without directly
confronting them.  The whole development of modern capitalism, the modern
finance markets, and the modern telecoms environment are examples of the
wild flowers of individual power growing up in the garden of the state
economy.  

Note that governments used to control wages, prices, interest rates, and
capital flows.  In the US, we had Regulation Q which capped the interest
rates banks and S&Ls could pay.  Ownership of gold by Americans was banned.
Most European countries had strict exchange controls as did most of the 3rd
world.  Computers which made money market mutual funds possible and
telecommunications which made rapid funds transfer possible ended most of
these controls without any violent confrontations.  If you are borrowing
"overnight funds" from Tokyo, it's a little difficult to seize them because
they disappear at midnight.  If a restriction is easy to bypass, it tends to
die.  Controls on capital flows have died because the holders of capital
don't have to pay attention to those controls.

The first phase of the electronic revolution freed the large financial
institutions that could afford to play the international funds transfer
game.  Retail electronic funds transfer will free everybody else.

Now this liberation of money may not seem to mean much but if money is free,
it results in other freedoms.  It is hard to control people who have control
of their own funds.  They can just move on you.

Obviously, the ease of creating artificial entities and the use of some of
the privacy protecting tools pioneered by cypherpunks can play a role in
hiding out from the Bad Boys as well.  Everything that makes a target harder
to find reduces the number of hits.  Louis Freeh complained during the great
net kiddie porn bust of 1995 that some of the perps had encrypted their
files and this made them harder to prosecute.

In general, the sheer growth of business and communications makes it much
harder to identify investigatory targets.  As markets, networks, and
communications double and then double again, the Bad Boys have too much
territory to search.  They get spread too thin. 

 

DCF






From Mark at adspp.com  Wed Feb 28 14:59:03 1996
From: Mark at adspp.com (Mark Bainter)
Date: Thu, 29 Feb 1996 06:59:03 +0800
Subject: PGP backdoor?  (No, I'm not paranoid.)
Message-ID: <3134C779.7C84@adspp.com>


I was recently speaking with a newly-made aquaintence, and we were 
discussing the merits of various encryption systems.  Now, I had heard
about all the people who claimed the reason versions later than 2.3 
wouldn't work with 2.3 was because of a backdoor for the government.  I 
personally thought they were being paranoid.  However, this guy tells me 
that he met Phil at defcon and phil told him that he co-operated with 
the government and gave them information that would enable them to crack 
key's for versions later than 2.3.   I don't know whether to believe him 
or not, as I said earlier he is not a long-time friend or anything, so he 
could just be lying to me.  If anyone has any information on this I would 
appreciate it.

---
"Man did not enter into society to become 
 worse than he was before, nor to have 
 fewer rights than he had before, but
 to have those rights better secured." 
             --- Thomas Paine 1791

>>My key is on the keyservers.







From cminter at mipos2.intel.com  Wed Feb 28 14:59:22 1996
From: cminter at mipos2.intel.com (Corey Minter)
Date: Thu, 29 Feb 1996 06:59:22 +0800
Subject: new "obscenity" law on the net
In-Reply-To: 
Message-ID: <199602282112.NAA09059@zws388.sc.intel.com>


> "Ben A. Mesander"  writes:
> 
> >Just curious - will the new law outlawing obscenity on the net in the us
> >cause you to make changes to some of the comments in the emacs source code?
> 
> Some weeks ago, Lars and Richard went through the Gnus source and
> removed 'fuck' two times and 'fucking' one time (if I didn't get it
> all wrong). I wonder if that's your fault.

what if I had written some code which doesn't function properly unless
certain indecent words were in the source code and then put the code
on the WWW :).  Would that violate Congress' Despotic Action? 

What if when you looked at the text on a 80 column screen and because
of line wrap it said something indecent otherwise it was
unintelligible?  It seems that no reasonable person would go after a
person for that but then aren't we talking about selective
enforcement.

F T C                                                                           U H D                                                                           C E A                                                                           K






From WlkngOwl at UNiX.asb.com  Wed Feb 28 15:41:55 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 29 Feb 1996 07:41:55 +0800
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602282222.RAA15759@UNiX.asb.com>



Derek Atkins  writes:

> > And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
> > compatible or is it something entirely different?
> 
> I dont know.  I dont work for ViaCrypt, and they have been fairly
> secretive in their work.  For all I know, they've made ViaCrypt PGP
> 4.0 completely incompatible with PGP 2.6.2 and PGP3.

I would have thought you and Colin would have some communication with 
Phil regarding PGP3, since PGP is his trademark.

The web page referred to it as being in beta, so maybe they are 
working with the old specs... could also be that they completely 
rewrote and improved on the old version.

(Of course if I have questions I should address them to ViaCrypt...)


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From warlord at MIT.EDU  Wed Feb 28 15:46:19 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 29 Feb 1996 07:46:19 +0800
Subject: Using PGP for pseudo random numbers?
In-Reply-To: <199602282140.PAA13970@electra.cc.umanitoba.ca>
Message-ID: <199602282221.RAA17997@toxicwaste.media.mit.edu>


try:
	pgp +makerandom=5000 out.bin

I.e., give it an output filename.  Also, what version of PGP are you
using?  This feature wasn't added until 2.6.2

-derek

> How does one use the RNG in PGP?  I thought that
> 
> pgp +makerandom=5000 would spit out a bunch of data, but I seem to be 
> mistaken.






From warlord at MIT.EDU  Wed Feb 28 16:00:30 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 29 Feb 1996 08:00:30 +0800
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602282222.RAA15759@UNiX.asb.com>
Message-ID: <199602282242.RAA18760@toxicwaste.media.mit.edu>


> I would have thought you and Colin would have some communication with 
> Phil regarding PGP3, since PGP is his trademark.

Colin and I have been speaking to Phil.  That doesn't mean that I have
any idea what ViaCrypt is doing.  Perhaps Phil and ViaCrypt should
talk?  If there is a problem with ViaCrypt 4.0, it is between Phil and
ViaCrypt.

> The web page referred to it as being in beta, so maybe they are 
> working with the old specs... could also be that they completely 
> rewrote and improved on the old version.

I have nothing to do with ViaCrypt.  I dont know anything about their
products.  I don't know what they have or plan to have in their 4.0
version.  I dont know what spec they are using.  I dont know what new
data structures they have created.

-derek





From jf_avon at citenet.net  Wed Feb 28 16:16:31 1996
From: jf_avon at citenet.net (Jean-Francois Avon JFA Technologies, QC, Canada)
Date: Thu, 29 Feb 1996 08:16:31 +0800
Subject: PGP backdoor? (No, I'm not paranoid.)
Message-ID: <9602282303.AA01822@cti02.citenet.net>


perry at piermont.com wrote:
>
>Mark Bainter writes:

>> However, this guy tells me 
>> that he met Phil at defcon and phil told him that he co-operated with 
>> the government and gave them information that would enable them to crack 
>> key's for versions later than 2.3.   I don't know whether to believe him 
>> or not,

>Your informant is taking extremely good drugs. You should find out who
>his connection is should you want to get any.
>
>Perry

Dear Perry,

many peoples hear many things.  The difficult part is to figure out what
is the validity of what ones hears.  I personnally heard a things or two,
even if I am not involved in any way in the trade of crypto.  I heard them
through outside channels, completely independently from any crypto-activist, wether pro or con (CPunks et al or Govt).  Theses sources are of utmost
qualifications.  Wether or not there is a "vast conspiracy" either to make
us believe that, for an example, PGP *is* or *is not* crackable we *do not*
know.  Every side have vested interests.   Many opinions that PGP is secure
rest on *actual* evaluation of our computing capabilities, actual or 
forecasted.  And experts are *very often* wrong.  Have a look at history 
of sciences... You'll realize that most accomplishments were held as
impossible even shortly before they were discovered/created.  Such is the
history of intra-abdominal surgery, of space flight and of many other
knowledge and/or technology.

In most instances of life, it is much wiser to realize that *we do not know*
and accepting ignorance as such rather than adopting the first tempting
rationalization that comes to mind.  Because in the former case, you still
have the possibility to enhance life by learning, while in the second, you
can only hope that you did not adopt a wrong belief that will eventually
cost you dearly.

Remember, when an ostrich puts it's head in the sand, which part of it's
anatomy it is showing to the world...

So, why waste bandwith with a post that apparently mainly seems to be aimed
at dismissing somebody but brings *absolutely no* new knowledge to 
the discussion?  Please, next time, post privately.  

Funny jokes are, IMHO,  welcome because they have some life-enhancing value. 

So please, at least be funny...

Your post makes me wonder for what terribly conspiring organisation 
are you working for...

JFA
The collectivists be DAMNED!
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon 
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 






From daw at orodruin.CS.Berkeley.EDU  Wed Feb 28 16:26:45 1996
From: daw at orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Thu, 29 Feb 1996 08:26:45 +0800
Subject: fun with the web and security
Message-ID: <9602280238.AA15724@espresso.CS.Berkeley.EDU.mammoth>


Here's a fun way to exploit security holes via the web:
	http://www.cs.berkeley.edu/~daw/js1.html
A rough representation of its contents follow.



Whee! The web is awfully convenient for exploiting security bugs.... 

The following URL contacts your sendmail SMTP server and attempts to exploit
an old, well-known security hole, trying to gain root access. Click _here_
to try it. 

As it stands, clicking on the URL above does not do anything harmful to your
machine-- but it could! (This is a test of the emergency broadcast system.
This is only a test.) 
______________

We can get you to send arbitrary text, to an arbitrary port on an arbitrary
host, from your machine.  (If you are inside a firewall, we can thereby send
arbitrary text to any internal machine by getting you to click on the link
above.) The technique is simple: we list the host and port in a gopher URL,
and encode the text to be sent in the path. 

For instance, a successful exploit of the hole could leave a backdoor root
shell, and inform us via a pseudonym at an anonymous remailer. 

The exploit could be hidden by use of the JavaScript "width=1,height=1"
techniques pioneered at John LoVerso's _JavaScript security hole page_; then
you wouldn't even know when you'd been attacked. 

The exploit could be forced on you via many standard tricks: the Redirect:
or META-EQUIV Refresh: or JavaScript mechanisms work fine, for instance. 

This is most dangerous when you are behind a firewall. Typically, there will
be many machines inside a firewall which run insecure software. Normally,
that would be safe, since the firewall prevents an outsider from connecting
to the unsafe sendmail servers inside-- yet the example URL above allows
outsiders like us to exploit security holes on the inside of your firewall.
Nothing stops us from putting the IP address of a vulnerable machine inside
your firewall in the URL above, and waiting for you to click on it: the
firewall doesn't prevent connections from you to the internal vulnerable
machine, and thus can't stop this attack. Using JavaScript, we don't even
have to wait for you to click on anything. Furthermore, a JavaScript program
could systematically and invisibly try all the machines inside your firewall. 

We could have used many other well-known security holes: there's nothing
special about this particular sendmail bug (except that it was convenient
for us to implement). 
______________

Be afraid. Be very afraid. 
-- Ian Goldberg and David Wagner. 





From vznuri at netcom.com  Wed Feb 28 16:26:56 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 29 Feb 1996 08:26:56 +0800
Subject: "wisecrackers" by Levy in March Wired
Message-ID: <199602280216.SAA04788@netcom20.netcom.com>



I sent this to  but the address bounced.
in any case I thougt I would cc: the list. this is a fun
article to read, and I encourage everyone here to check it out.


------- Forwarded Message

To: steven at echoync.com
Subject: wisecrackers feedback
Date: Tue, 27 Feb 96 18:12:02 -0800
From: "Vladimir Z. Nuri" 


hello, I'm a cypherpunk subscriber.

I liked your wired article on the cpunks ("wisecrackers")
a lot. I thought I would mention some things:

1. you didn't seem to address the issue that factoring has
not been proven to be difficult. a 
fast factoring algorithm is not ruled out by any existing 
mathematical theories, although no one
expects that one exists. in other words, it is purely
mathematician consensus that insists that factoring is a 
hard problem. hence RSA has not actually been proven to
be a secure way of encoding information. its only secure
because no one knows how to factor numbers quickly, and
everyone is pretty confident that such a capability
does not exist, although no one has proven it (yet).

RSA rests on the
difficulty of undoing a "trapdoor function" and as 
far as I know, there is no proof that any operation used
for cryptography is intrinsically difficult to undo. 
(there are proofs that some functions are "intrinsically
difficult" but they can't be used for crypto, because what
you need in crypto is some operation that "is difficult when
you don't have secret information, but is easy when
you do."-- that is, not "always difficult".
 that's a trapdoor function, such as that used in
RSA-- the secret knowledge makes the operation possible, 
whereas without it, it is "computationally impossible", i.e.
possible in theory but not practice.)

in fact there have been very incremental improvements in
factoring algorithms.  but no one can say, "factoring number [x]
takes exactly [y] years" because no one knows what is the
optimal factoring algorithm-- they only know the 
best one that has been *found* to date. (which is the quadratic
sieve you mention).

the question of whether factoring really is difficult is
interesting to study. there is a whole class of computer 
problems called "NP" that can be shown to be "difficult"
in an equivalent way. whether they are truly "difficult" is
an open question. surprisingly, factoring has not yet been
proven to be in this "NP" class, despite that many other
problems have been. 

also, some mathematicians say that people have been trying
to factor numbers since the dawn of time (well, at least
since the greeks) so that if there was a good algorithm,
we would probably have found it by now. I would argue against
this position, saying that computers are a very recent
invention on the horizon of human knowledge. the study of
algorithmic complexity did not really begin in earnest until
the 70's or so, again an extremely recent blip of time in
regards to the history of human mathematical thought.

2. I think you were overplaying what Morris said to Zimmermann
at the end. it made for good drama but I suspect the truth is
more mundane.  the fact that he asked "how much would the NSA spend for [x]"
(where here [x] is "break PGP keys").
does not imply that they can actually do [x]. rather, what it
implies is that their first inclination is to assume that
something is theoretically possible, and then determine how
much it would cost to do [x]. then, they determine whether
the stategic results of obtaining [x] are worth its cost.

in other words, the NSA has to approach all cryptoanalysis
from this basic point: can we justify the cost based on the
stategic value of the intelligence. they have to make this 
choice all the time as to where they invest their resources
based on the payoff. their first question is, "what is the
strategic value of cracking [x] code". I believe that
they are run internally such that projects that are feasible
and that they have the money are not actually carried out
just because they are possible-- the strategic value has
to be determined.

what Morris was asking Zimmerman was, "how much would it
be worth to an attacker to be able to read PGP messages".
the NSA might well come to the conclusion that nobody important
is using PGP and therefore trying to break it to read their
messages is a waste of time. my opinion is that what was
implied by Morris's position.

frankly, I think the threat of prosecution against Zimmermann
suggests the NSA may not be able to break the RSA cypher at
certain key lengths no matter how much of our tax money they
burn trying.

3. a group broke a 384 bit PGP key a little while ago. I was surprised how
little coverage this got. perhaps it was due to the choice of keys. 
some are more "respectable" than others.  Paul Leyland and
Jim Gillogly (Derek Atkins maybe?) were involved as well as some cpunks.


anyway, keep up the good work.

(heh. loved the description of the media outlets as "bottom 
feeders").

bye

------- End of Forwarded Message






From perry at piermont.com  Wed Feb 28 16:30:59 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Thu, 29 Feb 1996 08:30:59 +0800
Subject: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <9602282303.AA01822@cti02.citenet.net>
Message-ID: <199602282325.SAA16557@jekyll.piermont.com>



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> 
> many peoples hear many things.  The difficult part is to figure out what
> is the validity of what ones hears.  I personnally heard a things or two,
> even if I am not involved in any way in the trade of crypto.  I heard them
> through outside channels, completely independently from any crypto-activist, 
> wether pro or con (CPunks et al or Govt).  Theses sources are of utmost
> qualifications.  Wether or not there is a "vast conspiracy" either to make
> us believe that, for an example, PGP *is* or *is not* crackable we *do not*
> know.

Whether there is a conspiracy to convince people to believe things
about PGP or not, there is no need to take PGP's characteristics on
faith. You can get out the source code and read it.

> Many opinions that PGP is secure rest on *actual* evaluation of our
> computing capabilities, actual or forecasted.  And experts are *very
> often* wrong.  Have a look at history of sciences... You'll realize
> that most accomplishments were held as impossible even shortly
> before they were discovered/created.

No change in algorithms occurred between PGP 2.3 and later versions,
so any claim that it was made breakable at that point cannot be made
on the basis that computing power is somehow now able to crack it when
it could not do so before.

> So, why waste bandwith with a post that apparently mainly seems to be aimed
> at dismissing somebody but brings *absolutely no* new knowledge to 
> the discussion?  Please, next time, post privately.  

I'm sorry, but I am bringing knowledge to the discussion. It is my
personal knowledge that PGP was built as well as the people who built
it knew how, and that it is believed to be free from major flaws by
them and those who have examined it. I do not believe that PGP is
totally bug free, and a subtle flaw in, say, the PRNG, or some other
spot, is not impossible. However, no such flaws were put in place
deliberately, and if such flaws exist they have escaped the notice of
literally hundreds of people examining the source code for problems.

Perry





From tbyfield at panix.com  Wed Feb 28 17:45:23 1996
From: tbyfield at panix.com (t byfield)
Date: Thu, 29 Feb 1996 09:45:23 +0800
Subject: Strassmann's  Anonymous Remailers Paper
Message-ID: 


A few observations on Paul Strassman's response to John R. Levine; I've
rearranged it a bit for clarity, edited out a handful of lines, and
whittled down the CCs.

At 4:01 PM 2/28/96, Paul A. Strassmann wrote:

John R. Levine:
> >It's been possible for at least a century to mail letters with no
> >return address.  It's equally possible to use post office boxes and
> >mail drops, or even a chain of mail drops, to have two-way exchanges
> >of messages between people who don't know each other's identities.
> >
> >As far as I can tell, the existence of anonymous postal mail hasn't
> >caused any great trouble over the past century.  Can you explain why
> >the appearance of similar facilities for on-line mail presents a
> >greater problem?

Paul Strassmann:
>Since the idea that Internet remailers are not much different than
>anonymous letters sent by mail is an often repeated theme, it warrants a
>comment:
>
>1. Your statement that anonymous post mail hasn't caused any "great
>trouble" over the past century does not stand up well. I have not done a
>statistical sampling of incidents, but I wish to note that all my exposures
>(personal and otherwise) to anonymous post have been associated with
>extortion, spreading of unwarranted rumors and unsubstantiated accusations.
>Most ransom notes in kidnapping cases have been conveyed by this means.

        Obviously, kidnapping and extortion demands sent anonymously
through the post would attract far more attention than innocuous uses
would--as did the recent incident in which someone donated (by anonymous
mail) a million-dollar McDonald's sweepstakes ticket to a children's
hospital. I daresay that for every such criminal instance you could cite,
there are hundreds or even thousands of instances of completely benign
"secret santas" and anonymous valentines from teenage "secret admirers,"
for example--which would hardly bear out your claim that

>In civilized  society the receipt of anonymous post has been always
>associated with unacceptable social behavior. That reputation persists.

        Valentines and gifts sent anonymously will no doubt strike some
people as trivial in the face of "information warfare" and other such
gothic notions, and perhaps they are; but I can only wonder what exactly
these valiant strategists think they're protecting and from whom they're
protecting it.



>2. Your assertion that one can be equally anonymous by post as with e-mail
>does not stand up.
>
>First, anonymous mail is likely to carry stamp cancellation marks, which
>provides an important clue as to the origin of the message.
>
>Second, criminal  forensic techniques have been used very successfully in
>tracing identifying marks, such as typewriter characteristics, Xerox copy
>drum defects and other tricks such as genetic identifications of saliva
>remnants left from licking a stamp or sealing the envelope. There are many
>others. Anonymous e-mail does not convey such clues.
>
>Third, anonymous mail operates on a totally different scale and with a
>different technology than post. The fact that automobiles were originally
>called "horseless carriages" does not make them possess the attributes of
>horse-carriages. When technology scales up from thousands to hundred
>millions, the potential consequences are not subject to simple
>extrapolation.

        By the same token, the fact that law enforcement agencies have,
over the last two centuries, developed the forms of forensic analysis you
mention doesn't mean that these techniques are a god-given right whose
shortcomings in the face of new technologies need to be compensated for.
These techniques are, as you point out, contingent on the traits peculiar
to the objects being examined. Postal mail consists of integral physical
objects which can bear these kinds of traces; email does not. Nor does
shouting--yet I've never heard anyone suggest that fans at a football game
should preface what they yell with their name and their address, or that
their failure to do so constitutes a threat to national security.



>3. Anonymous remailers have been conduits for misconduct ranging from
>"spamming" - e.g. launching thousands of messages to saturate server
>capacity - to massive distribution of "sniffers" that make a number of
>software-based fire-walls inoperative.

        This objection remailers is a red herring: giveaway ten-hour
accounts on AOL and other services, hacked accounts, accounts obtained
under false names, and accounts obtained under a True Name are much more
notorious sources of spam than are remailers. If spam is your objection,
you're barking up the wrong tree.
        As for the "massive deployment of 'sniffers'," anyone capable of
doing this or of using information gained by this means hardly needs
remailers.



>4. The most likely scenarios of an information assault on the information
>infrastructure that performs essential social functions such as message
>switching, transportation dispatching, public security communications, etc.
>always commences with a  saturation dispatch of a wide variety of
>intelligent agent via anonymous remailers.

        "Most likely scenarios" are speculative: something that hasn't
happened yet doesn't "always commence with" anything.



>There is a long list of anti-social and criminal behavior that is greatly
>facilitated by a guarantee of untraceability. The repertoire of such
>malfeasances is sufficiently long that it does not warrant further elaboration.

        This chicken-or-egg formulation suggests that a milieu in which
total traceability is possible would greatly diminish criminal behaviors
and activity. Perhaps, but as you yourself have pointed out, such a milieu
is utterly antithetical to anything remotely resembling a free democracy.
Since the alternative to untraceability isn't viable, there's no point in
bringing it up.



>Now, I would like to repeat that I believe that anonymous remailers are
>here to stay - at least in democratic societies. However, that does not
>mean that one should continue insisting that anonymous remailes are not a
>different phenomenon than an envelope containing a message that does not
>have a return address.

        If you were the final arbiter on the question, your repeated claim
that "remailers are here to stay" would be much more comforting.
Unfortunately, the force of almost all your arguments is, in a nutshell,
that remailers are associated with and facilitate criminal and/or terrorist
activities--and that suggests to me that if you had your druthers, they
would be illegalized.
        I'm curious: Do you or do you not support the continued existence
of nonregulated, nonlicensed, and publicly accessible remailers? (Please
note that this is a different question than "Are remailers here to stay?")


regards
Ted Byfield







From ses at tipper.oit.unc.edu  Wed Feb 28 17:49:45 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Thu, 29 Feb 1996 09:49:45 +0800
Subject: fun with the web and security
In-Reply-To: <9602280905.AA16242@espresso.CS.Berkeley.EDU.mammoth>
Message-ID: 


On Wed, 28 Feb 1996, David A Wagner wrote:

> > This has been discussed a lot in the URI working groups since around 92. 
> > I think it's actually documented in the RFC
> 
> Really?  Could you give me any pointers to read up on?
> 
> I searched extensively at www.w3.org, and I did find the following
> excerpt in RFC1738 under Security Considerations:

> 
> I don't think this addresses exactly the same thing I was talking
> about-- I'm talking about a way to exploit arbitrary security holes,
> even against machines (normally) protected inside a firewall.
> 
> could still be exploited-- Ian has discovered a way to send arbitrary
> email messages with arbitrary headers to arbitrary hosts by abusing
> the mailto: URL, which should be sufficient to exploit several sendmail
> 
> So was that what you were talking about, or was there more discussion?

This is roughly  what was talked about; I seem to remember DEBUG being 
discussed with this (it's the one that takes the least typing). The URI WG 
often got so tedious and repetetitive I may have been unconscious and 
dreaming it :-)

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From cmca at alpha.c2.org  Wed Feb 28 18:26:23 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Thu, 29 Feb 1996 10:26:23 +0800
Subject: Cypherpunk remailer
In-Reply-To: <427.6632T768T557@eniac.campus.luth.se>
Message-ID: <199602290134.RAA04291@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks at toad.com]
[Subject: Re: Cypherpunk remailer]
[In-reply-to: Your message of Wed, 28 Feb 96 13:06:19 N.]
             <427.6632T768T557 at eniac.campus.luth.se>

johan at eniac.campus.luth.se (Johan Sandberg) requested:
>How do I send Email through a cypherpunk remailer?
>There might be some FAQs about this, but never seen one.
> -- Please refer to where I can get the FAQ if there is one! --

There is a FAQ about anonymous remailers by
 blurred a bit because he was moving", which you can if you use a true
> stealth version of PGP or other crypto program.

Or, you can develop a public-key stego system...

ie a stego system that uses bits in specific ways depending on the 
private key of the recipient.

Something I've been thinking about, but haven't quite figured out how to 
do yet, except that one could use certain bits based on a PRNG and begin 
the message with an RSA-encrypted seed (ie the first X bits will be the 
seed, encrypted with your public PGP key).

(If anyone actually wants to code this, lemme know...)

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From merriman at arn.net  Wed Feb 28 19:57:03 1996
From: merriman at arn.net (David K. Merriman)
Date: Thu, 29 Feb 1996 11:57:03 +0800
Subject: Cypherpunk remailer
Message-ID: <2.2.32.19960228151842.00679edc@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

At 05:34 PM 02/28/96 -0800, cmca at alpha.c2.org (Chris McAuliffe) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>[To: cypherpunks at toad.com]
>[Subject: Re: Cypherpunk remailer]
>[In-reply-to: Your message of Wed, 28 Feb 96 13:06:19 N.]
>             <427.6632T768T557 at eniac.campus.luth.se>
>
>johan at eniac.campus.luth.se (Johan Sandberg) requested:
>>How do I send Email through a cypherpunk remailer?
>>There might be some FAQs about this, but never seen one.
>> -- Please refer to where I can get the FAQ if there is one! --
>
>There is a FAQ about anonymous remailers by
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From maldrich at grctechs.va.grci.com  Thu Feb 29 12:54:35 1996
From: maldrich at grctechs.va.grci.com (Mark Aldrich)
Date: Thu, 29 Feb 96 12:54:35 PST
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602282222.RAA15759@UNiX.asb.com>
Message-ID: 


On Wed, 28 Feb 1996, Deranged Mutant wrote:

> > 
> > I dont know.  I dont work for ViaCrypt, and they have been fairly
> > secretive in their work.  For all I know, they've made ViaCrypt PGP
> > 4.0 completely incompatible with PGP 2.6.2 and PGP3.
> 
> I would have thought you and Colin would have some communication with 
> Phil regarding PGP3, since PGP is his trademark.
> 

We're a beta tester for the ViaCrypt 4.0 product.  They have not made PGP 
4.0 incompatible with prior releases.  They've added some non-PGP 
features, like pseudo-key-escrow and key expiration dates, to make the 
product more palatable to some "corporate" users.  Many of the features 
are "localized" to that instance of PGP and don't actually inflict any 
changes onto the encrypted results.  I,E., making a key expire on a given 
day doesn't "break" the ability of others to read files from a PGP 4.0 user.

I also think that the comment about ViaCrypt being "secretive" is a 
little odd.  ViaCrypt tends to be very up-front about what they're up to 
(at least, they have been with us), and they openly solicit input as to 
'what features does PGP need to have in order to make it so you can use 
it in your business?'  Hence, they now have a Personal Edition and a 
Business Edition.

If folks have got specific things that they're worried about, I'll try to 
offer my observations about the beta product versus the "stock" product.  
However, I don't think that the perception that ViaCrypt's secretive 
about the "enhancements" is at all valid.

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich at grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich at dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From jsw at netscape.com  Wed Feb 28 23:02:26 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Thu, 29 Feb 1996 15:02:26 +0800
Subject: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <3135473B.332E@netscape.com>


Alex Strasheim wrote:
> 
> On the 23rd, Jeff Weinstein said this concerning the natural
> semi-anonymity of the net:
> 
> > Given that verisign and others will soon begin issuing large numbers of
> > certificates that do not guarantee the identity of the key holder, it seems
> > that this tradition will continue even with the wide deployment of X509
> > certs.
> 
> This has been bugging me since I read it.  I'm not sure I understand the
> plan;  it only makes sense to me if "anonymous" X.509 certs are issued
> for user authentication only, not for server authentication.  Is that
> what this is about?
> 
> (If anonymous certs are issued for servers, why should such a cert be
> treated any differently than one I generate on my own, which causes
> warning screens about an unknown CA to pop up?)

  The navigator will not be configured to automatically trust the verisign
level 1 and 2 certificates for SSL servers.  You will get the same warning
dialog with these certs as you do with one you generate on your own.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From adam at homeport.org  Thu Feb 29 16:17:26 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 29 Feb 96 16:17:26 PST
Subject: A brief comparison of email encryption protocols
In-Reply-To: 
Message-ID: <199603010020.TAA09656@homeport.org>


Carl Ellison wrote:

| At 15:54 2/29/96, Derek Atkins wrote:
| 
| >So, there needs to be a compromise, some shorthand method to describe
| >the hint.  One solution is to provide a "keyserver" type and then some
| >string that says which "keyserver" to use.  For example, if there is a
| >DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
| >signatures, if we assume that '1' is the DNS-style keyserver code.

| is a URL just too big?  My sigs are already several lines long.  E.g.,
| 
| Key: ftp://ftp.clark.net/pub/cme/cme.asc

I think a URL is probably a good solution.  But if we're using 
URLs, lets create a scheme for public keys.  If needed, this could be
either abbriviated, or dereferenced with a key exchanger (similar to
SMTP's mail exchangers).  Defaults would also allow for a good deal of
shortening.  And URLs have the user interface advantage of becoming
common, and understood.  Who gets on the net today and not the web?


key://ftp.clark.net/pub/u/cme/cme-current.asc
key://ftp.clark.net/pub/u/cme/cme-longterm.asc

or 
key://gateway.acme.net/pub/s/telnetd.asc

abrieviated version:

key://acme.com/~telnetd/

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cme at cybercash.com  Thu Feb 29 00:42:18 1996
From: cme at cybercash.com (Carl Ellison)
Date: Thu, 29 Feb 1996 16:42:18 +0800
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: 


At 16:52 2/17/96, Declan B. McCullagh wrote:

>McMickle, a protege of Taylor's, *wrote* Sen. Chuck Grassley's
>net.indecency legislation. McMickle is a longtime anti-porn activist and
>worked in an office shared by the National Law Center, the National
>Coalition Against Pornography, and Enough is Enough! McMickle now works
>for Grassley.

McMickle also drafted the Grassley bill which would turn ftp of PGP into
a RICO-enforceable federal crime.  That's the bill the FBI declared was
laughably extreme.  It sank into nothingness -- but I did have a few
rounds with McMickle on the phone about it.  He appeared to take special
pleasure in the idea of putting PRZ in jail and siezing all his worldly
goods for the crime of nose-thumbing at the USGov't.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From housley at spyrus.com  Thu Feb 29 01:17:59 1996
From: housley at spyrus.com (Housley, Russ)
Date: Thu, 29 Feb 1996 17:17:59 +0800
Subject: 
Message-ID: <9601288255.AA825567648@spysouth.spyrus.com>



Blake:

At least three companies have MSP implementations that can be liscensed.

Russ

______________________________ Reply Separator _________________________________
Subject: RE: 
Author:  "Blake Ramsdell"  at internet
Date:    2/28/96 12:19 AM


> Further there is a good implementation of MOSS.  It was even announced at 
> the workshop.  Did you miss it?  TIS has done an implementation that is
> available for anonymous FTP, albeit only within the US.  It's integrated
> with MH, not the most favored mail user agent, but the current version has 
> shell scripts that perform minimal MIME functions to facilitate integration 
> with other agents.

Is there a version that can be used in commercial applications?  There is for 
PGP, S/MIME, and (I think) for MSP.  From a developer's point of view, this 
will influence my decision between specifications.

Blake





From jrochkin at cs.oberlin.edu  Thu Feb 29 01:25:49 1996
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 29 Feb 1996 17:25:49 +0800
Subject: Remember, RC4 is now PC1
Message-ID: 


At 4:31 AM 02/28/96, Mutant Rob wrote:
>It'd be funny if the next time somebody hacks a proprietary code, if they
>make some changes, redo the key schedule, perhaps in mind of
>strengthening the algorithm, and then post it to sci.crypt as "hey, I got
>this idea for a new crypto algorithm... what do you think?".  If the
>algorithm is different enough from the proprietary code version, with
>no clear connection between them, and the author can give full design
>rationale as if s/he wrote it from scratch, then what's a company to do?

Umm, if the _algorithm_ is different enough, it's a different algorithm and
it's not even an issue.   I guess you mean if the algorithm is the
substantially the same, but the code implementing it is substantially
different.

But I'm not sure that matters anyway.  The way I understand it with trade
secrets is:  If I'm an employee of PKP (let's pretend they have employees
who actually look at code), and they want to keep something a trade secret,
they make me sign a non-disclosure agreement.  If I break it, and they can
prove I broke it, I am in big trouble for breach of contract.   I guess if
I can make up a convincing enough lie about inventing it from scratch, I
can get off.  But if I work for PKP, I don't think I'm going to have too
much luck convincing a jury that I just coincidentally stumbled on the same
algorithm.

If I, who has signed a non-disclosure agreement with PKP, takes the trade
secret code and sends it to Mutant Rob, and Mutant Rob posts it near and
far, Mutant Rob hasn't done anything illegal, and hasn't broken any
contractual obligations, and is basically doing fine.  As I understand it.
So it doens't matter if he pretends he invented it himself or not.  Of
course, if they take him in the back room and introduce him to "Mr. Thingy"
(or make him testify in court, if you prefer), and they find out it was me
who sent it to him, I'm still in Big Trouble.

Trade secrets don't really have any legal standing or protection, for the
most part.  They're just things a company is trying to keep secret, for the
most part.  Generally by using non-disclosure agreements.







From WlkngOwl at UNiX.asb.com  Thu Feb 29 02:08:49 1996
From: WlkngOwl at UNiX.asb.com (Deranged Mutant)
Date: Thu, 29 Feb 1996 18:08:49 +0800
Subject: Remember, RC4 is now PC1
Message-ID: <199602290529.AAA27308@UNiX.asb.com>


> Umm, if the _algorithm_ is different enough, it's a different algorithm and
> it's not even an issue.   I guess you mean if the algorithm is the
> substantially the same, but the code implementing it is substantially
> different.

Well, maybe something like using the same core algorithm but a very 
different (and better?) key expansion algorithm, for instance.
 
> But I'm not sure that matters anyway.  The way I understand it with trade
> secrets is:  If I'm an employee of PKP (let's pretend they have employees
> who actually look at code), and they want to keep something a trade secret,
> they make me sign a non-disclosure agreement.  If I break it, and they can
[..]

But what if someone reverse engineered an algorithm, worked on 
it a few months, and then published something on the net, with a 
different key set up routine, and a very similar core algorithm 
(different for one or two operations, but an improvement) and 
discussed it in terms of having constructed the algorithm himself.

It has nothing to do with anyone signing non-disclosure agreements, 
since if the cipher is widely used in popular software, sooner or 
later someone will reverse engineer it.

> Trade secrets don't really have any legal standing or protection, for the
> most part.  They're just things a company is trying to keep secret, for the
> most part.  Generally by using non-disclosure agreements.

And my point is that what if somebody publishes something and offers 
it in the public domain that is strikingly similar but not the same, 
with no clear way to tell if it was invented separately or reverse 
engineered and fudged?

I can imagine a hacker doing that to another trade secret cipher... I 
can also imagine someone reinventing the same cipher if it's simple 
enough.

That's another problem with trade secrets.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to  for a copy of my PGP key.





From jimbell at pacifier.com  Thu Feb 29 02:43:50 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 29 Feb 1996 18:43:50 +0800
Subject: Assassination Politics 10
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

Assassination Politics Part 10:  "Non-Euclidean Thinking"  by Jim Bell

An interesting communication I had recently on the subject of "Assassination 
Politics."  My commentary is preceed with >> or nothing; the other person's 
commentary starts with a ">".  The subject is how to actually implement this 
sytem, and my first comment notices the fact that despite my efforts, the 
government has not attempted to use this issue to justify some sort of 
crackdown on net rights, or anything like that.

===================
>>  I think they're actually afraid to start the debate,
>

>I think they don't believe you're a threat. 

You're probably right about this.  I guess I'll have to think of something 
to change their minds, huh? 

> Remember, they have incredible 
>amounts of money with which to hire bright but greedy people.  All they
have to 
>do is find the people running the "Guess the Death Date" lottery.  They would 
>have great incentive to apply their considerable resources to this end.

Your logic is excellent.  But as strange as it may seem, there may be a 
different way...  Let's see, how do I explain?  First, a little diversion
that may or 
may not be relevant to this subject, but initially won't appear to be so.

Somewhere around 20-25 years ago, I read some item concerning Howard Hughes, 
the late billionaire.  It described the history of his business ventures, in 
fields such as aircraft ("Spruce Goose" is a well-known example) but also 
mentioned that Hughes Tool was (originally?) into oil-well drilling quipment.


I don't know how much you know about about oil well drilling and drill 
bits, but they look nothing like the classic fluted drill bits common in 
hardware stores.  Oil well dril bits consist of multiple ultra-hard carbide 
points mounted on rotating shafts mounted at the end of the drill "string," 
and these shafts must be connected to the main shaft with bearings.  They 
roll around on the rock, not sliding, and they "spall" off pieces of rock 
due to enormous applied pressure.

 Oil well drilling is done by lubricating the drilling operation with what 
is called "drilling mud," which is actually a slurry of solids in water, 
which is primarily used to cool the cutter and wash away the rock chips and 
dust produced in the operation.  Now, since the rotating cutter wheels must 
spin on their axis, that means they have to be run on shafts with bearings 
installed.  These bearings cannot be perfectly sealed and thus protected 
against rock and mud dust, and their useful lifetime is strongly limited by 
their quality.  

And since every time they wear out the whole drill string has to be pulled 
from the well, that's an EXTREMELY expensive proposition for well-drillers.  
So it should not be surprising that these guys considered bearing quality to 
be very, very important.  A little improvement was worth a lot of money.

"Quality", to a bearing manufacturer, is strongly related to surface 
hardness, and traditionally, the best bearings were (and, mostly, still are) 
the hardest.  But there's a problem:  Ultimately, a very hard circular 
bearing rotating on a very hard flat surface (especially if its heavily 
loaded) applies nearly all its for on a single point (for ball bearings) or 
on a single line (for roller bearings) and that eventually causes bearing 
failure.  So there was an upper limit, generally, on how good you could get 
in bearings.  And the hardest won.  Until Hughes.

[don't go to sleep yet... it gets relevent real soon]

According to the source I read, what Hughes Tool did that made them really 
rich was quite simple and counter-intuitive:  Rather than trying to make 
_his_ bearings as HARD as you can get, he made them SOFT, very soft, "almost 
as soft as lead."   (Which, if you know anything about metals, is very soft 
indeed.)  The bearings deformed on their raceways, spreading out the load 
over a far larger area, and the resulting bearings were the best in the 
business.  (He probably also applied a lot of research into how to avoid 
"metal fatigue," but that's quite another story.)

Very counter-intuitive, but he "won" precisely because he did exactly the 
opposite of what everyone "knew" was the proper way to go.  Okay, so that 
explains a genius who later became a billionaire who later turned into a 
neurotic, or worse.  "What," you will ask, "does this all have 
to do with Assassination Politics?"

Well, to draw an observation originally posited in an an essay titled the 
"Libertech Project," about 7 years ago, libertarians (of all people) are 
"non-Euclidean thinkers."  Basically, this means that we recognize that the 
best way to go from "point A" to "point B" is NOT NECESSARILY a straight 
line.  And like Columbus, who sailed west in order to go east, sometimes it 
is necessary to sit down, and totally re-think your strategy if you're 
trying to accomplish some goal.

By "classical" thinking, "Assassination Politics" would have to be the best, 
tightest-security, more protected organization that has ever existed on the 
face of this planet.  Just about EVERY powerful person would want to kill 
anybody who had anything to do with such a system.  The codes would have to 
be unbreakable, the remailers would have to be certain, but most 
importantly, each and every participant would have to be perfectly anonymous 
to even have a prayer of pulling it off.  Especially the operators of such a 
system.  Especially them.

That's classical thinking.  And that's what I thought a few months ago.  I 
thought, "it's do-able, but it's gonna be a lot of work!"

But let's suppose, for a moment, that somebody "pulls a Hughes."  Rather
than trying 
to make the hardest bearings in the world, why doesn't somebody try to make 
the softest?  Rather than trying their darndest to stay anonymous, or wait
and let 
somebody else implement this system, why not just "let it all hang out," (as 
the saying went in the 1960's) and publicly announce that they're 
implementing this system, come hell or high water, and invite anyone who 
wants to participate to help form what will be the LAST revolution on earth, 
the one that'll take down ALL the governments.

This sounds crazy, right?  I mean, who wants to die?  Who wants to commit 
suicide just to... just to... just to... make an ENTIRE WORLD FREE FOREVER?  
Free from wars, militaries, governments, taxes, political oppression.  Free 
from the kind of totalitarian governments that existed and currently exist.  
Free from the Holocausts that have killed Jews, Cambodians, Armenians, 
Russian Kulaks, Iraqi Kurds, Chinese dissidents, Native Americans, and oh so 
many others? "Who, exactly, would be stupid enough to risk death to make the 
world free???"

Everyone who volunteered to fight to fight Hitler, to name just one example. 
Remember, or have we forgotten so soon, that occasionally people die to 
keep the rest of us free.  That's the way it's been for hundreds of years.  
The United States of America was founded by people who risked death to shake 
off the yoke of a government that was, by the standards of the day, not 
particularly bad.  

Think about it.  Somebody had to be the first one to start banging on the 
Berlin Wall, with a sledgehammer,  in 1989.  Somebody had to be the first to 
walk through.  Somebody had to be the first to stand up and say, "Enough!"  
And the ironic thing is, the most strangely unusual thing, is that the 
entire Eastern Bloc fell, almost bloodlessly, in a couple weeks, because one 
by one everybody realized that all that's sometimes required is to finally 
stand up and be counted, and to just say no to the government.  When the 
time was right, all it took was a slight push and the dominoes tumbled down. 

Now, don't get me wrong.  I'm not suggesting that EVERYONE would be 
identified.  The "donors" to the system would remain perfectly anonymous, 
and the "guessers" would likewise be perfectly anonymous, but the 
organization itself would be made up of real people, who have published 
addresses, who have simply decided that they have had enough of the current 
system and are going to participate in a PERFECTLY LEGAL enterprise by the 
laws of the country, and just DARE the government to try to stop them.

The organization wouldn't have to buy ads; the publicity firestorm would be 
enormous.  Suddenly, all the politicians would be put on the spot!  Instead 
of being asked by the reporters for their position on the economy, 
pollution, the budget deficit, or some other thing, they'll ask, "Why should 
the public NOT want to see you dead?"

When would be the best time to do it?  Why, during a major political 
campaign!  When Congress is out of session, and they can't pass
legislation without calling some sort of emergency session.  But it won't 
matter anyway, for a few weeks the organization doesn't actually have to 
take bets or make payments, they'll merely publicize their efforts for all 
to see.  To reassure the public, they could announce that they'll only take 
bets on elected and appointed political officeholders...and anyone who tries 
to stop the system.   And the politicians will be scurrying around, looking 
for political cover, trying to figure out how to NOT look scared, but at the 
same time each is wondering if he'll be the first to go.  And all the while, 
the public will be loving it, laughing at the efforts of the politicos to 
cover their collective asses, and taking private bets among themselves on 
who will be the first one to die.

Prosecute the participants?  On what charge?  "Conspiracy to commit 
gambling"?  Which prosecutor would risk appearing to be impeding the 
progress of a useful system?   At that point, the organization's members will 
just be publicly exercising their first-amendment rights.  Which judge would 
take the case?  Now THEY'RE on the spot, THEY have to decide what to do.  I 
contend that in an election year, before the election, there would be mass 
resignations from Congress, or members deciding "it's just not fun anymore" 
and decline to return even if re-elected, as well as the complete loss of 
whatever residual confidence the public has in the government. 

Whew!  Is this all just wishful thinking?  I really don't know!  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTVAT/qHVDBboB2dAQH5+gQAlbi5M1+fHOaX/jSz1dDkNWRe3bStYWNa
pzFPLcgBRnTpR9bAmq+BtTWdv5mPkUpHGK1G90nGM5u+nB3h+AUta6vvQqzvCXPb
8Mpvxlr4HKEEFwZiIEFlCe4yFOEl4/TlyES8TexJZ15ss3lZ4uDKvVC/G5GiHUoD
nsvHEXgBso4=
=yu1D
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Thu Feb 29 02:48:46 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 29 Feb 1996 18:48:46 +0800
Subject: Assassination Politics 9!
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

"Assassination Politics" Part 9, by Jim Bell, February 27, 1996

For about a year I have been considering the implications of "Assassination 
Politics," and for more than six months I've been sharing the subject and my 
musings with you, the interested reader.  I've also been debating the issue 
with all comers, a self-selected bunch who range from enthusiastic 
proponents to clueless critics.  Ironically, some of you have even chided me 
for "wasting time" with some of the less perceptive among my numerous 
"opponents."  In defense, my response has always been that when I respond to 
a person, I do it not primarily for his benefit, but for others who might be 
fence-sitting and are waiting to see if my idea will break down anywhere. 

If there is anything which has fascinated me as much as the original idea, 
it is this vast and dramatic disparity between these  various responses.  
It's been called everything from "a work of genius" to "atrocious," and 
probably much worse!  Clearly, there must be a fundamental, social issue 
here that needs to be resolved.

While nobody has quite yet said it in those terms, I'm sure that more than 
one of you have probably wanted to react to my prose with the line, "See a 
shrink!"  [American slang for a psychriatrist, for the international readers 
out there.]  Well, in a sense that's exactly what I did, but the "shrink" I 
"saw" had been dead for over five  decades:  Sigmund Freud.  Much to my 
surprise, I was handed a copy of a book, Introduction to Great Books (ISBN 
0-945159-97-8) which contained (page 7) a letter from Freud to Albert 
Einstein.  On page 6, there is an introduction, describing the reason for 
this communication.   It says:

"In 1932, the League of Nations asked Albert Einstein to choose a problem of 
interest to him and to exchange views with someone about it.  Einstein chose 
"Is there any way of delivering mankind from the menace of war?" as his 
problem and Sigmund Freud as his correspondent.  In his letter to Freud, 
Einstein said that one way of eliminating war was to establish a 
supranational organization with the authority to settle disputes between 
nationas and power to enforce its decisions.  But Einstein acknowledged that 
this solution dealt only with the administrative aspect of the problem, and 
that international security could never be achieved until more was known 
about human psychology.  Must right always be supported by might?  Was 
everyone susceptible to feelings of hate and destructiveness?  It was to 
these questions Freud addressed himself in his reply."  

Interestingly enough, when I first started thinking about the idea that I 
would later term "Assassination Politics," I was not intending to design a 
system that had the capability to eliminate war and militaries.  What I was 
targeting, primarily, was political tyranny.  By my standards, that included 
not merely totalitarian governments but also ones that many of us would 
consider far more benign, in particular the Federal government of the United 
States of America, "my" country.  Only after I had thought of the 
fundamental principle of allowing large numbers of citizens to do away with 
unwanted politicians was I "forced," by my work up to that point, to address 
the issue of the logical consequences of the operation of that system, which 
(by "traditional" ways of thinking) would leave this country without 
leaders, or a government, or a military, in a world with many threats.  I 
was left with the same fundamental problem that's plagued the libertarian 
analysis of forming a country in a world dominated by non-libertarian 
states:  It was not clear how such a country could defend itself from 
agression if it could not force its citizens to fight.

Only then did I realize that if this system could work within a single 
country, it could also work worldwide, eliminating threats from outside the 
country as well as corrupt politicians within.  And shortly thereafter, I 
realized that not only could this occur, such a spread was absolutely 
inevitable, by the very nature of modern communications across the Internet, 
or older technologies such as the telephone, fax, or even letters written on 
paper.  In short, no war need ever occur again, because no dispute would 
ever involve more than a tiny number of people at any one time.  Further, no 
tyrant would ever be able to rise to the level of leader, leading his 
country into a destructive war against the wishes of his more reasonable 
citizens.  He would be opposed, logically enough, by the citizens of the 
country he intended to war with, obviously, but he would also draw the ire 
of citizens within his own country who either didn't want to pay the taxes 
to support a wasteful war, or lose their sons and daughters in pointless 
battles, or for that matter were simply opposed to participating in the 
agression.  Together, all these potentially-affected peoples would unite 
(albeit quite anonymously, even from each other) and destroy the tyrant 
before he had the opportunity to make the war.

I was utterly astonished.  Seemingly, and without intending to do so, I had 
provided a solution for the "war" problem that has plagued mankind for 
millennia.  But had I?  I really don't know.  I do know, however, that very 
few people have challenged me on this particular claim, despite what would 
normally appear to be its vast improbability.  While some of the less 
perceptive critics of "Assassination Politics" have accused me of 
eliminating war and replace it with something that will end up being worse, 
it is truly amazing that more people haven't berated me for not only 
believing in the impossible, but also believing that the impossible is now 
actually inevitable!

A little more than a week ago, I was handed this book, and asked to read 
Freud's letter, by a person who was aware of my "little" philosophical 
quandary.  I began to read Freud's letter in response to Einstein, having 
never read any other word Freud had written, and  having read essentially 
none of the works of the giants of Philosophy.  (Now, of course, I feel 
tremendously guilty at the omission in my education, but I've always been 
attracted more to the "hard sciences," like chemistry, physics, mathematics, 
electronics, and computers.)  Since this letter was specifically on war, and 
the question of  whether man could ever avoid it, I felt perhaps it would 
contain some fact or argument that would correct what was simply a 
temporary, false impression in my mind. Simultaneously, I was hopeful that I 
might end up being right, but alternatively hoped that if wrong, I would be 
soon corrected.  I was fearful that I was wrong, but also fearful that there 
would be nothing in this essay that would assist me in my analysis of the 
situation.  

About a third of the way through Freud's letter, I had my answer.  Below, I 
show a segment of Freud's reply, perhaps saving the whole letter for 
inclusion into a later part of this ongoing essay.  While I could 
drastically oversimplify the situation and state, "Freud was wrong!," it 
turns out that this brief conclusion is at best highly misleading and at 
worst flirting with dishonesty.  By far the greater part of Freud's analysis 
makes a great deal of sense to me, and I would say he's probably correct.  
But it is at one point that I believe he goes just a bit wrong, although for 
reasons which are entirely understandable and even predictable, given the 
age in which he lived.  It must be remembered, for example, that Freud was 
born into an era where the telephone was a new invention, broadcast radio 
was non-existent, and newspapers were the primary means that news was 
communicated to the public.  It would be highly unreasonable for us to have 
expected Freud to have anticipated developments such as the Internet, 
anonymous digital cash, and good public-key encryption. 

In some sense, at that point, my biggest regret was that I couldn't discuss 
the issue with either of these two communicants, Freud having died in 1939, 
and Einstein in 1955, after having helped initiate research that led to the 
development of the atomic bomb, the weapon that for decades and even now, 
makes it absolutely, vitally important to eliminate the possibility of war 
from the world.

 But I'll let Dr. Freud speak, as he spoke over sixty years ago, because he 
has much to say:

"Such then, was the original state of things:  domination by whoever had the 
greater might--domination by brute violence or by violence supported by 
intellect.  As we know, this regime was altered in the course of evolution.  
There was a path that led from violence to right or law.  What was that 
path?  It is my belief that there was only one:  the path which led by way 
of the fact that the superior strength of a single individual could be 
rivaled by the union of several weak ones.  "L'union fait la force." 
[French; In union there is strength.]  Violence could be broken by union, 
and the power of those who were united now represented law in contrast to 
the violence of the single individual.  Thus we see that right is the might 
of a community.  It is still violence, ready to be directed against any 
individual who resists it; it works by the same methods and follows the same 
purposes.  The only real difference lies in the fact that what prevails is 
no longer the violence of an individual but that of a community."

[But below is where I think Freud falls into a certain degree of error, 
perhaps not by the standards and realities of _his_ day, but those of ours.  
My comments are in square brackets, [], and Freud's comments are quoted "".  
 Freud continues: ]

"But in order that the transition from violence to this new right or justice 
may be effected, one psychological condition must be fulfilled.  The union 
of the majority must be a stable and lasting one.   If it were only brought 
about for the purpose of combating a single dominant individual and were 
dissolved after his defeat, nothing would be accomplished. The next person 
who though himself superior in strength would once more seek to set up a 
dominion by violence and the game would be repeated ad infinitum.  The 
community must be maintained permanently, must be organized, must draw up 
regulations to anticipate the risk of rebellion and must institute 
authorities to see that those regulations--the laws-- are respected and to 
superintend the execution of legal acts of violence.  The recognition of a 
community of interests such as these leads to the growth of emotional ties 
between the members of a united group of people--communal feelings which are 
the true source of its strength."     [end of Freud's quote]


[Those of you who truly comprehend the idea of "Assassination Politics" 
will, I'm confident, understand exactly why I considered this segment of 
Freud's letter to be important enough to include, and will probably also 
recognize why I consider Freud's analysis to go wrong, albeit for 
comparatively minor and understandable reasons.  I will address the last 
paragraph in greater detail, to explain what I mean.  I will repeat Freud's 
words, and address each of his points from the standpoint of today's 
situation and technology.]

"But in order that the transition from violence to this new right or justice 
may be effected, one psychological condition must be fulfilled.  The union 
of the majority must be a stable and lasting one." 

[In a sense, Freud is absolutely correct:  Whatever system is chosen to 
"govern" a society, it must continue to operate "forever." ]  Freud continues:

" If it were only brought about for the purpose of combating a single 
dominant individual and were dissolved after his defeat, nothing would be 
accomplished."

[This is where the problem begins to creep in.  Freud is leading up to 
justifying the existence of a formal government as he knew them in the 
1930's, based on the continuing need for keeping the peace.  The first, and 
I think, the most obvious problem is that Freud seems to implicitly assume 
that the purpose of the union will actually be fulfilled by the formation of 
a government.  Freud, who died in 1939, didn't see what his survivors saw, a 
"legitimate" government in Germany having killed millions of people in the 
Holocaust, or many other incidents subsequent to that.  And Freud, whose 
letter was written in 1932, was probably not aware of the slaughter of the 
Russian Kulaks in the late 1920's and early 1930's, or the purges which 
followed.  Freud could have felt, generally, that the problems with a 
country's governance were caused either by inadequate government or simply a 
rare example of government gone bad.  We know, to the contrary, that 
governments very frequently "go bad," in the sense of violating citizen's 
rights and abusing the power entrusted to them.  Few may end up killing 
millions, but to assume that we must continue to tolerate governments just 
because they don't go quite as far as Nazi Germany would be foolish in the 
extreme.]

[The second problem is the implicit assumption that the long-term control he 
(correctly) sees MUST come from an organization like a traditional 
government.  True, in the era in which Freud lived, that conclusion made a 
great deal of sense, because a well-functioning government appeared superior 
to none at all.  And it was at least plausible that such control COULD come 
from a government.  But as the old saying goes, "Power corrupts, and 
absolute power corrupts absolutely."] 

[To use a house's thermostat as an analogy, but differently than I did in 
"Assassination Politics part 6," a person who lived in an era before 
automatic furnace thermostats would always conclude that a person's efforts 
would have to be continually directed towards maintaining an even 
temperature in his house, by adding fuel or limiting it, by adding more air 
or restricting, etc.  To the extent that this manual control constitutes a 
"government," he will believe that this hands-on control will always be 
necessary.  But we now live in a time where a person's time is rarely 
directed towards this effort, the function having been taken over by 
automatic thermostats which are cheap, reliable, and accurate.  They are 
also, incidentally, essentially "uncorruptible," in the sense that they 
don't fail except for "understandable" reasons, and repair is cheap and 
easy.  (And a thermostat can never be bribed, or get tired, or have its own 
interests at heart and begin to subvert your own commands.)   Quite simply, 
the progress of technology has put control of temperature in the hands of an 
automatic, error-free system that is so reliable as to be ignorable most of 
the time.]

[I argue that likewise, the progress of technology would allow an automatic 
system to be set up, which I called "Assassination Politics" (but could 
probably use a more apt name, since its application extends far beyond the 
issue of politics) different from traditional government, a difference 
somewhat analogous to the difference between a person's full-time efforts 
and an automatic thermostat.  Aside from the dramatic reduction in effort 
involved, an automatic system would eliminate the errors caused by 
inattention by the operator, such as leaving, falling asleep, or other 
temporary lack of concentration.  These failures are somewhat analogous to 
the failure or misbehavior of a corruptible or indifferent or even a 
malicious government.]  

[This makes a government like Freud saw totally unnecessary.  Of course, 
Freud could not have anticipated the technological developments that would 
make an "automatic" replacement for government even possible, and thus he 
followed his contemporary paradigms and sought to justify the governments as 
they then existed.]  Freud continues:

"The next person who thought himself superior in strength would once more 
seek to set up a dominion by violence and the game would be repeated ad 
infinitum."

[This statement is correct, but I think it misses the point:  Many functions 
of individuals and machines are never "completed", and must "be repeated ad 
infinitum."  (The most basic example:  If we are optimistic about the future 
of the human race, by definition reproduction and survival must be "repeated 
ad infinitum.")   That does not mean that the mechanism which handles that 
need must be any more complicated that the minimum necessary to achieve the 
control needed.  I agree that a system of long-term control is necessary; 
where I disagree with Freud is simply that I believe that a vastly better 
method of control now can potentially exist than the traditional governments 
that he 
knew.  To the extent that he couldn't have anticipated the Internet, 
anonymous digital cash, and good encryption, he had no reason to believe 
that government could be "automated" and taken out of the hands of a tiny 
fraction of the population, a fraction which is corruptible, malicious, and 
self-interested.  Also, by not being aware of modern technology, he is 
unaware how easy it has become, conceptually, for people to come together 
for their self-defense, if that self-defense required only a few kilobytes 
be sent over fiber-optic cables to a central registry.  Freud's objection to 
an "endlessly repeating" system breaks down in this case, so his conclusion 
need not be considered valid.]


Freud continues:

"The community must be maintained permanently, must be organized, must draw 
up regulations to anticipate the risk of rebellion and must institute 
authorities to see that those regulations--the laws-- are respected and to 
superintend the execution of legal acts of violence."


[Again, I think Freud misses the point.  He refers to "the risk of 
rebellion," but I think he forgets that the main reason for "rebellion" is 
the abuse by the government then in control. (Naturally, it looks 
differently from the standpoint of that government!)   If the latter problem 
could be eliminated, "rebellion" would simply never occur, for there would 
be no reason for it.  If those that were "rebelling" were in the wrong, 
violating somebody's rights, then my "Assassination Politics" system would 
be able to take care of it.  This, presumably and understandably, Freud 
could never have foreseen. Also, Freud does not address the question of 
whether or not the government which promulgates those laws is doing so in a way
primarily for the benefit of the public, or those who populate the 
government itself. Graft was well known if Freud's time; it seems to me that 
he should have addressed the question of whether or not an entity called a 
"government" could actually achieve the benefits he claims justify the 
government, without being subverted by those who control it, for their own 
interests.  If not, then there is certainly a issue to be addressed:  At 
what point do the depradations of a parasitic government exceed its 
benefits?  And can we find a way to do without it?]  Freud continues:


"The recognition of a community of interests such as these leads to the 
growth of emotional ties between the members of a united group of 
people--communal feelings which are the true source of its strength."     
[this is end of the portion of Freud's letter which I quote here.]

One of the interesting things about this statement is that it is the 
development of tools such as the Internet which will be eliminating the very 
concept of "foreign" and "foreigner."  They will become artificial 
distinctions.  There is clearly much precedent for this, from the country in 
which I live, America.  When formed, it contained people whose primary 
loyalty was to their _state,_ not to the Federal government as a whole. Even 
our civil war, from 1861 to 1865, was based on loyalty to states or regions, 
rather than the country as a whole.   To cite just one example, myself, 
while I reside in the state called Washington, I've lived in a number of 
other states, but I don't consider myself loyal to any particular state.  
(Perhaps using myself as an example is misleading, because at this point I 
don't consider myself "loyal" to any government at all!)

In fact, later in Freud's letter, he says, "Anything that encourages the 
growth of emotional ties between men must operate against war."  Sadly, 
Freud did not live to see the development of the Internet, and the massive 
international communication which it has already begun to foster.  In _his_ 
day, the ordinary people of one country and another rarely communicated, 
except perhaps for letters with relatives from "the old country" that 
emigrated.  The idea of going to war with people from whom you get email on 
a daily basis is, in itself, a "foreign concept" to me, and I hope it will 
remain so!  In that sense, Freud was very right:  "Assassination Politics" 
active or not, it will be much harder for governments to whip up their 
citizens into a frenzy to kill the enemy if they can type to them every day.

Frustratingly left unanswered is a question whose answer I'd like to know:  
Could I have convinced Freud, or Einstein, that "Assassination Politics" is 
not only a necessary or even an unavoidable system, but also a GOOD one?  
Could I convince them today, had they miraculously survived until today, 
aware of the last 64 years of history subsequent to their correspondence?

Jim Bell
jimbell at pacifier.com

Klaatu Burada Nikto

Something is going to happen...      Something...Wonderful!




 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTU7svqHVDBboB2dAQGZSwP+It+u/ZCdtqAeF/gSlpCEt7spyF9alJkl
hBBrp1/rg0rZXrhg1ouqk1Qnz8nzxpBmg/rhkMLNx493oGoFHTETVnl5RGiuiio4
2KWewNqw2JSZ2mxkf95On267Jk9WWeJ/GLwnZ8XkI5p9fu0b55oPtBF4GezeAtTv
1gD8ipGPXFM=
=kJUj
-----END PGP SIGNATURE-----






From merriman at arn.net  Thu Feb 29 02:58:02 1996
From: merriman at arn.net (David K. Merriman)
Date: Thu, 29 Feb 1996 18:58:02 +0800
Subject: Site certificates?
Message-ID: <2.2.32.19960228182806.006842f8@arn.net>


-----BEGIN PGP SIGNED MESSAGE-----

Can someone point me in the direction of who I need to talk to in order to get security certificates for a Web server I'm setting up? I sent email to MS and Netscape, and neither has deigned to respond in 4 days....

Thanks

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTSCEcVrTvyYOzAZAQG2hwP+L0tquQzMQC8XC9azPJsuFGbFq0ijTftI
sGQIA9ddphwL+bWdD0utDfMBrRxPFqM1kTZNZKzGTU4VUokoBUh/wPiqkim8+v61
cQFAIK8Xl3IbqnZfjMjW3rfmSYKaPXEVRHd0ssOFV535s3K3rSZN9ck0qxioyjK/
aEgCxcXRsXg=
=kCqo
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148







From William_Marlow at cpqm.saic.com  Thu Feb 29 04:37:11 1996
From: William_Marlow at cpqm.saic.com (William Marlow)
Date: Thu, 29 Feb 1996 20:37:11 +0800
Subject: Strassmann's  Anonymous
Message-ID: 


To all,

I feel compelled to add some comments to this lively discussion:

The point was that we all need to be aware of the use of remailers as possible
parts of evil schemes.  The  recent revelations by some that cyberspace
reflects real life is the case here.  Remailers provide a means for the "dark
side" to communicate, but they also provide the means for "the good side" as
well.  Mr. Byfield's assertions are most likely correct that remailers are
used most of the time for "non-evil" purposes. 

Awareness of a problem is the first step in everyone addressing the best ways
that we as a society (both Cyber and otherwise) deal with it.

I have been targeted by those who wish to do harm using remailers.  It is not
a fun thing to deal with, but it is a fact of Cyberspace.

 I personally like remailers,  ones which have no governments, good guys, bad
guys or anyone else monitoring them, but we as a society must deal with all of
these elements.

Bill Marlow
------------------------------
Date: 2/28/96 5:02 PM
To: Marlow, William
From: t byfield

A few observations on Paul Strassman's response to John R. Levine; I've
rearranged it a bit for clarity, edited out a handful of lines, and
whittled down the CCs.

At 4:01 PM 2/28/96, Paul A. Strassmann wrote:

John R. Levine:
> >It's been possible for at least a century to mail letters with no
> >return address.  It's equally possible to use post office boxes and
> >mail drops, or even a chain of mail drops, to have two-way exchanges
> >of messages between people who don't know each other's identities.
> >
> >As far as I can tell, the existence of anonymous postal mail hasn't
> >caused any great trouble over the past century.  Can you explain why
> >the appearance of similar facilities for on-line mail presents a
> >greater problem?

Paul Strassmann:
>Since the idea that Internet remailers are not much different than
>anonymous letters sent by mail is an often repeated theme, it warrants a
>comment:
>
>1. Your statement that anonymous post mail hasn't caused any "great
>trouble" over the past century does not stand up well. I have not done a
>statistical sampling of incidents, but I wish to note that all my exposures
>(personal and otherwise) to anonymous post have been associated with
>extortion, spreading of unwarranted rumors and unsubstantiated accusations.
>Most ransom notes in kidnapping cases have been conveyed by this means.

        Obviously, kidnapping and extortion demands sent anonymously
through the post would attract far more attention than innocuous uses
would--as did the recent incident in which someone donated (by anonymous
mail) a million-dollar McDonald's sweepstakes ticket to a children's
hospital. I daresay that for every such criminal instance you could cite,
there are hundreds or even thousands of instances of completely benign
"secret santas" and anonymous valentines from teenage "secret admirers,"
for example--which would hardly bear out your claim that

>In civilized  society the receipt of anonymous post has been always
>associated with unacceptable social behavior. That reputation persists.

        Valentines and gifts sent anonymously will no doubt strike some
people as trivial in the face of "information warfare" and other such
gothic notions, and perhaps they are; but I can only wonder what exactly
these valiant strategists think they're protecting and from whom they're
protecting it.



>2. Your assertion that one can be equally anonymous by post as with e-mail
>does not stand up.
>
>First, anonymous mail is likely to carry stamp cancellation marks, which
>provides an important clue as to the origin of the message.
>
>Second, criminal  forensic techniques have been used very successfully in
>tracing identifying marks, such as typewriter characteristics, Xerox copy
>drum defects and other tricks such as genetic identifications of saliva
>remnants left from licking a stamp or sealing the envelope. There are many
>others. Anonymous e-mail does not convey such clues.
>
>Third, anonymous mail operates on a totally different scale and with a
>different technology than post. The fact that automobiles were originally
>called "horseless carriages" does not make them possess the attributes of
>horse-carriages. When technology scales up from thousands to hundred
>millions, the potential consequences are not subject to simple
>extrapolation.

        By the same token, the fact that law enforcement agencies have,
over the last two centuries, developed the forms of forensic analysis you
mention doesn't mean that these techniques are a god-given right whose
shortcomings in the face of new technologies need to be compensated for.
These techniques are, as you point out, contingent on the traits peculiar
to the objects being examined. Postal mail consists of integral physical
objects which can bear these kinds of traces; email does not. Nor does
shouting--yet I've never heard anyone suggest that fans at a football game
should preface what they yell with their name and their address, or that
their failure to do so constitutes a threat to national security.



>3. Anonymous remailers have been conduits for misconduct ranging from
>"spamming" - e.g. launching thousands of messages to saturate server
>capacity - to massive distribution of "sniffers" that make a number of
>software-based fire-walls inoperative.

        This objection remailers is a red herring: giveaway ten-hour
accounts on AOL and other services, hacked accounts, accounts obtained
under false names, and accounts obtained under a True Name are much more
notorious sources of spam than are remailers. If spam is your objection,
you're barking up the wrong tree.
        As for the "massive deployment of 'sniffers'," anyone capable of
doing this or of using information gained by this means hardly needs
remailers.



>4. The most likely scenarios of an information assault on the information
>infrastructure that performs essential social functions such as message
>switching, transportation dispatching, public security communications, etc.
>always commences with a  saturation dispatch of a wide variety of
>intelligent agent via anonymous remailers.

        "Most likely scenarios" are speculative: something that hasn't
happened yet doesn't "always commence with" anything.



>There is a long list of anti-social and criminal behavior that is greatly
>facilitated by a guarantee of untraceability. The repertoire of such
>malfeasances is sufficiently long that it does not warrant further
elaboration.

        This chicken-or-egg formulation suggests that a milieu in which
total traceability is possible would greatly diminish criminal behaviors
and activity. Perhaps, but as you yourself have pointed out, such a milieu
is utterly antithetical to anything remotely resembling a free democracy.
Since the alternative to untraceability isn't viable, there's no point in
bringing it up.



>Now, I would like to repeat that I believe that anonymous remailers are
>here to stay - at least in democratic societies. However, that does not
>mean that one should continue insisting that anonymous remailes are not a
>different phenomenon than an envelope containing a message that does not
>have a return address.

        If you were the final arbiter on the question, your repeated claim
that "remailers are here to stay" would be much more comforting.
Unfortunately, the force of almost all your arguments is, in a nutshell,
that remailers are associated with and facilitate criminal and/or terrorist
activities--and that suggests to me that if you had your druthers, they
would be illegalized.
        I'm curious: Do you or do you not support the continued existence
of nonregulated, nonlicensed, and publicly accessible remailers? (Please
note that this is a different question than "Are remailers here to stay?")


regards
Ted Byfield



------------------ RFC822 Header Follows ------------------
Received: by cpqm.saic.com with SMTP;28 Feb 1996 17:00:13 +0100
Received: from panix.com by cpmx.saic.com; Wed, 28 Feb 96 16:55:25 -0800
Received: (from tbyfield at localhost) by panix.com (8.7/8.7/PanixU1.3) id
TAA08093; Wed, 28 Feb 1996 19:55:05 -0500 (EST)
Message-Id: 
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-PGP-KF: 75 7C E9 84 00 E1 1B 7A  AA 23 AE 59 BD 19 4B BE
X-XXX: If you're under 18, DO NOT READ THIS MESSAGE
X-Subliminal-Message: 
Date: Wed, 28 Feb 1996 20:01:52 -0500
To: paul at strassmann.com
From: tbyfield at panix.com (t byfield)
Subject: Re: Strassmann's  Anonymous Remailers Paper
Cc: William_Marlow at cpqm.saic.com,
    raph at CS.Berkeley.EDU,
    denning at cs.cosc.georgetown.edu,
    KAHIN at HULAW1.HARVARD.EDU,
    steve at method.com (Steve Strassmann),
    dolanvp at consultancy.com,
    RON_KNECHT at cpqm.saic.com,
    ALGERJ at NDU.EDU,
    GIESSLERF at NDU.EDU,
    cypherpunks at toad.com








From cmca at alpha.c2.org  Thu Feb 29 04:37:12 1996
From: cmca at alpha.c2.org (Chris McAuliffe)
Date: Thu, 29 Feb 1996 20:37:12 +0800
Subject: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <3134C779.7C84@adspp.com>
Message-ID: <199602290142.RAA04520@eternity.c2.org>


-----BEGIN PGP SIGNED MESSAGE-----

[To: Mark Bainter ]
[cc: cypherpunks at toad.com]
[Subject: Re: PGP backdoor? (No, I'm not paranoid.) ]
[In-reply-to: Your message of Wed, 28 Feb 96 13:22:01 PST.]
             <3134C779.7C84 at adspp.com> 

>I was recently speaking with a newly-made aquaintence, and we were 
>discussing the merits of various encryption systems.  Now, I had heard
>about all the people who claimed the reason versions later than 2.3 
>wouldn't work with 2.3 was because of a backdoor for the government.  I 
>personally thought they were being paranoid.  However, this guy tells me 
>that he met Phil at defcon and phil told him that he co-operated with 
>the government and gave them information that would enable them to crack 
>key's for versions later than 2.3.   I don't know whether to believe him 
>or not, as I said earlier he is not a long-time friend or anything, so he 
>could just be lying to me.  If anyone has any information on this I would 
>appreciate it.

Utter rubbish. You can look at the source code and easily convince
yourself that there is no backdoor. I have personally done this for the
key generation bit, and I know others who have done it for the
on-the-fly encryption. Also, 2.6ui (old version) was based on 2.3 and
interoperated fine -- it had no back doors.

What 2.6 *did* have was a built-in incompatibility with old versions, in
an attempt to make people upgrade to a version which got Phil out of
some patent-raleted hot water.

Chris McAuliffe  (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMTT9GoHskC9sh/+lAQE7FwP/dD9cN6e+g7Oji0STXHWqykfJQikQ/mrT
AjQIRuomGQ+ce+R3grZcFKcvNcn8iDg5czV/K+F5Ix2apSrssnKCs0xPst1a2MD1
iWGnxP2QbkjSMfr9YziF7WBUAQCYQwM2zKrDPKF7n8u2F4MvNCbgtL1pmzCiYlOq
jN1G7EyXNpk=
=ln+P
-----END PGP SIGNATURE-----





From anonymous-remailer at shell.portal.com  Thu Feb 29 04:38:51 1996
From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com)
Date: Thu, 29 Feb 1996 20:38:51 +0800
Subject: "Louis Freeh is a Cocksucker"
Message-ID: <199602290201.SAA01927@jobe.shell.portal.com>


I have seen this meme scrawled on the sides of payphones and on train doors
along the Red Line of Chicago's "Ell."  Is this some form of organized  
protest or the actions of one person?  While not directly cypherpunks related  
I cannot think of too many other types of people who would produce this  
graffito.

Any responsible cypherpunks care to raise their hands?





From Kevin.L.Prigge-2 at tc.umn.edu  Thu Feb 29 06:24:57 1996
From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge)
Date: Thu, 29 Feb 1996 22:24:57 +0800
Subject: Site certificates?
In-Reply-To: <2.2.32.19960228182806.006842f8@arn.net>
Message-ID: <3135b1416a2d002@noc.cis.umn.edu>

A non-text attachment was scrubbed...
Name: not available
Type: application/pgp
Size: 14 bytes
Desc: not available
URL: 

From frissell at panix.com  Thu Feb 29 06:56:02 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 29 Feb 1996 22:56:02 +0800
Subject: PGP backdoor?  (No, I'm not paranoid.)
Message-ID: <2.2.32.19960229142232.0072d064@panix.com>


At 01:22 PM 2/28/96 -0800, Mark Bainter wrote:

>personally thought they were being paranoid.  However, this guy tells me 
>that he met Phil at defcon and phil told him that he co-operated with 
>the government and gave them information that would enable them to crack 
>key's for versions later than 2.3.   

Since Phil didn't personally write 2.3 *or* versions later than 2.3, he
couldn't have conspired with the Feds.  In addition, source code makes back
doors difficult.

DCF


I don't know whether to believe him 
>or not, as I said earlier he is not a long-time friend or anything, so he 
>could just be lying to me.  If anyone has any information on this I would 
>appreciate it.
>
>---
>"Man did not enter into society to become 
> worse than he was before, nor to have 
> fewer rights than he had before, but
> to have those rights better secured." 
>             --- Thomas Paine 1791
>
>>>My key is on the keyservers.
>
>
>
>






From lharrison at mhv.net  Thu Feb 29 08:33:13 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Fri, 1 Mar 1996 00:33:13 +0800
Subject: Problems with key server
Message-ID: <9602291505.AC12449@mhv.net>


  Has anyone recently had problems trying to upload their public key to
BAL's PGP Public Key Server?
  I had no problem connecting to BAL's site.  However, I tried several times
to submit my public key and kept receiving "server down, try later, etc."
message.

Regards -
Lynne


**********************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison at mhv.net         |      - Go to bed."
**********************************************************






From PADGETT at hobbes.orl.mmc.com  Thu Feb 29 11:18:21 1996
From: PADGETT at hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Date: Fri, 1 Mar 1996 03:18:21 +0800
Subject: Copyrighted code and executable ASCII
Message-ID: <960229113215.20230778@hobbes.orl.mmc.com>


Since several have asked and it serves several points, I present
the following (also am interested in coderpunks - does this
constitute a qualification ?).

Point the first. A couple of years ago questions arose concerning
executable ASCII. I had played with the concept back around the time
I was doing memory maps of Bendix 930s and Mil-Std-1750s but never went
very far with it. The concept was ressurected c.a. 1988 with a concern
about multi-platform viruses (not talking macros or portable source,
but true multi-platform binaries - can to the conclusion that dual
platform was doable, triple possible but very difficult, and four
bl**dy unlikely.

Around 1990 some people in Germany developed a program (sorry, I do
not recall the citation but wanted to acknowlege the fact - believe 
the program is on SimTel mirrors). That program was buggy and not
suitable for E-mail through certain gateways and recipients.

In 1994, there was a flurry of concern about E-Mail vulnerability
and the subject came up again. We have had "ASCIIrizers" for some time:
TekHex was one of the first I was aware of, then UUencode, PGP "Ascii
Armor", and others. All required an client side file for decoding or
the even cruder DEBUG scripting mechanisms. Looking at an Intel CPU
instruction map, it became apparent that there was an entire class
of instructions contained wholly within the RFC-822 compliant area.

The result was my 1994 "Christmas Card". Since then I improved the
algorithm somewhat reducing the first 129 character line to 64 characters
(not sure why that was a target other than the max & min terms said
yes and that is what UUencode uses so is known to work).

This brings up the second point. Rewriting Copyrighted algorithms as
is being discussed in relation to Royal Crown Cola (tm). Was once told 
that one test was that at least 20% of the code must be different.

Now when using a compiler this is difficult to demonstrate because the 
included libraries make up much of the code. Assembly programming is
different. Sometimes things must be done in a particular order to work
at all. The enclosed code is an example: the bulk of the program is 
trivial, compression is lousy but that was not the intent. The key 
is in the first lime of code that makes it all possible, operable on
everything from an 8088 to a 486 (do not know about Pentium - do not 
have one, nor a power PC but no one who received last year's card
complained).

It may be possible to change some of the registers and possibly
some of the order but the stack is the stack. So here is a question:
can that first line be changed sufficiently to satisfy the "independantly
developed" tests whatever they may be. No credit for lengthening the
line. Kudos for shortening but would be surprised if more than a 
couple of bytes could be removed while maintaining the functionality
(some things were done to maintain compatability with the different
pipeline mechanisms used by Intel and at least one kludge was 
necessary to avoid a bug in the Intel microcode).

For those who would like the source code: sorry, it does not exist,
all programming of the first line was done using DEBUG. There is
an .ASM of the whole file but it contains a long "DB" directive.

I have signed the code for authenticity. The executable file must 
start with the first "X" as the first byte (could have put logo 
in front. Didn't.). All the "P"s were deliberate.

Will only work with true .COM files up to about 30k. Does not need to 
be so limited, just is & has nothing to do with the first line, just
is a PoP & I was lazy 8*).

Coderpunks are also welcome to comment.

					Warmly,
						Padgett

ps have launched .COM directly from ccMail attachment before.

-----BEGIN PGP SIGNED MESSAGE-----

XP[@PPD]5`P(f#(f((f?5!QP^P_u!2$=po}l=!!rZF*$*$ =0%GF%!!%PP$P$Ps-
$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%Xm6lW%Xm6mWl6m6m=ld%ylVmqlJ
mqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:mAm1mBlal6m0l1%f%r%r%rl&$W
%z${$z%yl"%qm"l&$a%Vl&$j%b$`%_%`$X$X$|l&%z%v%v$xl1m0l&%q%[$[$W%`
$Y$X%Yl&%bl&${%q%k%ll&$_%^$\%`l&$X%[l&%b$[l&%r%i%q%n%nl&%`$V%`%a
%X$X%b$a$\%`l&%Y$X$Y%^$[%_l&l1m0l&%n$[$W%[%a%b$X%^%[$[$ul&%f%r%r
%rl&$t$_%^$\%`$[%b%\%`$sl&l1m0l&%k$Y%^%_%^$[%b$\l&$_%^$\%`l&%W%^
$\$\l&$a%`l&$Y%`$[%b%\%`$`l&${%k$i%ol&l)l$m0l1l$l6l$l6l6l6l6l6l6
$rm6lWlvl6l#lql0lvm:l6%Xl0lYm5m6l\m2mPm&lZl6$lmPm&$omql+mem6$ym7
lqmJm5lGl#mrm+lql4$tl&%Xm4$ol7mRmAm<$ym at mqlK%jmql7l^${l=l_mqm;m`
m$%c%c%t%q%k%Xm3l`l$%c$t%l$Xm#lYm7m6mAlX$o%^$\%`l&$`%[%`%Yl&$[%[
$Xl&$^%b$W%`l&${%q%k%ll&%`$V$X%`$[%Y%^%[$[l$%fmumBl4mql=mr$wmpl5
mWmPl4m!m:mr$smrl5%gm=ld%cl\$gmPm&%Y%YlY$ol5l^m5mB%Xm7%q%[%X$\$`
l&$[%[$Xl&$Y%`$[%b%\%`l&${%q%k%ll&$_%^$\%`l&$X%[l&${%k$i%o${l$lY
$Yl5l^l3mB%nm7%q%[%X$\$`l&$[%[$Xl&%[$Z%`$[l&$_%^$\%`${l$l6l6l6l6
l6l6l6l6l&%q%[$[$W%`$Y%Y%^%[$[l&$Z$Y%[%a%`%Y%Yl&%a%[%\%\%`$[%a%^
$[%_${${${l$lZl6$tmPm&$Yl]memql5mqmKlZl6%tmPm&$Ylcmemsl5lYmol5l\
m2mPm&mZ$ql6lYlLl4lBlsm6%ym at mZ%xl6lBlOl6mNmFlB$Wm6lZl6%smql'msl5
mZl6l5lYl*m4mPm&%Ym&lYm8l5l^m4mBlWl7l&$q%b$`l&$_%^$\%`l&$Y%`%b$`
l&$Y%`$Z%[$Y$X%`$`l&l$mqlRmul:l6$Sm5mBmvl6mZl5l6lYlMl4lB$xm6mZ$q
l6lY$xm5lBm!m6mA$qm0l1%c%c%c%c%f%r%r%r%c%a%[$Z%V$Y%^%_$^$X%cl"%q
m"%c%z%v%v$x%c$a%V%c$j%b$`%_%`$X$X$|%c%b$\$\%c$Y%^%_$^$X%Y%c$Y%`
%Y%`$Y$W%`$`%c%c%c%c%clBm+l6l\m2lYmum5l^l6mB$vl7${${${%a%[%\$Z$\
%`$X%`${l$l\$smql'msl5mPm&l\$smql'mql5mPm&mUlBm2l6mNmFlBm^l6mB$v
m7mU%jlWl*m4mWl*m3%ylV%ymIl`lbm6$Xl5l7mUlvmQl$$tl^%Wl4$t$|%Tm5lv
mQ$nl!mUl;lJlNlBlqmElslFma%pmum8l&$Tm2%ym at mf$xm5ma$f$r$jlEmQ%fmf
mam6m5mVm5mV$Yl4memam6mUlBlkm7lZl6%rmql+mpl5mPm&%Ym)lYm0l4l^l2mB
l_m8%i%^$U%`%{$p%`$\%`$X%`l&%`$Y$Y%[$Y${l$lZl6$gmql+mrl5mq$smpl5
mPm&lY%xl4l^m2mBlsm8%k$Y%^%_%^$[%b$\l&${%q%k%ll&$_%^$\%`l&$X%[%[
l&$a%^%_$|l&%`$V%^$X%^$[%_${l$lYl*m3lZl6$rmql'mql5mPm&$Ym6mUlY%Z
l4l^m3mB$mm8%p$Y$Y%[$Yl&%W$Y%^$X%^$[%_l&$X%[l&${%q%k%ll&$_%^$\%`
${l$l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6${%[$Y%_l6$Z$Z$f$j%e$r$j$j$p%d%x$b$jl"$_m%l"$_l"l"$_%s%xm&%j
$j$c$j%c%Xm&$yl$%t$Z%[%T$\%tm&m&$Y$e$ol!l$l!l$l&%t$zm$%o$om$m&m&
m$$j$jl$$jl$$j%Y%|m0l1$Z$Z$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%X
m6lW%Xm6mWl6m6m=ld%ylVmqlJmqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:
mAm1l6l6l6pp
____YAAA_copyright_(C)_1994_by_Padgett,_all_rights_reserved_____
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBMTXclIVuK+48ORdVAQHq4QP/TgAirDLN2dONcfdmfPK02mjTHF2jg4zY
nFqWZ9CuirrD+THVszeDbHjwmyBAgZVnnesDwVIDaNc4kdySVrPVwtX5xgA1sjXE
oKrJxP5+YRTL5M0dbQUmbWLsEK9g2IToAqWIODVLHOI8K5l99/CQz8J+71zWzu9e
VaQP4Mppdy4=
=C3xl
-----END PGP SIGNATURE-----





From lmccarth at cs.umass.edu  Thu Feb 29 11:55:19 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 1 Mar 1996 03:55:19 +0800
Subject: S/MIME outside the US?
In-Reply-To: <199602290845.AAA03948@ix4.ix.netcom.com>
Message-ID: <199602291702.MAA14014@opine.cs.umass.edu>


I wrote:
# All things are exportable as long as the keysize is kept under a 
# certain size, which is too small to be really secure.  

Bill Stewart writes:
> That's not correct - you can only export crypto code from the US
> for which you have Permission, 

Well, sure. I can only say so many obvious things in one message :}

> and they'll only give you Permission
> if it's weak crypto or you agree to be Well-Behaved (e.g. US banks 
> can export real DES for talking to other banks, but US banks can be
> subpoenaed and forced to hand over the plaintext.)

You didn't quote my next sentence, which was (according to
http://www.hks.net/cpunks/cpunks-24/1417.html)

# (Unless they're used for banking, or only 
# for authentication, or you're only taking it with you for personal use on
# a trip, or....)

-Lewis





From nobody at REPLAY.COM  Thu Feb 29 12:07:26 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Fri, 1 Mar 1996 04:07:26 +0800
Subject: Top Spy Hawks GAK
Message-ID: <199602291708.SAA10852@utopia.hacktic.nl>


Admiral William O. Studeman Accepts Position on Premenos
Board of Directors

Concord, Calif., 28 Feb 1996 -- Premenos Technology
Corp., a leading provider of electronic data interchange
(EDI) software solutions for electronic commerce
applications, today announced the election of Admiral
William O. Studeman, U.S. Navy-retired, to its Board of
Directors effective immediately. Studeman will also act
as consultant on special projects including security and
encryption issues.

Admiral Studeman, age 56, is the former Deputy Director
of Central Intelligence and served for five months in
1995 as the acting Director of Central Intelligence. He
retired from the Navy in October 1995. Prior to his
assignment at the Central Intelligence Agency (CIA),
Studeman was the Director of the National Security Agency
(NSA), and before that was the Director of Naval
Intelligence.

In these positions, Studeman was involved in attempting
to develop public policies and technologies that
addressed the complex and often conflicting issues of
enhanced economic competitiveness, law enforcement's
warranted requirement for information transparency in
pursuit of criminal investigations, national security
interest in combating potential information warfare
threats, and the country's overall increased need for
enhanced protection of its information-related systems
and applications.

In commenting on his election to the Board of Premenos,
Studeman stated that "Premenos is not only a leader in
facilitating the promising future of electronic commerce,
it is the first company in the marketplace with a product
line for enhanced protection, security and integrity for
the Internet and other electronic communications-related
business transactions."

Studeman added, "In working with Lew Jenkins and others
in the company, I have an opportunity to better frame the
government-industry dialogue and define the
infrastructure, standards, regulatory, technical and
other directional factors which must be addressed for
electronic commerce -- a rapidly evolving industry
segment so fundamental to the future of the American
lifestyle and national security."

Lew Jenkins, chairman and founder of Premenos said, "The
infrastructure for moving critical business data over the
Internet is crucial to the success of electronic
commerce. We welcome Admiral Studeman to our team and
look forward to his help in developing a trusted model
for the electronic commerce market and establishing a
solid infrastructure similar to the stringent military
requirements that have been in place for decades."

About Premenos Corp.

Premenos is setting the agenda for electronic commerce
and EDI through open networks such as the Internet. 
Premenos EDI software is an enabling strategy for
transforming how corporations conduct business in
extended enterprises using electronic communications.

Templar -- a suite of software and services that enable
businesses to send and receive EDI documents securely and
reliably over the Internet -- was awarded the EMA '95
Electronic Commerce Product Excellence Award recognizing
the most innovative new product debuted at EMA's annual
conference.

Premenos products support the IBM AS/400, RISC
System/6000, HP 9000, SunSparc, Windows 3.x, NT and
Windows 95. Premenos has a worldwide presence with sales
offices in California, London and Paris.

Contact Premenos World Wide Web (WWW) home page at
http://www.premenos.com to access over 3000 pages of
information on electronic commerce, EDI, standards, as
well as Premenos corporate information materials.

--







From bal at martigny.ai.mit.edu  Thu Feb 29 12:19:11 1996
From: bal at martigny.ai.mit.edu (Brian A. LaMacchia)
Date: Fri, 1 Mar 1996 04:19:11 +0800
Subject: Problems with key server
In-Reply-To: <9602291505.AC12449@mhv.net>
Message-ID: <9602291721.AA04371@toad.com>


   X-Sender: lharrison at pop.mhv.net
   X-Mailer: Windows Eudora Light Version 1.5.2
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   Date: Thu, 29 Feb 1996 10:07:03 -0500
   From: "Lynne L. Harrison" 
   Content-Length: 583
   Sender: owner-cypherpunks at toad.com
   Precedence: bulk

     Has anyone recently had problems trying to upload their public key to
   BAL's PGP Public Key Server?
     I had no problem connecting to BAL's site.  However, I tried several times
   to submit my public key and kept receiving "server down, try later, etc."
   message.

The machine the keyserver runs on was having problems yesterday, which
caused the keyserver to get behind on e-mail requests and also shut down
the "beta" keyserver.  Things are back to normal now.

					--bal





From lmccarth at cs.umass.edu  Thu Feb 29 12:24:07 1996
From: lmccarth at cs.umass.edu (lmccarth at cs.umass.edu)
Date: Fri, 1 Mar 1996 04:24:07 +0800
Subject: PGP to PC mail integration
In-Reply-To: <2.2.32.19960229085326.003358ec@mail.pi.se>
Message-ID: <199602291727.MAA15484@opine.cs.umass.edu>


Matts-

Please don't send me extra copies of mail sent to cypherpunks. I put
that Reply-To: header in there very deliberately.

Matts writes:
> Nope. The VB program should give a popup window where you can enter your
> passphrase to sign/decrypt the message. 

I wrote:
# Sure sounds like a user interface to me. 

Matts writes:
> Sure, what did you expect? A program that obtains your pass phrase without a
> user interface?!? 

No, a program that doesn't obtain your passphrase at all.

Go back and read what Mike Ingle wrote 
(http://www.hks.net/cpunks/cpunks-24/1540.html)

He said "Instead of messing with user interfaces", and talked about a program
that "encrypts any mail it has a PGP key for the recipient of". That
sounds a hell of a lot like a program with no user interface to me. 
Furthermore, in my sheltered life, I don't know of any mail proxies that
have user interfaces. Mike has given absolutely no indication that the
program he proposes makes any attempt to base its decisions on user input,
including passphrases. Hence my original question.

I'm very happy for you if you have in mind a program that does something
different. But I don't see how it's relevant to whatever questions I
might ask about the program Mike Ingle has in mind.

-Lewis





From johan at eniac.campus.luth.se  Thu Feb 29 13:32:28 1996
From: johan at eniac.campus.luth.se (Johan Sandberg)
Date: Fri, 1 Mar 1996 05:32:28 +0800
Subject: Cypherpunk remailer
In-Reply-To: <199602290844.AAA03847@ix4.ix.netcom.com>
Message-ID: <717.6633T1090T304@eniac.campus.luth.se>



In a reply to Johan Sandberg 
on 29-Feb-96 13:44:24, Bill Stewart 
writes about "Re:Cypherpunk remailer"

>> At 01:06 PM 2/28/96 +0100, you wrote:
>>How do I send Email through a cypherpunk remailer?
>>
>>I know that I encrypt with PGP, but where should I write to who the email is
>>for???

>For most remailers, if you send it mail with
>        Subject: help
>or      Subject: remailer-help
>(depending on remailer version) it will send you help.
>(pamphlet at idiom.com is down right now, unfortunately.)

Thanks..

>The mixmaster remailers require special client software on your machine.

What special software? What will the client do?






From alano at teleport.com  Thu Feb 29 13:44:33 1996
From: alano at teleport.com (Alan Olsen)
Date: Fri, 1 Mar 1996 05:44:33 +0800
Subject: Information...  We need Information...
Message-ID: <2.2.32.19960229183232.008bb900@mail.teleport.com>


-----BEGIN PGP SIGNED MESSAGE-----

I am working on a project to demonstrate the insecurities in a
specific cryptosystem.  I am working with the author to show
him the insecurities of his product.  (I believe them to be
many.) [There are a number of problems so far that will doom
it...  The name is derivative of a trademarked product.
Initial disassembly shows there are no common crypto algorithms
being used.  The algorithm is secret.  There is no key
management to speak of.  It only works on text files. And so
on... Why am I still working on this? Because the author has
created some good products and I do not want to see him be
ripped to shreds when he releases this.]

It is also a good excuse to do research on a couple of topics.

Here is the problem...  I am looking for texts on the breaking
of cyphers.  (I want to show him WHY the cypher is insecure and
not just say "It's crap!".)
I have done a couple of searches and have come up fairly dry.

The Cyphernomicon has a couple of paragraphs, but nothing on
techniques or pointers to other references.  RSA's FAQ has
little to nothing as well. A web search turned up little
useful. Most of the other references I have found have been for
current cyphers, but next to nothing about breaking them. 

I have been recommended "The Codebreakers" by Kahn.  (I will be
picking that up as soon as I can find a copy.)  I have "Applied
Cryptography".  (It is not oriented towards the breaking of
cyphers, but it has some good remarks on the weaknesses of
those listed.) Are there others?  I would prefer electronic
references, but hardcopy text is useful as well.  Most of what
I have found in the crypto field for books has been remarkably
bad (with a few notable exceptions). (It is hard to respect a
book when the code is written in BASIC...)

In this case, brute force might work, but I am looking for
something a bit more elegant.

I am getting more details on the code today.  It should be
interesting.

Any pointers to references are appreciated.

Thanks in advance!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTXwTOQCP3v30CeZAQGmWgf+LyJFcbTmE1hviLLLGJp+usFYOdEt2H4X
0/8PzHoOOy6MW4hc/om2npwFiDhSG3vPvmF3UMHX/BHvNChQ53+rvHDsynxTh+Wo
F/t9qkXxKMNS41AAHMmdTgNYaO7h2Osjk6f514xX9ac0ZzSSbQmWkrwuYzopO0W/
lytSxjh3Vu6IfhWIClf/CTrotIgeUp/zhdfLlV69Nu1ZVnZWrkNh1j+8+H4mg5mv
wPmq9UkA5AnIS37yJ3ywm8Z/FNHNxL8A8oA9OWJH9z/e5knQpkgsVQfWDpT3dMF1
+AwoJc6cKr91U3KRmayi2SuNmctRaacoCUIQJ1Se412m8KGzUnhaLw==
=SiB0
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction
        `finger -l alano at teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.






From matts at pi.se  Thu Feb 29 13:49:16 1996
From: matts at pi.se (Matts Kallioniemi)
Date: Fri, 1 Mar 1996 05:49:16 +0800
Subject: PGP to PC mail integration
Message-ID: <2.2.32.19960229085326.003358ec@mail.pi.se>


At 08:54 1996-02-28 -0500, lmccarth at cs.umass.edu wrote:
>Mike Ingle writes:
>> Instead of messing with user interfaces, 
>
>I wrote:
># Would you be stuck if you wanted to send something unsigned and/or 
># unencrypted ?
>
>Matts writes:
>% Nope. The VB program should give a popup window where you can enter your
>% passphrase to sign/decrypt the message. Such a popup can have a  button
>% if you don't want it to do its thing.
>
>Sure sounds like a user interface to me. 

Sure, what did you expect? A program that obtains your pass phrase without a
user interface?!? That would be a neat hack if you could pull it off. Should
it do mind reading, or just crack the pass phrase by brute force?

Seriously, the idea here is that the pgp front end shouldn't deal with the
user interface in your present mail program. Nobody (before you) have
considered doing it completely without a user interface.

Matts






From stewarts at ix.netcom.com  Thu Feb 29 13:50:42 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 1 Mar 1996 05:50:42 +0800
Subject: fun with the web and security
Message-ID: <199602290845.AAA03957@ix4.ix.netcom.com>


At 06:38 PM 2/27/96 -0800, you wrote:
>Here's a fun way to exploit security holes via the web:
>	http://www.cs.berkeley.edu/~daw/js1.html
>A rough representation of its contents follow.

Well, that was amusing.  (It gophered to localhost:25 and sent
some mail and attempted to exploit a traditional sendmail bug.)
I was wondering what would happen, since I'm behind a firewall
and don't _have_ an SMTP listener on port 25, nor does my PC really
do localhost in any useful manner.  What happened, of course,
was that Netscape used my proxy settings for gopher,
sent the request to the firewall, and tried to connect to localhost:25 there;
it answered, accepted some mail for delivery, then
503 Need MAIL before RCPT
503 Need MAIL command
500 Command unrecognized
                ... many of these
500 Command unrecognized
501 Syntax error in parameters scanning "root at localhost"
500 Command unrecognized
500 Command unrecognized
500 Command unrecognized
221 [MY PROXY MACHINE'S NAME]. closing connection


Good stuff.  (And I assume the proxy server had the debug hole blocked...)




#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Thu Feb 29 13:58:03 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 1 Mar 1996 05:58:03 +0800
Subject: S/MIME outside the US?
Message-ID: <199602290845.AAA03948@ix4.ix.netcom.com>


At 10:49 PM 2/24/96 -0500, Lewis  wrote:
>volley at lls.se writes:
>> If I got things right, DES is "exportable" as long as the keysize
>> is kept under a certain size, which is too small to be really secure?
>
>All things are exportable as long as the keysize is kept under a certain size,
>which is too small to be really secure.  

That's not correct - you can only export crypto code from the US
for which you have Permission, and they'll only give you Permission
if it's weak crypto or you agree to be Well-Behaved (e.g. US banks 
can export real DES for talking to other banks, but US banks can be
subpoenaed and forced to hand over the plaintext.)

There have been people who've gotten export permission for modified DES,
e.g. real 56-bit DES with the key chosen from a 40-bit keyspace.

I'm assuming from volley's address that he or she is in Sweden,
and thus not directly limited by US export laws.  Write what you want,
and post it somewhere outside the US; we can import it legally.
As a non-American, you probably couldn't get US export permission for
even 40-bit RC4, and maybe not even for rot13.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Thu Feb 29 14:00:45 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 1 Mar 1996 06:00:45 +0800
Subject: Diffie-Hellman for Matchmaking?
Message-ID: <199602290844.AAA03859@ix4.ix.netcom.com>


At 11:37 PM 2/27/96 +0000, Dimitris Tsapakidis  wrote:
>This is a followup to my "Dating Problem" question  [.....]

What's the reason for ZKP below?  Is the objective that A and B
only know the other one is interested if they have also
advertised interest, and that nobody else can tell they're 
interested in each other?  Or just that you can advertise who
you're interested in so that only they know you're interested
and nobody else does (except possibly a Trusted Third Party.)

For the latter case, instead of publishing g^(AB)mod n,
publish hash(g^(AB)mod n), where hash is some non-invertible
function (maybe strong like MD5, or maybe cheap like a CRC32,
depending on how often you're willing to risk collisions.)
If you're concerned about replay attacks, use something like
(timestamp, MD5(timestamp, g^(AB)mod n)).

>Person A is interested to match person B, so he computes
>g^(AB)mod n. B is interested in X, where X may or may not
>be A, and calculates g^(BX)mod n. Now, they compare these
>two "common keys" either using some Zero Knowledge scheme
>that ensures fairness (at no point one party has significantly
>more information than the other) or through a Trusted Third Party.
>If they are the same, then this means X=A, so A and B
>have a match (e.g. a date). The common keys must remain
>secret (hence the ZK above): if g^(BX)mod n "escaped"
>to the public, then the real X would find out that
>B is interested in him.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From stewarts at ix.netcom.com  Thu Feb 29 14:00:56 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 1 Mar 1996 06:00:56 +0800
Subject: Simpler solutions (was Re: Stealth PGP work)
Message-ID: <199602290844.AAA03851@ix4.ix.netcom.com>


At 10:26 AM 2/28/96 -0500, Bruce Zambini wrote:
>Or, you can develop a public-key stego system...
>ie a stego system that uses bits in specific ways depending on the 
>private key of the recipient.
I assume you mean the public key of the recipient?

>Something I've been thinking about, but haven't quite figured out how to 
>do yet, except that one could use certain bits based on a PRNG and begin 
>the message with an RSA-encrypted seed (ie the first X bits will be the 
>seed, encrypted with your public PGP key).

That's equivalent to 
   stego(picture, ( RSA(sessionkey,pubkey), Symmetric(message, sessionkey)))
where Symmetric is a potentially cheaper (and weaker) algorithm than IDEA
that possibly uses transposition rather than strict block-structuring.
This approach is no more obscure than stego(stealth(PGP(message, pubkey)))
though slightly more obscure than stego(PGP(message, pubkey)), optionally
less secure,
and probably not much faster except for long messages with wimpy Symmetric.
And it still suffers from the non-stealthiness of vanilla RSA that 
Hal Finney, Adam Back, Harry Hastur, and others have discussed.
Might as well keep the stego and encryption parts separate.

You gain a certain degree of obscurity by using
   stego(picture, scramble( PGP(message, pubkey), key ))
where scramble is some cheap symmetric encryption algorithm and 
key is either the recipient's public key or keyid, and PGP is in binary mode.
This hides the message from eavesdroppers who don't know the recipient,
but not from eavesdroppers who are willing to test against the keys
of a list of usual suspects (assuming the recipient is one of them.)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From frantz at netcom.com  Thu Feb 29 14:05:10 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 1 Mar 1996 06:05:10 +0800
Subject: Information...  We need Information...
Message-ID: <199602291855.KAA17614@netcom7.netcom.com>


At 10:32 AM 2/29/96 -0800, Alan Olsen wrote:
>Here is the problem...  I am looking for texts on the breaking
>of cyphers.  (I want to show him WHY the cypher is insecure and
>not just say "It's crap!".)
>I have done a couple of searches and have come up fairly dry.

Some of Friedman's instruction manuals from the (pre?)WW2 days have been
declassified.  When I was down at Computer Literacy Bookshops
(408/435-1118) in San Jose, they had 5 or 6 titles on codebreaking. 
Applied Cryptography talks about some more modern attacks, such as meet in
the middle.  Starting from the references and going to a good technical
library might produce some information.

Good Luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From stewarts at ix.netcom.com  Thu Feb 29 14:07:00 1996
From: stewarts at ix.netcom.com (Bill Stewart)
Date: Fri, 1 Mar 1996 06:07:00 +0800
Subject: Percy the Python loves IPG
Message-ID: <199602290844.AAA03863@ix4.ix.netcom.com>


At 10:41 PM 2/25/96 -0500, ab411 at detroit.freenet.org (David R. Conrad) wrote:
>I think the IPG system is great!  Percy, my pet python, has never been
>slicker or better lubricated!
:-)

>IPG Sales  wrote:
>>Perhaps so, but our system does employ a true hardware generated OTP, and
>>operates similiar to what you describe -  however, the important
>>differernce is that we use a small OTP to generate a larger OTP, like
>>stringing the cable across the Golden Gate narrows.

That's not a cryptographic one-time-pad - the folks who strung the cable
across the Golden Gate used the little cable to haul a bigger hardware cable
across - you're taking your little cable and stretching it into a longer
thinner cable, tangling it up a bit, and hauling the ends across the narrows.
You haven't added anything to it, so it hasn't gotten any stronger,
and it may have gotten a lot weaker.

If the Small Pad has S bits of entropy, and the Large Pad has L>S bits,
the Large Pad still has s<=S bits of entropy in it, because you haven't
added any more from your hardware RNG - you've just shuffled around
the S bits of entropy you had and maybe even lost some if you're careless.
Therefore, the Large Pad is not a One Time Pad, because it's using each bit
of the Small Pad more than Once.  Maybe you only use the Large Pad once,
but it's no longer a One Time Pad; it's a small pad used more than once.
By your own admission, you're using your pads more than once.

A true One Time Pad has the property that each bit of pad has one bit of
entropy,
so even if I know the value of N-1 bits of the pad, I know entirely nothing
about the value of the other bit, even with infinite computation.
With your method, if I know N-1 bits of the large pad, and have a large
enough computer, I can determine the other bit.  Depending on how strong
your algorithm for deriving the Large Pad from the Small Pad is,
I may or may not be able to afford the computation, and the computer
may or may not fit on one planet, but the bit is recoverable;
finding a fast way to crack it is just gravy.

Furthermore, there are two ways I can tell that you've only given the
Large Pad to the two official recipients and destroyed your originals.
One way is to totally observe your handling procedures all the time,
so I know what you've done with it.  This is obviously impractical.

The other way, a bit less secure, is for you to sign a contract as part of
your service that says what how you will generate and handle the keys,
who you'll give them to, what bonding and insurance you have, and how much
liability you'll accept for mishandling.  This isn't mathematically secure,
like a real one time pad, but it does establish a certain trust level -
I now know how much care you're using with the pads, how much I can sue you for
if you mess up, and therefore I can estimate the value of the information
I can trust your product to carry.  In general, that means I can trust it for
conversations which have a specific, limited monetary value, such as
purchase orders
for parts - I can sue you for the $N I'd lose if the message gets stolen.
But I'd better not trust it for high-value secrets, like my marketing strategy
or trade secrets or plans to invade Cuba, because if you mess up,
I can't recover enough money from you to cover my loss if they leak.

So please email me the keys to your company; I'll donate 10% of the value
to David's python Percy for extra snake oil.





#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281






From cme at cybercash.com  Thu Feb 29 14:09:58 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:09:58 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: 


We're working on some of these issues, as we speak, over in the SPKI mailing
list.  Some of my contributions are available on

        http://www.clark.net/pub/cme/html/cert.html

At 20:02 2/16/96, Laurence Lundblade wrote:

>The Trust Model
>---------------
>Any fully implemented system will have to choose some form of a trust
>model.  Some possibilities are:
>  * web of trust
>  * strict hierarchy
>  * web of hierarchies or some other hybrid

The one some of us advocate is a web of certificates, each one of which
assigns a specific attribute or permission to a public key.
These certificates are not tied to human identities, but a human identity
can be attached as yet another attribute of a public key via a certificate
for that purpose.

For many attributes to be attached to a public key [e.g., permission to
spend money, permission to speak for an organization, ...] there is no
need for a human identity beyond the implicit one of "the person who
knows how to exercise the indicated private key" which comes with any
public key.



>The Certificate format
>----------------------
>It seems possible to pick a certificate format independent of the other
>issues.  Doing so would allow us to leverage components like we do with
>other data objects like MIME.  There probably only two major contenders:
>  * X.509 v3
>     + broadly supported by standard bodies
>     + supported by several industries (e.g., banking)
>     + very rich and flexible
>     + ASN.1
>     - ASN.1 (tough for a student to get an ASN.1 compiler)
>     - complicated
>  * PGP keys
>     + widely deployed
>     + simple to write code for
>     - difficult to lookup (linear search on key id required)
>     - too simple to support many trust models and distribution systems

We're proposing a third certificate format.  X.509 is an identity
certificate, unless one bends it severely.  Signed PGP keys are also
a kind of identity certificate.  Our proposal is an attribute certificate,
not an identity certificate.  It is simple to lookup these certs.
Like X.509, my certs have an Issuing-name and a Subject-name -- but
they're both cryptographic hashes of public keys.  You can take a portion
of those hashes [e.g., low order 12 bits] and use it to index a hash table
of certificates or keys.  The cert is more general than X.509 -- that is,
it includes all of X.509 and then some [because we don't require some
binding to a human identity, don't require a Certificate Authority, ...].
Our first format is RFC822-like -- so it's easy to parse and generate and
read and use.  It's very rich and flexible.  We're working to make it
an IETF standard.  It does not use ASN.1 and has none of the baroqueness
of X.509.

In fact, these certs can be formed as PGP clear-signed messages.

>
>Note that both use the RSA algorithms, so they are interchangeable at some
>very basic level.

We're using RSA or whatever else you want [e.g., DSA].  In fact, in our
cert format, you can use DSA to sign an RSA key, a PGP key to sign a
Fortezza key, etc.



 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From cme at cybercash.com  Thu Feb 29 14:20:00 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:20:00 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: 


At 12:01 2/29/96, Laurence Lundblade wrote:

>
>Isn't using a hash as the identifier replicating the key distribution
>problem that PGP has or are you including some other data that can be used
>to look up the cert?  I think a problem occurs when you have 20 billion of
>these certs (two for every person in the year 2010 or such).  A simple hash
>into a table isn't going to cut it because you a single database (with
>replication?) isn't going to be possible.  Some hierarchical lookup like
>DNS is going to be needed. The look ups are needed to check for revocation.

Our current straw-man http://www.clark.net/pub/cme/html/cert.html
uses the following to identify a key within a certificate:

KEY_ID ::=  
           []
           []

It is assumed that the key is in a cache at the verifier.  The verifier can
add it to his cache by having it sent to him directly, by fetching it
via the URL (if present), or through some other means.

One of my co-workers [Donald Eastlake] is proposing distribution of keys
via the DNS and that sounds fine, too.

We weren't tying the distribution problem to the certificate problem.
They really are separate.



Revocation is a separate problem.  My personal preference [quite seriously]
is not to allow for revocation -- rather to issue certificates with a
validity only long enough to get the job done but not so long that you'd
be seriously damaged by having an invalid cert honored.  There's no way to
get 100%, immediate validation [by non-existence on a revocation list].
For more words on this subject, see cert.html.

If one really needs CRL checking, I'd recommend including a URL for the
Issuer's own revocation list as a field in the cert.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From pfarrell at isse.gmu.edu  Thu Feb 29 14:31:56 1996
From: pfarrell at isse.gmu.edu (Pat Farrell)
Date: Fri, 1 Mar 1996 06:31:56 +0800
Subject: DC area physical Cypherpunks meeting this Saturday
Message-ID: <199602291911.OAA19464@isse.gmu.edu>


Starting at 3:00 PM, at Digex, as usual.
Details on the Dccp homepage, http://www.isse.gmu.edu/~pfarrell/dccp/
(129.174.40.15 if the DNS is grumpy)

Pat
Pat Farrell      grad student        http://www.isse.gmu.edu/~pfarrell
Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
PGP key available via WWW or request           #include standard.disclaimer





From cme at cybercash.com  Thu Feb 29 14:40:30 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:40:30 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: 


At 12:01 2/29/96, Laurence Lundblade wrote:
>I think a problem occurs when you have 20 billion of
>these certs (two for every person in the year 2010 or such).  A simple hash
>into a table isn't going to cut it because you a single database (with
>replication?) isn't going to be possible.

BTW, at the rate that memory gets cheaper and smaller, it might be quite
reasonable to have that single database fit alongside your daily appointments
in your shirt-pocket daily organizer and e-mail terminal, in 2010.


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From lgl at qualcomm.com  Thu Feb 29 14:41:31 1996
From: lgl at qualcomm.com (Laurence Lundblade)
Date: Fri, 1 Mar 1996 06:41:31 +0800
Subject: A brief comparison of email encryption protocols
In-Reply-To: 
Message-ID: 


At 3:43 AM 2/29/96, Carl Ellison wrote:

>>The Certificate format
>>----------------------
>>It seems possible to pick a certificate format independent of the other
>>issues.  Doing so would allow us to leverage components like we do with
>>other data objects like MIME.  There probably only two major contenders:
>>  * X.509 v3
>>     + broadly supported by standard bodies
>>     + supported by several industries (e.g., banking)
>>     + very rich and flexible
>>     + ASN.1
>>     - ASN.1 (tough for a student to get an ASN.1 compiler)
>>     - complicated
>>  * PGP keys
>>     + widely deployed
>>     + simple to write code for
>>     - difficult to lookup (linear search on key id required)
>>     - too simple to support many trust models and distribution systems
>
>We're proposing a third certificate format.  X.509 is an identity
>certificate, unless one bends it severely.  Signed PGP keys are also
>a kind of identity certificate.  Our proposal is an attribute certificate,
>not an identity certificate.  It is simple to lookup these certs.
>Like X.509, my certs have an Issuing-name and a Subject-name -- but
>they're both cryptographic hashes of public keys.  You can take a portion
>of those hashes [e.g., low order 12 bits] and use it to index a hash table
>of certificates or keys.  The cert is more general than X.509 -- that is,
>it includes all of X.509 and then some [because we don't require some
>binding to a human identity, don't require a Certificate Authority, ...].
>Our first format is RFC822-like -- so it's easy to parse and generate and
>read and use.  It's very rich and flexible.  We're working to make it
>an IETF standard.  It does not use ASN.1 and has none of the baroqueness
>of X.509.
>
>In fact, these certs can be formed as PGP clear-signed messages.

Isn't using a hash as the identifier replicating the key distribution
problem that PGP has or are you including some other data that can be used
to look up the cert?  I think a problem occurs when you have 20 billion of
these certs (two for every person in the year 2010 or such).  A simple hash
into a table isn't going to cut it because you a single database (with
replication?) isn't going to be possible.  Some hierarchical lookup like
DNS is going to be needed. The look ups are needed to check for revocation.

LL







From nobody at vegas.gateway.com  Thu Feb 29 15:24:16 1996
From: nobody at vegas.gateway.com (Anonymous Remail Service)
Date: Fri, 1 Mar 1996 07:24:16 +0800
Subject: Jim clark spoke last November in favor of GAK
Message-ID: <199602291953.OAA05959@black-ice.gateway.com>


   Here are Jim Clark's comments in favor of GAK. It should be
emphasized that since then, Netscape has officially clarified its
position against GAK, and that the actions of the company speak loudly
of their support of strong crypto. Nonetheless, these comments were
made for the record, so let the record show:

...

[Segue from a brief explanation of public key cryptography and
certification authorities]

So, this is a sophisticated enough system, but you run into a problem.
I mean, it all works perfectly. Assuming there's no compromises in the
the basic... Assuming there's no holes in the operating system, or no
other ways of getting into the computer that's doing all this stuff,
then you've got a system that's bulletproof. That's the problem. The
government doesn't want it to be bulletproof. And the reason they
don't is they want to be able to get access in cases of where there's
national security issues or such, they want to be able to get access
to your private communications.

But you can break that into two parts. There's one area that they
don't care about. And that area is if you cannot possibly send an
encrypted message to someone... Let's take as an example, you're doing
a financial transaction. If that transaction can only... If that
communication can only be used to do a financial transaction, such as
move money from A to B, or doing a wire transfer of funds, the
government doesn't care about that. Uh, maybe they do, but the point
is that's not the kind of communication where you're going to possibly
say I'm going to blow up the World Trade Center, or some such thing.
That's where they're worried.

But this whole process leads to a set of questions about how you
protect this data encryption technology - how you make it usable in a
way that the government finds acceptable, and that you as the
individual or you as the corporation find acceptable. And I've been
thinking about this a lot. It's clear that this notion of issuing
someone a bulletproof key, that is, that create their own private key
where they can do any arbitrary communications via email to anywhere
in the world with no restrictions and no one can possibly eavesdrop.
It's clear to me that that is not going to happen. And the reason it
isn't is that the governments of the world aren't going to let it
happen.

So you might as well sort of accept that at some level the government
is going to be able to overhear or eavesdrop certain aspects of what
you do. But as I said, the financial aspects, pure financial
transactions, not general purpose electronic communications, but pure
financial transactions, they really don't care. That isn't what
they're trying to eavesdrop. They just want to be able to hear if
you're planning on doing some illegal activity.

And therefore this idea of key escrow comes up and that's what this
chart, this thing is about. Key escrow. For the government, you know
your private key, but also the government knows your private key.
(now, you can, and so) That's one way to do it. They can always know
your private key. You know, you've got a problem with your company
too. (but, you know) Most companies are trying to protect the
interests of the company and the shareholders, and that means that
companies, (I mean I know it, but) I'll bet every single one of your
companies has a mechanism to allow them to listen to your email or
your voicemail or look at some of that stuff at some point in history
because you might be doing something that compromises the interest of
that company, illegally.

So, even there, you need some mechanism to allow a corporation or the
government or someone to be able to get access when they absolutely
have to. That's the rub. When is, when do you absolutely need that
kind of access? We'd all like to think it's as rarely as possible, and
hopefully, never. But I think that these public key cryptosystems have
to accomodate that kind of need. They have to allow people in
governments to be able to access it.

(I, I mean) I just came back from Europe. And, you know, we're allowed
to export only the 40-bit version of our product into those countries.
Well, I can assure you that's not satisfactory from those (companies')
countries' point of view. Companies and the countries of Europe,
Germany, France, the UK, want to be able to have just as secure
communications as we can have inside our country. Because it's not to
do illicit things, it's to protect business secrets, so if they're
going to use the Internet for generalized communication they want to
be able to protect their generalized communication - against corporate
espionage. And that's a very, very valid requirement.

And so, I think we're taking the wrong solution if the way we're going
to protect information is just to make the keys easier to break, to
make the lock easier to break. We have to find a better way. That
means you need long keys, you need to have them be bulletproof, but
there needs to be some sort of access, and that's where the idea of
key escrow comes. But I think the key escrow idea is a little bit
wrong, because I think what you really need is the ability to... Think
of it this way; if I've got a lock, my key will open the lock. But I
may want to have another keyhole, where someone else's key will open
that lock as well. That other key might be the government's key. It
might be the key of my corporation if I'm doing corporate business.
(but) Or for example, you might have a health record, you know, a
medical record. You want to protect that. That's your private
information. But what happens when you're disabled, and there's an
emergency you need to get access to your health data, then there needs
to a be keyhole to allow people to open the lock in that case too.

So there's a kind of a diferent concept or a different mechanism -
multiple keys opening a lock, for example. There's one potential way,
and what we need is an electronic equivalent to that, I think these
things will come along very shortly.

You might also want to have unanimous, all keys have to be inserted
into the lock, kind of like the infamous red button that launches
missiles. The president and several other people have to have access
to it. This is the general concept, and I think that's what we're
going to have to have in a data security sense.

So, I have spent some time talking about the company Netscape, a
little bit about security in general...


Transcribed from:

DCI Email World and Internet Expo held in November 95 in Boston.
DC9523 session 100 - Security on the Net.

Tape is available from Conference Copy Inc.
http://www.confcopy.com/TAPES





From adam at lighthouse.homeport.org  Thu Feb 29 15:41:43 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 1 Mar 1996 07:41:43 +0800
Subject: Site certificates?
In-Reply-To: <3135b1416a2d002@noc.cis.umn.edu>
Message-ID: <199602291430.JAA07872@homeport.org>


GTE has announced, `Cybertrust` but I don't know if its operational or
not.  MCI Mall and AT&T also offer certificates.

The unfortunate fact is that at the moment, getting a certificate from
someone Netscape has decided to trust makes your customers life much
easier, because they never have to decide to trust your key.  Thus,
Verisign, MCI mall and AT&T have a large commercial advantage waiting
for Netscape to tell the world what criteria they use for selecting
KCA to trust.

Adam


Kevin L Prigge wrote:

| David K. Merriman said:
| >
| > Can someone point me in the direction of who I need to talk to in
| order to get security certificates for a Web server I'm setting up? I
| sent email to MS and Netscape, and neither has deigned to respond in 4
| days....     
| >
| > Thanks
| >
| > Dave Merriman
| 
| VeriSign does that. http://www.verisign.com/
| (They're slow, though)
| 
| --
| Kevin L. Prigge         | "You can always spot a well informed man -
| University of Minnesota |  his views are the same as yours."
| email: klp at tc.umn.edu   |  - Ilka Chase
| PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From perry at piermont.com  Thu Feb 29 15:49:02 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 1 Mar 1996 07:49:02 +0800
Subject: A brief comparison of email encryption protocols
In-Reply-To: 
Message-ID: <199602292001.PAA18761@jekyll.piermont.com>



Carl Ellison writes:
> We weren't tying the distribution problem to the certificate problem.
> They really are separate.

I'm not entirely sure.

I think it would be valuable if signature formats specified not only
an arbitrary key-id but a DNSable string or URL to retrieve the
certificate responsible for the signature. One of the things we've
learned from PGP is the difficulty of dealing with random numbers as
key ids. In this, I'm not sure we shouldn't be including better lookup
mechanisms. This is not to say that meaning should be assigned to a
lookup string beyond its saying where to find the key.

Perry





From tomw at netscape.com  Thu Feb 29 16:03:17 1996
From: tomw at netscape.com (Tom Weinstein)
Date: Fri, 1 Mar 1996 08:03:17 +0800
Subject: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31360533.1CFB@netscape.com>


Michael A. Atzet wrote:
> Jeff Weinstein wrote:
> >
> >   The navigator will not be configured to automatically trust the
> > verisign level 1 and 2 certificates for SSL servers.  You will get
> > the same warning dialog with these certs as you do with one you
> > generate on your own.
> >
> How will Navigator differentiate between the different level certs? I
> am not aware of any fields in the cert itself that designate what
> level it is.  I know that the subject info would "look" different for
> a persons name vs. email address vs commom name.

The different levels of certificate are signed by different CA certs.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw at netscape.com





From matts at pi.se  Thu Feb 29 17:12:52 1996
From: matts at pi.se (Matts Kallioniemi)
Date: Fri, 1 Mar 1996 09:12:52 +0800
Subject: PGP to PC mail integration
Message-ID: <2.2.32.19960229210046.0033fb94@mail.pi.se>


At 12:27 1996-02-29 -0500, you wrote:
>Please don't send me extra copies of mail sent to cypherpunks.

Ok, we'll skip the list. They probably don't care about this nit picking.

>Go back and read what Mike Ingle wrote
(http://www.hks.net/cpunks/cpunks-24/1540.html)

I did read it the first time around. Very carefully, since I was already
debugging the program he was talking about. He wrote " the VB program
decrypts any PGP mail it sees," and I believe that decryption requires a
user interface for the pass phrase.

But I think that Mike can speak for himself on the list. Let's end this
discussion about what he meant.  We obviously interpreted his idea differently.

Matts






From cme at cybercash.com  Thu Feb 29 17:13:40 1996
From: cme at cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 09:13:40 +0800
Subject: A brief comparison of email encryption protocols
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

At 15:54 2/29/96, Derek Atkins wrote:

>So, there needs to be a compromise, some shorthand method to describe
>the hint.  One solution is to provide a "keyserver" type and then some
>string that says which "keyserver" to use.  For example, if there is a
>DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
>signatures, if we assume that '1' is the DNS-style keyserver code.
>
>I'm sure there are other possible solutions as well, and any real
>suggestions are welcome.

is a URL just too big?  My sigs are already several lines long.  E.g.,

Key: ftp://ftp.clark.net/pub/cme/cme.asc

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTYY/1QXJENzYr45AQFr5QQAkff2u+VvCvpPYTyYCVsj1NFMD/dsN+Ps
Dyc7cX4iMDynls+dibG8cTAw6FrqKtvZ6qSDdu15oI49rHiEzTZOWj/VUKjlalmu
rp0QZ7iSiYinsHFK4H/ZfWarx/3RfngGFXjNOLQUjpe0Otqz1nnHqaVkCXPbz/VG
gmQbMKn5syA=
=hKEC
-----END PGP SIGNATURE-----

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme at cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+







From warlord at MIT.EDU  Thu Feb 29 17:41:48 1996
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 1 Mar 1996 09:41:48 +0800
Subject: A brief comparison of email encryption protocols
In-Reply-To: 
Message-ID: <199602292139.QAA18366@toxicwaste.media.mit.edu>


> is a URL just too big?  My sigs are already several lines long.  E.g.,
> 
> Key: ftp://ftp.clark.net/pub/cme/cme.asc

IMHO, yes.  Consider for a minute: there are currently about 20000 PGP
keys on the public keyservers.  There are about 30000 signatures on
those keys.  The keyrings are already 8MB or more.

Now, consider adding a URL to every signature.  Lets even use your
URL, which is 35 characters long (and lets not even count the NULL or
length byte).  Adding this URL to 30000 signatures would add 1050000
bytes, or just over 1MB.  This is an increase in 12% of the keyrings!

On the other hand, using my method and your "URL" (clark.net) would
add only 10 bytes per sig, or 300k.  This is only a 4% increase.

-derek





From EALLENSMITH at ocelot.Rutgers.EDU  Thu Feb 29 17:43:40 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH)
Date: Fri, 1 Mar 1996 09:43:40 +0800
Subject: PGP to PC mail integration
Message-ID: <01I1SHIHFEBKAKTPB8@mbcl.rutgers.edu>


From: lmccarth at cs.umass.edu

>Mike Ingle writes:
>> Instead of messing with user interfaces, you set the POP and SMTP
>> addresses of your mail program to "localhost". You run locally a Visual
>> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>> connections. The VB program is configured with the addresses of your
>> real SMTP and POP servers, and acts as a proxy.
> 
>> When your mail program retrieves POP mail, it goes through the VB
>> program, and the VB program decrypts any PGP mail it sees. When it
>> sends mail, the VB program encrypts any mail it has a PGP key for the
>> recipient of.

>Would you be stuck if you wanted to send something unsigned and/or 
>unencrypted ?

	You'd put something into the mail message itself that would tell it
"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
messages to be signed and/or encrypted your passphrase, or have it gotten some
other way... which doesn't look very safe.
	Of course, if you're just encrypting it to the person's public key off
of your keyring, and for stuff that's coming in encrypted to someone else's
private key or signed with someone else's private key on your keyring, that
wouldn't be so much of a problem. For the stuff coming in with the
verification message (could be spoofed), looking for such strings already in
an incoming message would be good. An attacker could still potentially slip
something in between the mail program and the proxy program, though - the same
problem as with the passphrase in the message. 
	-Allen





From jlasser at rwd.goucher.edu  Thu Feb 29 18:53:50 1996
From: jlasser at rwd.goucher.edu (Bruce Zambini)
Date: Fri, 1 Mar 1996 10:53:50 +0800
Subject: Simpler solutions (was Re: Stealth PGP work)
In-Reply-To: <199602290844.AAA03851@ix4.ix.netcom.com>
Message-ID: 


On Thu, 29 Feb 1996, Bill Stewart wrote:

> At 10:26 AM 2/28/96 -0500, Bruce Zambini wrote:
> >Or, you can develop a public-key stego system...
> >ie a stego system that uses bits in specific ways depending on the 
> >private key of the recipient.
> I assume you mean the public key of the recipient?

Well, no.  Or yes and no. Something like Public-Key crypto in general, 
where the public key isn't enough knowledge to decrypt it.  For example, 
you could encrypt a session key with RSA.

[...]
> You gain a certain degree of obscurity by using
>    stego(picture, scramble( PGP(message, pubkey), key ))
> where scramble is some cheap symmetric encryption algorithm and 
> key is either the recipient's public key or keyid, and PGP is in binary mode.
> This hides the message from eavesdroppers who don't know the recipient,
> but not from eavesdroppers who are willing to test against the keys
> of a list of usual suspects (assuming the recipient is one of them.)

Well, that's what I want to avoid; I think the issue is that as long as 
stego is predictable, there's a problem, ie a message to a certain party 
can be shown to exist, even if it's not readable. This might prove more 
than ample evidence in certain circumstances.

You shouldn't be able to recover the stego'd message without special 
knowledge.  This isn't addressed by current software, to my knowledge.

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser at rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From alanh at infi.net  Thu Feb 29 19:34:37 1996
From: alanh at infi.net (Alan Horowitz)
Date: Fri, 1 Mar 1996 11:34:37 +0800
Subject: "Louis Freeh is a Cocksucker"
In-Reply-To: <199602290201.SAA01927@jobe.shell.portal.com>
Message-ID: 


OVer on alt.something.somesomething-or-other.whitewater, there are people 
keeping track of dates and events. It has been noticed that Freeh was 
sworn in _just before_ Vincent Foster's body was found.





From jsw at netscape.com  Thu Feb 29 19:45:05 1996
From: jsw at netscape.com (Jeff Weinstein)
Date: Fri, 1 Mar 1996 11:45:05 +0800
Subject: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31365328.7DEE@netscape.com>


Michael A. Atzet wrote:
> How will Navigator differentiate between the different level certs? I am not
> aware of any fields in the cert itself that designate what level it is.
> I know that the subject info would "look" different for a persons name vs.
> email address vs commom name.

  The navigator will not differentiate them.  We build in a default set of
CA certificates into the navigator, and then allow the user to modify them as
they see fit based on their local trust policy.  The default set of CAs that
we ship with our product will not include the verisign level 1&2 CAs as trusted
SSL Server CAs.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw at netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From steve at aztech.net  Thu Feb 29 20:23:46 1996
From: steve at aztech.net (Steve Gibbons)
Date: Fri, 1 Mar 1996 12:23:46 +0800
Subject: Possible Java hack
Message-ID: <0099EA68.385ABF20.1@aztech.net>


Some of you may remember an assertion that I made (and posted here) about a
month ago under the the thread "Possible Java hack".  The latest publicized 
Princeton hack is exactly the same thing that I eventually came up with, and 
I've consolidated my findings at 

(Crypto and Firewalls relevance will become aparent, once you take a look.)

FYI,

--
Steve at AZTech.Net





From adam at lighthouse.homeport.org  Thu Feb 29 21:39:55 1996
From: adam at lighthouse.homeport.org (Adam Shostack)
Date: Fri, 1 Mar 1996 13:39:55 +0800
Subject: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <199603010418.VAA02087@nelson.santafe.edu>
Message-ID: <199603010515.AAA10937@homeport.org>


	Stenography is torn between a (reasonable) desire for secrecy
in order to gain security by making it harder to detect your noise
patterns, and the need for correspondants to agree on a standard.
(This agreement made harder by cross platform issues.)

	However, I suspect that the ideal would be like cryptography:
Assume the enemy knows everything about your system but the keys.
Thus, your gifs need to look like normal gifs in the lsb.  Your audio
needs to have normal levels of hiss in it.  Etc.

	When actually using stego, theres no need to publicise your
choise of stego methods.  But when desinging a system, your opponent
should be assumed to understand it.

Adam


Nelson Minar wrote:

| I've got some specific ideas, but am a bit nervous about talking about
| them because of intellectual property issues. Also, I'm not convinced
| that unlike cryptography, some extra security can be maintained in a
| steganographic system by not disclosing the way it works. I haven't
| resolved these concerns, but would be happy to engage in some
| metadiscussion about them.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From jimb at alpha.c2.org  Thu Feb 29 22:12:04 1996
From: jimb at alpha.c2.org (Jim Browne)
Date: Fri, 1 Mar 1996 14:12:04 +0800
Subject: "Louis Freeh is a Cocksucker"
Message-ID: <199603010154.RAA03237@eternity.c2.org>


Alan Horowitz says:

> OVer on alt.something.somesomething-or-other.whitewater, there > are people keeping track of dates and events. It has been
> noticed that Freeh was sworn in _just before_ Vincent Foster's 
> body was found.

That's certainly very suspicious!

I bet that Freeh *is* Vince Foster with plastic surgery!
-- 
JimB
"I feel good!"





From nobody at REPLAY.COM  Thu Feb 29 22:16:12 1996
From: nobody at REPLAY.COM (Anonymous)
Date: Fri, 1 Mar 1996 14:16:12 +0800
Subject: SAIC Offers SET
Message-ID: <199603010325.EAA21057@utopia.hacktic.nl>



SAIC Is @Yourservice for Secure Electronic Transactions
on the Internet

San Diego, 29 Feb 1996 -- Science Applications
International Corp. (SAIC), a leading provider of
information and network security services, today
announced that it will offer a wide range of business
solutions based on the new Secure Electronic Transactions
(SET) standard for safeguarding bankcard purchases over
the Internet.

Through its @Yourservice business unit, SAIC will provide
consulting, integration and digital certification
services to financial institutions, network operators and
merchants doing business over open networks.

SAIC helped Visa and Microsoft in their pioneering effort
to bring security to on-line commerce, and played a major
role in crafting the SET standard, working for Visa and
in close association with MasterCard and other SET
technology partners.

SAIC has long been one of the largest and most trusted
suppliers of information, network and data security
solutions in the world, as well as being a major
information systems integrator for government and
commercial clients.

"We're bringing these skills, and our understanding
of SET complexities such as digital signatures, public
key cryptography, certificate management and network
protocols together to help businesses transition smoothly
into the world of electronic commerce," said Nick
DiGiacomo, who oversees @Yourservice.  "What we offer is
seamless integration from the cardholder's computer over
the networks to the merchants and banks, and back again. 
We're here to make this easy."

--






From tomservo at access.digex.net  Thu Feb 29 22:18:53 1996
From: tomservo at access.digex.net (Scott Fabbri)
Date: Fri, 1 Mar 1996 14:18:53 +0800
Subject: PGP to PC mail integration
Message-ID: 


-----BEGIN PGP SIGNED MESSAGE-----

An entity known as "E. ALLEN SMITH" 
writes:

>        You'd put something into the mail message itself that would tell
it
>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put
in
>messages to be signed and/or encrypted your passphrase, or have it gotten
some
>other way... which doesn't look very safe.

exmh on Unix systems goes the other way. It adds a header line that
includes the sender and recipient, plus the action to be performed
("encrypt," "sign" or "encryptsign"). No header, no encryption/signature.
I'm reasonably sure it strips off that line before it passes the message
off to sendmail -- but I usually don't send messages to myself that way. :-
)

For incoming mail, it looks for standard PGP structure and figures out what
it needs from the user. If, for instance, you don't have a public key on
your keyring, it allows you to send a mail message to a server to grab it -
- - otherwise it performs the operation and shows you the results.

If what you're doing requires a password (signing or decrypting), it pops
up a window to ask you for it. When it's done, it prompts you to press
Return and disappears.

It was written in tcl/Tk, but some of it may be applicable for what you
want to do. (Sorry, I'm not an expert on either.)

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTZk4evEnOI8TfM9AQGiKwL6A+XCKH68tfqJNE6cDRR7KClbXuSchBF3
UW6lY5ZzQIkZSTEKLm6EK2uEg6h9wafO38Dzm61PAdLZ0te67Kqtb4V4seTW4k4M
+YBLuUAiutVgZayj2OdrWjvlc43M495w
=GrDt
-----END PGP SIGNATURE-----







From cp at proust.suba.com  Thu Feb 29 22:20:26 1996
From: cp at proust.suba.com (Alex Strasheim)
Date: Fri, 1 Mar 1996 14:20:26 +0800
Subject: A brief comparison of email encryption protocols
In-Reply-To: <199602292135.QAA18937@jekyll.piermont.com>
Message-ID: <199603010154.TAA05515@proust.suba.com>


> In the end, we are probably going to need something in the way of key
> servers, which may (or may not) imply either a new type of URL or
> something other than a URL to do retrieval off of.

Sorry for the stupid questions, but I want to make sure I'm on the same 
page as the rest of you.  Correct me where I'm wrong --

The idea to have a distributed database (like DNS?) that allows you to
retrieve keys with query strings similar to urls.  So if you wanted to do
a secure telnet to host.foobar.com, you'd submit something like
"telnet://host.foobar.com" to the key server, and it would give you back a
key.  If you wanted to send mail to me, you'd submit something like 
"mailto://alex at suba.com".  Etc.

The key distribution system wouldn't address the problem of trust
directly, but the key you'd get back from the server would contain
information that you could use to verify it.  Suppose I get signed email 
from Perry.  The signature would contain something like 
"mailto://perrry at piermont.com" -- I could use that to get Perry's key to 
verify the signature.  Along with Perry's key I'd probably get a 
signature from some entity that vouches for his key, maybe a piermont.com 
key.  I could follow the chain up until I hit an entity I trust.


If this is correct, I have a question:

What's the advantage of using this url type system instead of "fully
qualified" certificates, ie., attaching all the keys and signatures to the
object?  Doesn't the give and take with the key servers more than wipe out
the advantage of the smaller data object?

Does the win come from solving the revocation problem?


Finally, does anyone know if anything's been happening with Matt's key
management project? 






From sandfort at crl.com  Thu Feb 29 23:25:27 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 1 Mar 1996 15:25:27 +0800
Subject: PARTY PICTURES!
Message-ID: 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

At long last pictures from my costume party are available on the
Web.  The URL is:

		http://www.c2.org/party/masquerade/

Special thanks are in order to Sameer for donating the Web page
and loading it up with all the pictures.  See Sameer for all
your Internet privacy needs.

Bart Nagel spent several hours scanning, cropping, digitally 
editing and sweetening the original pictures I took.  Bart (and
I) want you to contact him for all your *expensive* image editing 
needs.  He can be reached at egon at aol.com or barticus at well.com.

Thanks to Gracie and Zarkov for the use of their lovely homes.

And a big thank you to all the attendees who made the party a
might to remember.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~